What
build.yml and build-release.yml share a good chunk of setup steps that could be pulled into a single reusable (composite) action:
- Generate token for private dependencies (
create-github-app-token, scoped to the warlock repo)
- Configure git auth for private deps (the
git config --global url...insteadOf step)
- Install dependencies (
pnpm install)
- Scan skills with the warlock
Right now both workflows hand-roll these, so any change has to happen in two places.
Why
It's not a lot of duplication and nothing's broken, so this is a nice-to-have, not urgent. But pulling it into one action means there's a single source of truth, and we stop the two workflows from drifting apart over time.
Heads up on timing
This pairs with the existing follow-up to swap the warlock git dependency for the published npm package. Once warlock is on npm, the private-dep token and git-auth steps go away entirely, which shrinks what's actually worth extracting. So it might be worth doing that swap first, then deciding what the reusable action should cover.
Context
Came up in review on #124 (thanks Vincent!). Original comment: #124
What
build.ymlandbuild-release.ymlshare a good chunk of setup steps that could be pulled into a single reusable (composite) action:create-github-app-token, scoped to the warlock repo)git config --global url...insteadOfstep)pnpm install)Right now both workflows hand-roll these, so any change has to happen in two places.
Why
It's not a lot of duplication and nothing's broken, so this is a nice-to-have, not urgent. But pulling it into one action means there's a single source of truth, and we stop the two workflows from drifting apart over time.
Heads up on timing
This pairs with the existing follow-up to swap the warlock git dependency for the published npm package. Once warlock is on npm, the private-dep token and git-auth steps go away entirely, which shrinks what's actually worth extracting. So it might be worth doing that swap first, then deciding what the reusable action should cover.
Context
Came up in review on #124 (thanks Vincent!). Original comment: #124