feat: extract setup, generate-check, and tag-guard composite actions#23
Merged
Conversation
Move the managed-step logic that the SDK 'setup github' templates currently inline into reusable composite actions, so behavior fixes ship via a pin bump instead of workflow regeneration: - setup: Node/Bun + dependency install for pnpm/npm/yarn/bun, selected by a 'package-manager' input, with an 'install-command' override. - generate-check: run tailor-sdk generate and fail on uncommitted output. - tag-guard: report whether the tag commit is reachable from a branch. Adds a setup smoke test (pnpm). Full PM x target coverage and generate-check/tag-guard E2E are handled by the SDK-side test matrix. The SDK templates are updated to reference these in a follow-up, pinned to this action's release.
✅ Tailor Platform Plan (cfa6d5bb-635c-4c56-b903-f52d1822e330)Plan output (exit code: 0) |
pnpm/action-setup and setup-node read the pnpm version and Node version from package.json; the deploy fixture lacked both, so the setup smoke test could not resolve them.
✅ Tailor Platform Plan (6d636d48-ee04-4238-8d2d-a72e12d4a00f)Plan output (exit code: 0) |
pnpm/action-setup reads the pnpm version from the repository root package.json (not the working-directory), so the root needs a packageManager field for the setup action to resolve pnpm.
✅ Tailor Platform Plan (c022124d-14c2-4797-92ee-a963475dc976)Plan output (exit code: 0) |
- setup: run install-command via if/else (drop the implicit exit 0) and key setup-node caching to the working-directory lockfiles. - generate-check: detect drift with git status --porcelain instead of git add -A, so the index is not mutated. - tag-guard: normalize a fully-qualified refs/heads/<branch> input to a short branch name.
The repo's test workflows pin pnpm via an explicit version input, which conflicts with a root packageManager field (pnpm/action-setup errors on multiple specified versions). Rather than entangle the extraction PR with the repo's pnpm-version strategy, the new actions are exercised by the SDK-side E2E matrix when the templates are wired to them.
Pointing setup-node's cache-dependency-path at the working-directory lockfiles breaks the common monorepo layout where a single lockfile lives at the repo root (the subdir path resolves to nothing and setup-node errors). The default behavior (auto-detect from root) is correct for both single-package and root-lockfile monorepo setups.
…rm/actions into feat/extract-managed-steps
✅ Tailor Platform Plan (c87c4c7e-02f3-440c-bed8-ecf430b1dfd3)Plan output (exit code: 0) |
For annotated tags GITHUB_SHA can reference the tag object rather than
the commit, and git merge-base --is-ancestor expects commits. Peel with
rev-parse ^{commit} (a no-op for a commit SHA) so the reachability check
is reliable regardless of tag type.
The extraction hard-coded 'npx tailor-sdk generate', which regressed the SDK template's per-PM exec: for Bun it relied on an ambient Node/npx being present, and bare npx can silently fall back to fetching a non-pinned tailor-sdk. Dispatch on a new package-manager input so each runtime uses its own runner (pnpm exec / yarn / bunx / npx) against the locally-installed, pinned version.
Add an optional package-manager input to the deploy and plan actions and resolve a per-PM runner (pnpm exec / yarn / bunx / npx) once, so all tailor-sdk invocations use it. This stops Bun from depending on an ambient Node and ensures the locally-installed, pinned tailor-sdk is used. Defaults to npx when the input is empty, so existing v1.2 callers are unaffected.
✅ Tailor Platform Plan (ce3d4a06-1f0a-4678-a5fb-29faaa9a6790)Plan output (exit code: 0) |
The resolved runner written to GITHUB_ENV is one of four fixed literals selected by a case statement (never user input), so the env-file write cannot inject code. Annotate the line with a zizmor ignore + rationale.
✅ Tailor Platform Plan (6c86c6ee-1704-4892-b7b1-415914811dfc)Plan output (exit code: 0) |
zizmor reports the env-file finding at the run: step line, so the inline ignore must sit there rather than on the echo line.
✅ Tailor Platform Plan (d78d9351-4e4c-4daf-92a3-9ab34deadc8f)Plan output (exit code: 0) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Extracts the managed-step logic that the SDK
setup githubtemplates currently inline into reusable composite actions. This is the "workflow = composition, actions = behavior" split: once the SDK templates reference these, behavior fixes (install tweaks, generate-check rules) ship via a pin bump instead of workflow regeneration.New composite actions:
setup— sets up Node.js (or Bun) and installs dependencies for the selected package manager (package-manager: pnpm/npm/yarn/bun), consolidating the four PM-specific template fragments. Supports aninstall-commandoverride (for filtered monorepo installs) andnode-version-file/working-directoryinputs.generate-check— runstailor-sdk generateand fails if it produces uncommitted changes, catching stale generated files (seed data, enum constants) at PR time.tag-guard— reports whether the pushed tag's commit is reachable from a target branch (on-branchoutput), so tag-triggered deploys can be limited to tags cut from that branch.All three are verbatim lifts of logic already shipped in the SDK-generated workflows; the behavior is unchanged, only its home moves.
Testing
The new actions are verbatim lifts of logic already shipped in SDK-generated workflows. End-to-end coverage (package-manager x target, plus generate-check and tag-guard) is exercised by the SDK-side E2E matrix when the templates are wired to these actions; a self-contained smoke test was dropped here to avoid entangling the extraction with this repo's pnpm-version test strategy.
Notes for reviewers
uses: tailor-platform/actions/{setup,generate-check,tag-guard}@<release-sha>. Released first, then the SDK pins this release (same flow as v1.2 / the previous SDK rework).fetch-depth: 0).