Skip to content

Pre-v1.0.0 polish: tags as map, fix org slug, clearer OAuth scopes#8

Closed
lukekim wants to merge 2 commits into
trunkfrom
feat/v1-release-prep
Closed

Pre-v1.0.0 polish: tags as map, fix org slug, clearer OAuth scopes#8
lukekim wants to merge 2 commits into
trunkfrom
feat/v1-release-prep

Conversation

@lukekim
Copy link
Copy Markdown
Contributor

@lukekim lukekim commented May 2, 2026

Summary

Three release-readiness fixes for the v1.0.0 tag. Stacks on top of #7 (Biome v2 + @actions/core pin); merge that first for the cleanest diff.

1. tags input is now a YAML/JSON map (was multi-line KEY=VALUE)

Tag pairs are by nature a map of strings, so they should look like one in the workflow. Now:

with:
  tags: |
    environment: production
    team: data-platform
    commit: \${{ github.sha }}

JSON form (single-line) is also accepted: tags: '{\"environment\":\"production\"}'.

Implementation: src/tags.ts parses either form into Record<string,string>. Lines starting with # are comments. Same key/value validation rules as before (key must start with a letter; value ≤ 256 chars). Tags continue to merge with the app's existing tags on every run.

Updated examples, action.yml description, README, and the Test action workflow.

2. spiceai/spicehq/ everywhere

The repo lives at spicehq/spice-cloud-deploy-action, but README badges, uses: examples, and package.json links all pointed at spiceai/. Anyone copy/pasting a uses: from the README at v1 would have hit a 404. Fixed.

3. Clearer OAuth scope documentation

The README now has a single "Scope cheat sheet" table right under the OAuth client setup steps, including an "All-in (recommended for a single CI client)" row that lists every scope this action ever needs. Also called out that * should be avoided in production. The duplicate "Required scopes" section near the bottom is replaced by a one-line cross-link.

Test plan

  • `npm run all` passes locally — lint, typecheck, 70 tests, build, dist freshness all green.
  • `parseTags` covered with new tests for the YAML form, JSON form, error cases, and quoted values.
  • All uses: lines now reference `spicehq/spice-cloud-deploy-action`.
  • CI green on this PR (cross-platform).
  • Manual once PR Fix CI: Biome v2 schema + pin @actions/core to v1 #7 + this land: tag `v1.0.0`, confirm release workflow moves the floating `v1` tag and creates the GH release with the changelog body.

Out of scope

lukekim added 2 commits May 2, 2026 15:31
@lukekim
Fix CI: migrate biome.json to v2 schema, pin @actions/core to v1
45026d1 
Two regressions came in via Dependabot bumps on trunk:

- @biomejs/biome 1.x → 2.x renamed config keys (`files.ignore` →
  `files.includes` with negation patterns, `overrides[*].include` →
  `overrides[*].includes`, top-level `organizeImports` moved into
  `assist.actions.source.organizeImports`). Update biome.json to the v2
  schema and reorder a stale import that the v2 organizer flagged.

- @actions/core 1.x → 3.x is ESM-only and broke the CJS TypeScript build
  (TS1479). Pin it back to ^1.11.1 and ignore future major bumps in
  Dependabot until we migrate the project to ESM.
@lukekim
Pre-v1.0.0 polish: tags as map, fix org slug, scope cheat sheet
3e612fb 
- Refactor the `tags` input to accept a YAML block mapping (the canonical
  workflow form) or a JSON object string instead of the prior
  `KEY=VALUE` lines. Tag keys still merge into the app's existing tags
  on every run.
- Correct the `spiceai/spice-cloud-deploy-action` slug to
  `spicehq/spice-cloud-deploy-action` everywhere it appeared
  (README badges + examples, package.json metadata, examples/, etc.) so
  consumers can copy/paste a working `uses:` line at v1.
- Replace the duplicated "Required scopes" tail-of-document section with
  a single clearer "Scope cheat sheet" right next to the OAuth client
  setup steps, so it's obvious which scopes to grant.
Copilot AI review requested due to automatic review settings May 2, 2026 22:41
Copilot AI reviewed May 2, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Release-readiness polish ahead of v1.0.0, primarily improving the ergonomics and documentation of app tags and OAuth scopes, and fixing repository/org references for copy/paste users.

Changes:

  • Switch the tags input from multiline KEY=VALUE to a YAML/JSON map, with updated parsing, tests, and examples.
  • Replace spiceai/ with spicehq/ across docs/examples/package metadata to avoid broken uses: references.
  • Clarify OAuth scope documentation and update toolchain/dependency config (Biome v2 schema, @actions/core pin + Dependabot ignore).

Reviewed changes

Copilot reviewed 13 out of 16 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/tags.ts Implements new YAML/JSON map parsing for tags with validation.
src/deploy.ts Import ordering cleanup (aligns with formatter/organizer).
package.json Updates repo URLs and pins @actions/core to v1.
package-lock.json Reflects dependency graph changes from the @actions/core pin.
biome.json Migrates config to Biome v2 schema and updates organize-imports settings.
action.yml Updates tags input description/examples to YAML/JSON map form.
README.md Fixes uses: org slug and consolidates OAuth scope guidance into a cheat sheet.
CHANGELOG.md Notes the new accepted tags formats.
examples/basic.yml Updates uses: and keeps examples aligned with new tags format.
examples/full.yml Updates uses: and converts tags to YAML map form.
.github/workflows/test-action.yml Updates test workflow to use new tags YAML map format.
.github/dependabot.yml Ignores major bumps for @actions/core due to CJS/ESM constraints.
__tests__/tags.test.ts Adds coverage for YAML map + JSON object parsing and error cases.
__tests__/deploy.test.ts Updates deploy test to the new tags input format.
Comments suppressed due to low confidence (1)

package.json:30

  • After downgrading @actions/core to v1, @actions/http-client now depends on undici ^5.x, but the repo-level overrides.undici still forces ^6.x (see package-lock.json resolving undici@6.25.0). This major-version override could break @actions/http-client at runtime. Consider removing the undici override or adjusting it to a version range compatible with the @actions/* v1 dependency tree.
    "@actions/core": "^1.11.1",
    "@spiceai/spice": "^3.1.0"
  },
  "overrides": {
    "undici": "^6.23.0"

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/tags.ts
Comment on lines +65 to +76
const colon = line.indexOf(":");
if (colon === -1) {
throw new InputValidationError(
`tags line ${i + 1}: key "${key}" must start with a letter and contain only letters, numbers, and "_:./-".`,
`tags line ${i + 1}: expected "key: value" (got "${line.trim()}").`,
);
}
if (key in tags) {

const key = line.slice(0, colon).trim();
const value = stripQuotes(line.slice(colon + 1).trim());

validateKey(key, `tags line ${i + 1}`);
if (key in out) {
Comment thread __tests__/tags.test.ts
Comment on lines +76 to +78
it("rejects JSON arrays", () => {
// Arrays don't start with `{`, so the parser falls through to YAML parsing.
// This test ensures wrapping a literal `{` array-like in JSON fails clearly.
@lukekim lukekim mentioned this pull request May 2, 2026
Merged
3 tasks
@lukekim
Copy link
Copy Markdown
Contributor Author

lukekim commented May 2, 2026

Superseded by #9, which folds these v1.0.0 polish changes together with the CI fix from #7.

@lukekim lukekim closed this May 2, 2026
lukekim added a commit that referenced this pull request May 2, 2026
@lukekim
Prepare repo for v1.0.0 release
7861574 
Bundles the work from #7 and #8 into a single commit so trunk lands
release-ready in one merge.

CI / build
- Migrate biome.json to the Biome 2.x schema (`files.includes` with
  negation patterns, `overrides[*].includes`,
  `assist.actions.source.organizeImports`).
- Reorder a stale import in src/deploy.ts that the v2 organizer flagged.
- Pin @actions/core to ^1.11.1 — 3.x is ESM-only and breaks the current
  CJS bundle. Add a Dependabot ignore for major bumps until the project
  is migrated to ESM.

Action UX
- `tags` input now accepts a YAML block mapping (the canonical workflow
  form) or a JSON object string, instead of the prior multi-line
  KEY=VALUE format. Tag keys still merge into the app's existing tags
  on every run.
- Update action.yml description, README, and example workflows to the
  new tag form.

Docs
- Correct the GitHub slug from `spiceai/spice-cloud-deploy-action` to
  `spicehq/spice-cloud-deploy-action` everywhere it appeared (README
  badges + examples, package.json metadata, examples/), so a copy/pasted
  `uses:` line resolves to the published action at v1.
- Replace the duplicated tail-of-document "Required scopes" table with a
  single "Scope cheat sheet" right under the OAuth client setup steps,
  including an "All-in (recommended for a single CI client)" row that
  spells out exactly which scopes to grant.

Tests
- New `parseTags` cases cover the YAML form, JSON form, quoted values,
  duplicates, and validation errors.
- Total: 70 unit tests, all green.
lukekim added a commit that referenced this pull request May 2, 2026
@lukekim
Prepare repo for v1.0.0 release (#9)
f84b3ab 
* Prepare repo for v1.0.0 release

Bundles the work from #7 and #8 into a single commit so trunk lands
release-ready in one merge.

CI / build
- Migrate biome.json to the Biome 2.x schema (`files.includes` with
  negation patterns, `overrides[*].includes`,
  `assist.actions.source.organizeImports`).
- Reorder a stale import in src/deploy.ts that the v2 organizer flagged.
- Pin @actions/core to ^1.11.1 — 3.x is ESM-only and breaks the current
  CJS bundle. Add a Dependabot ignore for major bumps until the project
  is migrated to ESM.

Action UX
- `tags` input now accepts a YAML block mapping (the canonical workflow
  form) or a JSON object string, instead of the prior multi-line
  KEY=VALUE format. Tag keys still merge into the app's existing tags
  on every run.
- Update action.yml description, README, and example workflows to the
  new tag form.

Docs
- Correct the GitHub slug from `spiceai/spice-cloud-deploy-action` to
  `spicehq/spice-cloud-deploy-action` everywhere it appeared (README
  badges + examples, package.json metadata, examples/), so a copy/pasted
  `uses:` line resolves to the published action at v1.
- Replace the duplicated tail-of-document "Required scopes" table with a
  single "Scope cheat sheet" right under the OAuth client setup steps,
  including an "All-in (recommended for a single CI client)" row that
  spells out exactly which scopes to grant.

Tests
- New `parseTags` cases cover the YAML form, JSON form, quoted values,
  duplicates, and validation errors.
- Total: 70 unit tests, all green.

* fix: address PR review comments

- parseBlockMap duplicate check now uses Object.hasOwn() so prototype-
  chain property names like `toString` and `constructor` aren't falsely
  rejected as duplicates.
- Drop ':' from TAG_KEY_PATTERN. The block-map parser splits on the
  first ':', so a tag key containing ':' (e.g. `foo:bar`) couldn't be
  expressed in YAML form anyway. Aligning the JSON form keeps validation
  consistent across both input styles. Also rewords the validation
  error message to match the trimmed character set.
- Rename the misleading "rejects JSON arrays" test to make clear it
  rejects non-string JSON values; add a separate case for a root-level
  JSON array (which falls through to the YAML parser); add a regression
  test for the prototype-chain dupe-check fix.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lukekim