Skip to content

ci(actions): add dedicated pull request workflow #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ndycode merged 2 commits into from
Mar 10, 2026
Merged

ci(actions): add dedicated pull request workflow #66

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b63a57b
ci(actions): add dedicated pull request workflow
ndycode Mar 10, 2026
0aae5a0
ci(actions): add PR audit parity checks
ndycode Mar 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 3 additions & 6 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@ name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]

jobs:
test:
Expand All @@ -23,7 +21,7 @@ jobs:
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
cache: npm

- name: Install dependencies
run: npm ci
Expand Down Expand Up @@ -52,7 +50,6 @@ jobs:

lint:
name: Lint

runs-on: ubuntu-latest

steps:
Expand All @@ -63,7 +60,7 @@ jobs:
uses: actions/setup-node@v4
with:
node-version: 20.x
cache: 'npm'
cache: npm

- name: Install dependencies
run: npm ci
Expand All @@ -83,7 +80,7 @@ jobs:
uses: actions/setup-node@v4
with:
node-version: 20.x
cache: 'npm'
cache: npm

- name: Install dependencies
run: npm ci
Expand Down
51 changes: 51 additions & 0 deletions .github/workflows/pr-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: PR CI

on:
pull_request:
branches: [main]

concurrency:
group: pr-ci-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true

permissions:
contents: read

jobs:
validate:
name: PR Validation
runs-on: ubuntu-latest

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20.x
cache: npm
Comment on lines +23 to +27
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

pr validation only runs on node 20.x, but ci.yml tests both 20.x and 22.x.

this means a regression specific to node 22.x could slip through PR validation and only fail after merge to main. consider adding a matrix here too, or at minimum document this gap is intentional.

suggested matrix addition 
 jobs:
   validate:
     name: PR Validation
     runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [20.x, 22.x]

     steps:
       - name: Checkout code
         uses: actions/checkout@v4

       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: 20.x
+          node-version: ${{ matrix.node-version }}
           cache: npm
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pr-ci.yml around lines 23 - 27, PR CI currently pins
actions/setup-node to node-version: 20.x so PR validation only runs on 20.x
while ci.yml tests both 20.x and 22.x; update the PR workflow step that uses
actions/setup-node@v4 to run a node-version matrix (include 20.x and 22.x) or,
if intentionally limited, add a clear comment/README note explaining the gap;
locate the setup step referencing actions/setup-node@v4 and change it to use a
matrix variable (node-version) or add documentation in the workflow or repo
README to justify and record this decision.


- name: Install dependencies
run: npm ci

- name: Security audit (CI policy)
run: npm run audit:ci

- name: Lockfile floor guard
run: npm run test -- test/lockfile-version-floor.test.ts
Comment on lines +35 to +36
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

lockfile floor guard test runs twice in this workflow.

test/lockfile-version-floor.test.ts runs explicitly here (line 36) and again as part of npm test (line 48). this is a minor inefficiency. if fail-fast is the goal, consider excluding it from the full suite run:

       - name: Run tests
-        run: npm test
+        run: npm run test -- --exclude test/lockfile-version-floor.test.ts

alternatively, accept the duplication since it's fast and keeps the explicit guard visible.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pr-ci.yml around lines 35 - 36, The workflow currently
runs test/lockfile-version-floor.test.ts twice: once in the explicit "Lockfile
floor guard" step and again in the general npm test run; either remove the
dedicated "Lockfile floor guard" step so the guard only runs as part of the full
"npm test" step, or keep the dedicated step and change the general "npm test"
invocation to exclude test/lockfile-version-floor.test.ts (use your test
runner's exclude/ignore flag) so the guard only executes once.


- name: Repository hygiene check
run: npm run clean:repo:check
Comment thread
coderabbitai[bot] marked this conversation as resolved.

- name: Run type check
run: npm run typecheck

- name: Run ESLint
run: npm run lint

- name: Run tests
run: npm test
Comment thread
greptile-apps[bot] marked this conversation as resolved.
Comment thread
greptile-apps[bot] marked this conversation as resolved.

- name: Build
run: npm run build