chore: migrate from tsup to tsdown#15
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
WalkthroughReplaced tsup references with tsdown in build config and project metadata; removed several tsup-specific build flags; expanded externals; added a CI workflow with matrix checks and bundle-size validation; updated release workflow to Node.js 20 and relocated the package-version update step; updated Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor GitHub as "GitHub (push/PR)"
participant Runner as "Actions runner"
participant Repo as "Repository"
participant Setup as "Setup (pnpm + Node.js v20)"
participant Installer as "pnpm install --frozen-lockfile"
participant Matrix as "CI matrix job"
participant SizeCheck as "compressed-size action"
GitHub ->> Runner: trigger CI (push/PR to main/develop)
Runner ->> Repo: checkout code
Runner ->> Setup: setup pnpm (no auto-install) and Node.js v20
Runner ->> Installer: install dependencies (--frozen-lockfile)
Runner ->> Matrix: run matrix command (type-check / format:check / build:lib / build)
Matrix ->> Repo: execute npm script (requested task)
alt build artifact produced
Runner ->> SizeCheck: run compressed-size check (targets `dist/**/*.{js,mjs}`, excludes maps, node_modules, specific CSS)
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches
🧪 Generate unit tests
Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (5)
.github/workflows/ci.yml (3)
1-8: Harden permissions and add concurrencyLimit token scope and cancel superseded runs for the same ref.
Apply:
name: CI on: push: branches: [main, develop] pull_request: branches: [main, develop] + +permissions: + contents: read + pull-requests: write + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true
14-16: Fetch full history for size diff accuracycompressed-size-action can compare against base commits more reliably with full history.
- - name: Checkout - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0
40-41: Step label vs actual scriptThe step name says “React Scripts” but runs pnpm build (repo-level). Rename for clarity or scope with working-directory if this targets a demo app.
- - name: Build demo (React Scripts) - run: pnpm build + - name: Build demo + run: pnpm buildtsdown.config.ts (2)
4-6: Comment is outdated: no style injection configuredThe code says “with injected styles” but there’s no inject setting. Update the comment or reintroduce an equivalent if tsdown supports it.
- // Main bundle with injected styles + // Main bundle
16-20: CSS entry: ensure minification and stable cleaningMinify emitted CSS and make cleaning explicit (clean in first config, not here) to avoid accidental wipes.
{ entry: ['src/styles.css'], outDir: 'dist', clean: false, + minify: true, },
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (3)
package.jsonis excluded by!**/*.jsonpnpm-lock.yamlis excluded by!**/pnpm-lock.yamltsconfig.node.jsonis excluded by!**/*.json
📒 Files selected for processing (4)
.coderabbit.yaml(1 hunks).github/workflows/ci.yml(1 hunks).npmignore(1 hunks)tsdown.config.ts(1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
tsdown.config.ts
⚙️ CodeRabbit configuration file
Review build configuration for proper bundling and output formats. Ensure proper entry points and external dependencies handling.
Files:
tsdown.config.ts
🔇 Additional comments (5)
.coderabbit.yaml (1)
45-46: LGTM: added tsdown.config.ts to path_instructionsReference aligns with the migration objective.
.npmignore (1)
11-11: LGTM — ignore tsdown.config.ts in the published package; verification requiredVerification attempt failed: ERR_PNPM_NO_IMPORTER_MANIFEST_FOUND — no package.json found at /home/jailuser/git. Run from the repository root and confirm tsdown.config.ts is not in the npm pack output:
pnpm build:lib && npm pack --dry-run > /tmp/pack.txt && cat /tmp/pack.txt && TARBALL=$(grep -oE 'react-compact-toast-.*.tgz' /tmp/pack.txt | tail -1) && [ -n "${TARBALL:-}" ] && tar -tf "$TARBALL" | sort | sed -n '1,120p' — confirm tsdown.config.ts is not listed.
.github/workflows/ci.yml (2)
28-29: Lockfile/tooling alignment — no action requiredLocal check shows pnpm 10.17.0 and pnpm-lock.yaml has lockfileVersion: '9.0' — pnpm v9 and v10 both use lockfileVersion 9.0, so the installed pnpm is compatible. (vercel.com)
37-48: Verify dist exists and patterns matchSandbox couldn't run pnpm build:lib — no package.json at the repo root and no dist/ directory found. Confirm build:lib emits JS/MJS/CSS into ./dist; if it outputs elsewhere, update the compressed-size action pattern './dist/**/*.{js,mjs,css}' in .github/workflows/ci.yml (lines 37-48) to the actual output path or add a step to copy the build artifacts into ./dist.
tsdown.config.ts (1)
1-1: Confirm tsdown option parity (dts, CSS entry, clean)tsdown supports dts: true and clean (default true). entry accepts files/globs, but CSS files are not processed by default — either import the CSS from a JS/TS entry or add a Rolldown/Rollup CSS plugin (e.g. rollup-plugin-styles or a postcss plugin) in tsdown.config.ts under plugins. Sandbox couldn't run the CLI (pnpm failed: no package.json); verify/adjust tsdown.config.ts to enable dts and add a CSS plugin if you need CSS as an entry.
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/release.yml (1)
43-50: Tag/commit pushed before tests/build — risk of bad releases.You push the version commit and tag (Lines 43–50) before unit/Cypress tests and build (Lines 51–62). If tests fail, the tag and main are already updated. Reorder to test/build first, then version/tag/push.
Apply this diff to move the versioning step after a successful build:
@@ - - name: Update Package Version - run: | - git config --local user.email "github-actions[bot]@users.noreply.github.com" - git config --local user.name "github-actions[bot]" - npm version ${{ github.event.inputs.version }} -m "Release v%s" - git push origin HEAD:main - git push --tags @@ - name: Run Unit Tests run: pnpm run test:unit:run @@ - name: Install Cypress Binary run: pnpm exec cypress install @@ - name: Run Cypress Tests run: pnpm run test @@ - name: Build Library run: pnpm run build:lib + + - name: Update Package Version (tag and push after successful tests/build) + run: | + git config --local user.email "github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + npm version ${{ github.event.inputs.version }} -m "Release v%s" + git push origin HEAD:main + git push --tagsAlso applies to: 51-62
🧹 Nitpick comments (3)
.github/workflows/release.yml (3)
11-11: Enable cancel-in-progress for safer reruns.Add cancel-in-progress to avoid multiple concurrent releases per ref.
-concurrency: ${{ github.workflow }}-${{ github.ref }} +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true
22-22: Pin GitHub Actions to commit SHAs.For supply‑chain hardening, pin actions to immutable SHAs (keep the tag as a comment).
If you want, I can generate the exact SHAs for:
- actions/checkout@v4
- pnpm/action-setup@v4
- actions/setup-node@v4
- actions/cache@v4
Also applies to: 24-26, 28-28, 38-38
37-42: Improve Cypress caching key.Keying only on OS and pnpm-lock may miss binary changes. Include Cypress version for better hits.
- name: Cache Cypress Binary uses: actions/cache@v4 with: path: ~/.cache/Cypress - key: cypress-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }} + key: cypress-${{ runner.os }}-${{ steps.cypress_ver.outputs.version }}-${{ hashFiles('pnpm-lock.yaml') }} + + - name: Read Cypress version + id: cypress_ver + run: echo "version=$(jq -r '.devDependencies.cypress // .dependencies.cypress' package.json)" >> "$GITHUB_OUTPUT"Also applies to: 54-56
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
package.jsonis excluded by!**/*.json
📒 Files selected for processing (2)
.github/workflows/ci.yml(1 hunks).github/workflows/release.yml(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- .github/workflows/ci.yml
🔇 Additional comments (2)
.github/workflows/release.yml (2)
71-74: Confirm npm token scope and 2FA policy.Ensure PACKAGE_PUBLISH_KEY_NPM has publish scope for the package and repository 2FA settings won’t block CI publishes.
27-31: Use a semver range for Node in the release workflow (change node-version: 20 → 20.x).Confirmed .github/workflows/release.yml pins node-version: 20 — update to 20.x so setup-node receives patch/security fixes.
Apply this diff:
- - name: Setup Node.js 20.x + - name: Setup Node.js 20.x uses: actions/setup-node@v4 with: - node-version: 20 + node-version: 20.x cache: "pnpm" registry-url: "https://registry.npmjs.org"
|
Size Change: -1.28 kB (-28.21%) 🎉 Total Size: 3.27 kB
|
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (5)
.github/workflows/ci.yml (5)
16-19: Set matrix fail-fast to false to keep all checks runningIf one matrix command fails, others are auto-cancelled. Keep signal by disabling fail-fast.
strategy: - matrix: + fail-fast: false + matrix: command: ['type-check', 'format:check', 'build:lib', 'build']
41-49: Run bundle-size even if quality fails (PRs only)Ensure bundle-size always executes on PRs, regardless of quality job result.
- check-bundle-size: + check-bundle-size: name: Bundle size check runs-on: ubuntu-latest - if: github.event_name == 'pull_request' + if: ${{ always() && github.event_name == 'pull_request' }} @@ - needs: quality + needs: quality
50-52: Fetch full history for accurate base vs. PR size comparisoncompressed-size-action needs base ref; fetch-depth 0 avoids shallow clone issues.
- - name: Checkout - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0
1-8: Add workflow-level concurrency to auto-cancel superseded runsPrevents CI backlogs when pushing multiple commits to the same ref.
name: CI on: push: branches: [main, develop] pull_request: types: [opened, synchronize, reopened] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true
50-74: Optional hardening: pin actions to SHAsPinning to commit SHAs reduces supply-chain risk; update periodically.
Example:
-uses: actions/checkout@v4 +uses: actions/checkout@3df4ab11… # v4 commit SHA
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/ci.yml(1 hunks)
🔇 Additional comments (2)
.github/workflows/ci.yml (2)
37-40: Confirm intention: allow build:lib to fail in qualityThis step won’t fail the job for build:lib. If you want bundle-size to still run even when quality fails overall, see the next comment.
28-36: Pin pnpm and stabilize Actions cacheFile: .github/workflows/ci.yml (around lines 28–36) — Pin pnpm to avoid CI/local drift and add cache-dependency-path to stabilize cache keys.
- - name: Setup pnpm - uses: pnpm/action-setup@v4 - with: - run_install: false + - name: Setup pnpm + uses: pnpm/action-setup@v4 + with: + version: 9 + run_install: false @@ - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '20' cache: 'pnpm' + cache-dependency-path: pnpm-lock.yamlVerify the repo actually uses pnpm and that pnpm-lock.yaml exists before merging (example checks: locate package.json/pnpm-lock.yaml and confirm packageManager).
Overview
migrate from tsup to tsdwon.
tsdown provides faster build speeds and powerful bundle size optimizations (~28% reduction).
Summary by CodeRabbit
New Features
Build
Packaging
Chores