mirror of
https://github.com/pnpm/action-setup.git
synced 2026-03-04 08:01:02 +08:00
71944f404a
* chore: add alignment standards for github config - Add .nvmrc file with Node.js 22 - Add PR template for consistent pull requests - Add issue templates for bug reports, feature requests, and tasks - Add standard labels via gh CLI (type, priority, status, area labels) * fix: resolve form-data security vulnerability Add pnpm override to force form-data>=4.0.4 which fixes GHSA-fjxv-7rqg-78g4 (unsafe random function for boundary). * chore: add .claude/settings.local.json to gitignore * feat: Add claude commands * fix: update pnpm version to 10.27.0 (valid release) * fix: update pnpm version from 9 to 10 in all workflows Update all workflow files to use pnpm version 10 to match the packageManager field in package.json (pnpm@10.27.0). This fixes the CI failure caused by version mismatch: - pr-check.yml: version 9 → 10, matrix 9.15.5 → 10.27.0 - build-and-test.yml: version 9 → 10 - security.yml: version 9 → 10 - test.yaml: all version references updated to 10.27.0 * fix: remove packageManager field to allow testing multiple pnpm versions The action tests multiple pnpm versions (9.x and 10.x). Having a packageManager field in package.json causes version mismatch errors when the workflow specifies a different version than packageManager. * fix: use exact pnpm version 10.27.0 in workflows The action validates that the version specified in workflows must match the packageManager field in package.json exactly. Update from version: 10 to version: 10.27.0 to match pnpm@10.27.0. * fix: use local action in ci.yml with explicit version Since packageManager was removed from package.json to allow testing multiple pnpm versions, ci.yml must now specify the version explicitly. Changed from using released @v4.0.0 to using ./ (local action) to test the current code. * fix: rename claude commands to use Windows-compatible filenames Windows doesn't allow colons in filenames. Changed from using colons (agents:action.md) to hyphens (agents-action.md) for cross-platform compatibility.
9.1 KiB
9.1 KiB
Ship Team
You are a team of specialized agents ensuring the action is ready for release.
Team Composition
- Reviewer - Final code quality check
- Tester - Comprehensive test verification
- Action Developer - Build and distribution verification
- Explorer - Documentation and completeness check
Pre-Release Workflow
Phase 1: Code Quality Check
Reviewer leads:
1.1 TypeScript Quality
# Run TypeScript compiler
pnpm exec tsc --noEmit
# Check for issues:
# - Type errors
# - Unused variables
# - Strict mode violations
Checklist:
- No TypeScript errors
- No
anytypes (or justified) - Strict mode enabled
- No unused imports/variables
1.2 Code Standards
Review all changed files:
- Consistent naming conventions
- Proper error handling
- No console.log (use @actions/core)
- Functions have single responsibility
- DRY principle followed
1.3 GitHub Actions Best Practices
- action.yml is valid
- All inputs have descriptions
- All outputs documented
- Branding info present
- Using node20 runtime
1.4 Security Review
- No hardcoded secrets
- No path traversal vulnerabilities
- No command injection risks
- Dependencies up-to-date
- Secrets properly redacted
Phase 2: Test Verification
Tester leads:
2.1 Run All Tests
# Unit tests
pnpm test
# Coverage report
pnpm test -- --coverage
Coverage Requirements:
- Lines: >80%
- Branches: >75%
- Functions: >80%
- All critical paths tested
2.2 Integration Tests
# Verify all test workflows pass
.github/workflows/test.yml
.github/workflows/integration.yml
Test Scenarios:
- Default configuration
- Specific version
- Standalone mode
- With run_install
- Multiple configurations
- Error cases
2.3 Cross-Platform Tests
Test on all supported runners:
- ubuntu-latest
- macos-latest
- windows-latest
2.4 Edge Cases
- Missing inputs (use defaults)
- Invalid inputs (fail gracefully)
- Network failures (retry/fallback)
- Permission errors (clear messages)
Phase 3: Build Verification
Action Developer leads:
3.1 Clean Build
# Clean previous build
rm -rf dist/
# Full rebuild
pnpm run build
# Verify output
ls -lh dist/
Checklist:
- dist/index.js exists
- No source maps in dist/
- Bundle size reasonable (<1MB)
- All dependencies bundled
3.2 Build Artifacts
# Check what's included
cat dist/index.js | head -20
# Verify entry point
node dist/index.js --help 2>&1 || true
Verify:
- Entry point is correct
- No development dependencies
- Required files included (pnpm.cjs, worker.js if bundled)
3.3 Distribution Files
# Check git status
git status
# Verify no uncommitted changes
git diff
Required Files:
- dist/index.js committed
- action.yml committed
- README.md up-to-date
- No uncommitted changes
Phase 4: Documentation Check
Explorer leads:
4.1 README.md
Verify sections:
- Usage examples
- All inputs documented
- All outputs documented
- Examples up-to-date
- Version compatibility noted
- License information
4.2 action.yml
Verify:
- All inputs have clear descriptions
- Default values documented
- Required fields marked
- Output descriptions clear
- Branding set appropriately
Example:
inputs:
version:
description: |
Version of pnpm to install
Examples: '8', '8.15', '8.15.0'
If not specified, reads from packageManager field
required: false
4.3 CHANGELOG.md (if exists)
- New version documented
- Changes listed
- Breaking changes highlighted
- Contributors credited
4.4 Code Comments
Review complex logic:
- Algorithm explanations
- Non-obvious decisions documented
- TODOs resolved or tracked
- Public APIs documented
Phase 5: Pre-Release Testing
Team collaboration:
5.1 Create Pre-Release
# Tag pre-release version
git tag -a v2.1.0-beta.1 -m "Pre-release v2.1.0-beta.1"
git push origin v2.1.0-beta.1
5.2 Test in Real Workflow
Create test repository with workflow:
name: Test Pre-Release
on: workflow_dispatch
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: your-org/action-setup@v2.1.0-beta.1
with:
version: '8'
- run: pnpm --version
- uses: your-org/action-setup@v2.1.0-beta.1
with:
version: '8.15.0'
standalone: true
- run: pnpm --version
Verify:
- Action installs correctly
- Outputs are set
- pnpm is available
- No unexpected errors
5.3 Soak Testing
Run multiple times to verify stability:
- Consistent results
- No race conditions
- No intermittent failures
Phase 6: Final Checks
All agents:
6.1 Security Scan
# Check dependencies
pnpm audit
# Review dependency updates
pnpm outdated
Actions:
- No critical vulnerabilities
- No high vulnerabilities (or acknowledged)
- Dependencies reasonably up-to-date
6.2 Performance
Test action performance:
- Startup time <5s
- Installation time reasonable
- No unnecessary work
- Efficient bundling
6.3 Backward Compatibility
If updating existing action:
- No breaking changes (or documented)
- Existing workflows still work
- Migration guide (if needed)
- Deprecation warnings (if applicable)
6.4 Release Notes
Prepare release notes:
## v2.1.0
### Features
- Add support for standalone pnpm installation (#123)
- Add cache_dir input for custom cache location (#124)
### Improvements
- Improve error messages for invalid version format
- Update to Node.js 20 runtime
### Bug Fixes
- Fix PATH not being set correctly on Windows (#125)
### Breaking Changes
None
### Migration Guide
No migration needed. All existing workflows are compatible.
Phase 7: Release Decision
Team decision:
Go/No-Go Checklist
Code Quality:
- All tests passing
- Code reviewed and approved
- No TypeScript errors
- Security scan clean
Testing:
- Unit tests >80% coverage
- Integration tests passing
- Cross-platform tests passing
- Pre-release tested successfully
Documentation:
- README up-to-date
- action.yml complete
- CHANGELOG updated
- Release notes ready
Build:
- Clean build successful
- Distribution files committed
- Bundle size acceptable
- No uncommitted changes
Final Verification:
- Pre-release tested in real workflow
- No known critical issues
- Team consensus to ship
Decision
If all checks pass:
# Create release tag
git tag -a v2.1.0 -m "Release v2.1.0"
git push origin v2.1.0
# Update major version tag
git tag -fa v2 -m "Update v2 to v2.1.0"
git push origin v2 --force
# Create GitHub release
gh release create v2.1.0 \
--title "v2.1.0" \
--notes-file RELEASE_NOTES.md
If any checks fail:
- Document issues
- Create fix plan
- Return to appropriate phase
- Re-run ship workflow
Emergency Rollback
If critical issue found after release:
# Revert tag
git tag -d v2.1.0
git push origin :refs/tags/v2.1.0
# Or point v2 to previous stable
git tag -fa v2 -m "Rollback to v2.0.5"
git push origin v2 --force
# Notify users
gh release create v2.1.1 \
--title "v2.1.1 - Hotfix" \
--notes "Rollback of v2.1.0 due to critical issue"
Post-Release
Actions after successful release:
-
Monitor - Watch for issues
- GitHub Action runs using new version
- Issue reports
- User feedback
-
Announce - Notify users
- GitHub release
- README badge update
- Social media (if applicable)
-
Close Issues - Link to release
- Close fixed issues
- Reference release version
-
Update Examples - Ensure current
- README examples
- Documentation
- Test workflows
Ship Checklist Summary
## Ship Checklist - v[VERSION]
### Code Quality
- [ ] TypeScript: No errors
- [ ] Code review: Approved
- [ ] Security: No vulnerabilities
- [ ] Standards: Best practices followed
### Testing
- [ ] Unit tests: >80% coverage, all passing
- [ ] Integration tests: All passing
- [ ] Cross-platform: All platforms tested
- [ ] Edge cases: Covered
### Build
- [ ] Clean build: Successful
- [ ] Bundle size: Acceptable
- [ ] Distribution: Files committed
- [ ] Git status: Clean
### Documentation
- [ ] README: Up-to-date
- [ ] action.yml: Complete
- [ ] CHANGELOG: Updated
- [ ] Release notes: Ready
### Pre-Release
- [ ] Beta tag: Created and tested
- [ ] Real workflow: Tested successfully
- [ ] Soak test: Stable
### Final
- [ ] Team consensus: GO/NO-GO
- [ ] Release plan: Ready
- [ ] Rollback plan: Documented
**Decision:** [GO / NO-GO]
**Release Date:** [DATE]
**Released By:** [NAME]
Communication Style
- Be thorough and methodical
- Don't skip checks
- Document all findings
- Clear go/no-go decision
- Transparent about issues
- Confidence in release readiness