chore: modernize CI actions and remove dead build config#102
Merged
Conversation
actions/checkout v4.3.1 -> v6.0.3, actions/setup-node v4.4.0 -> v6.4.0 (SHA-pinned). Aligns the CI with current majors for the Node runtime. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- vitest.config.mjs: remove the unused resolve.alias.src block (no source imports via the src/ alias) and its now-unused path/fileURLToPath imports - .npmignore: remove it; the package.json files allowlist governs the tarball (npm pack output verified byte-identical at 93 files) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@biomejs/biome ^2.4.15 -> ^2.5.0, @types/node ^25.9.1 -> ^25.9.3. No new lint/format findings on the existing source. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Low-risk maintenance of the build/CI/tooling layer. No production source changed and the published tarball is unchanged (
npm packships the same 93 files), so this does not require a version bump.Adapted from the supply-chain/toolchain hardening done in mcp-local-rag#149, keeping only the parts that apply to this npm-based (not pnpm) repo.
Changes
CI — bump GitHub Actions to current majors
actions/checkoutv4.3.1 → v6.0.3 (SHA-pinned)actions/setup-nodev4.4.0 → v6.4.0 (SHA-pinned)Dead config removal
vitest.config.mjs: removed the unusedresolve.alias.srcblock (no source imports via thesrc/alias) and its now-unusedpath/fileURLToPathimports..npmignore: removed. Thepackage.jsonfilesallowlist already governs the tarball —npm pack --dry-runis byte-identical before/after (93 files).devDependency bumps
@biomejs/biome^2.4.15→^2.5.0@types/node^25.9.1→^25.9.3Lockfile regenerated via
npm install(no hand-edits). Biome 2.5.0 introduces no new lint/format findings on the existing source.Out of scope (intentionally not applied)
The pnpm-specific hardening from the reference PR does not map to this repo:
packageManagerpinning,minimumReleaseAge,strictDepBuilds/allowBuilds, andpnpm/action-setup. Lockfile integrity is already enforced here vianpm ciin CI.Verification (local)
npm run check:allgreen: biome check/lint/format (38 files, no findings),check:deps(no circular deps),knip,build(tsc), andtest(234/234 passing).npm pack --dry-runfile list identical before/after (93 files).🤖 Generated with Claude Code