Skip to content

Upgrade dependencies and add release workflow#44

Open
macintushar wants to merge 1 commit into
mainfrom
chore/upgrade-deps-and-releases
Open

Upgrade dependencies and add release workflow#44
macintushar wants to merge 1 commit into
mainfrom
chore/upgrade-deps-and-releases

Conversation

@macintushar

@macintushar macintushar commented Jul 6, 2026

Copy link
Copy Markdown
Owner

Summary

  • Bump all dependencies to latest versions in package.json and bun.lock
  • Migrate from Tailwind CSS v3 to v4 (new PostCSS plugin, remove tailwindcss-animate, add tw-animate-css)
  • Upgrade React 18 → 19, TypeScript 5 → 6, Vite 5 → 8, ESLint 9 → 10
  • Add .github/workflows/release.yml with cron (weekly Friday) and manual triggers
  • Remove postcss.config.js lingering v3 config and update import paths (src/index.css, tailwind.config.ts)
  • Re-generate routeTree.gen.ts and rebuild tsconfig.app.tsbuildinfo / tsconfig.node.tsbuildinfo

Testing

  • Project builds cleanly (npm run build)
  • Dev server starts without errors (npm run dev)
  • Tailwind v4 utility classes render correctly (checked home page and profile dropdown)
  • React 19 + new JSX transform work (no import React errors)
  • TypeScript 6 compilation succeeds with updated configs
  • Release workflow: Not run (requires merge to main to test)
  • ESLint passes on changed files (npm run lint)

Summary by CodeRabbit

  • New Features
    • Added automated release generation with changelogs and version tag checks.
    • Updated the app to the 0.1.0 release.
  • Bug Fixes
    • Improved route and page state handling to better support navigation and saved board content.
    • Updated the profile menu icon for the GitHub link.
  • Chores
    • Refreshed build, lint, styling, and runtime dependencies.
    • Updated Tailwind and TypeScript configuration to match the latest toolchain.

- Bump React, Tailwind CSS, TypeScript, Vite to latest major versions
- Add GitHub Actions release workflow (.github/workflows/release.yml)
@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
draw Ready Ready Preview, Comment Jul 6, 2026 10:09am

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

This PR adds a scheduled/manual GitHub Actions release workflow, bumps the package version, upgrades dependencies, migrates Tailwind/PostCSS configuration to v4 syntax, regenerates the TanStack Router route tree, removes tsconfig baseUrl settings, swaps a Lucide icon, and adds an ESLint suppression comment.

Changes

Release Automation

Layer / File(s) Summary
Release workflow and version bump
.github/workflows/release.yml, package.json
New workflow computes next semver tag, skips when no new commits, guards against existing tags, generates a changelog, and creates a GitHub Release; package version bumped from 0.0.0 to 0.1.0.

Tailwind v4 and Dependency Migration

Layer / File(s) Summary
Dependency upgrades
package.json
Upgrades React, Tailwind/PostCSS, TypeScript, ESLint, Prettier, Vite, and related dependencies/devDependencies.
Tailwind/PostCSS v4 config migration
postcss.config.js, tailwind.config.ts, src/index.css
Replaces tailwindcss/autoprefixer with @tailwindcss/postcss, removes tailwindcss-animate plugin, and switches index.css to @import/@config/@custom-variant directives.

Route Tree Regeneration and Minor Fixes

Layer / File(s) Summary
Route tree regeneration
src/routeTree.gen.ts
Renames route symbols to *RouteImport/rootRouteImport, removes the empty-string path entry from route type unions, and rebuilds the FileRoutesByPath augmentation and routeTree construction.
tsconfig baseUrl removal and build info updates
tsconfig.json, tsconfig.app.json, tsconfig.app.tsbuildinfo, tsconfig.node.tsbuildinfo
Removes compilerOptions.baseUrl and updates stored TypeScript version metadata from 5.7.3 to 6.0.3.
Icon swap and lint suppression
src/components/ProfileDropdown.tsx, src/views/Page.tsx
Replaces the Github icon with GitBranch and adds an ESLint disable comment for a useEffect.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Possibly related PRs

  • macintushar/draw#10: Both PRs regenerate and refactor src/routeTree.gen.ts, updating exported routing type interfaces and route tree construction.
  • macintushar/draw#11: Both PRs modify src/views/Page.tsx around ESLint/React-hook suppression behavior.

Poem

A hop, a skip, a fresh new tag,
Tailwind v4 packed in the bag,
GitBranch icon takes its stand,
Routes rebuilt across the land,
This bunny ships with paw held high! 🐇✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately captures the two main changes: dependency upgrades and adding a release workflow.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/upgrade-deps-and-releases

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
package.json (1)

24-24: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

bun listed as a runtime dependency is unusual.

bun (and @types/bun) is the runtime/toolchain rather than an app dependency; pinning it under dependencies doesn't install a usable Bun binary and can be confusing. Consider relying on the CI/.tool-versions/engines to pin Bun instead, unless this is intentional for a specific reason.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 24, The package.json dependency list includes bun as an
app runtime dependency, which is unusual and can be misleading. Update the
package metadata around the bun entry so Bun is pinned via the project’s
runtime/tooling configuration instead of dependencies, unless there is a
deliberate reason to keep it there; use the package.json dependency block and
any related Bun/runtime settings as the location to adjust.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/release.yml:
- Around line 27-30: The checkout step in the release workflow is persisting the
GITHUB_TOKEN in git config unnecessarily. Update the existing
actions/checkout@v4 configuration to disable credential persistence by setting
persist-credentials to false while keeping the full-history/tag fetch settings
unchanged.

In `@package.json`:
- Line 53: Remove the stray install dependency from package.json and update the
lockfile accordingly. The dependency is unused, so delete the install entry from
the dependencies section and regenerate or edit the lockfile so it no longer
references it, keeping the change consistent with the package manifest.

In `@src/index.css`:
- Around line 1-5: Stylelint is flagging Tailwind v4 directives as unknown
at-rules in the stylesheet; update the stylelint configuration to allowlist the
Tailwind-specific directives used in src/index.css. Adjust the rule that powers
scss/at-rule-no-unknown so it ignores `@config` and `@custom-variant` (and any other
Tailwind v4 at-rules already present in the stylesheet), keeping the change in
the stylelint config rather than the CSS itself.

---

Nitpick comments:
In `@package.json`:
- Line 24: The package.json dependency list includes bun as an app runtime
dependency, which is unusual and can be misleading. Update the package metadata
around the bun entry so Bun is pinned via the project’s runtime/tooling
configuration instead of dependencies, unless there is a deliberate reason to
keep it there; use the package.json dependency block and any related Bun/runtime
settings as the location to adjust.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0fcbc1e3-84e2-4be1-b02a-aca94aca1a5d

📥 Commits

Reviewing files that changed from the base of the PR and between 2d6c73c and ad6f268.

⛔ Files ignored due to path filters (1)
  • bun.lock is excluded by !**/*.lock
📒 Files selected for processing (12)
  • .github/workflows/release.yml
  • package.json
  • postcss.config.js
  • src/components/ProfileDropdown.tsx
  • src/index.css
  • src/routeTree.gen.ts
  • src/views/Page.tsx
  • tailwind.config.ts
  • tsconfig.app.json
  • tsconfig.app.tsbuildinfo
  • tsconfig.json
  • tsconfig.node.tsbuildinfo
💤 Files with no reviewable changes (2)
  • tsconfig.json
  • tsconfig.app.json

Comment on lines +27 to +30
- name: Checkout (full history + tags)
uses: actions/checkout@v4
with:
fetch-depth: 0

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win

Set persist-credentials: false on checkout.

actions/checkout persists the GITHUB_TOKEN in .git/config by default. This workflow never pushes via git (the release is created through action-gh-release using the token directly), so the persisted credential is unnecessary and leaves a credential exposed to any later step.

🔒️ Proposed hardening
       - name: Checkout (full history + tags)
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Checkout (full history + tags)
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Checkout (full history + tags)
uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: false
🧰 Tools
🪛 zizmor (1.26.1)

[warning] 27-30: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/release.yml around lines 27 - 30, The checkout step in the
release workflow is persisting the GITHUB_TOKEN in git config unnecessarily.
Update the existing actions/checkout@v4 configuration to disable credential
persistence by setting persist-credentials to false while keeping the
full-history/tag fetch settings unchanged.

Source: Linters/SAST tools

Comment thread package.json
"eslint-plugin-react-hooks": "^7.1.1",
"eslint-plugin-react-refresh": "^0.5.3",
"globals": "^17.7.0",
"install": "^0.13.0",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Confirm nothing references the `install` package.
rg -nP "require\(['\"]install['\"]\)|from ['\"]install['\"]" .

Repository: macintushar/draw

Length of output: 154


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo '--- package.json excerpt ---'
cat -n package.json | sed -n '40,65p'

echo
echo '--- plain-text references to "install" (filtered to likely relevant paths) ---'
rg -n --hidden --glob '!**/node_modules/**' --glob '!**/.git/**' --glob '!package-lock.json' --glob '!pnpm-lock.yaml' --glob '!yarn.lock' '\binstall\b' .

echo
echo '--- package.json dependency entries ---'
python3 - <<'PY'
import json
from pathlib import Path
pkg = json.loads(Path('package.json').read_text())
for section in ('dependencies', 'devDependencies', 'optionalDependencies', 'peerDependencies'):
    deps = pkg.get(section, {})
    if 'install' in deps:
        print(section, deps['install'])
PY

Repository: macintushar/draw

Length of output: 2141


Remove the stray install dependency. install doesn’t appear to be used anywhere; remove it from package.json and the lockfile to avoid unnecessary supply-chain surface.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 53, Remove the stray install dependency from
package.json and update the lockfile accordingly. The dependency is unused, so
delete the install entry from the dependencies section and regenerate or edit
the lockfile so it no longer references it, keeping the change consistent with
the package manifest.

Comment thread src/index.css
Comment on lines +1 to +5
@import "tailwindcss";
@import "tw-animate-css";
@config "../tailwind.config.ts";

@custom-variant dark (&:is(.dark *));

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Update stylelint to recognize Tailwind v4 at-rules.

Stylelint flags @config (Line 3) and @custom-variant (Line 5) as unknown at-rules via scss/at-rule-no-unknown. These are valid Tailwind v4 directives, so this will produce persistent CI/editor lint noise (and may fail lint gates) unless the stylelint config allowlists them.

🔧 Suggested stylelint config update
 rules: {
   "scss/at-rule-no-unknown": [
     true,
     {
-      ignoreAtRules: [/* existing entries */],
+      ignoreAtRules: [
+        "tailwind",
+        "apply",
+        "layer",
+        "config",
+        "custom-variant",
+        "theme",
+        "utility",
+        "source",
+        /* existing entries */
+      ],
     },
   ],
 },
🧰 Tools
🪛 Stylelint (17.14.0)

[error] 3-3: Unexpected unknown at-rule "@config" (scss/at-rule-no-unknown)

(scss/at-rule-no-unknown)


[error] 5-5: Unexpected unknown at-rule "@custom-variant" (scss/at-rule-no-unknown)

(scss/at-rule-no-unknown)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/index.css` around lines 1 - 5, Stylelint is flagging Tailwind v4
directives as unknown at-rules in the stylesheet; update the stylelint
configuration to allowlist the Tailwind-specific directives used in
src/index.css. Adjust the rule that powers scss/at-rule-no-unknown so it ignores
`@config` and `@custom-variant` (and any other Tailwind v4 at-rules already present
in the stylesheet), keeping the change in the stylelint config rather than the
CSS itself.

Source: Linters/SAST tools

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant