Sync from upstream

[matheusfillipe]

Summary by CodeRabbit

• Chores
  • Added an automated build and deploy workflow to streamline continuous integration and delivery for the web client.
  • Bumped numerous project dependencies and developer tooling to newer, compatible versions to improve stability, performance, and security; no public APIs or application behavior were changed.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2dee6b28-9876-4851-a8b4-7ccb3598fa99

📥 Commits

Reviewing files that changed from the base of the PR and between 7824bc0 and 7f91023.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• package.json

✅ Files skipped from review due to trivial changes (1)

• package.json

---

📝 Walkthrough

Walkthrough

Adds a new GitHub Actions workflow .github/workflows/deploy.yaml that triggers on pushes to next and invokes a reusable k3s deploy workflow. Also updates package.json with multiple dependency and devDependency version bumps; no API or runtime logic changes.

Changes

Cohort / File(s)	Summary
Deployment Workflow .github/workflows/deploy.yaml	New CI workflow "Build and Deploy Minecraft Web Client" that triggers on push to next and calls the reusable workflow h4ks-com/k3s-deploy/.github/workflows/k3s-deploy.yaml@main with inputs contexts: "." and images: "minecraft-web-client".
Dependency Updates package.json	Broad version bumps across dependencies and devDependencies (React, React DOM, Storybook, ESLint, tooling, prosemirror libs, etc.). Only version constraints changed; no application code or exported APIs modified.

Sequence Diagram(s)

sequenceDiagram
  participant Dev as Developer Push
  participant GH as GitHub Actions
  participant Reusable as h4ks-com/k3s-deploy (reusable workflow)
  participant Cluster as Kubernetes Cluster
  Dev->>GH: push to `next` branch (trigger)
  GH->>Reusable: invoke reusable workflow\ninputs: contexts=".", images="minecraft-web-client"
  Reusable->>Cluster: build images & deploy (using contexts/images)
  Cluster-->>Reusable: deployment status
  Reusable-->>GH: workflow result
  GH-->>Dev: notify status

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

Review effort 2/5

Poem

🐇 I hopped a commit into the night,
A workflow sparked and took to flight,
Versions nudged, the pipeline sang,
Containers built with a cheerful clang,
I twitch my nose — deployment's bright!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Sync from upstream' is vague and does not clearly convey what specific changes were made. It fails to summarize the actual modifications: adding a deployment workflow and updating dependencies.	Use a more descriptive title that reflects the main changes, such as 'Add deploy workflow and update dependencies' or specify the primary change being synced.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

package.json (1)

106-107: Align pnpm.overrides.react to match the direct dependency version range.

Direct dependency specifies react@^18.3.1, but override still targets ^18.2.0. While currently functional (the broader range includes 18.3.1), aligning both to ^18.3.1 reduces resolver drift risk and ensures consistent version intent across the workspace.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 106 - 107, Update the pnpm override for React so
it matches the direct dependency range: change the pnpm.overrides.react entry
from ^18.2.0 to ^18.3.1 to align with the direct dependency "react": "^18.3.1";
locate the pnpm.overrides.react key and update its version string to ^18.3.1 to
avoid resolver drift and ensure consistent intent across the workspace.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/deploy.yaml:
- Line 10: The reusable workflow reference currently uses a mutable ref
"h4ks-com/k3s-deploy/.github/workflows/k3s-deploy.yaml@main"; replace the
trailing "@main" with a full commit SHA from the upstream repo to pin the
workflow (e.g., fetch the desired commit SHA from the h4ks-com/k3s-deploy repo
and update the uses string to .../k3s-deploy.yaml@<COMMIT_SHA>), ensuring future
executions use that immutable commit.
- Around line 3-6: The reusable workflow reference currently uses the mutable
ref "@main" (in the uses: entry that points to the k3s-deploy reusable
workflow); replace that mutable ref with a pinned tag or commit SHA (for example
"@v1.0.0" or a specific commit SHA) so the workflow is immutable and
reproducible, updating the uses: value that references the k3s-deploy reusable
workflow accordingly; after pinning, optionally verify the chosen tag exists in
the upstream repo and run a test push to confirm the workflow executes as
expected.

---

Nitpick comments:
In `@package.json`:
- Around line 106-107: Update the pnpm override for React so it matches the
direct dependency range: change the pnpm.overrides.react entry from ^18.2.0 to
^18.3.1 to align with the direct dependency "react": "^18.3.1"; locate the
pnpm.overrides.react key and update its version string to ^18.3.1 to avoid
resolver drift and ensure consistent intent across the workspace.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3ad1b8d1-9ec3-49f0-bf3d-2c76fb0fd08c

📥 Commits

Reviewing files that changed from the base of the PR and between 9b00468 and 7824bc0.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (2)

• .github/workflows/deploy.yaml
• package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# List workflows that trigger on pushes to next
fd -i '\.ya?ml$' .github/workflows | xargs rg -n -C3 'on:|push:|branches:|next|name:'

Repository: zardoy/minecraft-web-client

Length of output: 35720

---

🏁 Script executed:

cat -n .github/workflows/deploy.yaml

Repository: zardoy/minecraft-web-client

Length of output: 399

---

Pin the k3s-deploy reusable workflow to a specific version tag.

Line 10 uses @main to reference the external reusable workflow, which is mutable and a supply-chain stability risk. Even if both k3s and Vercel deployments are intentional (they target different platforms), use a pinned version like @v1.0.0 instead of @main to ensure predictable, reproducible behavior.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/deploy.yaml around lines 3 - 6, The reusable workflow
reference currently uses the mutable ref "@main" (in the uses: entry that points
to the k3s-deploy reusable workflow); replace that mutable ref with a pinned tag
or commit SHA (for example "@v1.0.0" or a specific commit SHA) so the workflow
is immutable and reproducible, updating the uses: value that references the
k3s-deploy reusable workflow accordingly; after pinning, optionally verify the
chosen tag exists in the upstream repo and run a test push to confirm the
workflow executes as expected.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

fd -t f "deploy.yaml" | head -20

Repository: zardoy/minecraft-web-client

Length of output: 53

---

🏁 Script executed:

if [ -f ".github/workflows/deploy.yaml" ]; then
  echo "=== File content ===" 
  cat -n ".github/workflows/deploy.yaml" | head -20
  echo ""
  echo "=== Full file ===" 
  cat ".github/workflows/deploy.yaml"
fi

Repository: zardoy/minecraft-web-client

Length of output: 677

---

🏁 Script executed:

# Also search for other uses of k3s-deploy or similar patterns
rg "h4ks-com/k3s-deploy" --type yaml

Repository: zardoy/minecraft-web-client

Length of output: 53

---

Pin reusable workflow to a commit SHA instead of @main.

Using @main for third-party reusable workflows is mutable and can introduce unreviewed behavior changes. Pin to a full commit SHA.

Suggested hardening

-    uses: h4ks-com/k3s-deploy/.github/workflows/k3s-deploy.yaml@main
+    uses: h4ks-com/k3s-deploy/.github/workflows/k3s-deploy.yaml@<full_commit_sha>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/deploy.yaml at line 10, The reusable workflow reference
currently uses a mutable ref
"h4ks-com/k3s-deploy/.github/workflows/k3s-deploy.yaml@main"; replace the
trailing "@main" with a full commit SHA from the upstream repo to pin the
workflow (e.g., fetch the desired commit SHA from the h4ks-com/k3s-deploy repo
and update the uses string to .../k3s-deploy.yaml@<COMMIT_SHA>), ensuring future
executions use that immutable commit.

[matheusfillipe]

Sorry this was a mistake. DIdn't mean to open a PR in this repo. You definitely dont want this.