Skip to content

fix: fix auto publish error #158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kagol merged 1 commit into from
Dec 13, 2025
Merged

fix: fix auto publish error #158

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 18 additions & 5 deletions .github/workflows/auto-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,9 @@ jobs:
ref: ${{ github.ref_name }}

- name: Setup pnpm
uses: pnpm/action-setup@v2
uses: pnpm/action-setup@v4
with:
version: 9

- name: Setup Node
uses: actions/setup-node@v3
Expand All @@ -40,23 +42,34 @@ jobs:
- name: Install dependencies
run: pnpm i --no-frozen-lockfile
- name: Build
run: pnpm build
- name: Clean node_modules
run: |
pnpm build
# 删除任何意外混进去的 node_modules
ls
rm -rf node_modules
find template -type d -name node_modules -prune -exec rm -rf {} +
# 生成待发布 tarball(验证用)
npm pack --dry-run
- name: Upload build artifact
uses: actions/upload-artifact@v4
with:
name: dist-artifact
path: dist/
path: ./
# Publish job
Comment on lines 44 to 59
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Dec 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/auto-publish.yml

Repository: opentiny/tiny-pro

Length of output: 3914

🏁 Script executed:

head -30 package.json

Repository: opentiny/tiny-pro

Length of output: 676

Avoid uploading the entire repo (path: ./) as an artifact.

Using path: ./ at lines 58 and 72 uploads/downloads the entire repository unnecessarily. Even with node_modules cleaned, this still includes source files, .git history, .github workflows, and other files unneeded for npm publishing. Upload only the minimal publish set: dist/**, package.json, README*, and LICENSE*. For the download step, use a dedicated folder like path: artifact/ to avoid cluttering the working directory.

🤖 Prompt for AI Agents 
.github/workflows/auto-publish.yml around lines 44 to 59: the workflow currently
uploads the entire repository with "path: ./", which includes unnecessary files;
change the Upload build artifact step to only include the minimal publish set
(e.g., dist/**, package.json, README*, LICENSE*) and set the path accordingly,
and for the corresponding download step use a dedicated folder (e.g., path:
artifact/) to avoid cluttering the workspace and prevent uploading .git,
.github, source files, and other unrelated files.

publish:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/setup-node@v4
with:
node-version: 20
registry-url: https://registry.npmjs.org
- name: Download build artifact
uses: actions/download-artifact@v4
with:
name: dist-artifact
path: dist/
path: ./
- name: Parse Publish tag
id: parse_tag
run: |
Expand All @@ -75,7 +88,7 @@ jobs:
VERSION="$(node -p "require('./package.json').version")"
echo "publish version: $VERSION"
echo "publish tag: ${{ steps.parse_tag.outputs.dist_tag }}"
- name: Publish @opentiny/fluent-editor
- name: Publish @opentiny/tiny-toolkit-pro
run: |
echo "//registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}" > ~/.npmrc
npm publish --tag ${{ steps.parse_tag.outputs.dist_tag }}
Expand Down
31 changes: 24 additions & 7 deletions .github/workflows/dispatch-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ jobs:
# 步骤2: 设置pnpm包管理器
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 9

# 步骤3: 设置Node.js环境
- name: Setup Node
Expand Down Expand Up @@ -78,31 +80,46 @@ jobs:
fi
echo "version: $VERSION"
echo "value=$VERSION" >> $GITHUB_OUTPUT

- name: Build lib
- name: Bump version
run: |
# pnpm 自带 npm 版本管理
pnpm version ${{ steps.ver.outputs.value }} --no-git-tag-version
# 显示确认
cat package.json | jq .version
- name: Build
run: pnpm build
- name: Clean node_modules
run: |
# 删除任何意外混进去的 node_modules
ls
rm -rf node_modules
find template -type d -name node_modules -prune -exec rm -rf {} +
# 生成待发布 tarball(验证用)
npm pack --dry-run
- name: Upload build artifact
uses: actions/upload-artifact@v4
with:
name: dist-artifact
path: dist/
path: ./
# Publish job
Comment on lines +91 to 104
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Dec 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/dispatch-publish.yml | sed -n '85,125p'

Repository: opentiny/tiny-pro

Length of output: 1667

🏁 Script executed:

cat package.json | jq '.files // "No files field"'

Repository: opentiny/tiny-pro

Length of output: 77

Minimize artifact scope: path: ./ uploads entire repo without a files field restriction.

Uploading the entire repository to dist-artifact (line 103) and downloading it to ./ (line 117) is problematic because package.json lacks a files field. This means npm publish will include all non-ignored files—source code, build config, tests, and workflows—increasing package size and exposing unnecessary implementation details. Instead, either:

  • Add a files field to package.json to restrict what npm publishes, or
  • Upload only the necessary build outputs (dist/, build artifacts) to a minimal artifact directory and download to a dedicated location.
🤖 Prompt for AI Agents 
.github/workflows/dispatch-publish.yml around lines 91 to 104: the workflow
currently uploads the entire repository via actions/upload-artifact with path:
./ which causes npm publish to potentially include all repo files; either (A)
narrow the artifact to only build outputs by creating a minimal temp publish
directory (e.g., mkdir -p publish && cp -R dist package.json README.md LICENSE
into publish) and change the upload-artifact path to that directory, and ensure
the corresponding download step restores to a dedicated location, or (B) add a
"files" field to package.json listing only the files/dirs that should be
published (e.g., ["dist","README.md","LICENSE"]) so npm publish will be scoped;
implement one of these two fixes and update the upload/download paths
accordingly.

publish:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/setup-node@v4
with:
node-version: 20
registry-url: https://registry.npmjs.org
- name: Download build artifact
uses: actions/download-artifact@v4
with:
name: dist-artifact
path: dist/
path: ./
- name: Show version and tag
run: |
echo "publish version: ${{ needs.build.outputs.version }}"
echo "publish tag: ${{ inputs.tag }}"

# 步骤8: 发布组件到NPM
- name: Publish @opentiny/fluent-editor
- name: Publish @opentiny/tiny-toolkit-pro
run: |
echo "//registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}" > ~/.npmrc
npm publish --tag ${{ inputs.tag }}
Expand Down
5 changes: 2 additions & 3 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@opentiny/tiny-toolkit-pro",
"version": "1.4.0-alpha.2",
"version": "1.4.0-beta.0",
"description": "TinyPro Vue:开箱即用、前后端分离的 Vue 后台管理模板",
"main": "dist/index.js",
"typings": "dist/index.d.ts",
Expand Down Expand Up @@ -55,8 +55,7 @@
"doc:html": "typedoc src/ --exclude **/*.spec.ts --target ES6 --mode file --out build/docs",
"doc:json": "typedoc src/ --exclude **/*.spec.ts --target ES6 --mode file --json build/docs/typedoc.json",
"doc:publish": "gh-pages -m \"[ci skip] Updates\" -d build/docs",
"clean": "trash build test",
"prepublishOnly": "run-s fix build"
"clean": "trash build test"
},
"scripts-info": {
"info": "Display information about the package scripts",
Expand Down
Loading