Skip to content

chore: migrate from tsup to tsdown#15

Merged
m2na7 merged 11 commits into
mainfrom
chore/migrate-tsdown
Sep 20, 2025
Merged

chore: migrate from tsup to tsdown#15
m2na7 merged 11 commits into
mainfrom
chore/migrate-tsdown

Conversation

@m2na7

@m2na7 m2na7 commented Sep 20, 2025

Copy link
Copy Markdown
Owner

Overview

migrate from tsup to tsdwon.
tsdown provides faster build speeds and powerful bundle size optimizations (~28% reduction).

Summary by CodeRabbit

  • New Features

    • None — no user-facing changes.
  • Build

    • Switched bundling tool and simplified build options; broadened external dependency handling. Public API unchanged.
  • Packaging

    • Updated package ignore rules to align with the new build setup.
  • Chores

    • Added CI with type-check, format, build jobs and a bundle-size check on PRs.
    • Updated release pipeline to Node.js 20 and adjusted step ordering.

@m2na7 m2na7 self-assigned this Sep 20, 2025
@vercel

vercel Bot commented Sep 20, 2025

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
react-compact-toast Ready Ready Preview Comment Sep 20, 2025 1:33pm

@coderabbitai

coderabbitai Bot commented Sep 20, 2025

Copy link
Copy Markdown

Walkthrough

Replaced tsup references with tsdown in build config and project metadata; removed several tsup-specific build flags; expanded externals; added a CI workflow with matrix checks and bundle-size validation; updated release workflow to Node.js 20 and relocated the package-version update step; updated .npmignore and .coderabbit.yaml to reference tsdown.config.ts.

Changes

Cohort / File(s) Summary of changes
Config path rename references
\.coderabbit\.yaml, \.npmignore
Renamed occurrences of tsup.config.ts to tsdown.config.ts.
Build config switch to tsdown
tsdown.config.ts
Replaced import { defineConfig } from 'tsup' with tsdown; removed options splitting, clean, injectStyle, treeshake; expanded external to include react/jsx-runtime and react/jsx-dev-runtime; preserved entry, format/dts/sourcemap/minify/outDir/target settings.
CI workflow addition
.github/workflows/ci.yml
Added "CI" workflow triggering on push/PR to main and develop; job quality runs matrix commands (type-check, format:check, build:lib, build) with pnpm and Node.js v20; job check-bundle-size (PR-only) depends on quality and runs preactjs/compressed-size-action against build artifacts.
Release workflow Node update & step move
.github/workflows/release.yml
Updated Node.js setup from 18 to 20; moved the "Update Package Version" step later in the job sequence (no change to the step's commands).

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor GitHub as "GitHub (push/PR)"
  participant Runner as "Actions runner"
  participant Repo as "Repository"
  participant Setup as "Setup (pnpm + Node.js v20)"
  participant Installer as "pnpm install --frozen-lockfile"
  participant Matrix as "CI matrix job"
  participant SizeCheck as "compressed-size action"

  GitHub ->> Runner: trigger CI (push/PR to main/develop)
  Runner ->> Repo: checkout code
  Runner ->> Setup: setup pnpm (no auto-install) and Node.js v20
  Runner ->> Installer: install dependencies (--frozen-lockfile)
  Runner ->> Matrix: run matrix command (type-check / format:check / build:lib / build)
  Matrix ->> Repo: execute npm script (requested task)
  alt build artifact produced
    Runner ->> SizeCheck: run compressed-size check (targets `dist/**/*.{js,mjs}`, excludes maps, node_modules, specific CSS)
  end
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title Check ✅ Passed The title "chore: migrate from tsup to tsdown" is concise and accurately reflects the primary change in the PR — swapping tsup for tsdown (addition of tsdown.config.ts and updates to references in config and ignore files) — making it clear to reviewers what the main intent of the changeset is.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch chore/migrate-tsdown

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov

codecov Bot commented Sep 20, 2025

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (5)
.github/workflows/ci.yml (3)

1-8: Harden permissions and add concurrency

Limit token scope and cancel superseded runs for the same ref.

Apply:

 name: CI

 on:
   push:
     branches: [main, develop]
   pull_request:
     branches: [main, develop]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true

14-16: Fetch full history for size diff accuracy

compressed-size-action can compare against base commits more reliably with full history.

-      - name: Checkout
-        uses: actions/checkout@v4
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0

40-41: Step label vs actual script

The step name says “React Scripts” but runs pnpm build (repo-level). Rename for clarity or scope with working-directory if this targets a demo app.

-      - name: Build demo (React Scripts)
-        run: pnpm build
+      - name: Build demo
+        run: pnpm build
tsdown.config.ts (2)

4-6: Comment is outdated: no style injection configured

The code says “with injected styles” but there’s no inject setting. Update the comment or reintroduce an equivalent if tsdown supports it.

-  // Main bundle with injected styles
+  // Main bundle

16-20: CSS entry: ensure minification and stable cleaning

Minify emitted CSS and make cleaning explicit (clean in first config, not here) to avoid accidental wipes.

   {
     entry: ['src/styles.css'],
     outDir: 'dist',
     clean: false,
+    minify: true,
   },
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between adfd70d and 81e3f7c.

⛔ Files ignored due to path filters (3)
  • package.json is excluded by !**/*.json
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
  • tsconfig.node.json is excluded by !**/*.json
📒 Files selected for processing (4)
  • .coderabbit.yaml (1 hunks)
  • .github/workflows/ci.yml (1 hunks)
  • .npmignore (1 hunks)
  • tsdown.config.ts (1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
tsdown.config.ts

⚙️ CodeRabbit configuration file

Review build configuration for proper bundling and output formats. Ensure proper entry points and external dependencies handling.

Files:

  • tsdown.config.ts
🔇 Additional comments (5)
.coderabbit.yaml (1)

45-46: LGTM: added tsdown.config.ts to path_instructions

Reference aligns with the migration objective.

.npmignore (1)

11-11: LGTM — ignore tsdown.config.ts in the published package; verification required

Verification attempt failed: ERR_PNPM_NO_IMPORTER_MANIFEST_FOUND — no package.json found at /home/jailuser/git. Run from the repository root and confirm tsdown.config.ts is not in the npm pack output:

pnpm build:lib && npm pack --dry-run > /tmp/pack.txt && cat /tmp/pack.txt && TARBALL=$(grep -oE 'react-compact-toast-.*.tgz' /tmp/pack.txt | tail -1) && [ -n "${TARBALL:-}" ] && tar -tf "$TARBALL" | sort | sed -n '1,120p' — confirm tsdown.config.ts is not listed.

.github/workflows/ci.yml (2)

28-29: Lockfile/tooling alignment — no action required

Local check shows pnpm 10.17.0 and pnpm-lock.yaml has lockfileVersion: '9.0' — pnpm v9 and v10 both use lockfileVersion 9.0, so the installed pnpm is compatible. (vercel.com)


37-48: Verify dist exists and patterns match

Sandbox couldn't run pnpm build:lib — no package.json at the repo root and no dist/ directory found. Confirm build:lib emits JS/MJS/CSS into ./dist; if it outputs elsewhere, update the compressed-size action pattern './dist/**/*.{js,mjs,css}' in .github/workflows/ci.yml (lines 37-48) to the actual output path or add a step to copy the build artifacts into ./dist.

tsdown.config.ts (1)

1-1: Confirm tsdown option parity (dts, CSS entry, clean)

tsdown supports dts: true and clean (default true). entry accepts files/globs, but CSS files are not processed by default — either import the CSS from a JS/TS entry or add a Rolldown/Rollup CSS plugin (e.g. rollup-plugin-styles or a postcss plugin) in tsdown.config.ts under plugins. Sandbox couldn't run the CLI (pnpm failed: no package.json); verify/adjust tsdown.config.ts to enable dts and add a CSS plugin if you need CSS as an entry.

Comment thread .coderabbit.yaml
Comment thread tsdown.config.ts

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
.github/workflows/release.yml (1)

43-50: Tag/commit pushed before tests/build — risk of bad releases.

You push the version commit and tag (Lines 43–50) before unit/Cypress tests and build (Lines 51–62). If tests fail, the tag and main are already updated. Reorder to test/build first, then version/tag/push.

Apply this diff to move the versioning step after a successful build:

@@
-      - name: Update Package Version
-        run: |
-          git config --local user.email "github-actions[bot]@users.noreply.github.com"
-          git config --local user.name "github-actions[bot]"
-          npm version ${{ github.event.inputs.version }} -m "Release v%s"
-          git push origin HEAD:main
-          git push --tags
@@
       - name: Run Unit Tests
         run: pnpm run test:unit:run
@@
       - name: Install Cypress Binary
         run: pnpm exec cypress install
@@
       - name: Run Cypress Tests
         run: pnpm run test
@@
       - name: Build Library
         run: pnpm run build:lib
+
+      - name: Update Package Version (tag and push after successful tests/build)
+        run: |
+          git config --local user.email "github-actions[bot]@users.noreply.github.com"
+          git config --local user.name "github-actions[bot]"
+          npm version ${{ github.event.inputs.version }} -m "Release v%s"
+          git push origin HEAD:main
+          git push --tags

Also applies to: 51-62

🧹 Nitpick comments (3)
.github/workflows/release.yml (3)

11-11: Enable cancel-in-progress for safer reruns.

Add cancel-in-progress to avoid multiple concurrent releases per ref.

-concurrency: ${{ github.workflow }}-${{ github.ref }}
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true

22-22: Pin GitHub Actions to commit SHAs.

For supply‑chain hardening, pin actions to immutable SHAs (keep the tag as a comment).

If you want, I can generate the exact SHAs for:

  • actions/checkout@v4
  • pnpm/action-setup@v4
  • actions/setup-node@v4
  • actions/cache@v4

Also applies to: 24-26, 28-28, 38-38


37-42: Improve Cypress caching key.

Keying only on OS and pnpm-lock may miss binary changes. Include Cypress version for better hits.

       - name: Cache Cypress Binary
         uses: actions/cache@v4
         with:
           path: ~/.cache/Cypress
-          key: cypress-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
+          key: cypress-${{ runner.os }}-${{ steps.cypress_ver.outputs.version }}-${{ hashFiles('pnpm-lock.yaml') }}
+
+      - name: Read Cypress version
+        id: cypress_ver
+        run: echo "version=$(jq -r '.devDependencies.cypress // .dependencies.cypress' package.json)" >> "$GITHUB_OUTPUT"

Also applies to: 54-56

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bf711d8 and d3d3e90.

⛔ Files ignored due to path filters (1)
  • package.json is excluded by !**/*.json
📒 Files selected for processing (2)
  • .github/workflows/ci.yml (1 hunks)
  • .github/workflows/release.yml (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/ci.yml
🔇 Additional comments (2)
.github/workflows/release.yml (2)

71-74: Confirm npm token scope and 2FA policy.

Ensure PACKAGE_PUBLISH_KEY_NPM has publish scope for the package and repository 2FA settings won’t block CI publishes.


27-31: Use a semver range for Node in the release workflow (change node-version: 20 → 20.x).

Confirmed .github/workflows/release.yml pins node-version: 20 — update to 20.x so setup-node receives patch/security fixes.

Apply this diff:

-      - name: Setup Node.js 20.x
+      - name: Setup Node.js 20.x
         uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version: 20.x
           cache: "pnpm"
           registry-url: "https://registry.npmjs.org"

@github-actions

github-actions Bot commented Sep 20, 2025

Copy link
Copy Markdown
Contributor

Size Change: -1.28 kB (-28.21%) 🎉

Total Size: 3.27 kB

Filename Size Change
./dist/index.js 1.76 kB -516 B (-22.66%) 🎉
./dist/index.mjs 1.51 kB -768 B (-33.76%) 🎉

compressed-size-action

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (5)
.github/workflows/ci.yml (5)

16-19: Set matrix fail-fast to false to keep all checks running

If one matrix command fails, others are auto-cancelled. Keep signal by disabling fail-fast.

     strategy:
-      matrix:
+      fail-fast: false
+      matrix:
         command: ['type-check', 'format:check', 'build:lib', 'build']

41-49: Run bundle-size even if quality fails (PRs only)

Ensure bundle-size always executes on PRs, regardless of quality job result.

-  check-bundle-size:
+  check-bundle-size:
     name: Bundle size check
     runs-on: ubuntu-latest
-    if: github.event_name == 'pull_request'
+    if: ${{ always() && github.event_name == 'pull_request' }}
@@
-    needs: quality
+    needs: quality

50-52: Fetch full history for accurate base vs. PR size comparison

compressed-size-action needs base ref; fetch-depth 0 avoids shallow clone issues.

-      - name: Checkout
-        uses: actions/checkout@v4
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0

1-8: Add workflow-level concurrency to auto-cancel superseded runs

Prevents CI backlogs when pushing multiple commits to the same ref.

 name: CI

 on:
   push:
     branches: [main, develop]
   pull_request:
     types: [opened, synchronize, reopened]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true

50-74: Optional hardening: pin actions to SHAs

Pinning to commit SHAs reduces supply-chain risk; update periodically.

Example:

-uses: actions/checkout@v4
+uses: actions/checkout@3df4ab11…  # v4 commit SHA
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a01e06b and 1020f89.

📒 Files selected for processing (1)
  • .github/workflows/ci.yml (1 hunks)
🔇 Additional comments (2)
.github/workflows/ci.yml (2)

37-40: Confirm intention: allow build:lib to fail in quality

This step won’t fail the job for build:lib. If you want bundle-size to still run even when quality fails overall, see the next comment.


28-36: Pin pnpm and stabilize Actions cache

File: .github/workflows/ci.yml (around lines 28–36) — Pin pnpm to avoid CI/local drift and add cache-dependency-path to stabilize cache keys.

-      - name: Setup pnpm
-        uses: pnpm/action-setup@v4
-        with:
-          run_install: false
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 9
+          run_install: false
@@
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
           node-version: '20'
           cache: 'pnpm'
+          cache-dependency-path: pnpm-lock.yaml

Verify the repo actually uses pnpm and that pnpm-lock.yaml exists before merging (example checks: locate package.json/pnpm-lock.yaml and confirm packageManager).

@m2na7
m2na7 merged commit 9c1d075 into main Sep 20, 2025
10 checks passed
@m2na7
m2na7 deleted the chore/migrate-tsdown branch September 20, 2025 13:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant