Skip to content

chore: update actions versions, use frozen bun lockfile #295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: update actions versions, use frozen bun lockfile #295

wants to merge 1 commit into from

Conversation

@DaxServer
Copy link

@DaxServer DaxServer commented Oct 24, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated CI/CD workflow configurations with newer action versions and enhanced dependency management through stricter installation requirements.

@coderabbitai
Copy link

coderabbitai bot commented Oct 24, 2025
edited
Loading

Walkthrough

GitHub Actions workflows updated to use newer action versions: checkout v5 and setup-bun v2. Package installation now requires frozen lockfile for reproducibility across both CI and publish workflows.

Changes

Cohort / File(s) Change Summary
Workflow Updates
.github/workflows/ci.yml, .github/workflows/publish.yml		 Updated actions/checkout@v4 to actions/checkout@v5 and oven-sh/setup-bun@v1 to oven-sh/setup-bun@v2. Changed bun install to bun install --frozen-lockfile for stricter dependency resolution.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 Hop, hop, the workflows now run so clean,
With actions v5 and v2 on the scene,
Frozen lockfiles keep all in place,
No dependency chaos—just stable grace! 🔒

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The pull request title "chore: update actions versions, use frozen bun lockfile" accurately and clearly summarizes the main changes in the changeset. The title directly corresponds to the two key modifications across both workflow files: updating the checkout action from v4 to v5, updating the Bun setup action from v1 to v2, and adding the --frozen-lockfile flag to the install command. The title is specific, concise, and follows standard commit message conventions with the "chore:" prefix, making it immediately clear to reviewers what the primary focus of the change is.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 070919e and eea62a2.

📒 Files selected for processing (2)
  • .github/workflows/ci.yml (1 hunks)
  • .github/workflows/publish.yml (2 hunks)
🔇 Additional comments (4)
.github/workflows/ci.yml (2)

14-14: Verify action version upgrades for breaking changes.

The workflow has been updated to use actions/checkout@v5 and oven-sh/setup-bun@v2, consistent with the changes to publish.yml. Verify that these upgrades don't introduce breaking changes for the CI workflow.

Also applies to: 17-17

22-22: Verify bun lockfile is committed and maintained.

The change to bun install --frozen-lockfile enforces reproducible installs in CI. Ensure the bun lockfile is properly committed and synchronized with package.json changes across branches.

.github/workflows/publish.yml (2)

38-38: Bun lockfile verified and properly maintained.

All checks passed:

  • bun.lock exists at repository root
  • Lockfile is tracked in git and not ignored
  • Lockfile is synchronized with package.json (identical modification timestamps)

The --frozen-lockfile flag is safe to enforce in CI/CD.

24-24: No breaking changes detected—upgrades are safe for this workflow.

The workflow uses runs-on: ubuntu-latest, a GitHub-hosted runner that is automatically maintained by GitHub and meets the minimum runner version requirement for actions/checkout@v5. GitHub maintains and updates runner images regularly, so the Node.js 24 requirement poses no risk. oven-sh/setup-bun@v2 has no explicit breaking changes and is used with standard inputs compatible with v2; since the workflow does not read outputs from either action, there are no downstream impacts.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DaxServer