@smoothbricks/cli 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +338 -88
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +136 -22
- package/dist/devenv/index.d.ts +10 -0
- package/dist/devenv/index.d.ts.map +1 -0
- package/dist/devenv/index.js +27 -0
- package/dist/lib/cli-package.d.ts +4 -0
- package/dist/lib/cli-package.d.ts.map +1 -0
- package/dist/lib/cli-package.js +15 -0
- package/dist/lib/devenv.d.ts +6 -0
- package/dist/lib/devenv.d.ts.map +1 -0
- package/dist/lib/devenv.js +82 -0
- package/dist/lib/run.d.ts +5 -0
- package/dist/lib/run.d.ts.map +1 -1
- package/dist/lib/run.js +13 -0
- package/dist/lib/workspace.d.ts +20 -1
- package/dist/lib/workspace.d.ts.map +1 -1
- package/dist/lib/workspace.js +87 -7
- package/dist/monorepo/commit-msg.d.ts +8 -1
- package/dist/monorepo/commit-msg.d.ts.map +1 -1
- package/dist/monorepo/commit-msg.js +85 -7
- package/dist/monorepo/index.d.ts +24 -2
- package/dist/monorepo/index.d.ts.map +1 -1
- package/dist/monorepo/index.js +136 -15
- package/dist/monorepo/lockfile.d.ts +5 -1
- package/dist/monorepo/lockfile.d.ts.map +1 -1
- package/dist/monorepo/lockfile.js +45 -5
- package/dist/monorepo/managed-files.d.ts +1 -1
- package/dist/monorepo/managed-files.d.ts.map +1 -1
- package/dist/monorepo/managed-files.js +28 -11
- package/dist/monorepo/nx-sync.d.ts +2 -1
- package/dist/monorepo/nx-sync.d.ts.map +1 -1
- package/dist/monorepo/nx-sync.js +8 -2
- package/dist/monorepo/package-hygiene.d.ts +6 -2
- package/dist/monorepo/package-hygiene.d.ts.map +1 -1
- package/dist/monorepo/package-hygiene.js +12 -4
- package/dist/monorepo/package-policy.d.ts +25 -2
- package/dist/monorepo/package-policy.d.ts.map +1 -1
- package/dist/monorepo/package-policy.js +1289 -27
- package/dist/monorepo/packed-manifest.d.ts +4 -0
- package/dist/monorepo/packed-manifest.d.ts.map +1 -0
- package/dist/monorepo/packed-manifest.js +51 -0
- package/dist/monorepo/packed-package.d.ts +3 -0
- package/dist/monorepo/packed-package.d.ts.map +1 -1
- package/dist/monorepo/packed-package.js +69 -31
- package/dist/monorepo/packs/index.d.ts +20 -1
- package/dist/monorepo/packs/index.d.ts.map +1 -1
- package/dist/monorepo/packs/index.js +240 -18
- package/dist/monorepo/publish-workflow.d.ts +82 -0
- package/dist/monorepo/publish-workflow.d.ts.map +1 -0
- package/dist/monorepo/publish-workflow.js +336 -0
- package/dist/monorepo/tool-validation.d.ts +22 -0
- package/dist/monorepo/tool-validation.d.ts.map +1 -0
- package/dist/monorepo/tool-validation.js +399 -0
- package/dist/nx/index.d.ts +24 -0
- package/dist/nx/index.d.ts.map +1 -0
- package/dist/nx/index.js +94 -0
- package/dist/nx-version-actions.cjs +25 -0
- package/dist/nx-version-actions.d.cts +6 -0
- package/dist/nx-version-actions.d.cts.map +1 -0
- package/dist/release/bootstrap-npm-packages.d.ts +19 -0
- package/dist/release/bootstrap-npm-packages.d.ts.map +1 -0
- package/dist/release/bootstrap-npm-packages.js +58 -0
- package/dist/release/candidates.d.ts +11 -0
- package/dist/release/candidates.d.ts.map +1 -0
- package/dist/release/candidates.js +181 -0
- package/dist/release/core.d.ts +51 -0
- package/dist/release/core.d.ts.map +1 -0
- package/dist/release/core.js +97 -0
- package/dist/release/github-release.d.ts +46 -0
- package/dist/release/github-release.d.ts.map +1 -0
- package/dist/release/github-release.js +97 -0
- package/dist/release/index.d.ts +39 -5
- package/dist/release/index.d.ts.map +1 -1
- package/dist/release/index.js +763 -130
- package/dist/release/npm-auth.d.ts +16 -0
- package/dist/release/npm-auth.d.ts.map +1 -0
- package/dist/release/npm-auth.js +39 -0
- package/dist/release/orchestration.d.ts +49 -0
- package/dist/release/orchestration.d.ts.map +1 -0
- package/dist/release/orchestration.js +113 -0
- package/dist/release/publish-plan.d.ts +17 -0
- package/dist/release/publish-plan.d.ts.map +1 -0
- package/dist/release/publish-plan.js +15 -0
- package/dist/release/retag-unpublished.d.ts +34 -0
- package/dist/release/retag-unpublished.d.ts.map +1 -0
- package/dist/release/retag-unpublished.js +77 -0
- package/managed/raw/git-format-staged.yml +54 -0
- package/managed/raw/tooling/git-hooks/commit-msg.sh +1 -1
- package/managed/raw/tooling/git-hooks/pre-commit.sh +2 -7
- package/managed/templates/github/actions/setup-devenv/action.yml +1 -7
- package/managed/templates/github/workflows/ci.yml +3 -0
- package/package.json +37 -4
- package/src/cli.ts +193 -40
- package/src/devenv/index.test.ts +49 -0
- package/src/devenv/index.ts +38 -0
- package/src/lib/cli-package.ts +18 -0
- package/src/lib/devenv.test.ts +28 -0
- package/src/lib/devenv.ts +89 -0
- package/src/lib/run.ts +19 -0
- package/src/lib/workspace.ts +117 -7
- package/src/monorepo/__tests__/nx-version-actions.test.ts +75 -0
- package/src/monorepo/__tests__/publish-workflow.test.ts +322 -0
- package/src/monorepo/commit-msg.test.ts +45 -0
- package/src/monorepo/commit-msg.ts +107 -7
- package/src/monorepo/index.ts +181 -15
- package/src/monorepo/lockfile.ts +52 -7
- package/src/monorepo/managed-files.ts +43 -13
- package/src/monorepo/nx-sync.ts +9 -2
- package/src/monorepo/package-hygiene.test.ts +34 -0
- package/src/monorepo/package-hygiene.ts +26 -4
- package/src/monorepo/package-policy.test.ts +902 -0
- package/src/monorepo/package-policy.ts +1527 -25
- package/src/monorepo/packed-manifest.ts +67 -0
- package/src/monorepo/packed-package.ts +90 -31
- package/src/monorepo/packs/index.test.ts +189 -0
- package/src/monorepo/packs/index.ts +314 -19
- package/src/monorepo/publish-workflow.ts +422 -0
- package/src/monorepo/setup-test-tracing.test.ts +120 -0
- package/src/monorepo/tool-validation.test.ts +261 -0
- package/src/monorepo/tool-validation.ts +462 -0
- package/src/nx/index.test.ts +64 -0
- package/src/nx/index.ts +119 -0
- package/src/nx-version-actions.cts +36 -0
- package/src/release/__tests__/bootstrap-npm-packages.test.ts +127 -0
- package/src/release/__tests__/candidates.test.ts +217 -0
- package/src/release/__tests__/core-properties.test.ts +149 -0
- package/src/release/__tests__/core-scenarios.test.ts +187 -0
- package/src/release/__tests__/core.test.ts +73 -0
- package/src/release/__tests__/fixture-repo.test.ts +314 -0
- package/src/release/__tests__/github-release.test.ts +149 -0
- package/src/release/__tests__/helpers/fixture-repo.ts +114 -0
- package/src/release/__tests__/npm-auth.test.ts +120 -0
- package/src/release/__tests__/orchestration.test.ts +246 -0
- package/src/release/__tests__/publish-plan.test.ts +67 -0
- package/src/release/__tests__/retag-unpublished.test.ts +160 -0
- package/src/release/__tests__/trust-publisher.test.ts +133 -0
- package/src/release/bootstrap-npm-packages.ts +88 -0
- package/src/release/candidates.ts +225 -0
- package/src/release/core.ts +171 -0
- package/src/release/github-release.ts +134 -0
- package/src/release/index.ts +974 -138
- package/src/release/npm-auth.ts +93 -0
- package/src/release/orchestration.ts +196 -0
- package/src/release/publish-plan.ts +37 -0
- package/src/release/retag-unpublished.ts +122 -0
- package/managed/raw/.git-format-staged.yml +0 -47
- package/managed/templates/github/workflows/publish.yml +0 -136
package/README.md
CHANGED
|
@@ -3,9 +3,9 @@
|
|
|
3
3
|
`@smoothbricks/cli` provides `smoo`, the SmoothBricks monorepo automation CLI. It is the control plane for shared CI,
|
|
4
4
|
release, Git hook, package metadata, and publish validation conventions across SmoothBricks-style repositories.
|
|
5
5
|
|
|
6
|
-
The tool is intentionally convention-over-configuration. SmoothBricks repos use Nx, Bun, Nix, devenv, and
|
|
7
|
-
`smoo` assumes those pieces exist instead of adding another local config file. Repos should be made correct
|
|
8
|
-
the mutating initialization path, then kept correct by the read-only validation path.
|
|
6
|
+
The tool is intentionally convention-over-configuration. SmoothBricks repos use [Nx], [Bun], [Nix], [devenv], and
|
|
7
|
+
[direnv], so `smoo` assumes those pieces exist instead of adding another local config file. Repos should be made correct
|
|
8
|
+
by running the mutating initialization path, then kept correct by the read-only validation path.
|
|
9
9
|
|
|
10
10
|
## Install
|
|
11
11
|
|
|
@@ -28,20 +28,23 @@ directly. Published installs use the package binary in `bin/smoo`, which imports
|
|
|
28
28
|
|
|
29
29
|
```bash
|
|
30
30
|
smoo monorepo init [--runtime-only] [--sync-runtime]
|
|
31
|
-
smoo monorepo validate
|
|
31
|
+
smoo monorepo validate [--fail-fast] [--only-if-new-workspace-package]
|
|
32
32
|
smoo monorepo update
|
|
33
33
|
smoo monorepo check
|
|
34
34
|
smoo monorepo diff
|
|
35
35
|
smoo monorepo validate-commit-msg <commit-msg-file>
|
|
36
36
|
smoo monorepo sync-bun-lockfile-versions
|
|
37
|
-
smoo monorepo list-
|
|
37
|
+
smoo monorepo list-release-packages [--fail-empty] [--github-output <path>]
|
|
38
38
|
smoo monorepo validate-public-tags
|
|
39
|
-
smoo monorepo
|
|
39
|
+
smoo monorepo setup-test-tracing (--all | --projects <projects>) [--dry-run]
|
|
40
40
|
|
|
41
|
-
smoo release
|
|
42
|
-
smoo release
|
|
43
|
-
smoo release
|
|
44
|
-
smoo release
|
|
41
|
+
smoo release npm-status
|
|
42
|
+
smoo release repair-pending [--dry-run]
|
|
43
|
+
smoo release version --bump <auto|patch|minor|major|prerelease> [--dry-run] [--github-output <path>]
|
|
44
|
+
smoo release publish --bump <auto|patch|minor|major|prerelease> [--dry-run]
|
|
45
|
+
smoo release retag-unpublished <tag...> [--to <ref>] [--push] [--dispatch] [--remote <remote>] [--branch <branch>] [--dry-run]
|
|
46
|
+
smoo release bootstrap-npm-packages [--dry-run] [--skip-login] [--package <name...>]
|
|
47
|
+
smoo release trust-publisher [--bootstrap] [--dry-run] [--otp <code>] [--skip-login]
|
|
45
48
|
|
|
46
49
|
smoo github-ci cleanup-cache
|
|
47
50
|
smoo github-ci nx-smart --target <target> --name <check-name> --step <number>
|
|
@@ -55,12 +58,17 @@ only reporting drift.
|
|
|
55
58
|
|
|
56
59
|
It currently:
|
|
57
60
|
|
|
58
|
-
- Updates managed CI, release, hook, and formatting files.
|
|
61
|
+
- Updates managed CI, release, hook, and formatting files. The publish workflow is only written when the repo has owned
|
|
62
|
+
release packages.
|
|
59
63
|
- Ensures the local `tooling/smoo` source shim is executable when present.
|
|
60
64
|
- Synchronizes root runtime versions inside devenv, or when `--sync-runtime` is passed.
|
|
61
|
-
- Applies publish metadata defaults to `npm:public` packages.
|
|
65
|
+
- Applies safe publish metadata defaults to `npm:public` packages without inferring package ownership.
|
|
62
66
|
- Normalizes internal workspace dependency ranges to `workspace:*`.
|
|
63
|
-
-
|
|
67
|
+
- Rewrites safe package scripts in packages with workspace dependencies so developer commands like `bun run test` and
|
|
68
|
+
`bun run dev` stay available while delegating through Nx targets.
|
|
69
|
+
- `smoo monorepo validate --fix` creates/updates `tooling/package.json`, keeps `@smoothbricks/cli` there instead of the
|
|
70
|
+
root workspace package, and fills required workspace/devenv tool declarations.
|
|
71
|
+
- Runs [`sherif --fix --select highest`][sherif] for broad monorepo package hygiene.
|
|
64
72
|
- Normalizes conditional export ordering so `types` comes first and `default` comes last.
|
|
65
73
|
- Adds `src` to package `files` when development-only exports intentionally point at source files.
|
|
66
74
|
|
|
@@ -68,6 +76,19 @@ The workspace dependency rule is generic. `smoo` does not know about individual
|
|
|
68
76
|
For every root or workspace `package.json`, if a dependency name matches an actual package in the same workspace, `smoo`
|
|
69
77
|
rewrites that range to `workspace:*`.
|
|
70
78
|
|
|
79
|
+
Packages with internal workspace dependencies also need Nx-aware scripts so dependent builds run before local commands.
|
|
80
|
+
For safe build, test, typecheck, benchmark, dev, and preview commands, `smoo monorepo validate --fix` moves the real
|
|
81
|
+
command into `package.json` `nx.targets.<target>.options.command`, sets `cwd` to `{projectRoot}`, and replaces the
|
|
82
|
+
script with an `nx run <project>:<target>` alias. Continuous commands such as `astro dev`, `vite dev`, and previews get
|
|
83
|
+
`--tui=false --outputStyle=stream` on the alias and `continuous: true` on the Nx target. Simple leading environment
|
|
84
|
+
assignments are moved into `nx.targets.<target>.options.env` so commands such as
|
|
85
|
+
`NODE_OPTIONS='--import=extensionless/register' astro dev` remain shell-independent.
|
|
86
|
+
|
|
87
|
+
The rewrite is intentionally conservative. `smoo` does not rewrite deploy, database, release, sync, subtree, publish, or
|
|
88
|
+
pack scripts, and it rejects Nx target commands that recurse through package scripts such as `bun run test`. The reason
|
|
89
|
+
is dependency correctness without hiding unsafe operational commands behind generated Nx targets: workspace-dependent
|
|
90
|
+
packages should get `^build` ordering for ordinary development commands, while publishing and deployment stay explicit.
|
|
91
|
+
|
|
71
92
|
`smoo monorepo init --runtime-only` only synchronizes root runtime versions. It is used from direnv setup so
|
|
72
93
|
`packageManager`, `engines.node`, and `@types/node` stay aligned with the active devenv shell without duplicating that
|
|
73
94
|
policy in the direnv script.
|
|
@@ -77,6 +98,36 @@ while package manifests are not forced to depend on Bun just because a test tsco
|
|
|
77
98
|
does explicitly declare `@types/bun`, `sherif` can keep duplicate declarations consistent, but `smoo` owns the semantic
|
|
78
99
|
root `bun@x.y.z` to `@types/bun x.y.z` relationship.
|
|
79
100
|
|
|
101
|
+
## LMAO Test Tracing
|
|
102
|
+
|
|
103
|
+
`smoo monorepo setup-test-tracing` configures LMAO-backed Bun test tracing for workspace packages. It is a bulk wrapper
|
|
104
|
+
around the `@smoothbricks/nx-plugin:bun-test-tracing` generator, so the Nx plugin remains the single source of truth for
|
|
105
|
+
the files written.
|
|
106
|
+
|
|
107
|
+
Configure every workspace package:
|
|
108
|
+
|
|
109
|
+
```bash
|
|
110
|
+
smoo monorepo setup-test-tracing --all
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
Configure selected packages by Nx project name, package name, or package root:
|
|
114
|
+
|
|
115
|
+
```bash
|
|
116
|
+
smoo monorepo setup-test-tracing --projects cli,@smoothbricks/lmao,packages/nx-plugin
|
|
117
|
+
```
|
|
118
|
+
|
|
119
|
+
The command infers the op context module from each package's `package.json` `name`, assumes an `opContext` named export,
|
|
120
|
+
and imports `defineTestTracer` from `@smoothbricks/lmao/testing/bun`. Override those defaults when a repository uses a
|
|
121
|
+
different convention:
|
|
122
|
+
|
|
123
|
+
```bash
|
|
124
|
+
smoo monorepo setup-test-tracing --projects my-lib --op-context-export myOpContext
|
|
125
|
+
smoo monorepo setup-test-tracing --projects my-lib --tracer-module @scope/testing/bun
|
|
126
|
+
```
|
|
127
|
+
|
|
128
|
+
Use `--dry-run` to print the `nx g @smoothbricks/nx-plugin:bun-test-tracing ...` invocations without writing files.
|
|
129
|
+
After setup, run `smoo monorepo validate --fix` to apply the broader SmoothBricks monorepo policy.
|
|
130
|
+
|
|
80
131
|
## Validation
|
|
81
132
|
|
|
82
133
|
`smoo monorepo validate` is the read-only gate. It should pass in local shells and CI after packages have been built.
|
|
@@ -86,24 +137,36 @@ It checks:
|
|
|
86
137
|
- Managed file drift.
|
|
87
138
|
- Root package policy.
|
|
88
139
|
- Root Bun type version matches the Bun package manager version.
|
|
89
|
-
-
|
|
140
|
+
- Tooling policy: root `package.json` owns workspace-level tools like `nx`, `tooling/package.json` owns `smoo`, and
|
|
141
|
+
`tooling/direnv/devenv.nix` owns shell-provided tools like `bun`, `git-format-staged`, and `fmt`.
|
|
142
|
+
- Nx release policy, including project package release tags, project-level GitHub Release changelogs, and the temporary
|
|
143
|
+
Bun lockfile versionActions hook.
|
|
144
|
+
- `bun.lock` workspace versions match package manifests.
|
|
90
145
|
- Public package tag policy.
|
|
91
146
|
- Public package metadata.
|
|
92
147
|
- Workspace dependency ranges.
|
|
93
|
-
-
|
|
94
|
-
-
|
|
95
|
-
-
|
|
148
|
+
- Workspace-dependent package scripts delegate safe commands through Nx targets without recursive script runners.
|
|
149
|
+
- Nx target conventions and inferred-task setup.
|
|
150
|
+
- [`sherif`] package hygiene, with warnings treated as validation failures.
|
|
151
|
+
- Packed public package artifacts with [`publint`].
|
|
152
|
+
- Packed public package type resolution with the [`attw`][are-the-types-wrong] CLI.
|
|
153
|
+
|
|
154
|
+
The packed-package checks validate what [npm] users will install, not only the source tree. `smoo` packs each
|
|
155
|
+
`npm:public` package with [Bun], runs [`publint`] on the tarball, then runs [`attw`][are-the-types-wrong] on the same
|
|
156
|
+
tarball.
|
|
96
157
|
|
|
97
|
-
The
|
|
98
|
-
|
|
158
|
+
The [`attw`][are-the-types-wrong] check uses the `node16` profile and ignores the CJS-to-ESM warning. SmoothBricks
|
|
159
|
+
packages are [ESM]-first, so [CommonJS] consumers can use dynamic import. Node 10-only subpath failures are
|
|
160
|
+
intentionally ignored because [Node.js] 10 is not part of the supported package contract.
|
|
99
161
|
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
162
|
+
`smoo monorepo validate --only-if-new-workspace-package` first checks the staged git diff for newly added workspace
|
|
163
|
+
package manifests. If none are staged, it exits successfully without running the full validator. The generated
|
|
164
|
+
pre-commit hook uses this mode so adding a package rechecks conditional managed files, including whether the publish
|
|
165
|
+
workflow is now required, without making every commit pay for full validation.
|
|
103
166
|
|
|
104
167
|
## Publishable Packages
|
|
105
168
|
|
|
106
|
-
Publishability is declared with an Nx tag:
|
|
169
|
+
Publishability is declared with an [Nx] tag:
|
|
107
170
|
|
|
108
171
|
```json
|
|
109
172
|
{
|
|
@@ -113,23 +176,85 @@ Publishability is declared with an Nx tag:
|
|
|
113
176
|
}
|
|
114
177
|
```
|
|
115
178
|
|
|
116
|
-
This tag is the source of truth for
|
|
117
|
-
|
|
179
|
+
This tag is the source of truth for public npm metadata and publish artifact validation. Release selection adds one more
|
|
180
|
+
convention: a package is released by the current repository only when its `repository.url` exactly matches the root
|
|
181
|
+
`package.json` `repository.url`. Equivalent-but-different spellings, such as `git+https` vs SSH for the same GitHub
|
|
182
|
+
repo, fail validation because ownership should be explicit and visually obvious. This lets a workspace mirror public
|
|
183
|
+
packages from another repository without publishing them from the mirror.
|
|
118
184
|
|
|
119
185
|
Rules:
|
|
120
186
|
|
|
121
|
-
-
|
|
122
|
-
-
|
|
123
|
-
- Every non-private workspace package must have `npm:public`.
|
|
187
|
+
- `npm:public` packages must not be `private: true`.
|
|
188
|
+
- `private: true` packages must not have `npm:public`.
|
|
124
189
|
- Public packages must define license metadata.
|
|
125
190
|
- Public packages must publish with `publishConfig.access = "public"`.
|
|
126
|
-
- Public
|
|
191
|
+
- Public packages must define `repository.type`, `repository.url`, and `repository.directory`.
|
|
127
192
|
- Public packages must define `files`.
|
|
128
193
|
- Public library packages must define `types`.
|
|
129
194
|
- Public packages must define either `exports` or `bin`.
|
|
130
195
|
|
|
131
|
-
|
|
132
|
-
license
|
|
196
|
+
Owned public packages may inherit the root license when the root license is not `UNLICENSED`. Mirrored public packages
|
|
197
|
+
must carry their own license. `smoo monorepo init` does not copy the root `repository.url` into packages; a missing
|
|
198
|
+
package `repository.url` is a validation failure so new packages must consciously choose whether they are owned by the
|
|
199
|
+
current repository or mirrored from another one. Init still sets `publishConfig.access = "public"`, repository type,
|
|
200
|
+
repository directory, export ordering, and source-file publish entries when those can be derived safely.
|
|
201
|
+
|
|
202
|
+
`smoo monorepo list-release-packages` prints the comma-separated Nx project names for packages that are both
|
|
203
|
+
`npm:public` and owned by the current repository. Release commands, trusted-publisher setup, and the managed publish
|
|
204
|
+
workflow use this owned release package list instead of every public package in the workspace. smoo keeps both names in
|
|
205
|
+
release metadata: Nx commands receive `projectName`, while npm publish, GitHub Releases, and release tags use the real
|
|
206
|
+
package `name`.
|
|
207
|
+
|
|
208
|
+
For [GitHub Actions], `smoo monorepo list-release-packages --fail-empty --github-output "$GITHUB_OUTPUT"` appends the
|
|
209
|
+
`projects=<nx-project-list>` output expected by the managed publish workflow and fails with a clear error when no owned
|
|
210
|
+
release packages exist.
|
|
211
|
+
|
|
212
|
+
`smoo release npm-status` shows whether each owned release package's current `name@version` already exists on npm. It is
|
|
213
|
+
an npm registry check, not a full release workflow status check.
|
|
214
|
+
|
|
215
|
+
`smoo release version --bump auto` first selects direct release candidates, then delegates versioning to [Nx]. Direct
|
|
216
|
+
candidates are owned public packages with package-local changes that can affect published users: files matched by the
|
|
217
|
+
package's resolved Nx `build`/`production` inputs, packaged assets listed in `package.json` `files`, package metadata
|
|
218
|
+
docs such as README/LICENSE/CHANGELOG, or user-visible `package.json` fields such as `exports`, `bin`, `types`,
|
|
219
|
+
`dependencies`, `peerDependencies`, and `publishConfig`. Test-only and local automation changes such as `scripts`, `nx`,
|
|
220
|
+
`devDependencies`, and `tsconfig.test.json` do not select a package by themselves.
|
|
221
|
+
|
|
222
|
+
Downstream dependency bumps are intentionally left to Nx release. If package A is selected and bumped, Nx may also bump
|
|
223
|
+
public package B when B depends on A, even when B has no direct file changes. `smoo` should not pre-expand direct
|
|
224
|
+
candidates to downstream dependents because that would duplicate Nx's dependency graph and can over-select packages.
|
|
225
|
+
|
|
226
|
+
## Nx Conventions
|
|
227
|
+
|
|
228
|
+
`smoo` keeps Nx target names predictable and separates tool work from aggregate workflows.
|
|
229
|
+
|
|
230
|
+
Official Nx plugins own targets they already know how to infer. For example, `@nx/js/typescript` owns TypeScript library
|
|
231
|
+
builds, so a package `tsconfig.lib.json` produces the concrete target `tsc-js`.
|
|
232
|
+
|
|
233
|
+
`@smoothbricks/nx-plugin` only fills SmoothBricks convention gaps that official plugins do not provide. Today that means
|
|
234
|
+
Bun test typechecking, non-TypeScript build-tool steps, and aggregate targets.
|
|
235
|
+
|
|
236
|
+
Concrete targets describe the tool that runs and the artifact or purpose it produces:
|
|
237
|
+
|
|
238
|
+
- `tsc-js` comes from the official TypeScript plugin and runs `tsc` for package JavaScript/declaration output.
|
|
239
|
+
- Packages that run `bun test` must have `tsconfig.test.json`. Bun executes tests without typechecking, so smoo creates
|
|
240
|
+
a no-emit `typecheck-tests` target from that config and wires it into validation. Other test runners may own their own
|
|
241
|
+
typecheck path.
|
|
242
|
+
- Test tsconfigs are validation configs, not TypeScript build-mode projects. They must use `noEmit`, must not set
|
|
243
|
+
`composite: true`, and package root `tsconfig.json` must not reference `./tsconfig.test.json`. The inferred
|
|
244
|
+
`typecheck-tests` target runs `tsc --noEmit -p tsconfig.test.json` after `build` instead.
|
|
245
|
+
- Non-TypeScript build steps come from explicit tool configuration. For example, a package `build.zig` must expose named
|
|
246
|
+
`b.step("name", ...)` entries; each non-reserved step becomes a `zig-name` target such as `zig-wasm`.
|
|
247
|
+
- `build` is an aggregate. It exists only when there is at least one concrete build target such as `tsc-js` or another
|
|
248
|
+
tool-output target, and it depends on those targets instead of duplicating their commands.
|
|
249
|
+
- `lint` is an aggregate validation target. It is not a formatting target.
|
|
250
|
+
|
|
251
|
+
Explicit Nx target names must not contain `:`. Nx already uses colon syntax at the CLI boundary:
|
|
252
|
+
`project:target:configuration`. Allowing target names like `build:wasm` makes command parsing and package-script aliases
|
|
253
|
+
look like configurations, and it prevents a clean split between concrete tool-output targets and aggregate targets.
|
|
254
|
+
|
|
255
|
+
Use tool-output names for concrete targets, such as `tsc-js` and `zig-wasm`. Use `build` and `lint` only as aggregate
|
|
256
|
+
targets. Package scripts may still use developer-friendly colon names, for example `build:wasm`, but those scripts
|
|
257
|
+
should delegate to unambiguous Nx targets such as `nx run pkg:zig-wasm`.
|
|
133
258
|
|
|
134
259
|
## Managed Files
|
|
135
260
|
|
|
@@ -137,15 +262,18 @@ license and repository URL, then sets each package's `repository.directory` from
|
|
|
137
262
|
|
|
138
263
|
Managed files include:
|
|
139
264
|
|
|
140
|
-
-
|
|
265
|
+
- [`tooling/git-hooks/git-format-staged.yml`][git-format-staged]
|
|
141
266
|
- Git hook scripts under `tooling/git-hooks`
|
|
142
|
-
- direnv/GitHub Actions bootstrap scripts under `tooling/direnv`
|
|
143
|
-
- GitHub Actions workflows under `.github/workflows`
|
|
144
|
-
- Local composite GitHub Actions under `.github/actions`
|
|
267
|
+
- [direnv]/[GitHub Actions] bootstrap scripts under `tooling/direnv`
|
|
268
|
+
- [GitHub Actions] workflows under `.github/workflows`
|
|
269
|
+
- Local composite [GitHub Actions] under `.github/actions`
|
|
145
270
|
|
|
146
271
|
When a managed target is a symlink, `smoo` leaves it alone. SmoothBricks uses symlinks back to `packages/cli/managed` so
|
|
147
272
|
changes to the CLI package are tested immediately. Downstream repos receive ordinary committed copies.
|
|
148
273
|
|
|
274
|
+
The publish workflow is conditional. Repositories with no owned release packages skip `.github/workflows/publish.yml` in
|
|
275
|
+
`init`, `check`, and `diff`; adding a new owned package makes the workflow required on the next validation run.
|
|
276
|
+
|
|
149
277
|
Use:
|
|
150
278
|
|
|
151
279
|
```bash
|
|
@@ -156,36 +284,50 @@ smoo monorepo diff
|
|
|
156
284
|
|
|
157
285
|
`check` fails when a managed file is missing or stale. `diff` reports drift without writing files.
|
|
158
286
|
|
|
159
|
-
## Git Hooks
|
|
287
|
+
## Formatting And Git Hooks
|
|
288
|
+
|
|
289
|
+
The root `lint:fix` script runs [`git-format-staged`][git-format-staged] with
|
|
290
|
+
`--config tooling/git-hooks/git-format-staged.yml --unstaged`. The formatter config intentionally excludes `bun.lock`.
|
|
291
|
+
|
|
292
|
+
The generated pre-commit hook runs the same formatter path from the repository root with `tooling`, `node_modules/.bin`,
|
|
293
|
+
and the [devenv] profile on `PATH`.
|
|
160
294
|
|
|
161
|
-
|
|
162
|
-
|
|
295
|
+
After formatting, the hook runs `smoo monorepo validate --fail-fast --only-if-new-workspace-package`. This keeps normal
|
|
296
|
+
commits fast while still catching incomplete package setup and conditional managed-file drift when a new workspace
|
|
297
|
+
package manifest is staged.
|
|
163
298
|
|
|
164
299
|
The generated commit-msg hook delegates conventional commit validation to:
|
|
165
300
|
|
|
166
301
|
```bash
|
|
167
|
-
smoo monorepo validate-commit-msg <commit-msg-file>
|
|
302
|
+
smoo monorepo validate-commit-msg --fix <commit-msg-file>
|
|
168
303
|
```
|
|
169
304
|
|
|
170
|
-
This keeps hook behavior consistent with CI and avoids duplicating commit message parsing in shell.
|
|
305
|
+
This keeps hook behavior consistent with CI and avoids duplicating commit message parsing in shell. With `--fix`, smoo
|
|
306
|
+
wraps prose body paragraphs through `fmt -w 72` while preserving fenced code blocks, quoted markdown, indented blocks,
|
|
307
|
+
bullets, trailers, URLs, and comment lines.
|
|
308
|
+
|
|
309
|
+
Conventional commit scopes should use Nx project names. For packages in the same npm scope as the root package, smoo
|
|
310
|
+
requires `package.json` `nx.name` to be the unscoped package name, such as `cli` for `@smoothbricks/cli`, so subjects
|
|
311
|
+
like `fix(cli): repair release notes` map cleanly to Nx Release.
|
|
171
312
|
|
|
172
313
|
## GitHub Actions
|
|
173
314
|
|
|
174
|
-
The generated workflows keep readable YAML and named top-level steps, while larger logic lives in
|
|
175
|
-
post-checkout composite actions, or the small pre-smoo bootstrap script. Checkout stays inline in each
|
|
176
|
-
repository-local composite actions do not exist until `actions/checkout` has populated the working
|
|
315
|
+
The generated [GitHub Actions] workflows keep readable YAML and named top-level steps, while larger logic lives in
|
|
316
|
+
`smoo` commands, post-checkout composite actions, or the small pre-smoo bootstrap script. Checkout stays inline in each
|
|
317
|
+
workflow because repository-local composite actions do not exist until `actions/checkout` has populated the working
|
|
318
|
+
tree.
|
|
177
319
|
|
|
178
|
-
CI uses explicit lint, test, and build phases. The publish workflow does the same
|
|
179
|
-
|
|
320
|
+
CI uses explicit lint, test, and build phases. The publish workflow does the same after versioning so GitHub output
|
|
321
|
+
stays readable and validation happens on the exact release commit.
|
|
180
322
|
|
|
181
|
-
CI status deeplinks depend on GitHub'
|
|
182
|
-
next to each top-level step, and the `smoo github-ci nx-smart --step <number>` values for lint, test, and build
|
|
183
|
-
stay synchronized with those comments. Composite action internals do not change the top-level step numbers.
|
|
323
|
+
CI status deeplinks depend on [GitHub Actions]' top-level job step anchors. The generated CI workflow keeps `# Step N`
|
|
324
|
+
comments next to each top-level step, and the `smoo github-ci nx-smart --step <number>` values for lint, test, and build
|
|
325
|
+
must stay synchronized with those comments. Composite action internals do not change the top-level step numbers.
|
|
184
326
|
|
|
185
327
|
Managed CI setup is split across local composite actions:
|
|
186
328
|
|
|
187
|
-
- `setup-devenv` installs Nix, restores the Nix cache segment, imports the store NAR, restores `.devenv`/`.direnv`
|
|
188
|
-
after an exact Nix cache hit, enables Cachix, installs devenv, restores `node_modules`, and builds the shell.
|
|
329
|
+
- `setup-devenv` installs [Nix], restores the Nix cache segment, imports the store NAR, restores `.devenv`/`.direnv`
|
|
330
|
+
only after an exact Nix cache hit, enables [Cachix], installs [devenv], restores `node_modules`, and builds the shell.
|
|
189
331
|
- `save-nix-devenv` runs under `always()`, calls `smoo github-ci cleanup-cache`, and explicitly saves cache segments
|
|
190
332
|
only when cleanup reports `cache-ready=true`.
|
|
191
333
|
- `cache-nix-devenv` is the shared restore/save primitive for the separate `nix` and `devenv` cache segments.
|
|
@@ -208,64 +350,149 @@ The bootstrap script is intentionally small. It only handles work required befor
|
|
|
208
350
|
|
|
209
351
|
## Releases
|
|
210
352
|
|
|
211
|
-
Release commands wrap Nx release but keep SmoothBricks policy in one place.
|
|
353
|
+
Release commands wrap [Nx Release][nx-release] but keep SmoothBricks policy in one place.
|
|
212
354
|
|
|
213
355
|
Versioning:
|
|
214
356
|
|
|
215
|
-
- `--bump auto`
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
357
|
+
- `--bump auto` first filters owned release packages to package-local candidates, then lets [Nx Release][nx-release]
|
|
358
|
+
derive the semver bump from [Conventional Commits]. A tagged package is an auto candidate only when files under its
|
|
359
|
+
package root changed since its current `name@version` release tag. An untagged package is an auto candidate only when
|
|
360
|
+
its package root has git history. Root-only changes, workflow edits, lockfile-only churn, and other workspace-global
|
|
361
|
+
changes may still affect Nx tasks, but they do not make unrelated package artifacts releasable.
|
|
362
|
+
- `--bump patch|minor|major|prerelease` forces the release specifier for the full owned release package set. Forced
|
|
363
|
+
bumps intentionally bypass the package-local auto filter.
|
|
364
|
+
- Release packages are discovered from `npm:public` packages whose `repository.url` exactly matches the root package.
|
|
365
|
+
- [Nx Release][nx-release] config must use `currentVersionResolver: "git-tag"` with
|
|
366
|
+
`fallbackCurrentVersionResolver: "disk"`. Conventional-commit versioning requires git tags as the primary source,
|
|
367
|
+
while the disk fallback supports initial releases before package tags exist.
|
|
368
|
+
- [Nx Release][nx-release] config must use `versionActions: "@smoothbricks/cli/nx-version-actions"`. This wraps Nx's JS
|
|
369
|
+
version actions and temporarily syncs `bun.lock` workspace versions after Nx runs `bun install --lockfile-only`.
|
|
370
|
+
- Same-org scoped packages must define short `package.json` `nx.name` values, for example `@smoothbricks/money` uses
|
|
371
|
+
`"nx": { "name": "money" }`. This lets Nx Release understand commit scopes like `fix(money): ...` without requiring
|
|
372
|
+
the npm org in every commit subject.
|
|
373
|
+
- Nx project names and npm package names are different release identities. Nx project filters, workflow `projects=`
|
|
374
|
+
outputs, build/lint/test validation, and project changelog lookup use `projectName`. npm publish checks, tarball
|
|
375
|
+
validation, GitHub Release titles, and durable release tags use package `name`.
|
|
376
|
+
- [Nx Release][nx-release] `preVersionCommand` is intentionally not used. smoo builds exactly the packages that still
|
|
377
|
+
need npm publish immediately before packing them, while the managed workflow separately builds, lints, tests, and
|
|
378
|
+
validates newly created release commits.
|
|
379
|
+
- `smoo release repair-pending` runs before the normal publish flow. It repairs older remote release tags whose npm
|
|
380
|
+
package version or GitHub Release is missing, while leaving the current `HEAD` release target to `version` and
|
|
381
|
+
`publish`.
|
|
382
|
+
- `smoo release version` selects the current release target before validation by running [Nx Release][nx-release]
|
|
383
|
+
versioning. npm registry state is not used to decide whether versioning should run. If `HEAD` is already a release
|
|
384
|
+
target, versioning returns `mode=none` and leaves idempotent completion to `smoo release publish`.
|
|
385
|
+
- `smoo release version --github-output "$GITHUB_OUTPUT"` appends `mode=new|none` and `projects=<comma-list>`. The
|
|
386
|
+
managed publish workflow uses `mode != "none"` to build, lint, test, and validate exactly the commit that
|
|
387
|
+
`smoo release publish` will publish. `projects` is a comma-separated Nx project-name list, not an npm package-name
|
|
388
|
+
list. The validation and publish step names include the selected mode so the [GitHub Actions] run shows whether it is
|
|
389
|
+
creating a new release or recording a no-op.
|
|
390
|
+
- Explicit bumps are mandatory when `HEAD` is not already a release target: after pending releases are repaired,
|
|
391
|
+
`bump=patch|minor|major|prerelease` must make Nx create a new release commit. smoo fails if Nx returns without moving
|
|
392
|
+
`HEAD`; `auto` may no-op when there are no releasable conventional commits.
|
|
393
|
+
- `--dry-run` previews versioning and completion without pushing refs, publishing npm packages, or writing GitHub
|
|
394
|
+
Releases.
|
|
395
|
+
- The `nx-version-actions` hook is a temporary Bun workaround. Bun currently leaves `bun.lock` workspace versions stale
|
|
396
|
+
after package manifest bumps, and `bun pm pack` rewrites `workspace:*` dependencies using those stale lockfile
|
|
397
|
+
versions. Keep the hook until supported Bun versions resolve these issues:
|
|
398
|
+
[oven-sh/bun#18906](https://github.com/oven-sh/bun/issues/18906),
|
|
399
|
+
[oven-sh/bun#20477](https://github.com/oven-sh/bun/issues/20477), and
|
|
400
|
+
[oven-sh/bun#20829](https://github.com/oven-sh/bun/issues/20829).
|
|
401
|
+
- Package release tags must use the npm package name and version, for example `@smoothbricks/nx-plugin@0.0.2`. smoo
|
|
402
|
+
derives release package/version pairs from that tag shape and recreates missing local tags for Nx release commits
|
|
403
|
+
before repairing remote state. Nx project names are only CLI/project-graph identifiers.
|
|
404
|
+
- `smoo release retag-unpublished <tag...>` is a break-glass recovery command for the case where Nx already committed a
|
|
405
|
+
version bump but npm publish failed before the package version became durable. It moves exact owned release tags to
|
|
406
|
+
`HEAD` by default without bumping package manifests again. It refuses to move a tag when `package@version` already
|
|
407
|
+
exists on npm, when the GitHub Release exists, or when the target ref's package manifest does not contain the tagged
|
|
408
|
+
version. Pass `--push` to update remote tags with `--force-with-lease`; pass `--dispatch` to also start `publish.yml`
|
|
409
|
+
with `bump=auto`. Dispatch validates that the target ref is already the remote branch head so the workflow will
|
|
410
|
+
publish the same commit that was retagged.
|
|
411
|
+
|
|
412
|
+
### Repair Process
|
|
413
|
+
|
|
414
|
+
`repair-pending` is tag-driven, not history-driven. It starts from fetched remote release tags because those tags are
|
|
415
|
+
the durable record that a package version was selected for release. It only checks npm and GitHub Release state to
|
|
416
|
+
decide which tags still need work; it does not walk normal commits looking for release-shaped changes.
|
|
417
|
+
|
|
418
|
+
1. Collect owned release tags from the fetched remote tag set, sorted newest-first by annotated tag `creatordate`. Only
|
|
419
|
+
tags matching owned package release names are considered, and each tag is peeled to the commit it releases.
|
|
420
|
+
2. Classify each owned release tag before grouping by commit. A tag needs npm repair when `package@version` is missing
|
|
421
|
+
from npm, and it needs GitHub repair when the GitHub Release for that tag is missing. Tags needing neither are
|
|
422
|
+
filtered out immediately.
|
|
423
|
+
3. Group only repair-needed tags by peeled commit. Empty commits disappear because their tags were already complete.
|
|
424
|
+
Exclude `HEAD` because the current release target is handled by `smoo release version` and `smoo release publish`,
|
|
425
|
+
not by the older-release repair loop.
|
|
426
|
+
4. Sort the remaining repair commits oldest-to-newest. Only after this sorted non-HEAD repair list exists does smoo
|
|
427
|
+
start checking out commits.
|
|
428
|
+
5. For each repair commit, check out the commit once and load that checkout's direnv environment once. If any grouped
|
|
429
|
+
tag still needs npm publish, run `nx run-many -t build --projects=<comma-separated npm-missing Nx projects>` once,
|
|
430
|
+
then publish those packages using the npm dist-tag implied by each package version. If the commit only needs GitHub
|
|
431
|
+
Releases, skip the build. Finally, create the missing GitHub Releases for the grouped tags that need them.
|
|
432
|
+
|
|
433
|
+
Pending release state should be a suffix of the release-target timeline because `repair-pending` runs before every
|
|
434
|
+
publish. Once a complete release target is reached, older targets are assumed complete; an observed gap in repair state
|
|
435
|
+
violates the workflow invariant and should fail loudly instead of silently repairing history out of order.
|
|
228
436
|
|
|
229
437
|
Publishing:
|
|
230
438
|
|
|
231
439
|
- `prerelease` publishes with npm dist-tag `next`.
|
|
232
440
|
- Stable bumps publish with npm dist-tag `latest`.
|
|
233
|
-
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
441
|
+
- `smoo release publish` pushes missing branch/tag refs, publishes missing npm versions, creates or updates GitHub
|
|
442
|
+
Releases, and writes a GitHub Step Summary. Already published npm versions are skipped, so reruns after auth or
|
|
443
|
+
network failures retry only the package versions npm does not have yet.
|
|
444
|
+
- npm registry state gates publish idempotency only. It decides which already-versioned package tarballs still need to
|
|
445
|
+
be published during a real release retry, not whether versioning should run or whether the workflow has a release to
|
|
446
|
+
publish.
|
|
447
|
+
- Before npm publish, smoo runs `nx run-many -t build --projects=<comma-separated npm-missing Nx projects>` for exactly
|
|
448
|
+
the packages whose `name@version` is not on npm yet. Nx cache makes this cheap when the managed workflow already built
|
|
449
|
+
the same projects, and it keeps reruns self-sufficient when repairing a previously selected `HEAD` release target.
|
|
237
450
|
- Publish uses `bun pm pack` to create package tarballs, then publishes those tarballs with latest npm CLI and
|
|
238
|
-
`--provenance`.
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
451
|
+
`--provenance`. Each package uses the npm dist-tag implied by its own version (`next` for prereleases, `latest` for
|
|
452
|
+
stable versions). Bun pack resolves internal `workspace:*` dependency ranges to real versions in the tarball manifest;
|
|
453
|
+
smoo fails before publish if a packed manifest still contains `workspace:` or if an internal dependency does not match
|
|
454
|
+
the current workspace package version.
|
|
455
|
+
- [npm CLI][npm] owns publish authentication. Packages use [trusted publishing][npm-trusted-publishing] with [GitHub
|
|
456
|
+
Actions OIDC][github-actions-oidc] from the workflow's `id-token: write` permission. Package names must exist on npm
|
|
457
|
+
before CI publish runs; use `smoo release trust-publisher --bootstrap` locally to publish `0.0.0-bootstrap.0` under
|
|
458
|
+
the `bootstrap` dist-tag for new package names before configuring trust.
|
|
459
|
+
- `smoo release bootstrap-npm-packages` scans owned `npm:public` release packages missing from npm, runs
|
|
460
|
+
`npm login --auth-type=web` through `nix shell nixpkgs#nodejs_latest` unless `--skip-login` is passed, and publishes a
|
|
461
|
+
minimal placeholder package with `--access public --tag bootstrap`. It supports `--dry-run` and `--package <name...>`
|
|
462
|
+
for targeted bootstraps.
|
|
463
|
+
- `smoo release trust-publisher` configures [npm trusted publishing][npm-trusted-publishing] for every owned release
|
|
464
|
+
package. It uses the root `package.json` `repository.url` as the GitHub `owner/repo`, uses `publish.yml` as the
|
|
465
|
+
trusted workflow, and runs `npm trust` through `nix shell nixpkgs#nodejs_latest` because the Lambda-pinned Node 24/npm
|
|
466
|
+
toolchain may lag the npm CLI feature. By default it runs `npm login --auth-type=web` first so npm can open a browser
|
|
467
|
+
login; pass `--skip-login` when the current npm session is already authenticated. Pass `--bootstrap` to create missing
|
|
468
|
+
npm package names first, then configure trusted publishing in the same command. npm may still require operation-level
|
|
469
|
+
2FA for `npm trust`; smoo prompts for a hidden OTP per package, or you can pass `--otp <code>` for non-interactive
|
|
470
|
+
use.
|
|
250
471
|
|
|
251
472
|
GitHub Releases:
|
|
252
473
|
|
|
253
|
-
- `smoo release
|
|
254
|
-
|
|
474
|
+
- `smoo release publish` delegates to `nx release changelog` once per owned package whose current package release tag is
|
|
475
|
+
at `HEAD`, passing that package's version explicitly for independent releases after npm publish succeeds.
|
|
476
|
+
- Nx project changelogs are configured to create or update GitHub Releases, not local changelog files.
|
|
477
|
+
- Generated release notes are package-scoped Conventional Commit changelogs. Init defaults author rendering and GitHub
|
|
478
|
+
username lookup on, while validation allows repos to override those render options.
|
|
255
479
|
|
|
256
|
-
The release flow is designed to be rerun after partial failure. Nx owns local version/tag behavior,
|
|
257
|
-
|
|
480
|
+
The release flow is designed to be rerun after partial failure. Nx owns local version/tag behavior, while smoo derives
|
|
481
|
+
durable completion state from the remote branch, release tags, npm registry versions, and GitHub Releases. Repeated
|
|
482
|
+
Publish runs converge without self-spawning another workflow run.
|
|
258
483
|
|
|
259
484
|
## Why This Shape
|
|
260
485
|
|
|
261
486
|
The important design goal is one source of truth per convention:
|
|
262
487
|
|
|
263
|
-
- Nx `npm:public` tags decide what
|
|
488
|
+
- [Nx] `npm:public` tags decide what has a public npm package contract.
|
|
489
|
+
- Matching root/package `repository.url` values decide which public packages are released by the current repo.
|
|
264
490
|
- Managed files decide what generated CI and hooks should look like.
|
|
265
|
-
- Root package metadata provides defaults for public packages.
|
|
491
|
+
- Root package metadata provides defaults only for owned public packages.
|
|
266
492
|
- Actual workspace package names decide which dependency ranges become `workspace:*`.
|
|
267
|
-
-
|
|
268
|
-
- `
|
|
493
|
+
- Package manifests decide Bun lockfile workspace versions until Bun stops leaving them stale during releases.
|
|
494
|
+
- [`sherif`] handles broad package hygiene.
|
|
495
|
+
- [`publint`] and [`attw`][are-the-types-wrong] validate real packed artifacts.
|
|
269
496
|
|
|
270
497
|
This keeps `smoo` small where external tools already do the job, but keeps SmoothBricks-specific policy native where
|
|
271
498
|
generic tools do not know the repo contract. In particular, `sherif` is useful for package hygiene, but it does not know
|
|
@@ -287,3 +514,26 @@ If validating packages with Zig build steps from outside the devenv shell, add Z
|
|
|
287
514
|
```bash
|
|
288
515
|
nix shell nixpkgs#zig -c nx run-many -t build --projects=<public-projects>
|
|
289
516
|
```
|
|
517
|
+
|
|
518
|
+
## Links
|
|
519
|
+
|
|
520
|
+
[are-the-types-wrong]: https://github.com/arethetypeswrong/arethetypeswrong.github.io/tree/main/packages/cli
|
|
521
|
+
[Bun]: https://bun.sh/
|
|
522
|
+
[Cachix]: https://www.cachix.org/
|
|
523
|
+
[CommonJS]: https://nodejs.org/api/modules.html
|
|
524
|
+
[Conventional Commits]: https://www.conventionalcommits.org/
|
|
525
|
+
[devenv]: https://devenv.sh/
|
|
526
|
+
[direnv]: https://direnv.net/
|
|
527
|
+
[ESM]: https://nodejs.org/api/esm.html
|
|
528
|
+
[git-format-staged]: https://github.com/smoothbricks/git-format-staged
|
|
529
|
+
[GitHub Actions]: https://docs.github.com/actions
|
|
530
|
+
[github-actions-oidc]:
|
|
531
|
+
https://docs.github.com/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect
|
|
532
|
+
[Nix]: https://nixos.org/
|
|
533
|
+
[Node.js]: https://nodejs.org/
|
|
534
|
+
[npm]: https://www.npmjs.com/
|
|
535
|
+
[npm-trusted-publishing]: https://docs.npmjs.com/trusted-publishers
|
|
536
|
+
[Nx]: https://nx.dev/
|
|
537
|
+
[nx-release]: https://nx.dev/features/manage-releases
|
|
538
|
+
[`publint`]: https://publint.dev/
|
|
539
|
+
[`sherif`]: https://github.com/QuiiBz/sherif
|
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAIA,wBAAsB,MAAM,CAAC,IAAI,WAAwB,GAAG,OAAO,CAAC,IAAI,CAAC,CAexE"}
|