feat: distribute deploy workflow as reusable GitHub Actions workflow#799
Open
feat: distribute deploy workflow as reusable GitHub Actions workflow#799
Conversation
Replace locally generated composite actions (install-node, fetch-tailor-token) with a reusable workflow at .github/workflows/deploy.yml. The setup github command now generates a single thin caller workflow that references the reusable workflow via uses: tailor-platform/sdk/.github/workflows/deploy.yml@actions/v1. Add release-actions.yml workflow for managing the actions/ tag namespace independently from SDK semver tags. Remove the Renovate customManagers entry for composite action YAML files since the reusable workflow is covered by the built-in github-actions manager.
🦋 Changeset detectedLatest commit: 23899e4 The changes in this PR will be included in the next version bump. This PR includes changesets to release 2 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
commit: |
This comment has been minimized.
This comment has been minimized.
Required by ghalint policies (job_permissions, job_timeout_minutes_is_required).
This comment has been minimized.
This comment has been minimized.
…flows Remove persist-credentials: false from release-actions.yml checkout so git push can authenticate when pushing tags. Change cache-dependency-path in deploy.yml to use root pnpm-lock.yaml instead of working-directory prefix, since pnpm workspaces keep the lockfile at the repo root.
Add a step that rejects release-actions.yml runs from non-main branches to prevent accidentally publishing actions/v1 from feature branches. Add a comment in the deploy template explaining the separate release process for the @actions/v1 ref.
This comment has been minimized.
This comment has been minimized.
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
📖 Docs Consistency Check✅ No inconsistencies found between documentation and implementation. Checked AreasCLI Documentation (
Configuration & Guides (
Environment Variables (
Implementation & Tests
Changeset
Summary of Changes in PR #799Before:
After:
Impact: This is an internal implementation detail. The docs appropriately avoid specifying file count/structure, so no updates are needed. Users who previously ran |
…ase-actions
- Add persist-credentials: false to Checkout step (ghalint policy 013)
- Configure token-based push via remote URL for tag pushing
- Move all ${{ }} expressions to env variables to prevent script injection
Code Metrics Report (packages/sdk)
Details | | main (cca1f43) | #799 (532d4b5) | +/- |
|--------------------|----------------|----------------|------|
| Coverage | 55.8% | 55.8% | 0.0% |
| Files | 322 | 318 | -4 |
| Lines | 10386 | 10386 | 0 |
| Covered | 5797 | 5797 | 0 |
+ | Code to Test Ratio | 1:0.4 | 1:0.4 | +0.0 |
| Code | 60871 | 60853 | -18 |
- | Test | 24680 | 24676 | -4 |Code coverage of files in pull request scope (60.6% → 60.6%)
SDK Configure Bundle Size
Runtime Performance
Type Performance (instantiations)
Reported by octocov |
toiroakr
reviewed
Mar 23, 2026
| run: pnpm tailor-sdk show -j -w "$TAILOR_PLATFORM_WORKSPACE_ID" | ||
| # The @actions/v1 ref is published separately via the "Release Actions" workflow | ||
| # (release-actions.yml) in the tailor-platform/sdk repository. | ||
| uses: tailor-platform/sdk/.github/workflows/deploy.yml@actions/v1 |
Contributor
There was a problem hiding this comment.
It might be a bit of a hassle, but would it be possible to change the pattern to place action.yaml in the root of the repository?
I would like to be able to write it in the format: uses: tailor-platform/sdk/@${version}.
The implementation of https://github.com/csm-actions/securefix-action might be a helpful reference.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Distribute the deploy workflow as a reusable GitHub Actions workflow, replacing locally generated composite actions.
Usage
Caller workflow generated by
setup github:Main Changes
.github/workflows/deploy.ymlreusable workflow with all deployment logic inlined (node/pnpm setup, OAuth2 token fetch, workspace provisioning, generate, deploy).github/workflows/release-actions.ymlfor managingactions/vXtag namespace independently from SDK semver tags (manualworkflow_dispatchtrigger with dry-run support)setup githuboutput from 3 files (2 composite actions + 1 workflow) to 1 thin caller workflowcustomManagersfor composite action YAMLs (reusable workflow is covered by built-ingithub-actionsmanager)Notes
working-directory,node-version, andpnpm-versioninputs for monorepo and version flexibilityactions/v1.0.0+actions/v1tags should be created viarelease-actions.ymlafter mergesetup github(existing files are skipped)