Description
I just published our first open source action that deploys an application to Docker Swarm. This action relies on some fairly old npm packages, and thus mixes ES modules and CJS dependencies (*shudders*).
Now my initial assumption that actions would somehow surely install the module dependencies before running it was obviously wrong, if unexpected; however I still find it very strange that my options boil down to:
- checking in my 375MB
node_modules/folder that consists of 98% development dependencies, which will be downloaded on every action run, or - use
@vercel/nccand hope it works, because if it doesn't, there's no configuration options and you're SOL
While the second option seemed obvious, it quickly broke down due to some tier-4 dependency using __dirname in a module context, which means either I'll implement a full Docker API client myself, or replace the build tooling. Bummer.
So finally I built this exciting Rube-Goldberg-esque contraption that uses unbuild to create a CJS "bundle" (in quotes, because it won't bundle the CJS dependencies) and chains ncc to actually bundle that into a self-contained package. It's awkward, but it works, and I'm over my time budget for something so trivial already. Not to mention I'd rather cut my arm off than spending any more time in module intestines.
Having recovered from the shell shock of that, I wanted to complain about it here. Creating an action that uses dependencies shouldn't be so awful in 2025. Either provide a runtime that will auto-install prod-dependencies from the package.json, build some cached Docker image for node actions that will install them during the build phase, have a release action that prunes the modules before re-committing them, or offer a first-party GitHub actions bundler that wraps things up properly. The use case of building a self-contained node.js application is fairly obscure and mostly limited to GH Actions, so having at least a bit better tooling here would be nice.