feat(workflows): facade pattern docs, install model, ts install default#8
Merged
Conversation
- SKILL.md: add Facade pattern section explaining canonical-secret → upstream-env adapter mapping. Split env-vars section into adapter mappings + plumbing vars tables. - SKILL.md: add Install model section. Workflows install runner-level deps only; consumer test-command handles package deps. ts default now does `pnpm install --frozen-lockfile --ignore-scripts && pnpm test` to "just work" for typical vitest + lockfile setups; py/rs unchanged. - publish-ts.yml: default test-command now installs first.
There was a problem hiding this comment.
Pull request overview
This PR clarifies the consumer-facing secret/env-var contract for the reusable publish workflows (via explicit “facade” documentation and an “install model” explanation) and adjusts the TypeScript publish workflow’s default test behavior so typical pnpm repos work without overrides.
Changes:
- Documented the “facade pattern” mapping canonical secret names to upstream tool env vars, and split env-var docs into adapter vs plumbing tables.
- Added an “install model” section describing what the publish workflows do (toolchain/minimal tooling) vs what the consumer’s test/build commands must do (package install).
- Updated
publish-ts.ymldefaulttest-commandto runpnpm install ... && pnpm testby default.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| SKILL.md | Adds facade/contract docs and install-model guidance; updates TS default test command documentation. |
| .github/workflows/publish-ts.yml | Changes default TS test-command to install dependencies before running tests. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
49
to
53
| - name: Test | ||
| working-directory: ${{ inputs.working-directory }} | ||
| env: | ||
| TEST_CMD: ${{ inputs.test-command || 'pnpm test' }} | ||
| TEST_CMD: ${{ inputs.test-command || 'pnpm install --frozen-lockfile --ignore-scripts && pnpm test' }} | ||
| run: $TEST_CMD |
Comment on lines
+132
to
+135
| `GITHUB_TOKEN` is GitHub's auto-injected per-job token. It is **not** | ||
| used by these workflows. release-please needs `GH_RELEASE_PLEASE_PAT` | ||
| specifically because PRs opened by `GITHUB_TOKEN` don't trigger | ||
| downstream workflows; a real PAT does. |
Comment on lines
+214
to
+220
| The `publish-{ts,py,rs}.yml` workflows install only **runner-level | ||
| deps** — the language toolchain itself, plus minimal tooling (e.g. | ||
| `pip install pytest build` for py). They do **not** install the | ||
| consuming package's own dependencies. | ||
|
|
||
| That's the consumer's job. Your `test-command` (and `build-command`, | ||
| where applicable) is responsible for any package-level install. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Four coordinated changes to clarify the secret/env-var contract and make the
tspublish flow work out-of-the-box for the canonical hop-top stack.1. SKILL.md —
## Facade patternsection (new)Explains the deliberate facade between canonical secret names (what consumers set) and upstream-required env vars (what tools like
actions/setup-node,ghCLI,cargoactually read). Maps:NPM_REGISTRY_TOKEN→NODE_AUTH_TOKENGH_MIRROR_PAT→GH_TOKENCARGO_REGISTRY_TOKEN→CARGO_REGISTRY_TOKEN(matches by coincidence)GITHUB_TOKENis auto-injected and unused; release-please needsGH_RELEASE_PLEASE_PATbecauseGITHUB_TOKENPRs don't trigger downstream workflows.2. SKILL.md — env-vars section split
Old single table replaced by two:
TEST_CMD,BUILD_CMD,id-token: writepermission) available insidetest-command/build-commandoverrides.3. SKILL.md —
## Install modelsection (new)Spells out:
publish-{ts,py,rs}.ymlinstall only runner-level deps (toolchain + minimal tooling). Consumer'stest-commandhandles package install. Per-ecosystem patterns + summary table called out. Documents thattsdefault is the exception — does an implicit install — whilepy/rsdefaults do not.4.
publish-ts.yml— defaulttest-commandnow installs firstWas
pnpm test. Nowpnpm install --frozen-lockfile --ignore-scripts && pnpm test. Avoids pnpm 10+ strict-mode failures on ignored build scripts (e.g.esbuildfromvitest) and lets typical vitest + lockfile repos use the default with no override. Built-in defaults table updated to match.Test plan
make lint(actionlint) passesactions/checkoutretainpersist-credentials: false${{ inputs.X }}inrun:lines (usesenv:then$VAR)