actionspack 0.1.1 → 0.1.2

package/README.md

@@ -13,6 +13,23 @@ It currently supports inlining composite actions and safely transformable
 reusable workflows. JavaScript and Docker actions are pinned as external
 dependencies instead of being bundled.
 
+## Why actionspack?
+
+GitHub Actions workflows often depend on reusable workflows and actions from
+other repositories. You may want to author those dependencies with convenient
+floating refs like `@main` in `.github/workflows/src/`, but generated workflows
+should be reproducible and reviewable.
+
+`actionspack` gives workflows a lockfile mechanism similar to `pnpm`. It locks
+remote workflows and actions in `.github/workflow.lock.yml`, inlines everything
+that can be transformed safely into the local repository, and pins anything that
+cannot be inlined to a fixed SHA.
+
+To update workflow and action dependencies, run `actionspack update`
+periodically. The updated lockfile and generated workflows are normal repository
+files, so `git diff` shows exactly which dependencies changed and what generated
+workflow output changed.
+
 ## Install
 
 ```bash
@@ -49,6 +66,16 @@ npx actionspack
 Generated workflows are safe to commit. Existing lockfile SHAs are reused until
 you explicitly run `actionspack update`.
 
+When you want to refresh workflow/action dependencies:
+
+```bash
+npx actionspack update
+git diff
+```
+
+Review the dependency SHA changes in `.github/workflow.lock.yml` and the
+resulting generated workflow changes before committing.
+
 ## Commands
 
 ```bash

package/dist/cli.mjs

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { a as why, f as scan, i as update, l as verify, r as tree, s as pack, t as diff } from "./commands-CPJczWTq.mjs";
+import { a as why, f as scan, i as update, l as verify, r as tree, s as pack, t as diff } from "./commands-jdSon0td.mjs";
 import { styleText } from "node:util";
 import process from "node:process";
 import { cac } from "cac";

package/dist/{commands-CPJczWTq.mjs → commands-jdSon0td.mjs}

@@ -909,6 +909,8 @@ function substituteString(value, values) {
 		const expr = parseExpression(expression);
 		const replacement = directReplacement(expr, values);
 		if (replacement !== void 0) return replacement;
+		const evaluated = staticExpression(expr, values);
+		if (evaluated) return evaluated.value;
 		const simplified = printExpression(expr, values);
 		const staticValue = staticExpression(parseExpression(simplified), values);
 		return staticValue ? staticValue.value : `\${{ ${simplified} }}`;

package/dist/index.mjs

@@ -1,2 +1,2 @@
-import { a as why, c as packWorkflow, d as collectWorkflowDependencies, f as scan, i as update, l as verify, n as diffLockfiles, o as assertNoRemoteUses, r as tree, s as pack, t as diff, u as collectStepDependencies } from "./commands-CPJczWTq.mjs";
+import { a as why, c as packWorkflow, d as collectWorkflowDependencies, f as scan, i as update, l as verify, n as diffLockfiles, o as assertNoRemoteUses, r as tree, s as pack, t as diff, u as collectStepDependencies } from "./commands-jdSon0td.mjs";
 export { assertNoRemoteUses, collectStepDependencies, collectWorkflowDependencies, diff, diffLockfiles, pack, packWorkflow, scan, tree, update, verify, why };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "actionspack",
   "type": "module",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "Lockfile-first GitHub Actions workflow packer",
   "author": "Kevin Deng <sxzz@sxzz.moe>",
   "license": "MIT",