Fix version, update deps, switch to ncc, release 1.3.1 #18
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Having node_modules in the repo is problematic. For one thing,
dependabot updates dependencies in package.json, but the old versions of
modules are still there in node_modules.
To fix this, let's switch away from having node_modules in the repo to
using ncc, as they recommend in [1] and [2].
Fix package version in package.json while we're at it.
This commit is mostly auto-generated, the only manual edited files are
package.json and .gitignore. Here is the workflow (using npm 8.9.12):
$EDITOR package.json
$EDITOR .gitignore
git add .gitignore
git rm -rf node_modules
rm package-lock.json
npm i
npm i @actions/core # bump actions/core version
git add dist
git commit
NOTE that this also upgrades @actions/core to the latest 1.x release
(which is 1.10.x at the moment), which probably fixes the issue of GHA
warning about the use of deprecated set-output command. This happens
because ^1.0.9 means "latest 1.x" in npm.
[1] https://github.com/actions/javascript-action/tree/main
[2] https://docs.github.com/en/actions/creating-actions/creating-a-javascript-action
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Changes from 1.3.0: - switch from bare node_modules to ncc to compile the code; - fix package version in `package.json`; - bump actions/core 1.9.1 -> 1.10.0 (fixes GHA set-output warning); - bump actions/github 2.1.1 - > 5.1.1. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
@Tim-Zhang PTAL 🙏🏻 Once this is merged, dependabot can be set up to automatically update dependencies -- meaning all you need to do is merge dependabot PRs and cut new releases from time to time. |
|
In fact, dependabot is already enabled for this repo, but due to the fact we currently have node_modules directory, dependabot is not really updating anything. This PR fixes it. |
|
@kolyshkin Thanks and LGTM |
|
@kolyshkin I have invited you as the maintainer of the org, if you would like to help with maintaining this project, I would be very appreciate. |
Sorry I missed it, can you please re-send? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Having node_modules in the repo is problematic. For one thing,
dependabot updates dependencies in package.json, but the old versions of
modules are still there in node_modules.
To fix this, let's switch away from having node_modules in the repo to
using ncc, as they recommend in [1] and [2].
Fix package version in package.json while we're at it.
This commit is mostly auto-generated, the only manual edited files are
package.json and .gitignore. Here is the workflow (using npm 8.9.12):
NOTE that this also upgrades @actions/core to the latest 1.x release
(which is 1.10.x at the moment), which probably fixes the issue of GHA
warning about the use of deprecated set-output command. This happens
because ^1.0.9 means "latest 1.x" in npm.
These changes are tested here: https://github.com/opencontainers/runc/actions/runs/6017455860/job/16367756745
[1] https://github.com/actions/javascript-action/tree/main
[2] https://docs.github.com/en/actions/creating-actions/creating-a-javascript-action
PS I know very little about js, npm, ncc, github actions etc. I was just tired that every time I am getting this warning:
and decided to do something about it.
While at it, I would like to point out that @actions/github dependency used by this repo is obsoleted (also, the code in this repo does not work with its newer versions).