Skip to content

Kansas1295 patch 2 #5947

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kansas1295 wants to merge 4 commits into from
Closed

Kansas1295 patch 2 #5947

kansas1295 wants to merge 4 commits into from

Conversation

@kansas1295
Copy link

@kansas1295 kansas1295 commented Sep 22, 2025
edited
Loading

Fixes #????

PR Checklist

  • Tests
  • Documentation
  • Changeset entry (run npx changeset add)

@changeset-bot
Copy link

changeset-bot bot commented Sep 22, 2025

⚠️ No Changeset found

Latest commit: 88be972

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 22, 2025

Walkthrough

Introduces two GitHub Actions workflows. 1) .github/workflows/codeql.yml adds CodeQL analysis triggered on push and pull_request to master and a weekly cron. It runs a matrix for javascript-typescript, python, and ruby with build-mode none, sets permissions, conditionally handles manual builds, and executes init and analyze steps. 2) .github/workflows/npm-publish-github-packages.yml triggers on release creation, with a build job (Node 16: checkout, npm ci, npm test) and a publish job (uses GITHUB_TOKEN, configures npm.pkg.github.com, runs npm ci and npm publish).

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)
Check name Status Explanation Resolution
Title Check ❓ Inconclusive The title "Kansas1295 patch 2" is a generic username/patch-style label that does not describe the primary changes in this PR (which add GitHub Actions workflows for CodeQL and npm publishing). It provides no meaningful context for reviewers or repository history and is therefore too vague to determine if it accurately summarizes the changes. Because the title is non-descriptive, the check is inconclusive. Rename the PR to a concise, specific title that summarizes the main change, for example "Add CodeQL analysis and npm publish GitHub Actions workflows", and ensure it reflects the primary intent so reviewers can quickly understand the change.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed The PR description is a generic contribution template containing placeholders (e.g., "Fixes #????") and a checklist but it is related to the pull request process rather than being completely off-topic. Given the lenient criteria for this check, the description passes because it is not unrelated to the changeset, although it does not actually describe the specific code changes. The description should still be completed with concrete details before merging.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

  • Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
  • Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Sep 22, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (5)
.github/workflows/npm-publish-github-packages.yml (3)

6-9: Guard against accidental pre-releases and only publish on “published” releases.

Prevents publishing on draft/pre-release and aligns with common release flows.

 on:
   release:
-    types: [created]
+    types: [published]
@@
-  publish-gpr:
+  publish-gpr:
+    if: ${{ github.event.release.prerelease == false }}
     needs: build

Also applies to: 21-23

15-19: Enable npm cache to speed up CI.

Small perf win; no behavior change.

-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 22.x
+          node-version: 22.x
+          cache: 'npm'
@@
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 22.x
+          node-version: 22.x
+          cache: 'npm'

Also applies to: 29-31

6-10: Optional: add concurrency to avoid duplicate publishes on re-runs.

Prevents multiple publishes for the same tag.

 on:
   release:
     types: [published]
 
+concurrency:
+  group: npm-publish-${{ github.ref }}
+  cancel-in-progress: false
.github/workflows/codeql.yml (2)

46-53: Trim language matrix to what the repo actually uses to cut minutes.

If this repo has JS/TS scripts but no Python/Ruby, reduce to javascript-typescript only.

       matrix:
-        include:
-        - language: javascript-typescript
-          build-mode: none
-        - language: python
-          build-mode: none
-        - language: ruby
-          build-mode: none
+        include:
+        - language: javascript-typescript
+          build-mode: none

32-41: Tighten permissions (drop what’s not needed).

Unless you fetch private CodeQL packs, packages: read and actions: read are unnecessary.

     permissions:
       # required for all workflows
       security-events: write
-
-      # required to fetch internal or private CodeQL packs
-      packages: read
-
-      # only required for workflows in private repositories
-      actions: read
       contents: read
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b9c7078 and 88be972.

📒 Files selected for processing (2)
  • .github/workflows/codeql.yml (1 hunks)
  • .github/workflows/npm-publish-github-packages.yml (1 hunks)
🧰 Additional context used
🪛 GitHub Check: lint
.github/workflows/npm-publish-github-packages.yml

[failure] 29-29:
the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

[failure] 28-28:
the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

[failure] 15-15:
the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

[failure] 14-14:
the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

🪛 GitHub Actions: lint workflows
.github/workflows/npm-publish-github-packages.yml

[error] 14-14: The runner of "actions/checkout@v3" action is too old to run on GitHub Actions. Update the action's version to fix this issue [action].

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
  • GitHub Check: halmos
  • GitHub Check: slither
  • GitHub Check: coverage
  • GitHub Check: tests-foundry
  • GitHub Check: tests-upgradeable
  • GitHub Check: tests

@gonzaotc gonzaotc closed this Sep 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kansas1295 @gonzaotc