cistack 5.3.0 → 5.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +2 -0
  2. package/package.json +1 -1
  3. package/src/generators/workflow.js +2 -2
  4. package/tests/run.js +4 -2
package/README.md CHANGED
@@ -89,6 +89,8 @@ By default, `cistack` now generates a single GitHub Actions workflow that combin
89
89
 
90
90
  Dependabot remains a separate file in `.github/dependabot.yml`, because it is not a GitHub Actions workflow.
91
91
 
92
+ If you want preview deployments on Dependabot pull requests, add deployment credentials as Dependabot secrets too, not only Actions secrets. For Vercel, that means `VERCEL_TOKEN`, `VERCEL_ORG_ID`, and `VERCEL_PROJECT_ID`.
93
+
92
94
  ### Split mode
93
95
 
94
96
  If you prefer the old multi-file layout, set:
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cistack",
3
- "version": "5.3.0",
3
+ "version": "5.4.0",
4
4
  "description": "Automatically generate GitHub Actions CI/CD pipelines by analysing your codebase",
5
5
  "main": "src/index.js",
6
6
  "types": "index.d.ts",
package/src/generators/workflow.js CHANGED
@@ -422,7 +422,7 @@ class WorkflowGenerator {
422
422
  if (previewSteps.length > 0) {
423
423
  jobs.preview = {
424
424
  name: `✨ Deploy → ${h.name} (Preview)`,
425
- if: "github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository",
425
+ if: "github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository",
426
426
  'runs-on': 'ubuntu-latest',
427
427
  environment: 'preview',
428
428
  steps: [
@@ -430,7 +430,7 @@ class WorkflowGenerator {
430
430
  ...previewSteps,
431
431
  {
432
432
  name: 'Comment PR',
433
- if: 'always()',
433
+ if: "always() && github.actor != 'dependabot[bot]'",
434
434
  uses: 'actions/github-script@v7',
435
435
  with: {
436
436
  script: `
package/tests/run.js CHANGED
@@ -560,7 +560,7 @@ test('Netlify preview configuration uses the detected production branch instead
560
560
  assert.equal(previewStep.with['production-branch'], 'release');
561
561
  });
562
562
 
563
- test('Preview deploy jobs only run for same-repo pull requests with secrets access', () => {
563
+ test('Preview deploy jobs run for same-repo pull requests, including Dependabot PRs', () => {
564
564
  const projectDir = makeTempDir();
565
565
  writeFiles(projectDir, {
566
566
  'package.json': json({
@@ -582,11 +582,13 @@ test('Preview deploy jobs only run for same-repo pull requests with secrets acce
582
582
 
583
583
  const deploy = generator.generate().find((workflow) => workflow.filename === 'deploy.yml');
584
584
  const parsed = parseWorkflow(deploy.content);
585
+ const commentStep = parsed.jobs.preview.steps.find((step) => step.name === 'Comment PR');
585
586
 
586
587
  assert.equal(
587
588
  parsed.jobs.preview.if,
588
- "github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository"
589
+ "github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository"
589
590
  );
591
+ assert.equal(commentStep.if, "always() && github.actor != 'dependabot[bot]'");
590
592
  });
591
593
 
592
594
  test('Generic JavaScript builds no longer upload a fake dist artifact when no build directory is known', () => {