Skip to content

The Great PR#486

Open
GrantBirki wants to merge 98 commits into
github:mainfrom
GrantBirki:main
Open

The Great PR#486
GrantBirki wants to merge 98 commits into
github:mainfrom
GrantBirki:main

Conversation

@GrantBirki

@GrantBirki GrantBirki commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Why this PR exists

This is a large PR, but the goal is simple: move branch-deploy onto a safer, smaller, and easier-to-maintain v12 foundation.

I built and reviewed this work as 35 smaller PRs in my fork, then released the same commit as the immutable and attested v12.0.0 release. The current upstream main commit is already in this history, so this PR does not undo any upstream work.

What changed

  • Converted all project-owned runtime code, tests, and tools from JavaScript to strict TypeScript.
  • Reduced the lockfile from 216 package entries to 29 and direct packages from 17 to 8. This removes Vitest, ESLint, Nunjucks, @actions/core, and several smaller packages.
  • Added 819 native tests and a 92-scenario acceptance suite that runs the real dist/index.js main and post lifecycle against a strict mock GitHub API. First-party code keeps 100% line, branch, and function coverage.
  • Simplified the runtime by splitting prechecks, commands, deployments, locks, templates, and post behavior into smaller typed operations.
  • Hardened the supply chain with full-SHA Action pins, exact dependency versions, disabled install scripts, dependency policy tests, and build attestations.
  • Fully automated releases. A version bump on protected main now verifies the bundle, creates the exact version tag and immutable release, and moves the vMAJOR tag after verification.

Bug fixes

  • Correctly handles CI reruns, pagination, duplicate checks, legacy status contexts, and unavailable GitHub data.
  • Loads deployment message templates from the exact trusted workflow commit and replaces Nunjucks with a small safe renderer.
  • Rechecks mutable refs before deployment and stops when a branch moves or GitHub creates a deployment for the wrong SHA.
  • Makes lock creation atomic and idempotent while keeping old lock files compatible.
  • Correctly reads the latest deployment history and enforced deployment order, including malformed or incomplete API responses.
  • Fixes several smaller issues with unlock failures, lock cleanup, labels, reactions, and untrusted log values.

Migration guide

v12 includes some breaking changes. The v11 to v12 upgrade guide explains them and includes a ready-to-use prompt for coding agents.

I know this is a lot to review, and I am happy to walk through any part of it or split review by area.

GrantBirki and others added 30 commits May 21, 2026 21:19
Pin Vite to patched 8.0.x release
Render stored lock reasons as inert Markdown
Bumps the npm_and_yarn group with 1 update in the / directory: [js-yaml](https://github.com/nodeca/js-yaml).


Updates `js-yaml` from 4.1.1 to 4.2.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.2.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
…check-mode-issue

Fix required-check precheck bypass for legacy status contexts
…_yarn-4e38a52fea

chore(deps-dev): bump js-yaml from 4.1.1 to 4.2.0 in the npm_and_yarn group across 1 directory
Migrate branch-deploy to TypeScript
Harden TypeScript-native action contracts
* Add native acceptance suite

* Expand native acceptance precheck coverage

* Harden acceptance harness coverage

* Harden native acceptance lifecycle

* Simplify acceptance progress output

* Simplify acceptance coverage output
…ning

Harden v12 deployment security and correctness
Add agent-assisted v12 migration prompt
Record github/branch-deploy main at de4d10e as merged while preserving the GrantBirki/branch-deploy v12 tree exactly. Upstream changes were reviewed and were already ported, superseded by v12, or intentionally excluded to preserve the fork's dependency and architecture decisions.
Copilot AI review requested due to automatic review settings July 16, 2026 15:19

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review this pull request because it exceeds the maximum number of lines (20,000). Try reducing the number of changed lines and requesting a review from Copilot again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants