Skip to content

fix: ci#659

Merged
ikenxuan merged 3 commits into
mainfrom
fix-builderror
Jun 11, 2026
Merged

fix: ci#659
ikenxuan merged 3 commits into
mainfrom
fix-builderror

Conversation

@ikenxuan

@ikenxuan ikenxuan commented Jun 11, 2026

Copy link
Copy Markdown
Collaborator

Sourcery 提供的总结

改进 CI 依赖安装流程并集成 Git 钩子,同时清理未使用的构建工具。

新特性:

  • 将 Husky 添加为开发依赖并配置 prepare 脚本,引入 pre-commit 钩子配置。

改进:

  • 简化发布工作流,使用 pnpm/action-setup 内置的依赖安装功能,替代自定义的重试循环。
  • 从多个包中移除未使用的 tsdown 开发依赖,并刷新相关的元数据和锁定文件条目。

CI:

  • 调整发布 CI 工作流,在发布构建过程中依赖 pnpm/action-setup 来安装依赖。
Original summary in English

Summary by Sourcery

Improve CI dependency installation and integrate Git hooks while cleaning up unused build tooling.

New Features:

  • Add Husky as a dev dependency with a prepare script and introduce a pre-commit hook configuration.

Enhancements:

  • Simplify the release workflow by using pnpm/action-setup's built-in dependency installation instead of a custom retry loop.
  • Remove unused tsdown dev dependencies from multiple packages and refresh related metadata and lockfile entries.

CI:

  • Adjust the release CI workflow to rely on pnpm/action-setup for installing dependencies during release builds.

Summary by CodeRabbit

  • Chores
    • Updated release workflow to rely on pnpm setup for dependency installation.
    • Added Git pre-commit hook to auto-update package metadata timestamps and stage changes; added husky and a prepare script to enable hooks.
    • Removed a legacy documentation tooling dependency from devDependencies across multiple packages.

@coderabbitai

coderabbitai Bot commented Jun 11, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@ikenxuan, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 14 minutes and 14 seconds. Learn how PR review limits work.

Your organization has reached its usage spending cap. Adjust your spending cap in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d5324426-8387-40b8-9cff-67d770cf8a97

📥 Commits

Reviewing files that changed from the base of the PR and between 01e6df3 and 893e079.

📒 Files selected for processing (2)
  • .husky/pre-commit
  • scripts/update-core-time.ts
📝 Walkthrough

Walkthrough

Adds Husky and a prepare script, a pre-commit hook that timestamps packages/core, removes tsdown from several package manifests (and adds yaml to CLI Internal), and enables pnpm/action-setup to run installs in the release workflow.

Changes

Project Tooling and Dependency Updates

Layer / File(s) Summary
Husky Framework Installation
package.json
Root package.json adds husky as a devDependency and a prepare script to initialize Husky on install; devDependencies block end-of-file touched.
Pre-commit Hook Auto-timestamp
.husky/pre-commit, packages/core/package.json
Pre-commit hook runs a Node one-liner to update packages/core/package.json.time to the current ISO timestamp and stages the file.
Core Package Dependency Cleanup
packages/core/package.json
Removes tsdown from packages/core devDependencies.
Tsdown Removal from Template Packages
packages/create-karin/package.json, packages/onebot/package.json
Removes tsdown from devDependencies in create-karin and onebot; minor EOF/formatting adjustments applied.
CLI Internal YAML Dependency
packages/cli-Internal/package.json
Replaces tsdown with yaml in packages/cli-Internal devDependencies and updates EOF formatting.
Release Workflow Pnpm Installation
.github/workflows/release.yml
Sets run_install: true on pnpm/action-setup@v2 in the publish job so dependencies are installed by the action instead of an explicit pnpm install step.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

  • KarinJS/Karin#584: Related changes to .github/workflows/release.yml publish-job pnpm install behavior and packages/core/package.json timestamps.
  • KarinJS/Karin#582: Also modifies the release publish flow using pnpm and publish step adjustments.
  • KarinJS/Karin#590: Adjusts pnpm publish flags and other release workflow details related to the publish job.

Poem

🐰 A little rabbit hops to commit with care,
Husky readies hooks and timestamps the air,
Tsdown hops out, YAML hops in to play,
Workflows trim steps and let pnpm run the way,
Code naps peaceful at the end of the day.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Title check ❓ Inconclusive The title 'fix: ci' is vague and overly generic, using a non-descriptive term that does not convey meaningful information about the specific changes made. Use a more specific title that describes the primary change, such as 'fix: integrate Husky hooks and simplify CI dependency installation' or 'fix: remove tsdown and optimize release workflow'.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix-builderror

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sourcery-ai

sourcery-ai Bot commented Jun 11, 2026

Copy link
Copy Markdown
Contributor
审阅者指南(在小型 PR 上折叠显示)

审阅者指南

更新了 CI 发布工作流,改为依赖 pnpm/action-setup 内置的依赖安装能力;在仓库根目录引入 Husky pre-commit 钩子;并从多个包中移除未使用的 tsdown 开发依赖,同时更新对应的锁文件。

更新后发布工作流中 CI 依赖安装的时序图

sequenceDiagram
    participant GitHub_Actions
    participant pnpm_action_setup
    participant pnpm

    GitHub_Actions->>pnpm_action_setup: uses pnpm/action-setup@v2
    pnpm_action_setup->>pnpm_action_setup: version 9
    pnpm_action_setup->>pnpm_action_setup: run_install: true
    pnpm_action_setup->>pnpm: pnpm install
    pnpm-->>pnpm_action_setup: install result
    pnpm_action_setup-->>GitHub_Actions: setup complete
    GitHub_Actions->>pnpm: pnpm build
Loading

新增 Husky pre-commit 钩子在 git commit 时的时序图

sequenceDiagram
    actor Developer
    participant Git
    participant pre_commit_hook

    Developer->>Git: git commit
    Git->>pre_commit_hook: run .husky/pre-commit
    pre_commit_hook-->>Git: exit code
    alt [exit code is 0]
        Git-->>Developer: commit succeeds
    else [exit code is non-zero]
        Git-->>Developer: commit is blocked
    end
Loading

文件级变更

变更 详情 文件
简化发布 CI 工作流中的依赖安装,改为使用 pnpm/action-setup 的内置安装步骤。
  • 用 pnpm/action-setup 配置(使用 run_install: true)替换自定义的 pnpm install bash 重试循环
  • 在工作流中保持现有 pnpm 版本为 9
.github/workflows/release.yml
在仓库根目录引入基于 Husky 的 Git 钩子。
  • 添加 prepare 脚本,在安装时调用 Husky
  • 将 Husky 添加为 devDependency
  • 在 Husky 配置目录下新增 pre-commit 钩子文件
package.json
.husky/pre-commit
从各包的 devDependencies 中移除 tsdown,并刷新元数据与锁文件。
  • 在多个包的 manifest 中从 devDependencies 移除 tsdown,同时保留 cross-env、typescript 等其他工具
  • 更新各包的元数据字段,如时间戳
  • 重新生成 pnpm-lock.yaml 以体现依赖变更
packages/core/package.json
packages/cli-Internal/package.json
packages/create-karin/package.json
packages/onebot/package.json
pnpm-lock.yaml

技巧与命令

与 Sourcery 交互

  • 触发新的代码审查: 在 pull request 中评论 @sourcery-ai review
  • 继续讨论: 直接回复 Sourcery 的审查评论。
  • 从审查评论生成 GitHub issue: 通过回复某条审查评论,让 Sourcery 从该评论创建一个 issue。你也可以回复该评论 @sourcery-ai issue 来从中创建 issue。
  • 生成 pull request 标题: 在 pull request 标题中任意位置写上 @sourcery-ai 即可在任意时间生成标题。你也可以在 pull request 中评论 @sourcery-ai title 来(重新)生成标题。
  • 生成 pull request 摘要: 在 pull request 正文任意位置写上 @sourcery-ai summary,即可在你想要的位置生成 PR 摘要。你也可以在 pull request 中评论 @sourcery-ai summary 来在任意时间(重新)生成摘要。
  • 生成审阅者指南: 在 pull request 中评论 @sourcery-ai guide,可随时(重新)生成审阅者指南。
  • 一次性解决所有 Sourcery 评论: 在 pull request 中评论 @sourcery-ai resolve,即可将所有 Sourcery 评论标记为已解决。如果你已经处理了所有评论且不想再看到它们,这会很有用。
  • 一次性驳回所有 Sourcery 审查: 在 pull request 中评论 @sourcery-ai dismiss,即可驳回所有现有的 Sourcery 审查。特别适用于你想从一个全新的审查开始 —— 别忘了再评论 @sourcery-ai review 以触发新的审查!

自定义你的使用体验

访问你的控制面板以:

  • 启用或禁用审查功能,例如 Sourcery 生成的 pull request 摘要、审阅者指南等。
  • 更改审查语言。
  • 添加、移除或编辑自定义审查说明。
  • 调整其他审查设置。

获取帮助

Original review guide in English
Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Updates CI release workflow to rely on pnpm/action-setup’s built-in dependency installation, introduces Husky pre-commit hooks at the root, and removes the unused tsdown dev dependency from several packages with corresponding lockfile updates.

Sequence diagram for updated CI dependency installation in release workflow

sequenceDiagram
    participant GitHub_Actions
    participant pnpm_action_setup
    participant pnpm

    GitHub_Actions->>pnpm_action_setup: uses pnpm/action-setup@v2
    pnpm_action_setup->>pnpm_action_setup: version 9
    pnpm_action_setup->>pnpm_action_setup: run_install: true
    pnpm_action_setup->>pnpm: pnpm install
    pnpm-->>pnpm_action_setup: install result
    pnpm_action_setup-->>GitHub_Actions: setup complete
    GitHub_Actions->>pnpm: pnpm build
Loading

Sequence diagram for new Husky pre-commit hook on git commit

sequenceDiagram
    actor Developer
    participant Git
    participant pre_commit_hook

    Developer->>Git: git commit
    Git->>pre_commit_hook: run .husky/pre-commit
    pre_commit_hook-->>Git: exit code
    alt [exit code is 0]
        Git-->>Developer: commit succeeds
    else [exit code is non-zero]
        Git-->>Developer: commit is blocked
    end
Loading

File-Level Changes

Change Details Files
Simplified dependency installation in the release CI workflow to use pnpm/action-setup’s built-in install step.
  • Replace custom bash retry loop for pnpm install with pnpm/action-setup configuration using run_install: true
  • Keep existing pnpm version specification at 9 in the workflow
.github/workflows/release.yml
Introduced Husky-based Git hooks at the repository root.
  • Add prepare script to invoke Husky on install
  • Add Husky as a devDependency
  • Introduce a pre-commit hook file under the Husky configuration directory
package.json
.husky/pre-commit
Removed tsdown from package devDependencies and refreshed metadata/lockfile.
  • Drop tsdown from devDependencies in multiple package manifests while retaining other tooling like cross-env and typescript
  • Update per-package metadata fields such as time stamps
  • Regenerate pnpm-lock.yaml to reflect dependency changes
packages/core/package.json
packages/cli-Internal/package.json
packages/create-karin/package.json
packages/onebot/package.json
pnpm-lock.yaml

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request integrates Husky to run a pre-commit hook that automatically updates the timestamp in packages/core/package.json and stages it. It also removes tsdown from the devDependencies of several sub-packages (packages/core, packages/cli-Internal, packages/create-karin, and packages/onebot). Feedback indicates that removing tsdown will break the build scripts for these sub-packages because workspace packages in a pnpm monorepo do not inherit binaries from the root. Additionally, the pre-commit hook is discouraged as it can cause unnecessary commits, merge conflicts, and force-stage unwanted changes; this timestamp logic should instead be moved to a release or build pipeline.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread packages/core/package.json
Comment thread packages/cli-Internal/package.json
Comment thread packages/create-karin/package.json
Comment thread packages/onebot/package.json
Comment thread .husky/pre-commit Outdated

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - 我在这里提供了一些总体反馈:

  • prepare 脚本目前被设置为 husky,但 Husky 通常期望的是执行 husky install,并且需要一个非空的 .husky/pre-commit 文件;建议将该 hook 连接到你期望运行的检查(例如 lint/test),或者如果暂时不会使用,可以考虑移除这个 hook。
  • 多个 package.json 中的 time 字段被更新了;如果这些字段属于自动生成的元数据,建议将它们排除在版本控制之外,以避免在与当前改动无关的提交中产生噪音较大的 diff。
给 AI 代理的提示
Please address the comments from this code review:

## Overall Comments
- `prepare` 脚本目前被设置为 `husky`,但 Husky 通常期望的是执行 `husky install`,并且需要一个非空的 `.husky/pre-commit` 文件;建议将该 hook 连接到你期望运行的检查(例如 lint/test),或者如果暂时不会使用,可以考虑移除这个 hook。
- 多个 `package.json` 中的 `time` 字段被更新了;如果这些字段属于自动生成的元数据,建议将它们排除在版本控制之外,以避免在与当前改动无关的提交中产生噪音较大的 diff。

Sourcery 对开源项目是免费的——如果你觉得我们的评审对你有帮助,欢迎分享 ✨
帮我变得更有用!请在每条评论上点击 👍 或 👎,我会根据你的反馈改进后续的代码评审。
Original comment in English

Hey - I've left some high level feedback:

  • The prepare script is set to husky, but Husky typically expects husky install and a non-empty .husky/pre-commit file; consider wiring the hook to run the intended checks (e.g., lint/test) or removing the hook if not yet used.
  • Multiple package.json time fields were updated; if these are auto-generated metadata, consider excluding them from version control to avoid noisy diffs on unrelated changes.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The `prepare` script is set to `husky`, but Husky typically expects `husky install` and a non-empty `.husky/pre-commit` file; consider wiring the hook to run the intended checks (e.g., lint/test) or removing the hook if not yet used.
- Multiple `package.json` `time` fields were updated; if these are auto-generated metadata, consider excluding them from version control to avoid noisy diffs on unrelated changes.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
packages/core/package.json (1)

153-153: ⚠️ Potential issue | 🟠 Major

Fix implicit tsdown dependency in workspace packages

packages/core/package.json runs build:main: "tsc && tsdown", but packages/core/package.json does not declare tsdown in its devDependencies. The same applies to packages/onebot, packages/cli-Internal, and packages/create-karin: their scripts call tsdown while their own devDependencies don’t list it (so it relies on the root workspace hoisting it).

This breaks package portability outside the monorepo / from standalone package installs. Add tsdown as an explicit devDependencies for each package that runs it (or update the scripts to use a workspace-resolved binary).

Minor: multiple packages (including packages/core/package.json) contain a top-level custom "time" field (e.g., 2026-06-11T06:55:01.883Z) without any in-file explanation—document it or remove it if not needed.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/core/package.json` at line 153, The package script "build:main":
"tsc && tsdown" in packages such as the core package (see the "build:main"
script in package.json) relies on an implicit hoisted tsdown binary; make the
package self-contained by either adding "tsdown" to the package's
devDependencies (for packages: core, onebot, cli-Internal, create-karin) or
change the script to invoke a workspace-resolved binary (e.g., via pnpm/npx
invocation) so the binary is available when installed standalone; also remove or
document the top-level "time" field (e.g., "time": "2026-06-11T06:55:01.883Z")
in those package.json files if it is unused.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/release.yml:
- Around line 44-47: The workflow switched to pnpm/action-setup@v2 with
run_install: true and removed the explicit pnpm install step and any retry
logic, which may reduce reliability on transient network failures; update
.github/workflows/release.yml to restore an explicit install with retry (or use
a retry wrapper) by either setting run_install: false and adding a dedicated
step that runs pnpm install with retry logic (e.g., a small shell loop or a
retry action) or keep run_install: true but add a subsequent install step that
wraps `pnpm install` in retry, ensuring you reference the pnpm/action-setup
usage and the run_install flag so reviewers can see the change.

In @.husky/pre-commit:
- Around line 1-2: The pre-commit hook (.husky/pre-commit) unconditionally
mutates and stages packages/core/package.json by running the Node one-liner and
git add; remove or gate that behavior so unrelated commits aren't polluted.
Update .husky/pre-commit to either (1) remove the Node one-liner and git add
entirely and move timestamping to release/publish/build, or (2) wrap the logic
so it first checks staged files for packages/core/** (using git diff --cached)
and only then reads, updates, and stages packages/core/package.json, and add
error handling for missing/invalid JSON to avoid blocking commits.

In `@packages/core/package.json`:
- Line 201: The package.json in packages/core contains an undocumented "time"
field that is only updated by the husky pre-commit hook; either document its
purpose in packages/core/package.json (add a brief comment in the repo README or
package.json "notes"/"description" explaining that "time" is a commit-timestamp
written by .husky/pre-commit) or remove the field and the pre-commit updater if
unused; if you choose to keep it, update .husky/pre-commit (the script that sets
pkg.time = new Date().toISOString()) to target all package.json files
consistently (or limit it to a documented single package), and add a short
README entry clarifying the "time" semantics and tooling that writes it.

---

Outside diff comments:
In `@packages/core/package.json`:
- Line 153: The package script "build:main": "tsc && tsdown" in packages such as
the core package (see the "build:main" script in package.json) relies on an
implicit hoisted tsdown binary; make the package self-contained by either adding
"tsdown" to the package's devDependencies (for packages: core, onebot,
cli-Internal, create-karin) or change the script to invoke a workspace-resolved
binary (e.g., via pnpm/npx invocation) so the binary is available when installed
standalone; also remove or document the top-level "time" field (e.g., "time":
"2026-06-11T06:55:01.883Z") in those package.json files if it is unused.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ba4fd8f7-2323-4af8-b961-4193881ff204

📥 Commits

Reviewing files that changed from the base of the PR and between c013a1f and 7e7902d.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (7)
  • .github/workflows/release.yml
  • .husky/pre-commit
  • package.json
  • packages/cli-Internal/package.json
  • packages/core/package.json
  • packages/create-karin/package.json
  • packages/onebot/package.json

Comment thread .github/workflows/release.yml
Comment thread .husky/pre-commit Outdated
Comment thread packages/core/package.json Outdated
@github-actions

Copy link
Copy Markdown
Contributor

你可以通过以下命令安装该版本:

pnpm add https://pkg.pr.new/node-karin@893e079 -w

@ikenxuan ikenxuan merged commit f3f169f into main Jun 11, 2026
5 checks passed
@ikenxuan ikenxuan deleted the fix-builderror branch June 11, 2026 07:15
@github-actions github-actions Bot mentioned this pull request Jun 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant