Skip to content

feat: Add javascript workflow #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Lantum-Brendan wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: Add javascript workflow #3

Lantum-Brendan wants to merge 3 commits into from

Conversation

@Lantum-Brendan
Copy link

@Lantum-Brendan Lantum-Brendan commented Dec 18, 2025

Added javascript workflow

@sourceant
Copy link

sourceant bot commented Dec 18, 2025
edited
Loading

Code Review Summary

✨ This pull request introduces robust and well-designed GitHub Actions for JavaScript CI and Release workflows. The implementation demonstrates a strong understanding of GitHub Actions best practices, including composite actions, input validation, and clear status reporting. The comprehensive README.md updates ensure these new workflows are well-documented and easy to use.

🚀 Key Improvements

  • New javascript/ci action for linting, type-checking, testing, and building Node.js/npm projects.
  • New javascript/release action for publishing npm packages and creating GitHub releases with version extraction and changelog parsing.
  • Robust input validation and error handling in both actions.
  • Excellent documentation for new workflows in README.md.

🚨 Critical Issues

  • The javascript/release/action.yml should strictly require package-lock.json for npm ci to ensure reproducible builds, rather than falling back to npm install.

sourceant[bot]
sourceant bot approved these changes Dec 18, 2025
View reviewed changes
Copy link

@sourceant sourceant bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review complete. See the overview comment for a summary.

javascript/ci/action.yml
Comment on lines +54 to +57
echo "❌ package.json not found in $PWD"
exit 1
fi

Copy link

@sourceant sourceant bot Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The check for package.json existence is redundant here. It's already performed in the 'Install dependencies' step (lines 43-52), which will cause the workflow to exit if the file is not found. Removing this redundant check will make the code cleaner and avoid unnecessary duplication.

javascript/ci/action.yml
Comment on lines +90 to +91
echo "🔡 Running npm run typecheck..."
npm run typecheck
Copy link

@sourceant sourceant bot Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to the 'typecheck' script, the README.md states the 'build' script is 'mandatory' (line 242). If run_build is true and the script is missing, the action should exit with an error to ensure this mandatory step is executed or properly configured as a no-op, maintaining consistency with the documented requirements.

Suggested change
echo "🔡 Running npm run typecheck..."
npm run typecheck
echo "❌ No \"build\" script defined in package.json, but run_build is true. Please define a 'build' script or set 'run_build: false'."
exit 1

@kofimokome
Copy link
Collaborator

kofimokome commented Dec 19, 2025

@Lantum-Brendan have you tested this script on an actual project to be sure it's working as expected?

nfebe
nfebe reviewed Dec 19, 2025
View reviewed changes
README.md Outdated
│ └── release/ # Create PHP package release
├── javascript/
│ ├── ci/ # Lint, test, typecheck, build for Node.js/npm libs
│ └── release/ # Conventional-commit-driven npm release
Copy link
Contributor

@nfebe nfebe Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conventional commit in release?

By the conventional commits are not language specific so if we have to add it somewhere, it should be not be in any language folder

sourceant[bot]
sourceant bot approved these changes Dec 20, 2025
View reviewed changes
Copy link

@sourceant sourceant bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review complete. See the overview comment for a summary.

sourceant[bot]
sourceant bot approved these changes Dec 20, 2025
View reviewed changes
Copy link

@sourceant sourceant bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review complete. See the overview comment for a summary.

javascript/release/action.yml
Comment on lines +178 to +183
echo "📦 Installing dependencies before publish..."
if [ -f "package-lock.json" ]; then
npm ci
else
npm install
fi
Copy link

@sourceant sourceant bot Dec 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For a release workflow, it's critical to ensure reproducible builds. Relying on npm install if package-lock.json is missing can lead to non-deterministic dependency installations. It's best practice to always enforce npm ci for release actions, failing if package-lock.json is not present, as its absence usually indicates an incomplete or improperly committed repository state. This enhances the reliability and predictability of releases.

Suggested change
echo "📦 Installing dependencies before publish..."
if [ -f "package-lock.json" ]; then
npm ci
else
npm install
fi
if [ ! -f "package-lock.json" ]; then
echo "❌ package-lock.json not found in $PWD"
echo " A 'package-lock.json' file is required for reproducible builds during release."
exit 1
fi
echo "📦 Using npm ci"
npm ci

@Lantum-Brendan
Copy link
Author

Lantum-Brendan commented Dec 20, 2025
edited
Loading

Summary of changes based on reviews

  1. JavaScript CI (javascript/ci)

  • Removed release-style outputs and unused inputs that were copy-pasted from the release workflow.

  • Removed redundant package.json checks from lint/test steps, keeping a single check in the “Install dependencies” step.

  • Made Lint, typecheck and build mandatory: both steps now always run and fail if the corresponding npm scripts are missing.

  • Kept tests optional via run_tests, and ensured clear errors if no test/test:ci script is defined.

  1. JavaScript Release (javascript/release)
  • Removed conventional-commit-driven versioning and all logic that inferred versions or edited package.json/CHANGELOG.md based on commit history.

2 addresses >> #3 (comment)

  1. Updated README to remove conventional commits and document the new, explicit-version behavior for JavaScript release.

@Lantum-Brendan
Copy link
Author

Lantum-Brendan commented Dec 20, 2025

@Lantum-Brendan have you tested this script on an actual project to be sure it's working as expected?

Yes i copied and tested the flow on a local repo and it worked.
However, i could not test it using the workflows repo directly as it is not public.

@Lantum-Brendan Lantum-Brendan requested a review from nfebe December 20, 2025 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kofimokome kofimokome Awaiting requested review from kofimokome

@nfebe nfebe Awaiting requested review from nfebe

1 more reviewer

@sourceant sourceant[bot] sourceant[bot] approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Lantum-Brendan @kofimokome @nfebe