Improve framework Clean Repos CI trust#772
Conversation
|
Warning Review limit reachedYou’ve reached a temporary PR review limit under our Fair Usage Limits Policy. Next review available in: 21 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (14)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #772 +/- ##
==========================================
+ Coverage 98.07% 98.24% +0.17%
==========================================
Files 86 93 +7
Lines 2804 3138 +334
Branches 519 570 +51
==========================================
+ Hits 2750 3083 +333
Misses 12 12
- Partials 42 43 +1 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
ea484ec to
ee74753
Compare
There was a problem hiding this comment.
Pull request overview
This PR improves CI “clean repo” trust signals and documentation for the Framework monorepo by tightening CI behavior (lint + explicit “All tests pass” gate), fixing Vitest coverage scoping for TS packages, and documenting/justifying legacy and test-fixture patterns (incl. CodeQL rationale) while patching a vulnerable transitive dependency via pnpm overrides.
Changes:
- Fix Vitest coverage measurement so TypeScript packages with
src/are measured correctly; adjust shared root coverage excludes accordingly. - Make CI more explicit and trustworthy: add
pnpm lint, set minimal workflow permissions, and rename the required-check aggregator toAll tests pass; remove job-manager unhandled-error suppression by fixing worker fixtures. - Add/expand repo-level docs (
README.md,AGENTS.md) and pinjs-yamlvia pnpm override/lockfile update; add CodeQL suppression rationale for compatibility/test fixtures.
Reviewed changes
Copilot reviewed 14 out of 15 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
vitest.config.ts |
Updates shared coverage exclude rules so src/ isn’t erroneously excluded from coverage accounting. |
README.md |
Adds install/usage guidance and clarifies repo workflows and commands. |
pnpm-workspace.yaml |
Adds a pnpm override to force patched js-yaml for vulnerable transitive consumers. |
pnpm-lock.yaml |
Lockfile update to reflect the js-yaml override and resolved versions. |
packages/security/lib/tokens.js |
Adds CodeQL rationale comment for reset-token hashing behavior. |
packages/prometheus-metrics/vitest.config.ts |
Ensures package coverage config properly scopes to src/** (and clears inherited excludes). |
packages/nodemailer/lib/nodemailer.js |
Documents and suppresses CodeQL findings for legacy SES ServiceUrl parsing compatibility. |
packages/mw-vhost/test/vhost.test.js |
Adds CodeQL rationale comment for hostname-regexp-related test behavior. |
packages/job-manager/vitest.config.ts |
Removes unhandled-error suppression to keep unhandled errors fatal for this package. |
packages/job-manager/test/jobs/timed-job.js |
Fixes worker fixture timing handling to avoid leaking unhandled rejections. |
packages/express-test/example/app.js |
Adds CodeQL rationale comment for intentionally insecure test-fixture session setup. |
packages/errors/vitest.config.ts |
Ensures package coverage config properly scopes to src/** (and clears inherited excludes). |
AGENTS.md |
Adds agent-facing repo notes: structure, commands, CI expectations, and coverage conventions. |
.github/workflows/test.yml |
Adds minimal permissions, runs pnpm lint, and renames the aggregator check to All tests pass. |
Files not reviewed (1)
- pnpm-lock.yaml: Generated file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ref [GVA-823](https://linear.app/ghost/issue/GVA-823/clean-repos-framework) Fixed the framework cleanup gate by measuring TypeScript package coverage against real source files, removing the job-manager unhandled-error suppression, adding explicit lint and the stable `All tests pass` workflow check, documenting repo-local agent and README guidance with a `CLAUDE.md` symlink, overriding the vulnerable transitive `js-yaml` resolution used by the Jest snapshot package, and adding explicit CodeQL rationale where compatibility or test-fixture behavior should not change.
ee74753 to
606f6b6
Compare
Summary
@tryghost/errorsand@tryghost/prometheus-metricsso thresholds measure real source filespnpm lintandAll tests passin CIAGENTS.md, a symlinkedCLAUDE.md, fills root README install/usage gaps, and overrides vulnerable transitivejs-yamlto the patched 3.x releaseref GVA-823
Clean Repos ledger slice
All tests pass; GitHub ruleset/protection still needs updating after this lands onmainrenovate.jsonextendsgithub>tryghost/renovate-configand validatespnpm@11.9.0; frozen install passespnpm lintadded to CI and local lint/format checks passCLAUDE.mdsymlinked toAGENTS.mdVerification
corepack pnpm install --frozen-lockfilecorepack pnpm lintcorepack pnpm format:checkcorepack pnpm --filter @tryghost/errors testcorepack pnpm --filter @tryghost/prometheus-metrics testcorepack pnpm --filter @tryghost/job-manager testcorepack pnpm --filter @tryghost/nodemailer testcorepack pnpm --filter @tryghost/security testcorepack pnpm --filter @tryghost/express-test testcorepack pnpm --filter @tryghost/mw-vhost testcorepack pnpm test:cicorepack pnpm audit --audit-level moderatecorepack pnpm dlx --package renovate renovate-config-validator renovate.jsonFollow-up after merge
All tests passinstead ofAll tests passedmainframework.yamltoconfirmed