uinaf/vite-plus
Migrate or align frontend repositories to the stock Vite+ workflow. Use when standardizing package or monorepo repos around `vp`, `voidzero-dev/setup-vp`, `vite-plus/test`, and Vite+ native CI, test, and packaging flows, including updating scripts, test config, CI setup, and packaging commands.
97
1.46x
Quality
100%
Does it follow best practices?
Impact
94%
1.46xAverage score across 6 eval scenarios
Securityby
Passed
No known issues
ci-cd.mdreferences/
CI/CD
Use this reference before changing GitHub Actions or release automation.
Prefer the documented Vite+ setup:
- uses: voidzero-dev/setup-vp@<full-sha> # v1.x.y
with:
node-version-file: ".node-version"
cache: true
- run: vp env current
- run: vp check
- run: vp test
- run: vp buildAction Inputs
voidzero-dev/setup-vp exposes:
| Input | Purpose |
|---|---|
version | Pin a specific Vite+ release. Defaults to latest; pin when CI must stay aligned with a chosen release. |
node-version | Node.js version to install via vp env use. |
node-version-file | Read the Node.js version from .node-version. |
working-directory | Project root for path resolution and lockfile detection. |
run-install | Run vp install after setup. Boolean or YAML config; defaults to true. |
cache | Cache project dependencies. Auto-detects pnpm/npm/yarn/bun lockfiles. |
cache-dependency-path | Override the lockfile path used for cache key generation. |
registry-url / scope | Configure scoped npm registry authentication. |
Defaults
- Prefer
voidzero-dev/setup-vpover hand-rolled Node/Corepack bootstrapping unless the repo has a proven exception. In repos that pin Actions, use a full commit SHA with a same-line exact version comment and agithub-actionsDependabot entry so updates stay reviewable. - Prefer
setup-vp's built-in Node and package-manager bootstrap over adding separate CI-timevp envsetup steps unless the repo has a specific environment need the action does not cover. - Prefer
setup-vp's default install step over a separatevp installwhen Vite+ is the tool owner. Setrun-install: falseonly when the workflow needs to pass custom install arguments or control install as a separate step. - Prefer
vp configwhen the repo wants stock hooks or agent integration instead of hand-rolled hook setup. - Prefer one repo-local verify entrypoint if CI needs extra repo-specific commands.
- Keep release orchestration in GitHub Actions when the repo has npm, GitHub Release, binary, or Homebrew automation that goes beyond stock Vite+.
- Vite+ can run repo scripts, but it does not make runtime-installed release plugins reproducible by itself. For semantic-release jobs, keep CI/CD-only plugins in the workflow's
extra_pluginsinput with exact versions instead of adding release-only packages to repodevDependencies. - The
cache: truesetup shown here is for verify jobs. In secret-bearing release, publish, signing, or deploy jobs, disable or omit dependency caches and run a freshvp install. - When CI behavior must stay aligned with a repo's chosen Vite+ release, pin the
setup-vpaction'sversioninput explicitly. Treat the localvite-plusdependency version inpackage.jsonas separate from the action's runtime version. - For private registries, prefer the action's
NODE_AUTH_TOKENhandling with repo.npmrcregistry declarations. Useregistry-url/scopewhen bypassing repo-level registry detection is intentional.
Guardrails
- Prefer
vp run <script>(orvpr <script>) when CI needs a repo-specific script that Vite+ does not replace. - Preserve release-only steps while making the surrounding workflow more stock.
- Keep packaging and publish steps that Vite+ does not own.