#lets make a thread

its not a help forum thing so this is probably best

aight

so first off… you are comfortable with github workflows yeah?

i would not say comfortable per-say. I have used them in the past for CI but i usually copy and pasted. never looked too deep into them but im sure i could figure it out

make an example org so you can wrap your head around it first

make 3 repos

ui, db, and core

wait what is core?

the “shared code”

my use case is i have

backend
nextjs

ui/database stuff

name em whatever you want. backend = db, nextjs = ui, and ui/database = core in my example

right alright

give me a minute

can i rename a org later

lmao

yes haha

just dont name it fiddledicks or something you will regret haha

you only need a github workflow initially in the shared code repo

because the ui is being built by vercel, and db i assume is being ran directly

I named them

frontend - nextjs app
backend - my custom backend

core - the shared code

will rename later on but

will do for now

in the core repo make a .github/workflows/build.yml

alright let me download the repo

btw

all of these repos

should all be under a single folder right

to make things easy

basically monorepo without the mono

nono

what ide do you use

vs code

if vscode then maybe

in jb webstorm you can “attach” separate folders

i personally keep repos organized by org in my drive anyway tho

so it would work out the same way i guess

alright

name: Core CI
on:
  workflow_dispatch:
  push:
    paths:
      - "src/**"
      - "package*.json"
      - "tsconfig.json"
      - ".github/workflows/build.yml"
  pull_request:
jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [18.x, 20.x]
    steps:
      - uses: actions/checkout@v3

      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
          registry-url: https://npm.pkg.github.com
          scope: '@yourorgname'

      - name: Install dependencies
        run: npm ci
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Build package
        run: npm run build --if-present

      - name: Publish package
        run: npm publish
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

something like that

may need a tweak or 2 thats from one of my repos

change scope to your org name obviously

and you can remove matrix if you are just building for node 20

i was just being boujie

well

this is for core right?

if thats the case there is no building involved

correct

you arent compiling to esm…?

you should…

erm

it reduces package size

minifies etc

i mean i can always do that later right?

yes

feel like i should get this flow down first

sure then remove the build step

in github settings, go into the core repo and enable access to actions

should already be enabled

and this package name will be the name in package.json?

yes. but the package name NEEDS to be prefixed with the @org

so @orgname/packagename

thats the scope you have access to

good practice anyway… but yeah

aight

then… just… push

the workflow should trigger

should build it

should be available

you do need to npm login 1 time on your pc if the packages are private

its missing an env:

(im on my phone so copy paste hard)

figured

you can technically set that env on all steps and not have to set it per step but if you are building you dont want it to pollute things like .env for nextjs etc

oh i dont have a package .lock

lmao

do i have to use npm or can i use pnpm

i dont use pnpm but i assume theres a ci type command for pnpm

ci just means clean install

like dont keep rogue bullshit

uh

pnpm not found

oh yeah i bet its a different setup

lemme check for an action

i think i found one

https://github.com/pnpm/action-setup

i have no idea what those args are as i dont use pnpm

so thats a you thing

right so yeah

im getting the npm auth error

on github

where

on the github action

is the repo private?

yep

like can you invite me?

so i can visualize

i mean obviously github

does not know anything about npm

i never connected it

you shouldnt

how would github know then

        with:
          node-version: ${{ matrix.node-version }}
          registry-url: https://npm.pkg.github.com
          scope: '@yourorgname'

hm

ohhhhhhh show me your package.json

{
"name": "@rblx-internal/core",
"version": "0.0.0",
"main": "src/index.ts",
"types": "src/index.ts",
"license": "MIT",
"scripts": {
"generate": "drizzle-kit generate:mysql --config=configs/drizzle.config.ts",
"introspect": "drizzle-kit introspect:mysql --config=configs/drizzle.config.ts",
"push": "drizzle-kit push:mysql --config=configs/drizzle.config.ts",
"drop": "drizzle-kit drop --config=configs/drizzle.config.ts"
},
"dependencies": {
"@lucia-auth/adapter-mysql": "^2.1.0",
"@lucia-auth/oauth": "^3.3.1",
"@planetscale/database": "^1.11.0",
"@sinclair/typebox": "^0.31.20",
"drizzle-orm": "^0.28.6",
"lucia": "^2.7.1",
"typescript": "latest"
}
}

yeah thats whats missing. sec

also should scope be the name of the package or just the org name

  "publishConfig": {
    "registry": "https://npm.pkg.github.com/"
  },

add that

just the org.

and good god man use codeblocks haha

haha

i was lazy ;p

figured did not need it for that package

seems like it does not exist

i do not recall if you need to push it once on your own. i thought you didnt.

do you have a github PAT

if not, generate one

you need one for local

PAT?

personal access token

i mean i use a token in my .ssh

if thats what your refering to

generate a "classic" token.

nono

https://github.com/settings/tokens

generate new tokoen -> generate new token (classic)

what is this for

to log into github npm

from your machine

question

all the stuff we are doing rn

daily double

does this make it insanely difficult to bring someone else onto the project

nope. The workflow is a copy paste for a new repo... then never touched again generally. The package.json is set when you make the initial push... the only thing they need is a PAT

and most users ive ever worked with already have a pat

npm login remembers your creds on your pc

so you only have to do it once

what scopes should i give it

just write packages?

i have 2

1 "master" pat with all scopes

and 1 with restricted scopes

until you learn the scope system, just make your master pat

but isnt this pat just for the first push

no

what if you dont need to work on both simultaniously

you can just npm i

and install from remote

it will use that pat

so any user who wants to work on my codebase needs to have a PAT

any user who wants to work on just db or ui

these are standard flows. npm authentication is not a new concept.

authentication in general is not a new concept hah

i know but

i never used PAT before

we usually just use .ssh tokens

ssh === git clone

so should i just give all perms for this

yeah for the sake of the example

lilke with your naming haha

okay i have my pat

you going to pat me

in your readme you can have a bulletpoint under "local dev" with

• Authenticate with the myorgname package registry
  --- 2 steps here

where do i provide this pat

open up terminal powershell or whatever vs-code terminal is using

npm login --scope=@yourorghere --auth-type=legacy --registry=https://npm.pkg.github.com

you will get a username and password prompt

username is github username not email

password is the pat

when it says the email IS public

does that mean everyone can see it

lol

nono

thats default npmjs text

isnt relevant for github

so i dont need to provide anything?

i mean....

give it your github email

k well im logged in

so it associeates your username in the little info boxes

ok now npm publish

owner not found

ive literally never seen that before

oh

im stupid

?

your org name isnt rblx-internal is it

XD

it is not

hahahah

hence ^

okay published

i bet you didnt even need to do that

i bet if you fixed and pushed it would have worked

well i tried publishing

thats what the workflow was crying about

and it still did the same error on the github workflow

but it did work via npm publish

oh

ok good

should i test just to see if it publishes now via the workflow

yes. remember to increment your version

alright

i still get the error

in the github workflow

oh you need to enable in the package

go to your org

click packages

click the package you pushed

there is a "manage actions access"

add the repo and give it role write

github is srs about security

as they should

huh

dunno thats a pnpm thing

still did not work

i think it canceled

that errored before publish

in the .18 node

but in the .20

it got the same perm error

ohhhh thats because actions are "fail fast"

if 1 in the matrix fails, the rest are inturrupted

yeah

so its still the same perm error

ima actually stop bulding on both

and just on .20

remove the 18.x

from matrix strategy

https://github.com/pnpm/pnpm/issues/2933

ah easy fix

associate the package with your repo

i thought we did that

OR change perms to "Admin" for the action

nono

https://i.imgur.com/5QgnVzs.png

you see this in your package?

but i did that?

can you screenshot your whole package settings

you said to here

no i said to give the perms in settings

???

is that not what this is?

that is what i said for the first thing

go out of settings

i dont understand why i need to link twice lmao

one is permissions

one is scope

i still dont understand lmao

you can give the role Admin

and not do the second part

but its best practice to link

just go to the main page of the package

at the bottom there is https://i.imgur.com/5QgnVzs.png

with connecting it

it still did not work

same error?!?

https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-select-actions-and-reusable-workflows-to-run

show me your actions settings

the first thing you said should be default

whats your inherited access settings in your package

where do i see that

right under this pic

the next section

there it is

check that

man this is giving me a doozie

ngl this is so much more complicated than a turborepo 💀

this is devops

this is removing bullshit from your codebase so your codebase is just your codebase

its not "hard" or "complicated' its just security settings you arent used to

🙃

for the sake

change perms from write to admin

and push another change

same error

https://github.com/orgs/community/discussions/57724

before runs-on: ubuntu

add permissions: write-all

ive literally neer seen that before, but without visibility into your org its not worth tracing

ill try it

and it finally worked

so its possible all the shit we just did

was pointless

and just needed that

1000%

on-the-fly troubleshooting "be like dat bruv"

XD

yeah but because we did like

100 things

i dont even remember

what i would have to do if i ever wanted to do this again

lmao

so test it again

core 2

core 2?

push it as is

like another repo

and change packagename to core2

and make no changes

and see if it works

if it doesnt, tweak one thing

whats this testing for?

^

to see the "minimum steps required"

oh

well i would have to create a new repo

and set up all the settings again

dont gotta make an extra pat

i know

but this hassle was mostly the security settings

i would have to do the package settings + the repo settings

You are making me want to write a readme

lmao

anyways lets move onto the other step lmao

because this is so native to me XD

ok. so next:

locally, cd into the root directory of your core folder

wym i already have been

oh. welp

then type pnpm link

fuckin pnpm

lmao

pnpm link --global

wait

pnpm link --global <pkg>

do this

pnpm link --global @rblx-headless/core

you want <pkg> to be @rblx-headless/core ?

thats some pnpm shit man

lmao

i dont know why people like that thing

https://pnpm.io/cli/link#replace-an-installed-package-with-a-local-version-of-it

oh

maybe this is because

i dont have it 'installed'

im trying to replace something that has not even been installed yet?

idk

maybe. do what the example above says to do

pnpm install THEN pnpm link --blobal

i tried

lmao

same error

nono

you need to CHANGE DIRECTORY

to the db folder

or the ui folder

before you do the --global <pkg>

the second command is saying "use this previously linked pkg"

i thought i need to A.

Create the global link for the core package,

THEN go to the backend package and link it

right

but im just getting errors at the first step

global link is just
pnpm link --global

you did that

oh pnpm registries error

no ive been getting errors

ive been posting them

again. that is literally not a thing with npm

you know what

guess ill google

ima try the non global one

ima try this

i see you

i see you

XD

🙂

stupid. fuckin. pnpm.

anyways

ok. so all changes should be live now

any changes instantly propogate in local dev

so wait

dont i need to add this to my backend package.json though

its linked but its not in the package.json

yeah it should be in package.json for prod builds

and you need to remember to authenticate in prod builds

by passing the "scoped" pat as an env var to vercel

on db side you can save an env var in .bashrc or whatever

export NPM_TOKEN=myscopedreadonlypat

adding this in your db / ui repos makes it automatic:

so

@rblx-headless:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=${NPM_TOKEN}

when i run pnpm i

as .npmrc

in the backend directory

and its pulling the content from npm thingy

is that because its using the PAT

it has access to read it

with pnpm i dont know. with npm it doesnt try to update that 1 line because its linked

right but when i did pnpm install it will still install it

https://github.com/pnpm/pnpm/issues/3584

just pnpm things

its literally an open issue

but noooo yall loooooove pnpm

-,-

?

whats is

when calling pnpm install it ignores linked

and overrides install

oh

so its not using my local package?

according to the output you should know apparently

if it has a <-- for that file its linked

but thats using a global link

not a dir link

ugh

im getting stupid errors

in my code now

oh

i wonder if this is because

hold on

so i can confirm

i ran the local backend server

when i made a change to the local core

and it outputted the change

😉

is this a special env variable npm uses

i also love

there is no command

to see the links currently in use

nono

^

you add a .npmrc file

or if pnpm has some stupid renamed one

this should go in the backend repo right

backend and ui

the ones that need to ingest the core package

and the // is suppose to be there right

thats not a comment

correct thats supposed to be there

can i change version back to 0

or does it always need to be greater than the previous

what actually happens if I push the same version package?

nothing?

in npmjs it errors

i dont know if it errors in github

but...

you should always be incrementing

you can increment in PRERELEASE

e.g. 0.0.1-RC13234234234

alright

im going to attempt to get the backend repo

working on hop.io

want me to make a scotch.io

scotch?

then we can click a link and have it jump between squares going back and forth

im more of a wine type of guy

https://tenor.com/view/hopscotch-just-friends-basic-song-skipping-hopping-gif-24768086

so

i assume best practice

would be to create a PAT specfically for reading only

for production

yes 100%

i lowkey feel like

there must be a better way than doing PATs

because PATs is basically my personal account giving permission

oh there is

which realistically this should not be an account token

this should only be specific to the org

the right way is to create a deploy key

yeah thats what i remembered

and have github workflow push the built code to the prod server

wait

fuck

i dont think i could even use a deploy key

arent deploy keys used in dedicated servers

you mean a runner?

it wont work for vercel

if thats what you are asking.

https://i.imgur.com/8lHHVFt.png

bruh

i dont understand that though

why do i have to create a PAT for my own personal acount

when in reality this is not a thing for my account its a thing for my org

thats the point of the new access tokens

fine grained access tokens

which are repositry scoped and action scoped

but because they are still beta they dont work on github packages yet

bruh

bruh

idk what to even give this PAT

i assume read packages and uh

ur telling me

i cant create a PAT for a private repo

that only has read access

lemme see mine

im looking into bun

for proper workspaces

sorry registry setup

jesus not that too

pnpm

bun

LMAO

damn hipsters

im forced to use both

well

not anymore since this is not a monorepo

the backend only uses bun

https://i.imgur.com/pj22Wjo.png

there is registry with token

that should literally be the only scope you need

is the PAT considered a token or a password for username one

PAT is considered a password

but it needs to read the private repo too

... but you have the ssh key for that for db and you have vercel auth for ui

why does it need repo for the npm package

it only needs repo for its own package

which is ssh key

oh yeah

im retarded

we all are at some point in the day

trying to deploy this

lets see

things never work first try

ah yes

we love to see it

where is that. vercel?

nah hop.io

https://github.com/oven-sh/bun/issues/643

you need bunfig.toml apparently

yeah they dont support it they have their own

file

yeah i have it

i used both of these

and got unauthorized on both

unless im supposed to add the package too the name

actually

i can just test locally

first

yeah hmm

do you have your env var set up?

or are you trying to log in via no password haha

also i would remove line 2

those are conflicting

even if i put the PAT

in the file itself

for password

i still get the same thing

im not using both

tried it both ways?

im just showing you i tried both of those lines

oh

wait

the token way worked

there ya go

however

i dont think it will work

on hop.io

no build env vars...?

i do add it in the env variables

https://i.imgur.com/RVMtvIM.png

jesus christ

5 seconds to load docs

wtf is going on

lmao

bun is fairly new

https://docs.hop.io/ignite/deploying#environment-variables

looks like it needs to be ${SECRETS.NPM_TOKEN} ?

idk

if thats the case

this is a toml file afterall

thats just what their docs say

i dunno

figures its also just getting stuck at the install

not moving past it now

ugh

i wish there was a way to log out what the env is in that toml

finally got it working on hop lmao

@summer osprey so what do u use to compile to esm

im assuming now

that i compile the code in a /dist folder

that after i build the package i need to like

only publish the /dist folder and package.json?

rollup