Upgrade prod direct deps to latest versions, and migrate bundler from ncc to tsup#384
Draft
DilumAluthge-LLM wants to merge 3 commits intojulia-actions:masterfrom
Draft
Conversation
DilumAluthge
force-pushed
the
codex/refresh-deps-and-migrate-tsup
branch
2 times, most recently
from
b3ac323 to
a7e4f17
Compare
DilumAluthge-LLM
changed the title
DilumAluthge-LLM
changed the title
ncc to tsup, correctly bundle runtime dependencies into dist/index.js even if the dependency is ESM-only, and override undici (a production indirect dep) to its latest major version
DilumAluthge
force-pushed
the
codex/refresh-deps-and-migrate-tsup
branch
3 times, most recently
from
eb9be27 to
8b703ab
Compare
DilumAluthge
changed the title
ncc to tsup, correctly bundle runtime dependencies into dist/index.js even if the dependency is ESM-only, and override undici (a production indirect dep) to its latest major versionncc to tsup, and override undici (a production indirect dep) to its latest major version
DilumAluthge
changed the title
ncc to tsup, and override undici (a production indirect dep) to its latest major versionncc to tsup, and override undici (a prod indirect dep) to latest major version
DilumAluthge
force-pushed
the
codex/refresh-deps-and-migrate-tsup
branch
from
6440d23 to
7573961
Compare
Member
|
I have cherry-picked the "override |
DilumAluthge
changed the title
ncc to tsup, and override undici (a prod indirect dep) to latest major versionncc to tsup
DilumAluthge
changed the title
ncc to tsupncc to tsup
DilumAluthge
changed the title
ncc to tsupncc to tsup
…grate our bundler from `ncc` to `tsup`, and correctly bundle runtime dependencies into `dist/index.js` even if the dependency is ESM-only - replace ncc with tsup for the checked-in action bundle - move @actions/io to devDependencies and update runtime deps to latest - update Jest ESM handling for the latest @actions packages - Add repo-specific AGENTS.md guidance - Bundle runtime dependencies into the action artifact. The latest @actions packages are ESM-only, so leaving them as runtime requires in dist/index.js breaks the CommonJS action entrypoint in CI. Force tsup to inline runtime dependencies so dist/index.js remains a single self-contained CommonJS bundle. Co-authored-by: OpenAI Codex [GPT-5] <codex@openai.com>
DilumAluthge
force-pushed
the
codex/refresh-deps-and-migrate-tsup
branch
from
aa11a61 to
04cd3da
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The main changes in this PR are:
package-lock.json).ncctotsup.dist/index.jseven if the dependency is ESM-only1.The chain of logic for this PR looks something like this:
@actions/*packages. We currently are not using the latest major versions of these packages. I'd like to upgrade to the latest major version of every@actions/*dep. In fact, as far as I can tell, upgrading these@actions/*deps is required to resolve several Dependabot vulnerability alerts.@actions/*deps are ESM-only1.ncc) doesn't work very well with ESM-only packages. Therefore, we need to migrate to a bundler that supports ESM-only packages. I selectedtsupbased on Codex's suggestion and my positive experience withtsupin a previous project.Other stuff
One other minor change: We previously had
@actions/iolisted as a production dep, but it turns out we only use it in the tests, so this PR switches@actions/iofrom a production dep to a dev dep.Also, this PR adds an
AGENTs.mdfile.🤖 Generated by OpenAI Codex.
Footnotes
ESM = ECMAScript Modules. ↩ ↩2