feat!: modernize tooling - esbuild, npm workspaces, git-cliff, strict TS, node24#86
Merged
bryantbiggs merged 21 commits intomainfrom Mar 6, 2026
Merged
feat!: modernize tooling - esbuild, npm workspaces, git-cliff, strict TS, node24#86bryantbiggs merged 21 commits intomainfrom
bryantbiggs merged 21 commits intomainfrom
Conversation
…issions, concurrency
- Fix ESM compatibility: awscli-core now compiles as ESM (module: nodenext) to work with @actions/* v3 ESM-only packages - Use ncc transpile-only mode (-t) to avoid ts-loader/webpack conflicts - Rebuild all dist bundles
- Update action runtime from node20 to node24 (node22 is not a valid GitHub Actions runtime) - Add --passWithNoTests to vitest so CI doesn't fail when no tests exist
…workflows BREAKING CHANGE: Action runtime updated from node20 to node24 - Replace @vercel/ncc with esbuild for bundling (single file output, 10-100x faster, native ESM support) - Add unit tests for all 4 actions (vitest) - Extract verify-build into shared workflow triggered by all action changes - Modernize iam_access_credentials workflow (rename .yaml→.yml, add PR triggers, pinned actions, permissions, concurrency) - Remove awscli-core ESM workaround (no longer needed with esbuild)
bryantbiggs
changed the title
…remaining gaps - Remove awscli-core lib/ build step — esbuild bundles directly from TypeScript source, eliminating the intermediate tsc compilation - Remove awscli-core tsconfig.json and lib/ output (no longer needed) - Simplify npm scripts: remove build step from all script, remove --passWithNoTests (tests exist now) - Add awscli-core unit tests (3 tests) - Expand awscli and s3_sync tests with happy path coverage (11 total) - Add vitest.config.ts with coverage configuration - Modernize stale-actions workflow: rename .yaml→.yml, pin SHA, add permissions block, remove deprecated repo-token - Update .gitattributes and verify-build to remove lib/ references
…ndling - Add `tsc --noEmit` typecheck step to `npm run all` pipeline - Fix README workflow badge URLs to match renamed workflows - Replace non-null assertions with proper guards in iam_access_credentials - Replace fragile `setTimeout` test pattern with direct `run()` calls - Remove dead `test` scripts from workspace package.json files - Add empty changelog guard to release workflow
…le bugs - Fix awscli-core install to run ./aws/install on Linux and use .pkg on macOS - Add arm64 support for Linux AWS CLI downloads - Remove destructive rmdir of C:/Program Files/Amazon on Windows - Fix version() parsing to return actual CLI version - Mask AWS credentials as secrets to prevent log leaks - Fix DurationSeconds typo in STS AssumeRoleCommand params - Fix NaN duration when input is empty - Fix maskAccountId logic to respect explicit false - Move assume-role params into conditional block, omit empty ExternalId - Fix s3_sync to throw on non-directory instead of logging and continuing - Default callerReference to ISO timestamp when not provided - Fix callStdout to preserve caller's listeners - Use token input for action-gh-release with persist-credentials: false - Add packages/*/dist/ to verify-build check - Expand test coverage for assume-role, credential masking, and edge cases
exec.exec() splits the command string on spaces via argStringToArray, so paths like C:\Program Files\Amazon\AWSCLIV2\aws.exe get split into ['C:\Program', 'Files\...']. Quote the path when it contains spaces to prevent this.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
BREAKING CHANGE: Action runtime updated from
node20tonode24. Users on older GitHub Actions runner versions may need to update.Tooling Migration
@vercel/nccwith esbuild for bundling (single file output, 10-100x faster, native ESM support)TypeScript & Config
tsc --noEmittype checking to the build pipelinenode20tonode24Bug Fixes
./aws/installon Linux and use.pkginstaller on macOS instead of just extracting the ziprmdirofC:/Program Files/Amazonon Windows inget()version()parsing to return actual CLI version (2.15.0) instead ofPython/3.11.6DurationSecondstypo in STSAssumeRoleCommandparams (wasDurationSecond)NaNduration whenduration-secondsinput is emptymaskAccountIdlogic to respect explicitfalsevalueExternalIds3_syncto throw on non-directory path instead of logging and continuingcallerReferenceto ISO timestamp when not providedcallStdoutto preserve caller's listeners instead of silently dropping themtokeninput foraction-gh-release(compatible withpersist-credentials: false)CI/CD
.yaml→.yml, add PR triggers, pinned actions)packages/*/dist/in verify-build dist checkCleanup
Test plan
npx tsc --noEmitpasses (strict mode)npm run lintpassesnpm run testpasses (17 tests across 5 test files)npm run allsucceeds (lint → typecheck → test → compile)Closes #7