Scaffold deploy-action and prepare for public OSS release#1
Merged
Conversation
Adds a GitHub Action that wraps `hx deploy` with full flag parity, blocks until the deployment finishes, and exposes structured outputs (deployment-id, run-id, deployment-url, status, reason) parsed from the CLI's --output json payload. Mirrors the env-action layout: @actions/core + @actions/exec, jest + ts-jest tests, @vercel/ncc bundle committed to dist/, and the standard ci / check-dist / linter / codeql workflows. Requires the hx release that ships `--output json` on `hx deploy` (Hyphen/hx#259).
Neither was imported anywhere in src/ or __tests__/. They were copied from the env-action template at scaffold time.
…cument run
setupMetadataFiles was only ever called with workspace === cloneLocation
(main passes getCloneLocation()'s return value), so its body past the
early return was unreachable. Remove the helper, its test, and the call
from main.
Also: read core.getInput('path') once in getCloneLocation, and add the
JSDoc on run() that env-action and setup-hx-action use.
The previous parser only matched a single line that both started with
'{' and ended with '}', so a pretty-printed JSON object from the CLI
would silently fail to set outputs. Walk lines from the bottom looking
for one that begins with '{' and JSON.parse from there to the end of
stdout, which handles single-line, multi-line, and preceded-by-noise
output.
…NSE year - Add the reason output row to the README outputs table. - Label the env-action step in the Usage example as optional, since deploy-action does not require it. - Add a copyright year to LICENSE.
Replace the inline bash output assertions with a node script that reads the step outputs via env vars, matching the pattern used by env-action. Also commit a Pied Piper test .hx so hx deploy has project context in the integration job.
Add a .devcontainer/devcontainer.json mirroring env-action and setup-hx-action so contributors get the same Codespaces / VS Code Dev Containers experience. Stop committing the generated coverage badge; the npm run coverage script still produces it locally on demand, matching the sibling repos.
Adapted from Hyphen/nodejs-sdk so the public OSS surface has the expected community files.
- Switch action.yml branding icon from rocket to upload-cloud (rocket isn't in GitHub's allowed branding icon set, tripping actionlint). - Demote secondary H1s in CONTRIBUTING.md to H2 and renumber the ordered list to match the project's MD029 'one' style. - Wrap bare attribution URLs in CODE_OF_CONDUCT.md in <...> for MD034. - Exempt tables and code blocks from MD013 line-length so the README's input/output tables stop tripping the lint check. - Replace terminology textlint flags: e-mail -> email, repo -> repository, git -> Git, Github -> GitHub.
The integration-tests job runs hx deploy against a Pied Piper test project that maintainers don't have shared access to, so the job fails on every PR with an unauthorized error from the dev API. Drop the job, the test .hx fixture, and the integration-test.js assertion runner so CI is green by default. Add a Releasing section to CONTRIBUTING.md noting that maintainers should run the action end-to-end against a real Hyphen project before tagging a release, since CI no longer covers that path. Also remove the README's 'Validate the Action' section that documented the integration-test workflow pattern, and the .eslintignore entry for the deleted integration-test.js.
@actions/core 1.x and 2.x both transitively pull undici 5.x via @actions/http-client, which carries five high/moderate advisories (request smuggling, websocket decompression DoS, CRLF injection, etc.). The fix only lands in @actions/core 3.x, which is ESM-only — that's a much larger lift than this action needs. Pin undici to ^6.23.0 via npm overrides instead. The override applies through @actions/http-client 2.x; tests still pass and `npm audit --omit=dev` is clean. The remaining audit findings are dev-only (prettier-eslint -> @typescript-eslint -> minimatch) and never ship in dist/. Rebuild dist/ to pick up the new undici.
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
The action's outputs (deployment-id, run-id, deployment-url, status, reason) are useful for downstream steps but don't surface anywhere in the GitHub Actions run-summary panel. This adds a short summary written via core.summary so consumers can click straight from the run page to the deployment in the Hyphen dashboard. The summary contains the deployment status, the failure reason (when present), and a link to the dashboard run.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR:
hx deploy, captures the JSON output from the CLI, and exposesdeployment-id,run-id,deployment-url,status, andreasonas step outputs.env-actionandsetup-hx-action(workflows, linters, dependabot, devcontainer, package layout, helper module structure) so the three actions stay in lockstep.setupMetadataFileshelper and two unused npm deps that were carried over from the env-action template.integration-test.js(matching env-action) and ships a Pied Piper test.hxsohx deployhas project context.CODE_OF_CONDUCT.md,CONTRIBUTING.md,SECURITY.mdadapted fromHyphen/nodejs-sdk, plus a copyright year onLICENSE.Test plan
ubuntu-latest,windows-latest, andmacos-latestagainst the Pied Piper test project..hxIDs map to a project with at least one deployable app; if not, swap in IDs from a project set up for deploy testing.v1.