Fix gulp-zip import and add consistent modified time to zip

[minimaluminium]

Summary

Updated the gulp-zip integration to use the default export and ensure consistent file timestamps in generated zip archives.

Key Changes

• Changed gulp-zip import from named import to default export (.default)
• Added modifiedTime option to zip task to set a consistent modification timestamp for all files in the archive

Implementation Details

The modifiedTime option ensures reproducible builds by setting all files in the zip to the same timestamp, rather than using their individual file modification times. This is particularly useful for consistent artifact generation across different build environments.

https://claude.ai/code/session_01YXpwhKnsb98MQHXC5c5HLW

[coderabbitai]

Warning

Rate limit exceeded

@minimaluminium has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 53 minutes and 32 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 53 minutes and 32 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9cfb9ec9-5dbf-4a1b-9e6d-7efb0a81cc93

📥 Commits

Reviewing files that changed from the base of the PR and between 2444d28 and a6421cc.

📒 Files selected for processing (2)

• gulpfile.js
• package.json

Walkthrough

The gulpfile.js was modified to change how the zip plugin is imported and used. The import statement was updated to access the .default export of the gulp-zip module. Additionally, the zip archive creation call now includes an options object that explicitly sets the modifiedTime property to the current date, replacing reliance on default behavior. No changes were made to task structure or flow.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~7 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main changes: fixing the gulp-zip import to use the default export and adding consistent modified time handling to the zip task.
Description check	✅ Passed	The description is directly related to the changeset, explaining the motivation for the import change, detailing the key modifications made, and providing implementation context about reproducible builds.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/slack-session-10HEq

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@gulpfile.js`:
- Line 86: The zip call currently sets modifiedTime to new Date(), which yields
non-reproducible archives; change the modifiedTime passed to zip(filename,
{modifiedTime: ...}) to a stable, deterministic timestamp derived from a
reproducible source (e.g. parse process.env.SOURCE_DATE_EPOCH if present, else
fall back to a deterministic value such as a fixed epoch or package version/git
commit timestamp), ensuring the value is converted to a Date and used for all
entries so repeated runs produce identical archives.
- Line 11: The build fails with ERR_REQUIRE_ESM because gulp-zip v6.1.0 is ESM
but the gulpfile uses static require: const zip = require('gulp-zip').default;
fix by either (A) declaring a minimum Node version in package.json via
"engines": { "node": ">=22.12.0" } so static require of ESM is allowed, or (B)
changing the gulpfile to dynamically import the ESM package (use top-level await
or an async wrapper and replace the require usage with await import('gulp-zip')
and reference the .default export) so older Node versions work; choose one
approach and update package.json or the gulpfile accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a1359364-14e4-41a4-9d0c-6b56d0bd4638

📥 Commits

Reviewing files that changed from the base of the PR and between 65b90e0 and 2444d28.

📒 Files selected for processing (1)

• gulpfile.js

[coderabbitai]

⚠️ Potential issue | 🟠 Major

new Date() does not produce reproducible archives.

The PR description states this change "enables reproducible builds," but new Date() evaluates to the current wall-clock time on each invocation, so every build still produces a zip with different entry mtimes (and therefore a different archive hash). It only makes all entries within a single archive share one timestamp — not reproducible across runs.

For true reproducibility, derive the timestamp from a stable source such as SOURCE_DATE_EPOCH, the package version, or the last git commit time.

♻️ Suggested approach

-        zip(filename, {modifiedTime: new Date()}),
+        zip(filename, {
+            modifiedTime: process.env.SOURCE_DATE_EPOCH
+                ? new Date(Number(process.env.SOURCE_DATE_EPOCH) * 1000)
+                : new Date(0)
+        }),

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	zip(filename, {modifiedTime: new Date()}),
	zip(filename, {
	modifiedTime: process.env.SOURCE_DATE_EPOCH
	? new Date(Number(process.env.SOURCE_DATE_EPOCH) * 1000)
	: new Date(0)
	}),

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@gulpfile.js` at line 86, The zip call currently sets modifiedTime to new
Date(), which yields non-reproducible archives; change the modifiedTime passed
to zip(filename, {modifiedTime: ...}) to a stable, deterministic timestamp
derived from a reproducible source (e.g. parse process.env.SOURCE_DATE_EPOCH if
present, else fall back to a deterministic value such as a fixed epoch or
package version/git commit timestamp), ensuring the value is converted to a Date
and used for all entries so repeated runs produce identical archives.