Skip to content

chore(deps): update dependency tailor-platform/actions to v1.4.0#1555

Closed
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/tailor-platform-actions-1.x
Closed

chore(deps): update dependency tailor-platform/actions to v1.4.0#1555
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/tailor-platform-actions-1.x

Conversation

@renovate

@renovate renovate Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
tailor-platform/actions minor v1.3.0v1.4.0

Release Notes

tailor-platform/actions (tailor-platform/actions)

v1.4.0

Compare Source

What's Changed

Full Changelog: tailor-platform/actions@v1...v1.4.0


Configuration

📅 Schedule: (in timezone Asia/Tokyo)

  • Branch creation
    • Between 09:00 AM and 06:59 PM, Monday through Friday (* 9-18 * * 1-5)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
renovate Bot requested a review from a team as a code owner June 25, 2026 05:07
@changeset-bot

changeset-bot Bot commented Jun 25, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: f31835c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@pkg-pr-new

pkg-pr-new Bot commented Jun 25, 2026

Copy link
Copy Markdown

Open in StackBlitz

pnpm add https://pkg.pr.new/@tailor-platform/create-sdk@f31835c
pnpm add https://pkg.pr.new/@tailor-platform/sdk@f31835c

commit: f31835c

@github-actions

Copy link
Copy Markdown

🤖 Claude Dependency Review

📦 Update Summary

📝 Release Notes

https://github.com/tailor-platform/actions/releases/tag/v1.4.0

🔐 Security Assessment

  • Risk: 🟢 Low
  • Known vulnerabilities: None found. No CVEs or GitHub Security Advisories found for tailor-platform/actions in either the old or new version.
  • Supply-chain notes: No concerning changes detected. The release was made by a known maintainer (@​toiroakr) with verified commits. No suspicious lifecycle scripts, unexpected dependencies, or abnormal version behavior observed.

🚨 Breaking Changes

CRITICAL: This update contains an incorrect structural change that will break workflows

The dependency update has changed the action reference format from:

uses: tailor-platform/actions/setup@​7817f37... # v1.3.0
uses: tailor-platform/actions/generate-check@​7817f37... # v1.3.0
uses: tailor-platform/actions/plan@​7817f37... # v1.3.0
uses: tailor-platform/actions/deploy@​7817f37... # v1.3.0
uses: tailor-platform/actions/tag-guard@​7817f37... # v1.3.0

To:

uses: tailor-platform/actions@​92f2995... # v1.4.0

Why this is breaking:

  1. The tailor-platform/actions repository has a directory-based structure with separate action.yaml files in each subdirectory (setup/, generate-check/, plan/, deploy/, tag-guard/)
  2. There is no action.yaml file at the repository root (verified with 404 response)
  3. GitHub Actions requires either:
    • A subpath to reference subdirectory actions: user/repo/path@​ref
    • A root-level action.yaml to use: user/repo@​ref
  4. Removing the subpaths while no root action exists will cause workflows to fail with "action not found" errors

This appears to be an error in Renovate's update logic. The version bump is correct (v1.3.0 → v1.4.0), but the removal of action subpaths is incorrect.

✨ Main Changes

v1.4.0 introduces several valuable features and improvements:

New Composite Actions:

  • drift-check - Detects configuration drift without failing workflows
  • seed-validate - Validates seed data against generated schemas
  • staticwebsite-deploy - Deploys static websites with URL output
  • notify - Sends deployment notifications (Slack support)
  • preview-deploy, preview-comment, preview-cleanup - Preview workspace management for PRs

Improvements to Existing Actions:

  • plan - Fixed duplicate comment issues with label-based grouping
  • generate-check - Improved detection method and added safety guards
  • deploy - Now outputs app-url via tailor-sdk show --json

Internal Refactoring:

  • Extracted common deployment pipeline into _internal/deploy to reduce duplication
  • Added _internal/sticky-comment for reliable PR comment updates

Dependency Updates:

  • pnpm/action-setup → v6.0.9
  • actions/checkout → v7 (from v6.0.3)
  • pnpm → v11.8.0
  • Node.js → v24.18.0
  • zizmor-action → v0.5.7

🔍 Impact Analysis

📁 Usage Locations

tailor-platform/actions is used in the following 2 template files and 1 test file:

  1. packages/sdk/src/cli/commands/setup/branch.workflow.yml

    # Before:
    uses: tailor-platform/actions/setup@​7817f37...
    uses: tailor-platform/actions/generate-check@​7817f37...
    uses: tailor-platform/actions/plan@​7817f37...
    uses: tailor-platform/actions/deploy@​7817f37...
    
    # After (BROKEN):
    uses: tailor-platform/actions@​92f2995...
    • Feature used: GitHub Actions composite actions for Tailor Platform CI/CD workflows (setup, generate-check, plan, deploy)
    • Impact: ❌ BREAKING - Workflows will fail because there is no root action.yaml to handle these calls. The subpath must be retained.
  2. packages/sdk/src/cli/commands/setup/tag.workflow.yml

    # Before:
    uses: tailor-platform/actions/tag-guard@​7817f37...
    uses: tailor-platform/actions/setup@​7817f37...
    uses: tailor-platform/actions/generate-check@​7817f37...
    uses: tailor-platform/actions/plan@​7817f37...
    uses: tailor-platform/actions/deploy@​7817f37...
    
    # After (BROKEN):
    uses: tailor-platform/actions@​92f2995...
    • Feature used: GitHub Actions composite actions for tag-based deployments (tag-guard, setup, generate-check, plan, deploy)
    • Impact: ❌ BREAKING - Workflows will fail for the same reason as above.
  3. packages/sdk/src/cli/commands/setup/generate.test.ts

    // Line 175
    expect(content).toContain("uses: tailor-platform/actions/generate-check@​");
    
    // Line 183  
    expect(content).not.toContain("tailor-platform/actions/plan@​");
    
    // Line 217
    expect(content).toContain("uses: tailor-platform/actions/setup@​");
    
    // Line 254
    expect(content).toContain("uses: tailor-platform/actions/tag-guard@​");
    • Feature used: Test assertions that verify generated workflows reference the correct composite actions
    • Impact: ❌ BREAKING - Tests will fail because the generated content no longer contains the expected subpaths. These test failures indicate the structural problem with the update.

Context about these files:

These workflow template files are bundled with the SDK and used by tailor-sdk setup github to generate GitHub Actions workflows for end users. When users run this command, these templates are rendered and written to their .github/workflows/ directory. The incorrect action references would be propagated to all newly generated user workflows, causing immediate CI/CD failures.

✅ Recommended Actions

  1. DO NOT MERGE this PR as-is - It contains a critical breaking change

  2. Restore the subpath references while keeping the version bump:

    # Correct format for v1.4.0:
    uses: tailor-platform/actions/setup@​92f2995e449838d4930e0a5afc0967764d343a96 # v1.4.0
    uses: tailor-platform/actions/generate-check@​92f2995e449838d4930e0a5afc0967764d343a96 # v1.4.0
    uses: tailor-platform/actions/plan@​92f2995e449838d4930e0a5afc0967764d343a96 # v1.4.0
    uses: tailor-platform/actions/deploy@​92f2995e449838d4930e0a5afc0967764d343a96 # v1.4.0
    uses: tailor-platform/actions/tag-guard@​92f2995e449838d4930e0a5afc0967764d343a96 # v1.4.0
  3. Run tests to verify - The generate.test.ts tests should pass after the fix

  4. Investigate Renovate configuration - This appears to be a Renovate parsing issue. Check if there's a Renovate config that might be causing it to incorrectly strip subpaths from GitHub Actions references.

  5. Consider using tag references - While commit SHAs are more secure, tag references (@​v1.4.0) are easier for Renovate to manage. If this issue persists, consider switching to tag-based references.


@renovate
renovate Bot force-pushed the renovate/tailor-platform-actions-1.x branch from 075616d to f31835c Compare June 29, 2026 02:49
@toiroakr toiroakr closed this Jun 29, 2026
@renovate

renovate Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v1.4.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

@renovate
renovate Bot deleted the renovate/tailor-platform-actions-1.x branch June 29, 2026 02:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant