Package Exports
- cistack
- cistack/src/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (cistack) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
cistack
Generate GitHub Actions CI/CD pipelines by analyzing the codebase you already have.
cistack scans your project, detects the stack, and writes production-ready GitHub Actions workflows for CI, deployment, Docker, security, and releases. It is designed for real repos, not toy demos: it reads lock files, framework signals, release config, monorepo workspaces, hosting config, and Git branch metadata before generating YAML.
Why cistack
- Detects languages, frameworks, testing tools, hosting providers, and release tooling automatically
- Uses your repository's default Git branch when available instead of assuming
main - Supports monorepos, per-package workflows, and package-manager-aware commands
- Generates ecosystem-aware Dependabot config, including Bun when
bun.lockis present - Smart-merges generated workflows with existing files instead of blindly overwriting them
- Generates deploy pipelines for Vercel, Netlify, Firebase, GitHub Pages, AWS, Azure, Heroku, Render, and Railway
- Ships with built-in workflow audit and upgrade commands
- Includes typed
cistack.config.jssupport throughindex.d.ts - Backed by an automated regression suite covering branch handling, release detection, smart merge behavior, monorepo package scripts, and CLI smoke tests
Installation
# One-off usage
npx cistack
# Global install
npm install -g cistackcistack supports Node.js 16+, and the project itself is continuously verified on Node.js 18, 20, and 22 in GitHub Actions.
CLI Usage
Generate workflows
generate is the default command, so both of these work:
npx cistack
npx cistack generateCommon options:
npx cistack generate --path /path/to/project
npx cistack generate --dry-run
npx cistack generate --explain
npx cistack generate --output .github/workflows
npx cistack generate --no-promptAudit existing workflows
npx cistack auditThis checks .github/workflows for issues like missing concurrency blocks, outdated actions, old Node versions, and missing dependency caching.
Upgrade workflow actions
npx cistack upgrade
npx cistack upgrade --dry-runThis updates known GitHub Actions to their latest supported stable versions.
Create a starter config
npx cistack initThis writes cistack.config.js with the supported override keys.
What gets generated
pipeline.yml
By default, cistack now generates a single GitHub Actions workflow that combines CI, deploy, Docker, security, and release jobs into one place so teams can track the whole pipeline from one file.
- Includes lint, test, build, E2E, deploy, Docker, security, and release jobs when those parts of the stack are detected
- Uses the detected default branch or your configured
branches - Keeps preview deploys, release jobs, and scheduled security scans in the same workflow file
- Documents required secrets in the file header
dependabot.yml
Dependabot remains a separate file in .github/dependabot.yml, because it is not a GitHub Actions workflow.
Split mode
If you prefer the old multi-file layout, set:
module.exports = {
workflowLayout: 'split',
};In split mode, cistack writes separate ci.yml, deploy.yml, docker.yml, security.yml, and release.yml files again.
Supported detection
Hosting
- Firebase
- Vercel
- Netlify
- GitHub Pages
- AWS
- GCP App Engine
- Azure
- Heroku
- Render
- Railway
- Docker
Frameworks
- Next.js
- Nuxt
- SvelteKit
- Remix
- Astro
- Vite
- React
- Vue
- Angular
- Svelte
- Gatsby
- Express
- Fastify
- NestJS
- Hono
- Koa
- Django
- Flask
- FastAPI
- Rails
- Spring Boot
- Laravel
- Go
- Rust
Testing tools
- Jest
- Vitest
- Mocha
- Cypress
- Playwright
- Pytest
- RSpec
- Go test
- Cargo test
- PHPUnit
- Maven / JUnit
- Storybook
Configuration
Create cistack.config.js when you want to override detection:
/** @type {import('cistack').Config} */
module.exports = {
nodeVersion: '20',
packageManager: 'pnpm',
branches: ['main', 'staging'],
workflowLayout: 'single',
hosting: ['Vercel'],
outputDir: '.github/workflows',
cache: {
npm: true,
cargo: true,
pip: true,
},
monorepo: {
perPackage: true,
},
release: {
tool: 'semantic-release',
},
};Supported top-level config keys:
nodeVersionpackageManagerhostingframeworkstestingbranchesworkflowLayoutcachemonoreporeleasesecretsoutputDir
Branch behavior:
- If
branchesis set in config,cistackuses it exactly - Otherwise it reads the repository's default branch from Git metadata when available
- If Git metadata is unavailable, it falls back to safe defaults like
main,master, anddevelopdepending on the workflow type
Secrets
Generated deploy and release workflows document the secrets they need at the top of each file. Add them in:
GitHub -> Settings -> Secrets and variables -> Actions
Development and Quality
The project now includes a regression suite for the areas that were historically the easiest to break:
- config override handling
- default branch detection
- deploy branch selection
- Netlify production branch handling
- smart merge behavior
- monorepo per-package build script lookup
- release config detection
- release workflow generation
- CLI dry-run smoke testing
Run the checks locally:
npm test
npm run test:smoke
node bin/ciflow.js audit --path .
node bin/ciflow.js upgrade --path . --dry-runIf you are using the published package, the executable is cistack. In this repository, the local entrypoint is bin/ciflow.js.
License
MIT