Release v1.1.0#17
Merged
Merged
Conversation
Three changes from the latest deploy run feedback. 1. Map-shaped `secrets` input Mirror the `tags` refactor: accept a YAML block mapping (the canonical workflow form) or a JSON object string, instead of multi-line `KEY=VALUE` lines. Same key validation as before — must start with a letter or underscore, alphanumeric + underscores only — and secret values can still contain any characters. Each value is added to the runner's secret-mask list before any API call. 2. Per-call API response time Every Spice Cloud Management API call now logs `<METHOD> <path> → <status> <statusText> (<durationMs>ms)` so the user can see each request's latency inline. Network failures log `<METHOD> <path> → network error in <durationMs>ms: <message>`. Removed the redundant pre-call path logs in deploy.ts that the timing line now covers. 3. Branch missing from step summary The list-deployments endpoint sometimes returns Deployment objects without `branch` even when the create request set it. The summary now falls back to the `branch` and `commit-sha` inputs we sent so the right values surface even when the API echoes them inconsistently. Tests: 107 passing (up from 101). New cases cover the YAML and JSON secret forms (incl. quote-stripping, special characters in values, and JSON validation) and the post-rebuild `dist/` round-trip.
- package.json: 1.0.0 → 1.1.0.
- CHANGELOG.md: collapse the [Unreleased] block into a [1.1.0] section
dated 2026-05-03, with explicit Breaking changes / Added / Changed /
Fixed buckets. Added an empty [Unreleased] header for future entries.
The release rolls up everything since v1.0.0:
- Breaking: secrets input switched from KEY=VALUE to YAML/JSON map
(matches `tags`); tag-value validation tightened to alphanumeric +
`_@-` only.
- Added: `org`, `flight-url`, `dataset-ready-timeout-seconds` inputs;
`datasets` output; auto-captured `repository` tag; per-call
`<METHOD> <path> → <status> (<ms>ms)` API timing in logs.
- Changed: action runtime bumped from Node 20 to Node 24.
- Fixed: app-url URL pattern, SQL probe gRPC connection, api-key field
names, step-summary branch fallback, punycode deprecation warning,
action.yml `${{ … }}` example evaluation bug.
This reverts commit 57ecfd2.
- package.json: 1.0.0 → 1.1.0.
- CHANGELOG.md: collapse the [Unreleased] block into a [1.1.0] section
dated 2026-05-03, with explicit Breaking changes / Added / Changed /
Fixed buckets. Added an empty [Unreleased] header for future entries.
The release rolls up everything since v1.0.0:
- Breaking: secrets input switched from KEY=VALUE to YAML/JSON map
(matches `tags`); tag-value validation tightened to alphanumeric +
`_@-` only.
- Added: `org`, `flight-url`, `dataset-ready-timeout-seconds` inputs;
`datasets` output; auto-captured `repository` tag; per-call
`<METHOD> <path> → <status> (<ms>ms)` API timing in logs.
- Changed: action runtime bumped from Node 20 to Node 24.
- Fixed: app-url URL pattern, SQL probe gRPC connection, api-key field
names, step-summary branch fallback, punycode deprecation warning,
action.yml `${{ … }}` example evaluation bug.
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Cuts the v1.1.0 release of the GitHub Action, updating the secrets input format, improving step summary accuracy, and adding per-request API timing logs, alongside the version bump and changelog rollup.
Changes:
- Update
secretsparsing to accept YAML block maps or JSON objects, and refresh docs/examples/tests accordingly. - Add per-call API timing logs and improve summary output by falling back to input
branch/commit-shawhen the API omits them. - Bump package version to
1.1.0and consolidate changelog into a1.1.0release section.
Reviewed changes
Copilot reviewed 11 out of 13 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/secrets.ts | Implements YAML/JSON secret-map parsing and masking behavior. |
| src/main.ts | Improves step summary to fall back to provided inputs for branch/commit. |
| src/deploy.ts | Reduces log noise by removing explicit endpoint strings from logs. |
| src/api.ts | Adds per-request timing/status logging for Management API calls. |
| package.json | Bumps package version to 1.1.0. |
| examples/full.yml | Updates example workflow to use KEY: VALUE secrets format. |
| action.yml | Updates secrets input docs to reflect YAML/JSON map formats. |
| tests/secrets.test.ts | Adds/updates tests for new secrets parsing behavior (YAML + JSON). |
| tests/deploy.test.ts | Updates deploy test to pass secrets in the new format. |
| README.md | Updates README examples/inputs table for new secrets format. |
| CHANGELOG.md | Promotes unreleased notes into a 1.1.0 section with categorized entries. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- src/main.ts: Use a length-aware fallback (deployment.branch?.length ? deployment.branch : inputs.branch ?? "") so the step summary still falls back when the API returns an empty string, while documenting why we treat empty-string as equivalent to missing here. - src/secrets.ts: Stop calling `.trim()` on secret values. Strip only the leading whitespace separator after `:` and a matching pair of outer quotes; trailing whitespace and inner whitespace are preserved verbatim. Also pass the un-trimmed raw input to parseBlockMap so a trailing space on the last line isn't lost. Whitespace-significant values still need quoting to make the boundaries explicit. - src/api.ts: Move the timing log to AFTER the response body is read so the duration reflects true end-to-end request latency, not just time-to-first-byte. Body-read errors retry on the next attempt and fail with a clear `Failed to read response body for …` message on exhaustion. New tests cover trailing whitespace preserved in unquoted secret values, leading whitespace preserved inside quoted secret values, and multiple-spaces-after-colon handling.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Cuts v1.1.0 of the action — the first minor release after the v1.0.0 launch a few hours ago. Stacks on #16 (`feat: secrets input accepts a map; log per-call API response time`); merge that first, then this one rebases cleanly to a single 2-file diff.
Changes in this PR
Why `1.1.0` (minor, not patch, not major)
Ship sequence after merge
```bash
git tag v1.1.0
git push origin v1.1.0
```
The existing release workflow (`/.github/workflows/release.yml`) then:
Test plan
Stacking note
Diff against trunk currently includes #16's content + the version bump. Once #16 lands, GitHub auto-rebases this PR and the diff drops to 2 files (`package.json` and `CHANGELOG.md`). If GitHub doesn't auto-rebase, I'll do it manually after #16 merges.