Skip to content

Shopify - update event topics for new-event-emitted trigger #15725

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 25, 2025
Merged

Shopify - update event topics for new-event-emitted trigger #15725

merged 3 commits into from
Feb 25, 2025

Conversation

@michelle0927
Copy link
Collaborator

@michelle0927 michelle0927 commented Feb 24, 2025
edited by coderabbitai bot
Loading

  • Event topics variants/in_stock and variants/out_of_stock already exist for new-event-emitted
  • Added event topics not already listed that do not access "protected customer data".
  • Will create followup PR to update dependent shopify_developer_app after shopify updates are published

Resolves #15691

Summary by CodeRabbit

  • New Features

    • Expanded event notifications now include a broader range of topics, enhancing how the integration handles various operational events.

  • Chores

    • Updated the integration's version and dependencies across components, ensuring improved compatibility and overall performance.
    • Updated version numbers for specific modules to reflect recent changes.

@vercel
Copy link

vercel bot commented Feb 24, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

3 Skipped Deployments
Name Status Preview Comments Updated (UTC)
docs-v2 ⬜️ Ignored (Inspect) Visit Preview Feb 24, 2025 6:51pm
pipedream-docs ⬜️ Ignored (Inspect) Feb 24, 2025 6:51pm
pipedream-docs-redirect-do-not-edit ⬜️ Ignored (Inspect) Feb 24, 2025 6:51pm

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 24, 2025
edited
Loading

Walkthrough

The pull request updates version numbers and dependency references across several Shopify component files. In the main package, the component version and its dependencies are bumped. The list of event topics in the constants file is expanded with multiple new entries. Additionally, two source modules have their version updated. These changes adjust static configuration values and exported constants without modifying core control flow logic.

Changes

File(s) Change Summary
components/shopify/package.json Updated component version (0.6.7 → 0.6.8) and dependencies: @pipedream/platform (^1.2.0 → ^3.0.3), shopify-api-node (^3.12.4 → ^3.14.2).
components/shopify/sources/common/constants.mjs Added multiple new event topics to the EVENT_TOPIC constant.
components/shopify/sources/new-event-emitted/new-event-emitted.mjs,
components/shopify/sources/new-product-created/new-product-created.mjs		 Updated module version from 0.0.13 to 0.0.14.

Sequence Diagram(s)

Possibly related PRs

Suggested labels

User submitted, ai-assisted

Suggested reviewers

  • jcortes

Poem

I'm a rabbit in a code-filled glen,
Hopping through updates now and then.
Versions rise while topics bloom,
Dependencies change to clear the room.
With a joyous skip and a happy cheer,
I celebrate these changes far and near!

Warning

There were issues while running some tools. Please review the errors and either fix the tool’s configuration or disable the tool if it’s a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

components/shopify/sources/common/constants.mjs

Oops! Something went wrong! :(

ESLint: 8.57.1

Error [ERR_MODULE_NOT_FOUND]: Cannot find package 'jsonc-eslint-parser' imported from /eslint.config.mjs
at packageResolve (node:internal/modules/esm/resolve:839:9)
at moduleResolve (node:internal/modules/esm/resolve:908:18)
at defaultResolve (node:internal/modules/esm/resolve:1038:11)
at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:557:12)
at ModuleLoader.resolve (node:internal/modules/esm/loader:525:25)
at ModuleLoader.getModuleJob (node:internal/modules/esm/loader:246:38)
at ModuleJob._link (node:internal/modules/esm/module_job:126:49)

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 08ce996 and de62090.

📒 Files selected for processing (1)
  • components/shopify/sources/common/constants.mjs (5 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (2)
  • GitHub Check: Publish TypeScript components
  • GitHub Check: Verify TypeScript components
🔇 Additional comments (4)
components/shopify/sources/common/constants.mjs (4)

12-14: LGTM! App-related event topics added.

The new app-related event topics follow consistent naming conventions and align with the PR objectives.

16-17: LGTM! Deletion event topics added.

The new deletion event topics maintain consistent naming conventions and are properly organized alphabetically.

Also applies to: 22-22, 27-28, 31-31, 42-43, 86-86, 99-99, 104-104

29-30: LGTM! Update event topics added.

The new update event topics follow consistent naming patterns and maintain alphabetical ordering.

Also applies to: 33-33, 80-82, 87-88, 90-94, 98-100

125-129: LGTM! Subscription billing cycle event topics added.

The subscription billing cycle event topics are correctly spelled and follow consistent naming patterns.

✨ Finishing Touches
  • 📝 Generate Docstrings (Beta)

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Feb 24, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e49a80d and 08ce996.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (4)
  • components/shopify/package.json (2 hunks)
  • components/shopify/sources/common/constants.mjs (5 hunks)
  • components/shopify/sources/new-event-emitted/new-event-emitted.mjs (1 hunks)
  • components/shopify/sources/new-product-created/new-product-created.mjs (1 hunks)
✅ Files skipped from review due to trivial changes (2)
  • components/shopify/sources/new-event-emitted/new-event-emitted.mjs
  • components/shopify/sources/new-product-created/new-product-created.mjs
⏰ Context from checks skipped due to timeout of 90000ms (3)
  • GitHub Check: pnpm publish
  • GitHub Check: Verify TypeScript components
  • GitHub Check: Publish TypeScript components
🔇 Additional comments (6)
components/shopify/package.json (2)

18-18:

❓ Verification inconclusive

Verify compatibility with shopify-api-node v3.14.2.

The minor version bump of shopify-api-node suggests new features or improvements that might be relevant to the new event topics.

🌐 Web query:

What are the changes in shopify-api-node v3.14.2 compared to v3.12.4?

💡 Result:

The key changes between shopify-api-node v3.14.2 and v3.12.4 focus on enhanced rate-limiting strategies and alignment with Shopify's latest API updates:

Rate Limit Handling Improvements

  • Added maxRetries configuration
    Now supports up to 10 retries (defaults to 0) with automatic respect for Shopify's Retry-After headers[1].
  • Optimized autoLimit algorithm
    Client-side leaky bucket implementation avoids 429 Rate Limit Exceeded errors more effectively[1].

Shopify Platform Alignment

  • Support for API version 2025-04
    Includes critical updates:
    1️⃣ New error code NON_TEST_ORDER_LIMIT_REACHED for subscription billing attempts[2][5]
    2️⃣ Partial payment recording via orderCreateManualPayment mutation[2][5]
    3️⃣ Merged payout statuses ("In Transit" → "Scheduled")[2][5]

Parameter Handling Changes

  • Simplified nested object syntax when creating resources:
// Old: { country: { code: 'FR' } }
// New: { code: 'FR' }
shopify.country.create({ code: 'FR' })

Automatically wraps parameters in required parent keys[1].

Deprecations & Breaking Changes

  • Removed support for deprecated Shopify APIs:
    1️⃣ Explicit metafield access grants (ended Feb 24)[2][5]
    2️⃣ Legacy liquid syntax shop.metaobjects → standardized metaobjects.type.handle[2][5]

Maintenance Updates

  • Dependency updates including Rust 1.84 support in CLI tools[2][10]
  • Improved JWT parsing with unified leeway handling[3]

Developers should test retry logic adjustments and update any hardcoded API versions referencing deprecated endpoints before upgrading[1][7].

Citations:

Action Required: Verify Compatibility with Shopify-API-Node v3.14.2

The upgrade to v3.14.2 introduces several non-trivial changes compared to v3.12.4. Please ensure that the following areas in our code are reviewed and tested for compatibility:

  • Enhanced Rate-Limiting:

    • New maxRetries configuration (defaulting to 0 and now supporting up to 10 retries).
    • Improvements in the client-side autoLimit algorithm to better handle 429 Rate Limit Exceeded errors.

  • Shopify API Alignment:

    • Support for API version 2025-04 which includes new error codes (e.g., NON_TEST_ORDER_LIMIT_REACHED) and endpoint changes like the orderCreateManualPayment mutation.
    • Review any hardcoded API versions or deprecated endpoints in our integration.

  • Parameter Handling Refinements:

    • Simplified syntax for nested objects (e.g., converting { country: { code: 'FR' } } to { code: 'FR' }). Verify that our resource creation calls match the updated expected structure.

  • Deprecations and Breaking Changes:

    • Removal of support for deprecated Shopify APIs such as explicit metafield access grants and legacy liquid syntax modifications.

Note: The package change in components/shopify/package.json (line 18) now specifies:

"shopify-api-node": "^3.14.2"

Make sure that our code and tests cover all the affected functionality, especially around rate limiting and API version-specific behavior.

13-13:

❓ Verification inconclusive

Verify compatibility with @pipedream/platform v3.0.3.

The major version bump (1.x.x → 3.x.x) of @pipedream/platform could introduce breaking changes.

🌐 Web query:

What are the breaking changes in @pipedream/platform v3.0.3 compared to v1.2.0?

💡 Result:

The transition from @pipedream/platform v1.2.0 to v3.0.3 introduces several significant breaking changes, primarily driven by architectural shifts in component development and workflow execution:

Component Model Changes

  • New defineComponent structure: Code steps now wrap logic in defineComponent({ ... }) instead of direct function parameters[2][3].

    // Old (v1)
async (event, steps) => { ... }

// New (v3)
defineComponent({
  async run({ steps, $ }) { ... }
})

  • Props instead of params: Input handling now uses explicitly declared props rather than automatic params generation[3]:

    export default defineComponent({
  props: {
    apiKey: {
      type: "string",
      label: "API Key"
    }
  },
  async run({ steps, $ }) {
    console.log(this.apiKey)
  }
})

Execution Environment Changes

  • Exit method relocation: $end() has been replaced with $.flow.exit()[2]
  • Event access: Trigger events now live at steps.trigger.event instead of direct event parameter[2]
  • Built-in functions: Special functions like $respond became namespaced under $ (e.g., $.respond)[2]

Package Management

  • Top-level imports: Now support ES module syntax instead of requiring inline requires[2]: 
    // Old (v1)
async (event) => {
  const axios = require('axios')
}

// New (v3)
import axios from "axios"
defineComponent({...})

Authentication Handling

  • Managed auth requires explicit app props: 
    gh: {
  type: "app",
  app: "github"
}
  • Credential access changed from auths object to component props (this.gh.$auth)[3]

Development Workflow

  • Local development requirement: Actions can no longer be developed in UI - must use CLI and maintain code in GitHub repos[3]
  • Update mechanism: New action versions require explicit workflow updates through UI clicks rather than automatic inheritance[3]

These changes aim to improve type safety, enable better code reuse through components, and provide more explicit control flow[2][3]. Migrating requires rewriting step definitions, updating authentication patterns, and adapting to new component-based architecture[2][3].

Citations:

Action Required: Verify @pipedream/platform v3.0.3 Compatibility

The upgrade from v1.2.0 to v3.0.3 introduces major architectural changes that may affect component behavior. Please ensure the following are addressed:

  • Component Structure: The new version requires wrapping logic within defineComponent({ ... }) rather than using direct function parameters.
  • Input Handling: Automatic parameter passing is replaced with explicitly declared props. Confirm that any code relying on legacy parameter handling is updated accordingly.
  • Execution Environment: Notice changes such as replacing $end() with $.flow.exit(), and accessing trigger events via steps.trigger.event.
  • ES Module Imports: Make sure module imports follow ES module syntax as top-level imports.
  • Authentication Adjustments: Review modifications in how managed authentication is handled (e.g., changing from auths object to component props).

Review and verify that your components leveraging @pipedream/platform conform to these changes to prevent any runtime issues.

components/shopify/sources/common/constants.mjs (4)

12-14: LGTM! App-related event topics added.

The new app-related event topics align with the PR objectives and follow consistent naming conventions.

80-85: LGTM! Metafield and metaobject event topics added.

The new metafield and metaobject event topics follow consistent naming conventions and don't involve protected customer data.

31-32:

❓ Verification inconclusive

Verify compliance with protected customer data restrictions.

The following event topics might involve protected customer data:

  • CUSTOMERS_DELETE
  • CUSTOMERS_MERGE

Please confirm these events don't expose sensitive customer information as per Shopify's documentation.

🌐 Web query:

What customer data is exposed in Shopify webhook events for customer deletion and merging?

💡 Result:

Shopify's customer deletion and merging processes trigger specific webhooks with varying levels of customer data exposure:

Customer Deletion Webhooks

  • customers/redact (GDPR Compliance):
    Triggers when a merchant manually erases personal data or after Shopify's automated 2-year purge[2][9]. The payload includes:

    • customer_id (Shopify-assigned ID)
    • shop_id (store identifier)
      No personal data (names/addresses) is included since these are anonymized as "Anonymous" during deletion[2][9].

  • customers/delete:
    Sent when a customer profile is manually deleted via Shopify admin. The payload contains:

    • Full customer object before deletion, including:
      • Name
      • Email
      • Address
      • Phone number[6][10]

Customer Merging Webhooks

  • customers/update:
    Triggered when merging duplicate customer profiles via Shopify admin[3][6]. The payload includes:
    • Final merged customer record (retained contact info)
    • No explicit indication of merged IDs in standard payloads
      Note: Merged profiles retain order history but lose redundant personal data from duplicates[3].

Key Distinctions

Action Webhook Personal Data Exposure Use Case Example
GDPR Deletion customers/redact None (IDs only)[2][9][10] Compliance with privacy requests
Manual Deletion customers/delete Full pre-deletion snapshot[6] App cleanup workflows
Profile Merge customers/update Final merged record only[3][6] Syncing CRM systems

For GDPR-compliant deletions via automated purges or manual erasure, apps must rely on stored customer IDs rather than expecting personal data in customers/redact payloads[2][9]. Merging operations require apps to infer changes from updated customer records rather than explicit merge notifications[3][6].

Citations:

Action: Confirm Data Handling Compliance for Customer Deletion and Merge Events

After reviewing Shopify’s documentation, please verify the following:

  • CUSTOMERS_DELETE ("customers/delete")
    This event sends the full pre-deletion customer object (including name, email, address, and phone) when a customer is manually deleted. Ensure that your handling of this event prevents any inadvertent logging or exposure of sensitive customer data.

  • CUSTOMERS_MERGE ("customers/merge")
    Note that Shopify typically uses the "customers/update" webhook for merge operations. Confirm that this custom event does not introduce additional personal data exposure and that its usage aligns with your secure data processing requirements.

Please review the processing and storage of these webhook payloads to ensure they comply with the appropriate data protection guidelines as outlined by Shopify.

86-88:

❓ Verification inconclusive

Verify compliance with protected order data restrictions.

The following event topics might involve protected order data:

  • ORDERS_DELETE
  • ORDERS_RISK_ASSESSMENT_CHANGED
  • ORDERS_SHOPIFY_PROTECT_ELIGIBILITY_CHANGED

Please confirm these events don't expose sensitive order information.

🌐 Web query:

What order data is exposed in Shopify webhook events for order deletion and risk assessment?

💡 Result:

Shopify's webhook system provides specific data for order deletion and risk assessment events:

Order Deletion Webhook

  • Triggers when an order is permanently deleted from a store
  • Exposes core identifiers and metadata:
    • Order ID
    • Shop domain reference
    • Deletion timestamp[7][10]
  • Does not include full order details (items/payment info) since the record is removed[1][7]
  • Key header: X-Shopify-Topic: orders/delete[7]

Risk Assessment Webhook

  • Triggers on orders/risk_assessment_changed events[9]
  • Contains:
    • Risk analysis results (fraud indicators)
    • Order financial details (payment methods used)
    • Customer verification status[9]
    • Risk recommendation (accept/deny transaction)[9]
  • Includes both initial risk evaluation and subsequent reassessments[9]

Comparison Table

Feature Order Deletion Webhook Risk Assessment Webhook
Trigger Condition Permanent removal of order New/changed fraud evaluation
Data Scope Basic identification metadata Detailed risk indicators
Recurrence Single event Multiple updates possible
Typical Use Case Inventory/record cleanup Fraud prevention systems

These events use Shopify's standard webhook format with JSON payloads containing event-specific data fields alongside shop/API metadata[6][7]. For precise field mappings, developers should test with actual webhook implementations as schema details can vary between Shopify API versions[4][6].

Citations:

Subject: Verify Shopify Webhook Data Exposure Compliance

Based on the latest Shopify documentation details:

  • ORDERS_DELETE: This event only sends core identifiers (order ID, shop domain, deletion timestamp) and does not expose detailed order content.
  • ORDERS_RISK_ASSESSMENT_CHANGED: The webhook provides risk analysis information and financial details necessary for fraud prevention (e.g., risk indicators and payment methods) but does not include comprehensive order details.
  • ORDERS_SHOPIFY_PROTECT_ELIGIBILITY_CHANGED: Documentation isn’t as detailed for this event. Please double-check that its payload likewise conforms to protected order data restrictions.

Ensure that the use and handling of data from the risk assessment and protect eligibility events remain compliant with security standards.

GTFalcao
GTFalcao approved these changes Feb 24, 2025
View reviewed changes
Copy link
Collaborator

@GTFalcao GTFalcao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@michelle0927 michelle0927 merged commit 13f2b73 into master Feb 25, 2025
11 checks passed
@michelle0927 michelle0927 deleted the issue-15691 branch February 25, 2025 15:58
@michelle0927 michelle0927 mentioned this pull request Feb 25, 2025
Merged
This was referenced Mar 11, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@GTFalcao GTFalcao GTFalcao approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Shopify

3 participants

@michelle0927 @GTFalcao