Skip to content

ci: upgrade to Node 24, add code quality workflows, and update dependencies #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jaysin586 merged 5 commits into from
Jan 29, 2026
Merged

ci: upgrade to Node 24, add code quality workflows, and update dependencies #33

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
438bb0e
ci: add trunk code quality and workflow validation
jaysin586 Jan 29, 2026
eb8ee4e
ci: update workflows for Node 24, Blacksmith runners, and security
jaysin586 Jan 29, 2026
1785542
build: update dependencies and upgrade to Node 24
jaysin586 Jan 29, 2026
1d55797
chore(docs): update compatibility date and remove redundant attribute
jaysin586 Jan 29, 2026
9da1b2e
chore: add Trunk linter configuration
jaysin586 Jan 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 19 additions & 9 deletions .github/workflows/cloudflare-pages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,61 +12,71 @@ on:
branches:
- main
workflow_dispatch:
# trunk-ignore(checkov/CKV_GHA_7)
inputs: {}

jobs:
deploy:
runs-on: ubuntu-latest
runs-on: blacksmith-2vcpu-ubuntu-2404 # trunk-ignore(actionlint/runner-label)
name: Deploy
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6 # zizmor: ignore[unpinned-uses]
with:
persist-credentials: false

- uses: pnpm/action-setup@v4
- uses: pnpm/action-setup@v4 # zizmor: ignore[unpinned-uses]
with:
version: 10

- name: Use Node.js - 22
uses: actions/setup-node@v4
- name: Use Node.js - 24
uses: actions/setup-node@v6 # zizmor: ignore[unpinned-uses]
with:
node-version: 22
cache: pnpm
node-version: 24

- name: Install Root Dependencies
run: pnpm install --frozen-lockfile

- name: Build Package
run: pnpm run build

- name: Generate sitemap manifest
working-directory: docs
run: pnpm run sitemap:manifest

- name: Deploy Docs
working-directory: docs
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
# WRANGLER_LOG_SANITIZE: 'false'
# WRANGLER_LOG_LEVEL: debug
run: |
set -euxo pipefail
# Ensure log dir exists (wrangler writes here by default)
mkdir -p "${HOME}/.config/.wrangler/logs"
# Run deploy and capture exit code while letting us continue to upload logs
set +e
pnpm run deploy
DEPLOY_EXIT=$?
set -e
echo "Wrangler logs at: ${HOME}/.config/.wrangler/logs"
# Print last 200 lines of the latest wrangler log to job output
ls -lt "${HOME}/.config/.wrangler/logs" | head -n 5 || true
LATEST_LOG=$(ls -1t "${HOME}/.config/.wrangler/logs"/*.log 2>/dev/null | head -n 1 || true)
if [ -n "${LATEST_LOG}" ]; then
echo "::group::Wrangler log (tail)"
tail -n 200 "${LATEST_LOG}" || true
echo "::endgroup::"
fi
# Exit with original deploy status so the job fails if deploy failed
exit ${DEPLOY_EXIT}

- name: Upload Wrangler logs
if: always()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v4 # zizmor: ignore[unpinned-uses]
with:
name: wrangler-logs
path: ~/.config/.wrangler/logs/*.log
retention-days: 7

30 changes: 19 additions & 11 deletions .github/workflows/coveralls.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,29 +8,29 @@ on:
schedule:
# Runs at 00:00 on Sunday
- cron: 0 0 * * 0
workflow_dispatch:
workflow_dispatch: # Allows manual triggering

jobs:
build:
runs-on: ubuntu-latest
runs-on: blacksmith-2vcpu-ubuntu-2404 # trunk-ignore(actionlint/runner-label)
strategy:
matrix:
node-version: [20, 22]
node-version: [20, 22, 24]
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v6 # zizmor: ignore[unpinned-uses]
with:
persist-credentials: false
token: ${{ secrets.ACTIONS_KEY }}

- uses: pnpm/action-setup@v4
- uses: pnpm/action-setup@v4 # zizmor: ignore[unpinned-uses]
with:
version: 10

- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
uses: actions/setup-node@v6 # zizmor: ignore[unpinned-uses]
with:
node-version: ${{ matrix.node-version }}
cache: pnpm

- name: Install
run: pnpm install --frozen-lockfile
Expand All @@ -39,21 +39,29 @@ jobs:
run: pnpm test

- name: Upload coverage to Coveralls
uses: coverallsapp/github-action@v2
uses: coverallsapp/github-action@v2 # zizmor: ignore[unpinned-uses]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
flag-name: node-${{ matrix.node-version }}
parallel: true
if: matrix.node-version == '22'

- name: Cache dependencies
uses: actions/cache@v5 # zizmor: ignore[unpinned-uses]
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ matrix.node-version }}-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-node-${{ matrix.node-version }}-
${{ runner.os }}-node-
Comment on lines +49 to +56

@coderabbitai coderabbitai Bot Jan 29, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Cache configuration has issues: wrong path and suboptimal placement.

Two problems with this cache step:

  1. Wrong cache path: The workflow uses pnpm, but the cache path is ~/.npm. The pnpm store is typically at ~/.local/share/pnpm/store, not ~/.npm.

  2. Placement after install/test: The cache step appears after pnpm install and pnpm test. For caching to be effective, it should be placed before the install step so dependencies can be restored from cache.

Note: Since actions/setup-node with cache: pnpm is not used here (unlike in run-tests.yml), manual caching is needed. Consider aligning this workflow with run-tests.yml by using the built-in cache option.

🔧 Option 1: Use setup-node built-in caching (preferred) 
             - name: Use Node.js ${{ matrix.node-version }}
               uses: actions/setup-node@v6 # zizmor: ignore[unpinned-uses]
               with:
                   node-version: ${{ matrix.node-version }}
+                  cache: pnpm

             - name: Install
               run: pnpm install --frozen-lockfile
...
-            - name: Cache dependencies
-              uses: actions/cache@v5 # zizmor: ignore[unpinned-uses]
-              with:
-                  path: ~/.npm
-                  key: ${{ runner.os }}-node-${{ matrix.node-version }}-${{ hashFiles('**/pnpm-lock.yaml') }}
-                  restore-keys: |
-                      ${{ runner.os }}-node-${{ matrix.node-version }}-
-                      ${{ runner.os }}-node-
🔧 Option 2: Fix manual cache configuration 
+            - name: Get pnpm store directory
+              shell: bash
+              run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_OUTPUT
+              id: pnpm-cache
+
+            - name: Cache pnpm dependencies
+              uses: actions/cache@v5 # zizmor: ignore[unpinned-uses]
+              with:
+                  path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
+                  key: ${{ runner.os }}-pnpm-store-${{ matrix.node-version }}-${{ hashFiles('**/pnpm-lock.yaml') }}
+                  restore-keys: |
+                      ${{ runner.os }}-pnpm-store-${{ matrix.node-version }}-
+                      ${{ runner.os }}-pnpm-store-
+
             - name: Install
               run: pnpm install --frozen-lockfile
...
-            - name: Cache dependencies
-              uses: actions/cache@v5 # zizmor: ignore[unpinned-uses]
-              with:
-                  path: ~/.npm
-                  key: ${{ runner.os }}-node-${{ matrix.node-version }}-${{ hashFiles('**/pnpm-lock.yaml') }}
-                  restore-keys: |
-                      ${{ runner.os }}-node-${{ matrix.node-version }}-
-                      ${{ runner.os }}-node-
🤖 Prompt for AI Agents 
In @.github/workflows/coveralls.yml around lines 49 - 56, The "Cache
dependencies" step using actions/cache@v5 is misconfigured: change the cache
path from ~/.npm to the pnpm store path (~/.local/share/pnpm/store) and move
this cache step to run before the pnpm install/pnpm test steps so dependencies
are restored, or alternatively replace the manual cache step by using
actions/setup-node with cache: 'pnpm' (or align with the run-tests.yml approach)
to enable built-in pnpm caching; update the step named "Cache dependencies" and
any related keys to keep the existing key/restore-keys logic but targeting the
correct pnpm store location and placement.


finish-coverage:
needs: build
runs-on: ubuntu-latest
runs-on: blacksmith-2vcpu-ubuntu-2404 # trunk-ignore(actionlint/runner-label)
if: ${{ always() }}
steps:
- name: Coveralls Finished
uses: coverallsapp/github-action@v2
uses: coverallsapp/github-action@v2 # zizmor: ignore[unpinned-uses]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
parallel-finished: true

Loading
Loading