node_modules for real?
chenyong opened this issue · 15 comments
I see node_modules/ included in the project while it's considered bad practice to have it in git repo. Is is the only way to make sure Node runs well in actions with correct dependencies? Can I install the packages during(or before) action is really running?
@chenyong I agree with you 100%
However, here is a workaround if node_modules is in your gitignore and you wish to generate node_modules during runtime:
on: [push]
jobs:
hello_world_job:
runs-on: ubuntu-latest
name: A job to say hello
steps:
# To use this repository's private action,
# you must check out the repository
- name: Checkout
uses: actions/checkout@v2
- name: Install Packages
run: npm install
- name: Hello world action step
uses: ./ # Uses an action in the root directory
id: hello
with:
who-to-greet: "Mona the Octocat!!!!!"
# Use the output from the `hello` step
- name: Get the output time
run: echo "The time was ${{ steps.hello.outputs.time }}"
The above mentioned code is a remix of the code given here
bump, any way we can just have the actions runner npm install to save us all from checking in node_modules, and alternatively to avoid an extra manual npm install hack step?
Probably it's a bad practice that the direct content of a repository is the action in such a case. One (not so elegant) solution could be to have one repo for the code that you'll work with and another repo where you deploy a build-result to, that's going to be the action you will use.
@rachmari, @andymckay, @jorgebg, @thboop - do you have any thoughts about this issue?
Hi @adamhenson 👋. This repo is a companion to the documentation in this guide: https://docs.github.com/en/actions/creating-actions/creating-a-javascript-action#commit-tag-and-push-your-action-to-github
While checking in the node_modules directory is counterintuitive, here is a bit of documentation about why we require you to check in the node_modules directory when creating an action (from the guide 👆):
GitHub downloads each action run in a workflow during runtime and executes it as a complete package of code before you can use workflow commands like run to interact with the runner machine. This means you must include any package dependencies required to run the JavaScript code.
I've reached out to see if there are any plans to change that in the future. I'll drop a note here if I hear about any plans to change that going forward.
Thanks @rachmari. If there is a better place to open this issue - please do let me know where. Appreciate the link to the docs but it’s still unclear why @irl-segfault’s suggestion isn’t possible. This issue is impactful in the open source sense in that PRs are quite difficult to manage with the diff from node_modules or even the Vercel option which generates a gigantic diff (and threw errors for me).
If there is a better place to open this issue - please do let me know where.
@adamhenson finding an existing discussion or opening a new one here is the best place: https://github.com/github/feedback/discussions/categories/actions-and-packages-feedback
Appreciate the link to the docs but it’s still unclear why @irl-segfault’s suggestion isn’t possible.
The actions team doesn't currently have any plans to update the runners to be able to perform the npm install for each JavaScript action defined in a workflow. I suspect that could increase workflow time significantly in some cases as well, depending on how many actions you use in a single workflow.
Rather than checking in the entire directory of node_modules, another option that the guide refers to is using https://github.com/vercel/ncc to compile all of the node modules into a single file. I'm not sure if that's what you were referring to when you said: "or even the Vercel option which generates a gigantic diff" or not. GitHub uses ncc in most (if not all) of our first-party actions.
Thanks @rachmari. Yes I tried NCC, but it threw an error in a certain project… so it seems unstable. Anyways, thanks for your responses. It’s not the end of the world… just inconvenient and not ideal especially as an open source project.
Perhaps Github Actions could support downloading a zip archive of node_modules from Github releases for specific actions.
I wish that github native dependabot could update the node_modules folder for us every time it also updates our package.json and package.lock.json.
ncc not work too.
They tell you
use a tool called @vercel/ncc to compile your code and modules into one file used for distribution.
and step 4:
If you already checked in your node_modules directory, remove it.
rm -rf node_modules/*
when I remove node_modules/* I will get
Error: Cannot find module '@actions/core'
One of the more elegant solutions I've come across for node_modules needing to be committed to the repo of JavaScript actions is to only include them in releases. I was initially turned on to this approach by this comment which inspired this release workflow for JavaScript actions that installs packages, commits node_modules, tags the commit, and pushes the tag to the repo.
Interestingly, you can use a Docker action to install packages via the Dockerfile before running the action, as the OP was requesting. What's cooler is that, from my testing, JavaScript run inside of a Docker action container can still use the @actions/core package to read inputs, write outputs, and such for the action which IMO is a neat feature that should be documented in the GitHub Actions docs. The only downside, as others have mentioned, is that installing the packages and building the Docker image each time the action is invoked takes longer to run than including the node_modules in the repo so they can be pulled with the action.
Yeah, doing docker is also not acceptable for me as I need my actions to complete as fast as possible.
Hi All, I submitted a PR to this repo to switch how this is currently handled. Instead of committing node_modules or including a npm install step before the action is run, this approach uses @vercel/ncc to package dependencies into a single JS file. This is the same approach used in the TypeScript and JavaScript action templates.