chore(ci): enable turborepo remote caching#110
Merged
halvaradop merged 12 commits intomasterfrom Mar 3, 2026
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughConsolidates CI into a single Node.js workflow, standardizes auth exports with explicit Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested labels
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/workflows/ci.yaml (1)
39-40: Remove or applyWORKING_DIRto avoid config drift.
WORKING_DIRis defined but unused in the job steps.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci.yaml around lines 39 - 40, The CI job defines an unused environment variable WORKING_DIR in the job env block; either remove the WORKING_DIR env entry or use it in the job steps (e.g., reference it in run commands or actions via ${{ env.WORKING_DIR }} or inputs that accept a working-directory) so the config does not drift—update the env block or replace direct working-directory strings in steps to reference the WORKING_DIR variable accordingly.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/ci.yaml:
- Around line 7-13: The CI path filters under the "paths:" arrays in
.github/workflows/ci.yaml currently list ".github/workflows/**", "configs/**",
"packages/**", "pnpm-lock.yaml", "bun.lock", and "deno.lock" but omit the apps
tree; update both occurrences of the paths array (the one shown and the second
similar block) to include "apps/**" so PRs that only change files under apps are
picked up by this workflow.
---
Nitpick comments:
In @.github/workflows/ci.yaml:
- Around line 39-40: The CI job defines an unused environment variable
WORKING_DIR in the job env block; either remove the WORKING_DIR env entry or use
it in the job steps (e.g., reference it in run commands or actions via ${{
env.WORKING_DIR }} or inputs that accept a working-directory) so the config does
not drift—update the env block or replace direct working-directory strings in
steps to reference the WORKING_DIR variable accordingly.
ℹ️ Review info
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
.github/workflows/ci.yamlapps/tanstack-start/src/routeTree.gen.tspackages/core/src/oauth/index.ts
There was a problem hiding this comment.
♻️ Duplicate comments (1)
.github/workflows/ci.yaml (1)
7-13:⚠️ Potential issue | 🟠 MajorAdd
apps/**to both path filters.Line 7 and Line 17 filter sets still miss app-only changes, so CI can be bypassed for PRs touching only
apps/**.🔧 Proposed fix
push: branches: - master paths: - ".github/workflows/**" - "configs/**" + - "apps/**" - "packages/**" - "pnpm-lock.yaml" - "bun.lock" - "deno.lock" pull_request: branches: - master paths: - ".github/workflows/**" - "configs/**" + - "apps/**" - "packages/**" - "pnpm-lock.yaml" - "bun.lock" - "deno.lock"Also applies to: 17-23
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci.yaml around lines 7 - 13, CI path filters in the workflows omit app-only changes; update the "paths" arrays in the .github/workflows/ci.yaml workflow so both path-filter lists include "apps/**" (i.e., add the glob "apps/**" alongside ".github/workflows/**", "configs/**", "packages/**", etc.) for both filter blocks referenced under the workflow's paths key to ensure PRs touching only apps trigger CI.
🧹 Nitpick comments (1)
.github/workflows/ci.yaml (1)
43-44: Pin exact runtime versions to ensure reproducible builds.Using
24.x,v2.x, andlatestallow silent runtime drift between CI runs, potentially causing flaky builds. Replace with exact versions or committed version files:
- Line 43 (Node.js): Use
node-version: "24.17.0"(or a committed.nvmrc/.node-versionfile)- Line 73 (Deno): Use
deno-version: "2.0.0"(or a committed.dvmrc/.tool-versionsfile)- Line 94 (Bun): Use
bun-version: "1.3.3"(or a committed.bun-version/.tool-versionsfile)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci.yaml around lines 43 - 44, The workflow currently uses floating runtime specifiers (node-version: "24.x", deno-version: "v2.x", bun-version: "latest") which can cause nondeterministic CI; update those keys in the CI job to pin exact versions (e.g., node-version: "24.17.0", deno-version: "2.0.0", bun-version: "1.3.3") or reference committed version files (.nvmrc/.node-version, .dvmrc/.tool-versions, .bun-version) so the node-version, deno-version, and bun-version entries are deterministic and reproducible across runs.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In @.github/workflows/ci.yaml:
- Around line 7-13: CI path filters in the workflows omit app-only changes;
update the "paths" arrays in the .github/workflows/ci.yaml workflow so both
path-filter lists include "apps/**" (i.e., add the glob "apps/**" alongside
".github/workflows/**", "configs/**", "packages/**", etc.) for both filter
blocks referenced under the workflow's paths key to ensure PRs touching only
apps trigger CI.
---
Nitpick comments:
In @.github/workflows/ci.yaml:
- Around line 43-44: The workflow currently uses floating runtime specifiers
(node-version: "24.x", deno-version: "v2.x", bun-version: "latest") which can
cause nondeterministic CI; update those keys in the CI job to pin exact versions
(e.g., node-version: "24.17.0", deno-version: "2.0.0", bun-version: "1.3.3") or
reference committed version files (.nvmrc/.node-version, .dvmrc/.tool-versions,
.bun-version) so the node-version, deno-version, and bun-version entries are
deterministic and reproducible across runs.
There was a problem hiding this comment.
Actionable comments posted: 4
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
apps/tanstack-start/vite.config.ts (1)
9-19:⚠️ Potential issue | 🟠 MajorNitro is not fully de-scoped: remove from dependencies and configuration, or re-enable in Vite config.
Nitro is disabled in
vite.config.ts(lines 9, 19) but remains listed inpackage.jsonas a dependency ("nitro": "^3.0.1-alpha.2") and in.cta.jsonas a chosen add-on. Either restore Nitro in the Vite config or remove it entirely frompackage.jsonand.cta.jsonconfiguration.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@apps/tanstack-start/vite.config.ts` around lines 9 - 19, The repo currently has Nitro half-disabled: the nitro() plugin import/comment in the Vite setup (the commented import of "nitro/vite" and the commented nitro() entry in the plugins array) is inconsistent with Nitro still being listed as a dependency in package.json and as an add-on in .cta.json; either fully re-enable Nitro by uncommenting and restoring the import (import { nitro } from "nitro/vite") and the nitro() entry in the defineConfig plugins array (so Nitro is actually loaded), or fully remove Nitro by deleting the commented import and nitro() placeholder and removing "nitro" from package.json and the .cta.json add-ons list; update whichever side you change so imports, plugin usage, package.json, and .cta.json remain consistent.
♻️ Duplicate comments (1)
.github/workflows/ci.yaml (1)
7-23:⚠️ Potential issue | 🟠 MajorExpand
pathsfilters to prevent CI bypass on app/root-config changes.
apps/**is still omitted, and key root files that affect builds/tasks are also missing from filters. That can skip CI on impactful changes.🔧 Proposed fix
on: push: branches: - master paths: - ".github/workflows/**" - "configs/**" + - "apps/**" - "packages/**" + - "package.json" + - "pnpm-workspace.yaml" + - "turbo.json" + - "deno.json" - "pnpm-lock.yaml" - "bun.lock" - "deno.lock" pull_request: branches: - master paths: - ".github/workflows/**" - "configs/**" + - "apps/**" - "packages/**" + - "package.json" + - "pnpm-workspace.yaml" + - "turbo.json" + - "deno.json" - "pnpm-lock.yaml" - "bun.lock" - "deno.lock"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci.yaml around lines 7 - 23, Update the CI filter arrays under the top-level paths and pull_request.paths keys so changes to app packages and build/config files always trigger CI: add "apps/**" plus root workspace/build/config files such as "package.json", "pnpm-workspace.yaml" or "workspace.json", "tsconfig.json", any build or scripts directories (e.g. "build/**" or "scripts/**"), and common lock/env files to both paths and pull_request.paths; ensure the same expanded list is mirrored in both keys so edits to root configs or apps cannot bypass CI.
🧹 Nitpick comments (3)
apps/nextjs/app-router/src/app/page.tsx (1)
1-1: Remove the top-level"use server"directive from app/page.tsx.Server Components are the default in Next.js App Router, so this directive is redundant. The
"use server"directive is meant for marking Server Functions that are callable from the client—yoursignInActionalready has its own inline"use server"at line 16, which is the correct approach for actions used within a Server Component.♻️ Proposed refactor
-"use server" import { Fingerprint, LayoutDashboard } from "lucide-react"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@apps/nextjs/app-router/src/app/page.tsx` at line 1, Remove the top-level "use server" directive from the module (app/page.tsx) because App Router defaults to Server Components; keep the inline "use server" inside the signInAction function (the existing signInAction declaration) which is the correct way to mark server actions callable from the client, and then run a quick build/TS check to ensure no other client-callable functions rely on the global directive.apps/nextjs/app-router/src/auth.ts (1)
1-1: Avoid assertingcreateAuthwithas AuthInstance.Line 9 forces the type instead of validating it, which can hide type drift between
createAuthandAuthInstance. Prefer a typed assignment so the compiler checks compatibility.♻️ Suggested change
-export const auth = createAuth({ +export const auth: AuthInstance = createAuth({ oauth, trustedOrigins: ["http://localhost:3000", "https://*.vercel.app"], -}) as AuthInstance +})Also applies to: 9-9
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@apps/nextjs/app-router/src/auth.ts` at line 1, Replace the forced cast of createAuth to AuthInstance with a typed declaration so the compiler verifies compatibility: instead of using "createAuth(...) as AuthInstance", declare the variable with an explicit type (e.g., const auth: AuthInstance = createAuth(...)) so the compiler checks that createAuth's return type matches AuthInstance; update the variable name where needed (auth) and remove the "as AuthInstance" assertion to prevent hiding type drift between createAuth and AuthInstance.apps/nuxt/nuxt.config.ts (1)
9-10: Narrow the TypeScript suppression scope.Line 9 uses
@ts-ignore, which suppresses all errors on Line 10 and can mask future config typing regressions. Prefer@ts-expect-error(with reason) or a local typed cast.💡 Suggested minimal change
- // `@ts-ignore` + // `@ts-expect-error` Nuxt/Vite plugin typing mismatch for `@tailwindcss/vite` plugins: [tailwindcss()],🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@apps/nuxt/nuxt.config.ts` around lines 9 - 10, Replace the blanket `@ts-ignore` above the plugins array with a narrow suppression: either annotate the specific expression (plugins: [tailwindcss()]) using `@ts-expect-error` with a short reason comment, or remove the comment and perform a local cast on the tailwindcss() result to the expected Nuxt plugin type; target the plugins array and the tailwindcss() call in nuxt.config.ts (instead of suppressing the whole line) so TypeScript errors remain visible for other parts of the file.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@apps/nextjs/app-router/src/lib/server.ts`:
- Around line 70-73: The CSRF header currently can be overridden because you're
spreading inbound headers after setting "X-CSRF-Token"; change the order so
incoming headers from toHeaders(await headers()) are spread first and then set
"X-CSRF-Token": csrfToken last (i.e., replace the headers object with {
...toHeaders(await headers()), "X-CSRF-Token": csrfToken }) so the
server-generated CSRF token always takes precedence; keep references to
toHeaders, headers(), and the "X-CSRF-Token" key when making the change.
- Around line 8-10: The toHeaders function currently converts and forwards all
inbound headers (via toHeaders), which risks leaking spoofable/hop-by-hop
headers; change toHeaders to only copy an explicit allowlist (at minimum
"cookie" and any other auth-required headers) by reading headers.get for each
allowed name and returning an object with only those keys, ensuring header names
are normalized (lowercase) and undefined values are omitted; update any callers
of toHeaders to expect this restricted header shape (e.g., when calling auth
endpoints) and add a short comment referencing the allowlist behavior in
toHeaders.
- Around line 6-10: Remove the internal Next.js type import and update toHeaders
to use the public API: drop the ReadonlyHeaders import from "next/dist/..." and
instead import headers from "next/headers" and type the parameter as
ReturnType<typeof headers> (or omit the explicit internal type), keeping the
function name toHeaders and its Object.fromEntries(headers.entries())
implementation unchanged.
In `@apps/tanstack-start/src/auth.ts`:
- Around line 6-9: The oauth providers were incorrectly limited to ["github"];
revert to using the full oauth provider list used across the repo when calling
createAuth so other providers continue to work. Update the createAuth call (the
export of handlers and jose) to accept the complete oauth configuration instead
of the hard-coded ["github"] value (preserve the existing trustedProxyHeaders:
true and the AuthInstance cast).
---
Outside diff comments:
In `@apps/tanstack-start/vite.config.ts`:
- Around line 9-19: The repo currently has Nitro half-disabled: the nitro()
plugin import/comment in the Vite setup (the commented import of "nitro/vite"
and the commented nitro() entry in the plugins array) is inconsistent with Nitro
still being listed as a dependency in package.json and as an add-on in
.cta.json; either fully re-enable Nitro by uncommenting and restoring the import
(import { nitro } from "nitro/vite") and the nitro() entry in the defineConfig
plugins array (so Nitro is actually loaded), or fully remove Nitro by deleting
the commented import and nitro() placeholder and removing "nitro" from
package.json and the .cta.json add-ons list; update whichever side you change so
imports, plugin usage, package.json, and .cta.json remain consistent.
---
Duplicate comments:
In @.github/workflows/ci.yaml:
- Around line 7-23: Update the CI filter arrays under the top-level paths and
pull_request.paths keys so changes to app packages and build/config files always
trigger CI: add "apps/**" plus root workspace/build/config files such as
"package.json", "pnpm-workspace.yaml" or "workspace.json", "tsconfig.json", any
build or scripts directories (e.g. "build/**" or "scripts/**"), and common
lock/env files to both paths and pull_request.paths; ensure the same expanded
list is mirrored in both keys so edits to root configs or apps cannot bypass CI.
---
Nitpick comments:
In `@apps/nextjs/app-router/src/app/page.tsx`:
- Line 1: Remove the top-level "use server" directive from the module
(app/page.tsx) because App Router defaults to Server Components; keep the inline
"use server" inside the signInAction function (the existing signInAction
declaration) which is the correct way to mark server actions callable from the
client, and then run a quick build/TS check to ensure no other client-callable
functions rely on the global directive.
In `@apps/nextjs/app-router/src/auth.ts`:
- Line 1: Replace the forced cast of createAuth to AuthInstance with a typed
declaration so the compiler verifies compatibility: instead of using
"createAuth(...) as AuthInstance", declare the variable with an explicit type
(e.g., const auth: AuthInstance = createAuth(...)) so the compiler checks that
createAuth's return type matches AuthInstance; update the variable name where
needed (auth) and remove the "as AuthInstance" assertion to prevent hiding type
drift between createAuth and AuthInstance.
In `@apps/nuxt/nuxt.config.ts`:
- Around line 9-10: Replace the blanket `@ts-ignore` above the plugins array with
a narrow suppression: either annotate the specific expression (plugins:
[tailwindcss()]) using `@ts-expect-error` with a short reason comment, or remove
the comment and perform a local cast on the tailwindcss() result to the expected
Nuxt plugin type; target the plugins array and the tailwindcss() call in
nuxt.config.ts (instead of suppressing the whole line) so TypeScript errors
remain visible for other parts of the file.
ℹ️ Review info
Configuration used: defaults
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (3)
bun.lockis excluded by!**/*.lockdeno.lockis excluded by!**/*.lockpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (23)
.github/workflows/ci.yamlapps/astro/package.jsonapps/astro/src/auth.tsapps/nextjs/app-router/src/app/page.tsxapps/nextjs/app-router/src/auth.tsapps/nextjs/app-router/src/lib/server.tsapps/nextjs/pages-router/src/auth.tsapps/nuxt/nuxt.config.tsapps/nuxt/package.jsonapps/nuxt/shared/auth.tsapps/react-router/app/auth.tsapps/tanstack-start/package.jsonapps/tanstack-start/src/auth.tsapps/tanstack-start/src/components/header.tsxapps/tanstack-start/src/contexts/auth.tsxapps/tanstack-start/src/lib/auth-client.tsapps/tanstack-start/src/lib/auth-server.tsapps/tanstack-start/src/routes/users/profile.tsxapps/tanstack-start/vite.config.tsdeno.jsonpackage.jsonpnpm-workspace.yamlturbo.json
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
apps/react-router/app/auth.ts (1)
1-9:⚠️ Potential issue | 🟡 MinorUnused type import — inconsistent with other auth modules.
AuthInstanceis imported but not applied to the destructured export. All other auth modules in this PR use the patternexport const { handlers, jose }: AuthInstance = createAuth(...). This file should match for consistency.Proposed fix
-export const { handlers } = createAuth({ +export const { handlers }: AuthInstance = createAuth({ oauth, trustedProxyHeaders: true, })🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@apps/react-router/app/auth.ts` around lines 1 - 9, The file imports AuthInstance but doesn't apply its type to the destructured result from createAuth; change the export to annotate the destructured result with AuthInstance so it matches other modules. Specifically, update the createAuth call usage so that the destructured export includes both handlers and jose and is typed as AuthInstance (reference the AuthInstance type, the createAuth(...) call, and the exported symbols handlers and jose) to restore consistency.
♻️ Duplicate comments (1)
apps/nextjs/app-router/src/lib/server.ts (1)
7-9:⚠️ Potential issue | 🟠 MajorRestrict forwarded headers to an explicit allowlist
toHeaderscurrently forwards all inbound headers. This still crosses a trust boundary and can propagate spoofable/hop-by-hop headers. Please allowlist only auth-required headers (e.g.,cookie, optionallyuser-agent).
Downstream impact: Line 25, Line 40, and Line 70.🔒 Proposed fix
const toHeaders = (incoming: Awaited<ReturnType<typeof headers>>) => { - return Object.fromEntries(incoming.entries()) + const forwarded: Record<string, string> = {} + + const cookie = incoming.get("cookie") + if (cookie) forwarded.cookie = cookie + + const userAgent = incoming.get("user-agent") + if (userAgent) forwarded["user-agent"] = userAgent + + return forwarded }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@apps/nextjs/app-router/src/lib/server.ts` around lines 7 - 9, toHeaders currently forwards all incoming headers across a trust boundary; restrict it to an explicit allowlist (at minimum "cookie", and optionally "user-agent") and normalize header names case-insensitively before copying so spoofable or hop-by-hop headers are not propagated. Update the toHeaders function to build a new headers object by iterating incoming.entries(), only copying entries whose lowercased name is in the allowlist, and ensure downstream callers of toHeaders (the places referenced in this diff: uses on/around lines where toHeaders is called) receive the filtered headers; keep the function name toHeaders unchanged so callers continue to resolve correctly.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/ci.yaml:
- Around line 38-63: The CI workflow only defines a "node" job so Bun and Deno
are not executed; add separate jobs (e.g., "bun" and "deno") similar to the
existing node job that run on ubuntu-latest, set up the appropriate runtime (use
actions/setup-node for Node if needed, use the official Bun setup or install Bun
in the "bun" job, and use denoland/setup-deno for the "deno" job), and include
equivalent steps to install deps, build, type-check (or the Deno/Bun
equivalents), and run tests; ensure the new jobs reference the same steps as
"node" (checkout, install, build, test) and that the workflow's path triggers
referencing bun.lock and deno.lock now correspond to these new "bun" and "deno"
jobs.
In `@apps/nextjs/app-router/src/lib/server.ts`:
- Around line 11-14: Replace the TODO comment in server.ts that reads "@todo:
fix bug related to rendered statically" with a concrete tracked issue link (or
create one) and an owner; update the comment to include the issue URL or number
and a short status line (e.g., "@issue: <URL_or_#>, `@owner`: `@username`, `@status`:
open") so the known dynamic-rendering bug referenced by the existing comment now
has a persistent tracker and owner; keep the existing `@see` reference to the
Next.js docs as context.
---
Outside diff comments:
In `@apps/react-router/app/auth.ts`:
- Around line 1-9: The file imports AuthInstance but doesn't apply its type to
the destructured result from createAuth; change the export to annotate the
destructured result with AuthInstance so it matches other modules. Specifically,
update the createAuth call usage so that the destructured export includes both
handlers and jose and is typed as AuthInstance (reference the AuthInstance type,
the createAuth(...) call, and the exported symbols handlers and jose) to restore
consistency.
---
Duplicate comments:
In `@apps/nextjs/app-router/src/lib/server.ts`:
- Around line 7-9: toHeaders currently forwards all incoming headers across a
trust boundary; restrict it to an explicit allowlist (at minimum "cookie", and
optionally "user-agent") and normalize header names case-insensitively before
copying so spoofable or hop-by-hop headers are not propagated. Update the
toHeaders function to build a new headers object by iterating
incoming.entries(), only copying entries whose lowercased name is in the
allowlist, and ensure downstream callers of toHeaders (the places referenced in
this diff: uses on/around lines where toHeaders is called) receive the filtered
headers; keep the function name toHeaders unchanged so callers continue to
resolve correctly.
ℹ️ Review info
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (22)
.github/workflows/ci.yamlapps/astro/src/auth.tsapps/bun/src/auth.tsapps/cloudflare/src/auth.tsapps/deno/src/auth.tsapps/elysia/src/auth.tsapps/express/src/auth.tsapps/hono/src/auth.tsapps/nextjs/app-router/src/app/auth/[...aura]/route.tsapps/nextjs/app-router/src/auth.tsapps/nextjs/app-router/src/lib/server.tsapps/nextjs/pages-router/src/auth.tsapps/nuxt/nuxt.config.tsapps/nuxt/shared/auth.tsapps/oak/src/auth.tsapps/react-router/app/auth.tsapps/supabase/functions/_shared/auth.tsapps/tanstack-start/package.jsonapps/tanstack-start/src/auth.tsapps/vercel/api/_auth.tsapps/vercel/package.jsonpackage.json
🚧 Files skipped from review as they are similar to previous changes (6)
- apps/tanstack-start/src/auth.ts
- package.json
- apps/nuxt/shared/auth.ts
- apps/astro/src/auth.ts
- apps/nextjs/pages-router/src/auth.ts
- apps/nuxt/nuxt.config.ts
There was a problem hiding this comment.
♻️ Duplicate comments (2)
.github/workflows/ci.yaml (2)
34-59:⚠️ Potential issue | 🟠 MajorPR objective is still not met: only Node.js runs in CI.
The workflow defines only
jobs.node; there are no Bun/Deno jobs, so runtime coverage promised by this PR is missing.🔧 Proposed direction
jobs: node: name: Node.js runs-on: ubuntu-latest timeout-minutes: 25 steps: # existing node steps... + + bun: + name: Bun + runs-on: ubuntu-latest + timeout-minutes: 25 + steps: + - uses: actions/checkout@v4 + - uses: oven-sh/setup-bun@v2 + - name: Install dependencies + run: bun install --frozen-lockfile + - name: Build packages + run: bun run build:prod + - name: Run type checks + run: bun run type-check + - name: Run tests + run: bun test + + deno: + name: Deno + runs-on: ubuntu-latest + timeout-minutes: 25 + steps: + - uses: actions/checkout@v4 + - uses: denoland/setup-deno@v2 + with: + deno-version: v2.x + - name: Run checks + run: deno task check + - name: Run tests + run: deno task test🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci.yaml around lines 34 - 59, The CI currently only defines the job "node" (jobs.node) so Bun and Deno runtimes are missing; add separate jobs (e.g., jobs.bun and jobs.deno) that mirror the Node job steps but use appropriate setup actions/steps for Bun and Deno (replace actions/setup-node with the Bun and Deno setup actions or installation commands, ensure environment-specific node-version step is removed/adjusted), keep install/build/type-check/test steps consistent (pnpm install/build/type-check/test) and ensure they run in parallel with jobs.node by placing them at the top-level of the jobs map.
7-11:⚠️ Potential issue | 🟠 MajorPath filters still allow relevant changes to bypass CI.
apps/**,bun.lock, anddeno.lockare missing from both path filters, so app-only changes or Bun/Deno lockfile updates won’t trigger this workflow.🔧 Proposed fix
on: push: branches: - master paths: - ".github/workflows/**" - "configs/**" + - "apps/**" - "packages/**" - "pnpm-lock.yaml" + - "bun.lock" + - "deno.lock" pull_request: branches: - master paths: - ".github/workflows/**" - "configs/**" + - "apps/**" - "packages/**" - "pnpm-lock.yaml" + - "bun.lock" + - "deno.lock"Also applies to: 15-19
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci.yaml around lines 7 - 11, The CI path filters are incomplete: update the workflow's paths blocks (the "paths:" entries) to include the missing project patterns so relevant changes trigger CI; add "apps/**", "bun.lock", and "deno.lock" to the existing list (and replicate the same additions in the other paths block referenced by the comment) so app-only changes and Bun/Deno lockfile updates won't bypass this workflow.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In @.github/workflows/ci.yaml:
- Around line 34-59: The CI currently only defines the job "node" (jobs.node) so
Bun and Deno runtimes are missing; add separate jobs (e.g., jobs.bun and
jobs.deno) that mirror the Node job steps but use appropriate setup
actions/steps for Bun and Deno (replace actions/setup-node with the Bun and Deno
setup actions or installation commands, ensure environment-specific node-version
step is removed/adjusted), keep install/build/type-check/test steps consistent
(pnpm install/build/type-check/test) and ensure they run in parallel with
jobs.node by placing them at the top-level of the jobs map.
- Around line 7-11: The CI path filters are incomplete: update the workflow's
paths blocks (the "paths:" entries) to include the missing project patterns so
relevant changes trigger CI; add "apps/**", "bun.lock", and "deno.lock" to the
existing list (and replicate the same additions in the other paths block
referenced by the comment) so app-only changes and Bun/Deno lockfile updates
won't bypass this workflow.
ℹ️ Review info
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
.github/workflows/ci.yamlturbo.json
🚧 Files skipped from review as they are similar to previous changes (1)
- turbo.json
halvaradop
changed the title
halvaradop
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This pull request introduces Turborepo remote caching using Vercel and GitHub Actions to optimize build performance across the repository. The new configuration reduces build times both locally and in CI by caching build artifacts and reusing them when possible.
The update includes modifications to
turbo.jsonto properly declare all package build outputs and enable theremoteCacheoption. Additionally, theTURBO_TEAMandTURBO_TOKENenvironment variables were configured in GitHub Actions to activate remote caching during CI workflows.This improvement significantly decreases job execution time in GitHub Actions and accelerates local development builds by leveraging shared cache artifacts.
Resources