Skip to content

Strengthen CI workflow matrix#49

Merged
marioledger merged 2 commits into
mainfrom
maint/ci-node-matrix-build-order
Jun 17, 2026
Merged

Strengthen CI workflow matrix#49
marioledger merged 2 commits into
mainfrom
maint/ci-node-matrix-build-order

Conversation

@marioledger

@marioledger marioledger commented Jun 17, 2026

Copy link
Copy Markdown
Owner

Summary\n- run CI on Node 20 and 22 to match the repo engine range\n- build the workspace before Vitest so workspace packages resolve on a clean checkout\n\n## Validation\n- npm run lint\n- npm run build\n- npm test

Summary by CodeRabbit

  • Chores
    • Updated the CI pipeline to validate builds and tests on a Node.js version matrix (20 and 22) for improved compatibility assurance.
    • Adjusted the workflow credentials handling during source checkout.
    • Reordered CI execution so the build step runs before tests.

@coderabbitai

coderabbitai Bot commented Jun 17, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 236796e7-5a38-4563-a231-5197163c0166

📥 Commits

Reviewing files that changed from the base of the PR and between 2461042 and bb0754e.

📒 Files selected for processing (1)
  • .github/workflows/ci.yml
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/ci.yml

📝 Walkthrough

Walkthrough

The CI validate job is updated to run across a Node.js version matrix (20 and 22) with fail-fast: false. The actions/setup-node step now reads the version from matrix.node-version, and the step order is changed so npm run build runs before npm run test.

Changes

CI Node.js Matrix and Build Order

Layer / File(s) Summary
Node.js matrix, setup, and step reorder
.github/workflows/ci.yml
Adds a strategy.matrix with Node 20 and 22 and fail-fast: false, updates actions/setup-node to use matrix.node-version, adds persist-credentials: false to checkout, and reorders steps so npm run build precedes npm run test.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐇 Hop, hop, the matrix grows,
Two Node versions in a row!
Build runs first, then tests follow neat,
No fast-fail — every check complete.
This bunny loves a tidy CI beat! 🌟

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Strengthen CI workflow matrix' directly and specifically addresses the main objective of extending Node.js version coverage (20 and 22) and represents the primary architectural change to the CI workflow.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch maint/ci-node-matrix-build-order

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 18-19: Replace the floating version tags in both GitHub Actions
with their full commit SHAs to improve supply-chain integrity. In the
actions/checkout and actions/setup-node action uses, replace `@v6` with the
complete commit SHA for each action (you can find these from the official action
repositories). Add a trailing comment on each line to preserve readability by
noting which version the SHA corresponds to, ensuring the workflow uses
immutable references that cannot be force-updated by attackers.
- Line 18: The actions/checkout@v6 action is using a mutable version tag and has
credential persistence enabled by default, creating security vulnerabilities.
Modify the checkout action step by replacing the version tag v6 with a pinned
full commit SHA and add the persist-credentials: false configuration option to
prevent accidental token exposure and protect against tag-poisoning attacks.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5ac39ffe-aaf9-4712-b0a1-095f48e10444

📥 Commits

Reviewing files that changed from the base of the PR and between dae4bff and 2461042.

📒 Files selected for processing (1)
  • .github/workflows/ci.yml

Comment thread .github/workflows/ci.yml Outdated
Comment thread .github/workflows/ci.yml Outdated
@marioledger marioledger merged commit 7fd3db1 into main Jun 17, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant