Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - uses: dorny/paths-filter@v3 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - uses: dorny/paths-filter@v3 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium test
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| if: steps.changes.outputs.code != 'true' | ||
| run: echo "Only version changes detected, skipping storybook tests" | ||
|
|
||
| - if: steps.changes.outputs.code == 'true' && steps.changes.outputs.ui == 'true' |
There was a problem hiding this comment.
Cache step condition stricter than build steps
The cache step in the storybook job requires both code == 'true' && ui == 'true', but subsequent build and test steps (pnpm install, pnpm build, test:storybook:update) only require code == 'true'. When code changes occur outside the packages/keychain directory (code=true but ui=false), the storybook tests will run without the benefit of caching, resulting in slower CI runs. The cache condition likely needs to match the other steps by checking only code == 'true'.
Additional Locations (1)
| - '**/*.tsx' | ||
| - '**/*.js' | ||
| - '**/*.jsx' | ||
| - '!**/package.json' |
There was a problem hiding this comment.
Inconsistent JSON path filter across workflow files
The code filter in quality.yml includes **/*.json (excluding package.json), but the code filter in test.yml omits JSON files entirely. This means changes to configuration files like tsconfig.json will trigger linting but skip tests. If a TypeScript config change breaks compilation, it won't be caught until a subsequent PR modifies TypeScript source files.
Additional Locations (1)
| - '**/*.tsx' | ||
| - '**/*.js' | ||
| - '**/*.jsx' | ||
| - '!**/package.json' |
There was a problem hiding this comment.
Dependency-only updates skip all CI checks
The code path filters don't include pnpm-lock.yaml or other lock files. When a dependency update PR changes only package.json (excluded) and pnpm-lock.yaml (not in filter), code evaluates to false and all tests and linting are skipped. This means Renovate/Dependabot PRs with breaking dependency changes could merge without running any CI checks. Before this change, tests always ran regardless of which files changed.
Additional Locations (1)
Use dorny/paths-filter to detect when only package.json version bumps occur (prepare-release branch). Jobs still run and report success, satisfying required checks without running unnecessary tests.
Code reviewNo issues found. Checked for bugs and CLAUDE.md compliance. |
1 participant
Summary
Adds a new Claude skill (
.claude/commands/release.md) that documents and automates the release workflow.The skill allows triggering releases via
/release minor,/release patch,/release major, or a specific version like/release 0.12.0. It guides through the GitHub Actionsrelease-dispatchworkflow process.Note
Introduces a Claude release command and optimizes CI to skip unnecessary work on version-only changes.
.claude/commands/release.mddocumenting the release process, semver calculation, and how to triggerrelease-dispatchviagh(including prerelease handling)quality.ymlandtest.ymlto usedorny/paths-filterand gate Node/pnpm/lint/build/test/Codecov/Storybook steps behindcodechanges, with clear skip messagescodefilter (includes*.css), conditional caching/execution, and a stricter final check conditioned onsteps.changes.outputs.code == 'true'Written by Cursor Bugbot for commit 0acad9c. This will update automatically on new commits. Configure here.