Conversation
rqbazan
added
invalid
…pipeline Both `monorepo-preview-release` and `railway-redeploy` move from composite actions (Bun-based) to native Node actions running on the runner's pre-installed Node 24 with a pre-bundled `dist/index.js`. The migration is paired with a monorepo-wide build / dist-sync pipeline so the bundles stay in lockstep with `src/`. monorepo-preview-release: - action.yml: `runs.using: node24`, `main: dist/index.js`. - src shells out to the real pnpm CLI via tinyexec (workspace listing, version bump, publish) instead of reimplementing those flows. pnpm handles workspace:* / catalog: resolution, publishConfig overrides, lifecycle scripts, npm Trusted Publisher OIDC, and provenance signing. - The three-mode auth flow (TOKEN_ONLY / OIDC_WITH_TOKEN_FALLBACK / OIDC_ONLY) is preserved; each branch picks the right pnpm publish flags. A transient ~/.npmrc auth line is written for NPM_TOKEN mode and restored in a finally block. - Refuses to run on pull_request_target (unsafe with PR head checkout + publish secrets — see security notes in README). - Caller now needs setup-pnpm (or corepack enable) + pnpm install before invoking the action so lifecycle scripts (prepack/prepare doing `pnpm build`) find their devDeps. railway-redeploy: - action.yml: composite → `runs.using: node24`, `main: dist/index.js`. - Inputs migrated from env-passing shim to core.getInput(). - Pure HTTP/GraphQL via @urql/core, no shell-outs needed. Monorepo build pipeline: - Root mise.toml gains a `build` aggregator that fans out to each action's local build task (`ncc build src/index.ts -o dist`). - Mise's incremental sources/outputs tracking skips no-op rebuilds. - lefthook adds a pre-push hook that runs `mise run build` and blocks the push if any actions/*/dist is out of sync. - New CI workflow `Check actions dist sync` enforces the same invariant on every PR via jdx/mise-action@v2. - Each action's biome.json excludes dist/; tsconfig.json adds nodenext module resolution + rewriteRelativeImportExtensions (preserves the project's .ts import style through ncc) and excludes dist/node_modules. Docs: root README documents the Node action convention. The monorepo-preview-release README is rewritten end-to-end to match the final implementation (drop the Docker-era "self-contained, no setup needed" claim, document the new setup-pnpm + pnpm install prerequisite, and the pull_request_target refusal). Net change on monorepo-preview-release/package.json: ~12 deps dropped (libnpmpack, libnpmpublish, @pnpm/releasing.exportable-manifest, the @pnpm/workspace.* family, npm-registry-fetch, ini, @npmcli/run-script, npm-package-arg, semver, @pnpm/network.auth-header, @pnpm/config.nerf-dart, @pnpm/pkg-manifest.reader, @pnpm/types, plus their @types/* devDeps). Added: tinyexec (runtime), @vercel/ncc + typescript (devDeps). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
rqbazan
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
monorepo-preview-releaseandrailway-redeployfrom composite (Bun-based) actions to native Node actions running on the runner's pre-installed Node 24 (runs.using: node24, pre-bundleddist/index.js).monorepo-preview-releaseshells out to the realpnpmCLI viatinyexecfor workspace listing, version bump, and publish — pnpm handlesworkspace:*/catalog:resolution,publishConfigoverrides, lifecycle scripts (prepack/prepare), npm Trusted Publisher OIDC, and provenance signing. Keeps the three-mode auth flow (TOKEN_ONLY/OIDC_WITH_TOKEN_FALLBACK/OIDC_ONLY) and refuses to run onpull_request_targetfor safety.railway-redeploymigrates inputs from the composite env-passing shim tocore.getInput(). Pure HTTP / GraphQL via@urql/core; no shell-outs needed.mise.tomlbuildaggregator → per-actionncctask with incrementalsources/outputstracking;lefthookpre-pushhook blocks pushes whoseactions/*/distis stale; newCheck actions dist syncCI workflow enforces the same on every PR.monorepo-preview-releaseREADME to match the final implementation (drop the Docker-era "self-contained" claim; document the newsetup-pnpm+pnpm installprerequisite; flag thepull_request_targetrefusal).Test plan
mise run buildproduces a deterministicdist/index.jsfor both actions (rebuild → byte-identical).mise run check(biome + tsc) clean across both actions;dist/excluded from lint/typecheck noise.lefthookpre-pushhook verified by force-pushing the squash of this PR's history — the hook validatedactions/*/distsync before the push went through.Check actions dist syncpasses on this PR (~20s).variableland/dxPR #219 with the newsetup-pnpmstep in the consumer workflow:prepack: pnpm buildruns inside the publish flow, the published tarball includes the builtdist/, and a downstreampnpm installin@vlandoss/envresolves cleanly (noERR_PNPM_WORKSPACE_PKG_NOT_FOUND).🤖 Generated with Claude Code