Skip to content

🚀 ci(publish): Updating builds and creating release/publish workflow #127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
phobetron wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

🚀 ci(publish): Updating builds and creating release/publish workflow #127

phobetron wants to merge 2 commits into from
+1,619 −283

Conversation

@phobetron
Copy link
Collaborator

@phobetron phobetron commented Feb 1, 2026

  • Migrated builds from tsc to Rslib so they could be properly bundled; this required some changes to TS configs as well
  • Ensured that logger is not published but inlined in the bundles that require it directly, while still ensuring Diary is externalized
  • Updated SDK packages to inject versions from an environment variable into their event context library versions
  • Created a simple workflow to build and publish packages with versions based on a tagged release version, to be triggered by the creation of a new release

The requirement for push-button releasing has been deferred in favor of triggering via GitHub tag/release (as experience.js does) primarily for expediency, but it also ensures versions are completely aligned between GH releases and NPM-published versions.

@phobetron
🤖 chore(build): All non-Web packages now build/bundle with Rslib
d4baa88 
This allows us to better manage dependencies, especially those that are
private and should be inlined in a bundle. It also gives us better
control of the built packages than with `tsc` alone.

[[NT-2008](https://contentful.atlassian.net/browse/NT-2008)]
@wiz-inc-38d59fb8d7
Copy link

wiz-inc-38d59fb8d7 bot commented Feb 1, 2026
edited
Loading

Wiz Scan Summary

Scanner Findings
Vulnerability Finding Vulnerabilities 2 High 7 Medium 3 Low
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations 3 Low 1 Info
SAST Finding SAST Findings 1 Medium 3 Low
Software Management Finding Software Management Findings -
Total 2 High 8 Medium 9 Low 1 Info

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 1, 2026
View reviewed changes
.github/workflows/publish-npm.yaml
publish:
runs-on: namespace-profile-linux-8-vcpu-16-gb-ram-optimal
steps:
- uses: namespacelabs/nscloud-checkout-action@v8

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Publish to NPM' step
Uses Step
Loading
uses 'namespacelabs/nscloud-checkout-action' with ref 'v8', not a pinned commit hash
@phobetron phobetron force-pushed the NT-2008_version-bump-and-publish branch 3 times, most recently from 0eb6792 to 44e464c Compare February 1, 2026 14:52
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 1, 2026
View reviewed changes
.github/workflows/publish-npm.yaml
registry-url: 'https://registry.npmjs.org'
package-manager-cache: false

- uses: pnpm/action-setup@v4

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Publish to NPM' step
Uses Step
Loading
uses 'pnpm/action-setup' with ref 'v4', not a pinned commit hash
.github/workflows/publish-npm.yaml

- uses: pnpm/action-setup@v4

- uses: namespacelabs/nscloud-cache-action@v1

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Publish to NPM' step
Uses Step
Loading
uses 'namespacelabs/nscloud-cache-action' with ref 'v1', not a pinned commit hash
@phobetron phobetron force-pushed the NT-2008_version-bump-and-publish branch 4 times, most recently from ffb0f86 to e2ac66a Compare February 1, 2026 22:40
@phobetron phobetron force-pushed the NT-2008_version-bump-and-publish branch from e2ac66a to f546f9c Compare February 1, 2026 22:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Lp-Francois Lp-Francois Awaiting requested review from Lp-Francois Lp-Francois will be requested when the pull request is marked ready for review Lp-Francois is a code owner

@maroun9t maroun9t Awaiting requested review from maroun9t maroun9t will be requested when the pull request is marked ready for review maroun9t is a code owner

@maxrawlinger maxrawlinger Awaiting requested review from maxrawlinger maxrawlinger will be requested when the pull request is marked ready for review maxrawlinger is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@phobetron