start

[bryanmacfarlane]

Starting with code from Danny and I

See docs/contributors for details on what's checked in and not

toolkit is added as tgz files for now since not public yet

[bryanmacfarlane]

more work to do and tests needed. getting directional feedback early

[damccorm]

Doesn't have to be part of this initial PR, but maybe we should just webpack as part of our build process. Then we can just ignore node modules

[damccorm]

Note also - this also doesn't really work to not check in dev dependencies. While this doesn't check in the top level dev-deps, nested dependencies will still get checked in. For example, Prettier alone has ~60 dependencies all of which get checked in (not to mention the dependencies of those dependencies).

I think webpack is probably the best path forward here.

[jclem]

Are we doing this to avoid having to npm install the production dependencies of this tool? If so, there are a few options for vendoring in dependencies that we already use at GitHub. If you can give me a sense of the goal with this, I can advise.

[bryanmacfarlane]

The runner will run the action from the github graph at runtime per the execution model. That is, it will get the targz of that ref and run it.

Dependencies are vendored in as you noted.

@damccorm - regarding dev dependencies, you can use npm prune before you publish (push).

[damccorm]

Oh cool - didn't know about npm prune. It looks like that handles all devDependencies though, so we probably don't need those listed in gitignore. It also might be good to enforce that with something like husky

[damccorm]

See #5 proposing using husky

[damccorm]

Right now, we're not doing anything with this. With that said, we do need to bundle our own version of 7zr.exe to avoid path-too-long issues (I was running into them installing node 10 with this code). I'll need to add support for that in actions/tool-kit/tool-cache as well.

[damccorm]

I fixed that in my tool-cache PR and here as well.

[damccorm]

Right now we're not returning the status code like this so this will fail. I should update actions/toolkit/tool-cache to do this

[damccorm]

Added this to my tool-cache PR, not packed into this one yet though so tests will still fail for now.

[jclem]

Once the change from this comment is implemented in tool-cache, you can check err instanceof HTTPError && err.httpStatusCode === 404 (I think it's actually a number, but not 100% on that).

[jclem]

Although I think you can actually cheat here, since err is always any, I believe. You can just check err.httpStatusCode === 404.

[damccorm]

Updated to consume the more recent tool-cache and this works now. Went with
err instanceof HTTPError && err.httpStatusCode == 404
I thought loose equality to a number was best here just in case this ends up getting attached as a string down the line for some reason

[jclem]

Directionally, looks fine. As far as structuring the package is concerned, I have a few questions:

• I don't think we need to check in the compiled code, do we? We can build the TypeScript and push the JS output to npm without actually checking the output into the repository (npm doesn't actually understand git, .gitignore, etc).
• Is there a reason we vendor in these dependencies instead of installing them?

[jclem]

Are we doing this to avoid having to npm install the production dependencies of this tool? If so, there are a few options for vendoring in dependencies that we already use at GitHub. If you can give me a sense of the goal with this, I can advise.

[bryanmacfarlane]

@jclem - yes, we need to check in the compiled code since actions are run from the github graph. The runner gets the action targz at the ref and runs it. That's also the reason runtime dependencies are vendored.

[damccorm]

Merging since it sounds like we're on the same page for this right now. We can reopen discussion as appropriate