Add node-pnpm-build-zip workflow for building and zipping Node.js applications #66
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new reusable GitHub Actions workflow for building and zipping Node.js projects using pnpm as the package manager. This complements the existing npm-based node-build-zip.yml workflow.
Key changes:
- New reusable workflow with pnpm support
- Configurable pnpm and Node.js versions with default values
- Static site configuration support for environment variable transformation
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| standalone: true | ||
|
|
||
| - name: Use Node.js ${{ inputs.node-version }} | ||
| uses: actions/setup-node@v4 |
There was a problem hiding this comment.
The actions/setup-node version is inconsistent with other workflows in this repository. Other workflows (node-build-zip.yml, node-build.yml, node-ci.yml, node-publish-internal.yml, node-publish-public.yml) all use @v6. Consider updating to @v6 for consistency across the repository.
| uses: actions/setup-node@v4 | |
| uses: actions/setup-node@v6 |
|
|
||
| # working dir doesn't apply to this, so we are explicit here | ||
| - name: Upload artifact | ||
| uses: actions/upload-artifact@v4 |
There was a problem hiding this comment.
The actions/upload-artifact version is inconsistent with other workflows in this repository. Other workflows (node-build-zip.yml, node-build.yml, python-uv-build-zip.yml, python-uv-ci.yml) all use @v5. Consider updating to @v5 for consistency across the repository.
| uses: actions/upload-artifact@v4 | |
| uses: actions/upload-artifact@v5 |
| - if: ${{ inputs.static-site }} | ||
| run: sed -n 's/\(${{ inputs.static-site-env-prefix }}_[A-Z0-9_]\+\)=\(.*\)/\1={{\1}}/p' ${{ inputs.sample-env-path }} > .env && cat .env | ||
|
|
||
| - name: Install dependencies |
There was a problem hiding this comment.
The pnpm install step does not utilize the npm-auth-token secret for private package access, unlike the npm-based workflows (node-build-zip.yml lines 78-80) which set NODE_AUTH_TOKEN. If this workflow needs to access private packages from GitHub Packages or other registries, consider adding an env block with NODE_AUTH_TOKEN: ${{ secrets.npm-auth-token || secrets.GITHUB_TOKEN }}.
| - name: Install dependencies | |
| - name: Install dependencies | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.npm-auth-token || secrets.GITHUB_TOKEN }} |
| - name: Prepare | ||
| run: pnpm run --if-present prepare | ||
|
|
||
| - name: Build |
There was a problem hiding this comment.
The build step does not utilize the npm-auth-token secret, which may be needed if the build process accesses private packages (similar to node-build-zip.yml lines 88-91). Consider adding an env block with NODE_AUTH_TOKEN: ${{ secrets.npm-auth-token || secrets.GITHUB_TOKEN }} if private package access is required during the build.
| - name: Build | |
| - name: Build | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.npm-auth-token || secrets.GITHUB_TOKEN }} |
No description provided.