-
Notifications
You must be signed in to change notification settings - Fork 207
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to update the build - dist/*.js files #205
Comments
@dorny The upstream typescript-action template repository contains a workflow that generates the "dist" redistributable files on merge/push and compares the result to the checked in file. I would recommend to copy that workflow :-) This prevents that the generated index.js ever differs from the checked in one and basically completely solves point 2. For point 1 there is not much you can do. But a few MiB per commit should not hurt in general. GitHub will do shallow clones for the actions as you correctly assumed. Squash merging the PRs could help a little bit, if appropriate. |
@flobernd thanks for the suggestion. I see they added it a year ago. I guess for the same reason I've just mentioned. IIRC it wasn't there before and when I tried to do something like that in the beginning, I've run into issues with |
@dorny I encountered this issue as well, but there is an easy fix for that. First of all we need a .gitattributes file that forces the line endings to LF for .js files (or at least all files in the "dist" folder). Besides that, source map generation needs to be disabled (just remove the argument passed to ncc), because this one contains different stuff on Windows vs. Linux. Source map generation for release builds is not useful anyways, so there won't be any bigger negative side-effects. |
@flobernd Turns out we already had .gitattributes set to force Locally when you have index.js checked out with LF endings and run |
Interestingly, the content of the source map was the same on windows and WSL but the diff was detected when it was running in GitHub action. I'm disabling the source-map, it's not much useful as you said. |
@dharmendrasha I would really appreciate your opinion on this.
We are packaging all .js code into dist/index.js - as it's done in the typescript-action template. The reasoning is to make the action immediately runnable, without waiting for
npm i
.This has two unfortunate consequences:
dist/index.js
file is too big to be manually reviewed. It wouldn't be hard to inject malicious code into this action hidden in otherwise relevant PR.Up until now, I updated the
dist/*.js
files only before releasing a new version instead of every PR and also I avoided merging changes to thedist/index.js
made by others. With more PRs coming this is not sustainable.What would you suggest?
I was thinking about documenting contribution guidelines where it would be stated the
dist/index.js
should not be modified in the PRs and instead automate the build as part of the workflow run. The best would be if we could fail the check run if the file is modified and at the same time the workflow would run the build and update the file automatically before the PR is merged or before the release.The text was updated successfully, but these errors were encountered: