[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81489":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":13,"openIssues":13,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":14,"stars7d":14,"stars30d":13,"stars90d":14,"forks30d":14,"starsTrendScore":14,"compositeScore":15,"rankGlobal":10,"rankLanguage":10,"license":16,"archived":17,"fork":17,"defaultBranch":18,"hasWiki":19,"hasPages":17,"topics":20,"createdAt":10,"pushedAt":10,"updatedAt":24,"readmeContent":25,"aiSummary":26,"trendingCount":14,"starSnapshotCount":14,"syncStatus":27,"lastSyncTime":28,"discoverSource":29},81489,"actionspack","sxzz\u002Factionspack","sxzz","Lockfile-first GitHub Actions workflow packer","",null,"TypeScript",30,1,0,41,"MIT License",false,"main",true,[21,22,23],"actions","github","workflow","2026-06-12 04:01:34","# actionspack\n\n[![Open on npmx][npmx-version-src]][npmx-href]\n[![npm downloads][npmx-downloads-src]][npmx-href]\n[![Unit Test][unit-test-src]][unit-test-href]\n\n`actionspack` is a lockfile-first GitHub Actions workflow packer. It lets you\nauthor workflows in `.github\u002Fworkflows\u002Fsrc\u002F`, lock every remote workflow\u002Faction\ndependency in `.github\u002Fworkflow.lock.yml`, and generate pinned workflows in\n`.github\u002Fworkflows\u002F`.\n\nIt currently supports inlining composite actions and safely transformable\nreusable workflows. JavaScript and Docker actions are pinned as external\ndependencies instead of being bundled.\n\n## Why actionspack?\n\nGitHub Actions workflows often depend on reusable workflows and actions from\nother repositories. You may want to author those dependencies with convenient\nfloating refs like `@main` in `.github\u002Fworkflows\u002Fsrc\u002F`, but generated workflows\nshould be reproducible and reviewable.\n\n`actionspack` gives workflows a lockfile mechanism similar to `pnpm`. It locks\nremote workflows and actions in `.github\u002Fworkflow.lock.yml`, inlines everything\nthat can be transformed safely into the local repository, and pins anything that\ncannot be inlined to a fixed SHA.\n\nTo update workflow and action dependencies, run `actionspack update`\nperiodically. The updated lockfile and generated workflows are normal repository\nfiles, so `git diff` shows exactly which dependencies changed and what generated\nworkflow output changed.\n\n## Install\n\n```bash\nnpm i actionspack\n```\n\n## Usage\n\nPut authored workflows under `.github\u002Fworkflows\u002Fsrc\u002F`:\n\n```yaml\n# .github\u002Fworkflows\u002Fsrc\u002Fci.yml\nname: CI\n\non:\n  push:\n\njobs:\n  test:\n    uses: owner\u002Frepo\u002F.github\u002Fworkflows\u002Ftest.yml@main\n```\n\nThen run:\n\n```bash\nnpx actionspack\n```\n\n`actionspack` defaults to `actionspack pack`. It writes:\n\n- `.github\u002Fworkflow.lock.yml`\n- `.github\u002Fworkflows\u002Fci.yml`\n\nGenerated workflows are safe to commit. Existing lockfile SHAs are reused until\nyou explicitly run `actionspack update`.\n\nWhen you want to refresh workflow\u002Faction dependencies:\n\n```bash\nnpx actionspack update\ngit diff\n```\n\nReview the dependency SHA changes in `.github\u002Fworkflow.lock.yml` and the\nresulting generated workflow changes before committing.\n\n### VS Code\n\nGenerated workflows should not be edited by hand. Consider marking them as\nread-only in your workspace settings:\n\n```json\n{\n  \"files.readonlyInclude\": {\n    \".github\u002Fworkflows\u002F*.yml\": true\n  }\n}\n```\n\n## Commands\n\n```bash\nactionspack pack\n```\n\nScan source workflows, resolve missing dependencies, update the lockfile, and\nwrite generated workflows.\n\n```bash\nactionspack scan\n```\n\nUpdate the lockfile graph shape only. This adds newly discovered dependencies\nand removes unreachable ones without refreshing existing SHAs.\n\n```bash\nactionspack update [package]\n```\n\nRefresh all locked dependencies, or only the selected package. By default this\nalso packs workflows. Use `--lockfile-only` to update only\n`.github\u002Fworkflow.lock.yml`.\n\n```bash\nactionspack verify\n```\n\nCheck that generated workflows are current and contain no unsupported unpinned\nremote references.\n\n```bash\nactionspack tree\nactionspack why \u003Cpackage>\nactionspack diff\nactionspack diff --json\n```\n\nInspect the lockfile dependency tree, explain why a package is present, or\ncompare the current lockfile with `HEAD`.\n\n## Configuration\n\n`actionspack.yml` is optional. Without it, `actionspack` discovers\n`.github\u002Fworkflows\u002Fsrc\u002F*.yml` and `.github\u002Fworkflows\u002Fsrc\u002F*.yaml`, then writes\nmatching generated workflows to `.github\u002Fworkflows\u002F*.yml`.\n\nUse explicit entries when you need custom paths:\n\n```yaml\n$schema: .\u002Factionspack.schema.json\n\nentries:\n  - source: .github\u002Fworkflows\u002Fsrc\u002Fci.yml\n    output: .github\u002Fworkflows\u002Fci.yml\n```\n\nUse `external` to pin a workflow or action without bundling it:\n\n```yaml\nexternal:\n  - actions\u002Fcheckout\n  - owner\u002Frepo\u002Fpath\n```\n\nThe same configuration can be supplied through CLI flags:\n\n```bash\nactionspack pack \\\n  --entry .github\u002Fworkflows\u002Fsrc\u002Fci.yml:.github\u002Fworkflows\u002Fci.yml \\\n  --external actions\u002Fcheckout\n```\n\n## Packing Rules\n\nComposite actions are recursively inlined when `runs.using` is `composite`.\nInputs are substituted from caller `with` values or action defaults. Missing\nrequired inputs fail closed.\n\nReusable workflows are inlined only when they use `workflow_call` and can be\ntransformed into local jobs deterministically. Unsupported cases, unresolved\nrefs, unsafe reusable workflows, and leftover remote `uses` fail closed.\n\nJavaScript actions, Docker actions, and `docker:\u002F\u002F` references are not bundled\nyet. They are pinned to locked SHAs as external dependencies.\n\n## API\n\n```ts\nimport { diff, pack, scan, tree, update, verify, why } from 'actionspack'\n\nawait pack()\nawait update({ packageName: 'owner\u002Frepo', lockfileOnly: true })\nawait verify()\n```\n\n## Sponsors\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fcdn.jsdelivr.net\u002Fgh\u002Fsxzz\u002Fsponsors\u002Fsponsors.svg\">\n    \u003Cimg src='https:\u002F\u002Fcdn.jsdelivr.net\u002Fgh\u002Fsxzz\u002Fsponsors\u002Fsponsors.svg'\u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n## License\n\n[MIT](.\u002FLICENSE) License © 2026-PRESENT [Kevin Deng](https:\u002F\u002Fgithub.com\u002Fsxzz)\n\n\u003C!-- Badges -->\n\n[npmx-version-src]: https:\u002F\u002Fnpmx.dev\u002Fapi\u002Fregistry\u002Fbadge\u002Fversion\u002Factionspack\n[npmx-downloads-src]: https:\u002F\u002Fnpmx.dev\u002Fapi\u002Fregistry\u002Fbadge\u002Fdownloads-month\u002Factionspack\n[npmx-href]: https:\u002F\u002Fnpmx.dev\u002Factionspack\n[unit-test-src]: https:\u002F\u002Fgithub.com\u002Fsxzz\u002Factionspack\u002Factions\u002Fworkflows\u002Funit-test.yml\u002Fbadge.svg\n[unit-test-href]: https:\u002F\u002Fgithub.com\u002Fsxzz\u002Factionspack\u002Factions\u002Fworkflows\u002Funit-test.yml\n","actionspack 是一个以 lockfile 优先的 GitHub Actions 工作流打包工具。它允许用户在 `.github\u002Fworkflows\u002Fsrc\u002F` 目录下编写工作流，并通过 `.github\u002Fworkflow.lock.yml` 文件锁定所有远程工作流和动作依赖，最终生成固定版本的工作流文件于 `.github\u002Fworkflows\u002F` 目录中。该项目支持内联复合动作及可安全转换的复用工作流，而 JavaScript 和 Docker 动作则作为外部依赖进行引用。actionspack 采用类似于 pnpm 的锁定机制，确保了工作流的可复现性和可审查性。适用于需要管理复杂 GitHub Actions 依赖关系并希望保持这些依赖明确且易于更新的项目场景。使用 TypeScript 编写，遵循 MIT 许可协议。",2,"2026-06-11 04:05:15","CREATED_QUERY"]