ci: clearer check labels and split lint jobs#1218
Open
MoonBoi9001 wants to merge 4 commits into
Open
Conversation
Workflow names and job IDs now describe what each check actually runs. Lint splits into prettier, eslint, typecheck so failures point at the specific tool. CodeQL extends to PRs targeting main-dips. CLI image no longer pushes from PR builds. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Quote \$GITHUB_ENV to silence SC2086, and add a disable directive plus a short explanation for the two intentional unquoted substitutions in the manifest creation (both rely on word-splitting to expand into multiple shell args). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The previous reference resolved nothing: the runnable action lives in the osv-scanner-action subdir of the repo (not actions/osv-scanner), and the project publishes patch tags only — no moving @v2 tag exists. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The yarn-audit and OSV jobs flag advisories already in the committed dependency tree, so they fail at once and would block later pull requests whose authors changed nothing. Ship the check-label cleanup alone; scanning returns once there is a plan to clear the backlog.
MoonBoi9001
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
TL;DR
Rewrites the CI workflow surface so every check label says what it actually runs. Splits the catch-all lint job into prettier, eslint and typecheck, and fixes a bug where the CLI Docker image was published from every pull-request build.
Motivation
The check list today reads "Check Formatting / check" and "CI / build (20, ubuntu-22.04)". The first hides three tools — prettier, eslint and tsc — behind a single dot, so a reviewer cannot tell which one flagged a violation. The second is named "CI" but really runs the test suite, which misleads contributors who expect "CI" to mean something broader. Separately, the CLI image workflow pushes to the registry from every pull-request build because of a hard-coded publish flag, so unreviewed branches publish images. Renaming the labels is a natural moment to fix that too.
Summary
tests / node 20andtests / node 22.push: truewith the agent's PR-exclusion conditional.yarn install --frozen-lockfilein the lint and tests workflows for consistent installs.After merge, CI runs four workflows: lint (prettier, eslint, typecheck), tests (node 20, node 22), docker build (agent images plus cli), and codeql.
Generated with Claude Code