Add CI for submitting plugins to Marketplace on merge#548
Add CI for submitting plugins to Marketplace on merge#548niekert wants to merge 36 commits intoframer:mainfrom
Conversation
| github.event.pull_request.merged == true && | ||
| contains(github.event.pull_request.labels.*.name, 'Submit on merge') | ||
| # FIXME: Should be production | ||
| environment: development |
There was a problem hiding this comment.
note to self to fix before merging.
| ERROR_WEBHOOK_URL: ${{ secrets.ERROR_WEBHOOK_URL }} | ||
| RETOOL_URL: ${{ secrets.RETOOL_URL }} | ||
| # FIXME: Should be production | ||
| FRAMER_ENV: development |
| const SubmissionResponseSchema = v.object({ | ||
| version: v.number(), | ||
| // FIXME: THIS SHOULD BE DEPLOYED: | ||
| // SEE: https://github.com/framer/creators/pull/2487/files |
There was a problem hiding this comment.
note to self: remove the fallback
niekert
force-pushed
the
main
branch
2 times, most recently
from
2975293 to
cfb070c
Compare
|
@cursor review |
|
/gemini review |
|
@codex review |
|
To use Codex here, create a Codex account and connect to github. |
|
@codex review |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
Comment @cursor review or bugbot run to trigger another review on this PR
| github.event.pull_request.merged == true && | ||
| contains(github.event.pull_request.labels.*.name, 'Submit on merge') | ||
| # FIXME: Should be production | ||
| environment: development |
There was a problem hiding this comment.
Development environment hardcoded instead of production
High Severity
The workflow has environment: development and FRAMER_ENV: development hardcoded with FIXME comments. The PR notes explicitly state "note to self to fix before merging." If merged as-is, all plugins submitted via the "Submit on merge" flow would go to the development environment instead of production.
Additional Locations (1)
|
|
||
| export function runBuildScript(cwd: string): Promise<void> { | ||
| return new Promise((resolve, reject) => { | ||
| const buildProcess = exec("npm run build", { cwd }) |
There was a problem hiding this comment.
Build script uses npm but plugins require yarn
High Severity
The runBuildScript function executes npm run build, but the plugins in this monorepo have build scripts like "build": "run g:build" where run is yarn's workspace command. When npm executes this script in a shell, it will fail because run is not a recognized command outside of yarn's context.
There was a problem hiding this comment.
Good one. This is what framer-plugin-tools does currently but we can detect the package manager from the lock file.
I will do this in a follow up to not extend the scope of this PR further.
| package.json | ||
| yarn.lock | ||
| .yarnrc.yml | ||
| .yarn |
There was a problem hiding this comment.
Sparse checkout missing required .tool-versions file
High Severity
The sparse checkout configuration does not include .tool-versions, but the Setup Node.js step on line 51 requires this file via node-version-file: .tool-versions. The workflow will fail because the file won't exist after the sparse checkout completes.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cfb070c03c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
scripts/submit-plugin.ts
Outdated
|
|
||
| // 4. Fetch user's plugins to find the database plugin ID | ||
| log.step("Fetching Plugin from Framer") | ||
| const plugins = await fetchMyPlugins(config) |
There was a problem hiding this comment.
Guard the Framer plugin lookup behind !config.dryRun, because the current flow always calls fetchMyPlugins before the dry-run branch and therefore still requires a valid SESSION_TOKEN and network access. In practice, a dry run configured as documented (without submission secrets) exits early with "Session token is required," so the dry_run workflow input cannot be used for safe validation runs.
Useful? React with 👍 / 👎.
| run: yarn turbo run build --filter=framer-plugin-tools | ||
|
|
||
| - name: Submit plugin | ||
| run: yarn tsx scripts/submit-plugin.ts |
There was a problem hiding this comment.
For workflow_call, this job currently checks out the caller repository by default, but then executes scripts/submit-plugin.ts from the workspace. That means cross-repo callers (the stated use case) fail unless they coincidentally contain this repo’s scripts/ layout and framer-plugin-tools workspace package. Add an explicit checkout of this repository (or otherwise source the script/tooling) before invoking these commands.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Will focus on cross repo invoking in follow up but good call
niekert
force-pushed
the
main
branch
3 times, most recently
from
de2c668 to
865b14a
Compare
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Also removing ref type overwrites
- Improve clarity of effect names - Better support deletion of multiple files - Ensure local deletions always require confirmation on resync
- Add packages/plugin-tools with build and pack functionality - Add g:pack script to root package.json - Update all plugin package.json files to use workspace dependency - Keep backwords compatibility but allow specifying additional options
- Add GitHub Actions workflows for plugin submission - Add scripts for validating PR body and submitting plugins - Add test:scripts command and related dev dependencies - Update PR template
3 participants
Description
This PR changes github action workflows
Submit on Merge
Submit on mergelabel is active on PRSubmit Plugin
pluginPathandchangeloginputCheck PR body
framer-plugin-tools
This moves https://github.com/framer/framer-plugin-tools into
packages/plugin-tools. It rewrites the script in TS and adds some exports that can be used as well.Existing plugins now reference the workspace version of
plugin-toolstooChecklist
developmentandproductionenvironments in CI and configure secrets and env variablesdevelopmenttoproductionin CI jobs after QAframer-plugin-tools#team-pluginsinstead of#testTesting
Please test in the niekert/plugins fork. LMK so I can give you QA permissions.
plugins/csv-importfor the plugin path#testslack channel when completed.niekert/pluginsfork locally and create a new branchcsv-importplugin succesfullyyarn buildin the root of the repo