Skip to content

chore: update ci/cd configuration #789

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
petermasking merged 8 commits into from
Jun 10, 2026
Merged

chore: update ci/cd configuration #789

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
8316f97
#786: ci/cd updates
basmasking Jun 3, 2026
ca8727b
#786: typescript bumped
basmasking Jun 3, 2026
eea2bbb
Merge branch 'main' into 786-update-ci-config
basmasking Jun 10, 2026
c3c632f
#786: updated all dependencies
basmasking Jun 10, 2026
0050876
#786: vitest config
basmasking Jun 10, 2026
220abde
#786: fixed class name
basmasking Jun 10, 2026
09cceb1
#786: processed feedback
basmasking Jun 10, 2026
3b124d7
#786: explicit install script executions
basmasking Jun 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 19 additions & 17 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,21 +3,23 @@
version: 2
updates:

# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"

# Maintain dependencies for jitar
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "monthly"
commit-message:
# Prefix all commit messages with "npm"
prefix: "npm"
open-pull-requests-limit: 1
pull-request-branch-name:
# Separate sections of the branch name with a hyphen
separator: "-"
# Maintain dependencies for jitar
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "monthly"
commit-message:
# Prefix all commit messages with "npm"
prefix: "npm"
open-pull-requests-limit: 1
pull-request-branch-name:
# Separate sections of the branch name with a hyphen
separator: "-"
cooldown:
default-days: 4
7 changes: 3 additions & 4 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ on:
- cron: '39 10 * * 1'

permissions:
contents: read
id-token: none

jobs:
Expand Down Expand Up @@ -49,15 +48,15 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v6
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

- name: Initialize CodeQL
uses: github/codeql-action/init@v4
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
source-root: ${{ matrix.package }}
languages: ${{ matrix.language }}

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
category: "/language:${{matrix.language}}"
6 changes: 3 additions & 3 deletions .github/workflows/nodejsci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,13 @@ jobs:

strategy:
matrix:
node-version: [ 20.x, 22.x, 24.x ]
node-version: [ 22.x, 24.x ]

@coderabbitai coderabbitai Bot Jun 10, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix YAMLlint bracket spacing in the matrix list.

This line violates YAMLlint’s brackets rule.

🧹 Proposed fix 
-        node-version: [ 22.x, 24.x ]
+        node-version: [22.x, 24.x]
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
node-version: [ 22.x, 24.x ]
node-version: [22.x, 24.x]
🧰 Tools
🪛 YAMLlint (1.37.1)

[error] 20-20: too many spaces inside brackets

(brackets)

[error] 20-20: too many spaces inside brackets

(brackets)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/nodejsci.yml at line 20, The YAMLlint brackets rule is
violated for the node-version matrix entry; update the node-version matrix list
(the line containing "node-version: [ 22.x, 24.x ]") to remove the extra spaces
inside the brackets so it reads "node-version: [22.x, 24.x]" (or convert it to a
block sequence with "- 22.x" and "- 24.x") to satisfy YAMLlint.

Source: Linters/SAST tools


steps:
- uses: actions/checkout@v6
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v6
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: ${{ matrix.node-version }}
cache: npm
Expand Down
46 changes: 24 additions & 22 deletions .github/workflows/publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,34 +3,36 @@ name: "Publish packages"
on:
workflow_dispatch:

permissions:
id-token: write
contents: read


jobs:
publish:
permissions:
id-token: write
contents: read
runs-on: ubuntu-latest
environment:
name: release
steps:
- name: ⚙️ Checkout Repository
uses: actions/checkout@v6
- name: 🛠️ Set up Node.js
uses: actions/setup-node@v6
with:
node-version: '24.x'
registry-url: 'https://registry.npmjs.org/'
- name: ⚙️ Checkout Repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
Comment on lines +16 to +17

@coderabbitai coderabbitai Bot Jun 10, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Shared root cause: actions/checkout credential persistence is enabled in multiple workflows.

Both workflows should set with.persist-credentials: false on checkout to reduce token exposure across later steps/artifacts.

🧰 Tools
🪛 zizmor (1.25.2)

[warning] 16-17: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/publish.yml around lines 16 - 17, The workflow uses
actions/checkout@... without disabling credential persistence; update the
checkout step that uses actions/checkout to include a with block setting
persist-credentials: false (i.e., add "with: persist-credentials: false" to the
Checkout step) so the GITHUB_TOKEN is not persisted to subsequent
steps/artifacts; ensure every checkout step across workflows uses this same
change.

Source: Linters/SAST tools


- name: 🛠️ Set up Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: '24.x'
registry-url: 'https://registry.npmjs.org/'

- name: 📦 Install Dependencies
run: npm ci
- name: 📦 Install Dependencies
run: npm ci

- name: 🔨 Build all packages
run: npm run build
- name: 🔨 Build all packages
run: npm run build

- name: 🚀 Publish Jitar
run: npm run publish-jitar
- name: 🚀 Publish Jitar
run: npm run publish-jitar

- name: 🚀 Publish plugin for Vite
run: npm run publish-plugin
- name: 🚀 Publish plugin for Vite
run: npm run publish-plugin

- name: ✅ Publish Complete
run: echo "Packages published"
- name: ✅ Publish Complete
run: echo "Packages published"
Loading
Loading