fix: ci#659
Conversation
|
Warning Review limit reached
More reviews will be available in 14 minutes and 14 seconds. Learn how PR review limits work. Your organization has reached its usage spending cap. Adjust your spending cap in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughAdds Husky and a prepare script, a pre-commit hook that timestamps packages/core, removes tsdown from several package manifests (and adds yaml to CLI Internal), and enables pnpm/action-setup to run installs in the release workflow. ChangesProject Tooling and Dependency Updates
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
审阅者指南(在小型 PR 上折叠显示)审阅者指南更新了 CI 发布工作流,改为依赖 pnpm/action-setup 内置的依赖安装能力;在仓库根目录引入 Husky pre-commit 钩子;并从多个包中移除未使用的 tsdown 开发依赖,同时更新对应的锁文件。 更新后发布工作流中 CI 依赖安装的时序图sequenceDiagram
participant GitHub_Actions
participant pnpm_action_setup
participant pnpm
GitHub_Actions->>pnpm_action_setup: uses pnpm/action-setup@v2
pnpm_action_setup->>pnpm_action_setup: version 9
pnpm_action_setup->>pnpm_action_setup: run_install: true
pnpm_action_setup->>pnpm: pnpm install
pnpm-->>pnpm_action_setup: install result
pnpm_action_setup-->>GitHub_Actions: setup complete
GitHub_Actions->>pnpm: pnpm build
新增 Husky pre-commit 钩子在 git commit 时的时序图sequenceDiagram
actor Developer
participant Git
participant pre_commit_hook
Developer->>Git: git commit
Git->>pre_commit_hook: run .husky/pre-commit
pre_commit_hook-->>Git: exit code
alt [exit code is 0]
Git-->>Developer: commit succeeds
else [exit code is non-zero]
Git-->>Developer: commit is blocked
end
文件级变更
技巧与命令与 Sourcery 交互
自定义你的使用体验访问你的控制面板以:
获取帮助Original review guide in EnglishReviewer's guide (collapsed on small PRs)Reviewer's GuideUpdates CI release workflow to rely on pnpm/action-setup’s built-in dependency installation, introduces Husky pre-commit hooks at the root, and removes the unused tsdown dev dependency from several packages with corresponding lockfile updates. Sequence diagram for updated CI dependency installation in release workflowsequenceDiagram
participant GitHub_Actions
participant pnpm_action_setup
participant pnpm
GitHub_Actions->>pnpm_action_setup: uses pnpm/action-setup@v2
pnpm_action_setup->>pnpm_action_setup: version 9
pnpm_action_setup->>pnpm_action_setup: run_install: true
pnpm_action_setup->>pnpm: pnpm install
pnpm-->>pnpm_action_setup: install result
pnpm_action_setup-->>GitHub_Actions: setup complete
GitHub_Actions->>pnpm: pnpm build
Sequence diagram for new Husky pre-commit hook on git commitsequenceDiagram
actor Developer
participant Git
participant pre_commit_hook
Developer->>Git: git commit
Git->>pre_commit_hook: run .husky/pre-commit
pre_commit_hook-->>Git: exit code
alt [exit code is 0]
Git-->>Developer: commit succeeds
else [exit code is non-zero]
Git-->>Developer: commit is blocked
end
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
There was a problem hiding this comment.
Code Review
This pull request integrates Husky to run a pre-commit hook that automatically updates the timestamp in packages/core/package.json and stages it. It also removes tsdown from the devDependencies of several sub-packages (packages/core, packages/cli-Internal, packages/create-karin, and packages/onebot). Feedback indicates that removing tsdown will break the build scripts for these sub-packages because workspace packages in a pnpm monorepo do not inherit binaries from the root. Additionally, the pre-commit hook is discouraged as it can cause unnecessary commits, merge conflicts, and force-stage unwanted changes; this timestamp logic should instead be moved to a release or build pipeline.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
There was a problem hiding this comment.
Hey - 我在这里提供了一些总体反馈:
prepare脚本目前被设置为husky,但 Husky 通常期望的是执行husky install,并且需要一个非空的.husky/pre-commit文件;建议将该 hook 连接到你期望运行的检查(例如 lint/test),或者如果暂时不会使用,可以考虑移除这个 hook。- 多个
package.json中的time字段被更新了;如果这些字段属于自动生成的元数据,建议将它们排除在版本控制之外,以避免在与当前改动无关的提交中产生噪音较大的 diff。
给 AI 代理的提示
Please address the comments from this code review:
## Overall Comments
- `prepare` 脚本目前被设置为 `husky`,但 Husky 通常期望的是执行 `husky install`,并且需要一个非空的 `.husky/pre-commit` 文件;建议将该 hook 连接到你期望运行的检查(例如 lint/test),或者如果暂时不会使用,可以考虑移除这个 hook。
- 多个 `package.json` 中的 `time` 字段被更新了;如果这些字段属于自动生成的元数据,建议将它们排除在版本控制之外,以避免在与当前改动无关的提交中产生噪音较大的 diff。帮我变得更有用!请在每条评论上点击 👍 或 👎,我会根据你的反馈改进后续的代码评审。
Original comment in English
Hey - I've left some high level feedback:
- The
preparescript is set tohusky, but Husky typically expectshusky installand a non-empty.husky/pre-commitfile; consider wiring the hook to run the intended checks (e.g., lint/test) or removing the hook if not yet used. - Multiple
package.jsontimefields were updated; if these are auto-generated metadata, consider excluding them from version control to avoid noisy diffs on unrelated changes.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The `prepare` script is set to `husky`, but Husky typically expects `husky install` and a non-empty `.husky/pre-commit` file; consider wiring the hook to run the intended checks (e.g., lint/test) or removing the hook if not yet used.
- Multiple `package.json` `time` fields were updated; if these are auto-generated metadata, consider excluding them from version control to avoid noisy diffs on unrelated changes.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
There was a problem hiding this comment.
Actionable comments posted: 3
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
packages/core/package.json (1)
153-153:⚠️ Potential issue | 🟠 MajorFix implicit
tsdowndependency in workspace packages
packages/core/package.jsonrunsbuild:main: "tsc && tsdown", butpackages/core/package.jsondoes not declaretsdownin itsdevDependencies. The same applies topackages/onebot,packages/cli-Internal, andpackages/create-karin: their scripts calltsdownwhile their owndevDependenciesdon’t list it (so it relies on the root workspace hoisting it).This breaks package portability outside the monorepo / from standalone package installs. Add
tsdownas an explicitdevDependenciesfor each package that runs it (or update the scripts to use a workspace-resolved binary).Minor: multiple packages (including
packages/core/package.json) contain a top-level custom"time"field (e.g.,2026-06-11T06:55:01.883Z) without any in-file explanation—document it or remove it if not needed.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/core/package.json` at line 153, The package script "build:main": "tsc && tsdown" in packages such as the core package (see the "build:main" script in package.json) relies on an implicit hoisted tsdown binary; make the package self-contained by either adding "tsdown" to the package's devDependencies (for packages: core, onebot, cli-Internal, create-karin) or change the script to invoke a workspace-resolved binary (e.g., via pnpm/npx invocation) so the binary is available when installed standalone; also remove or document the top-level "time" field (e.g., "time": "2026-06-11T06:55:01.883Z") in those package.json files if it is unused.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/release.yml:
- Around line 44-47: The workflow switched to pnpm/action-setup@v2 with
run_install: true and removed the explicit pnpm install step and any retry
logic, which may reduce reliability on transient network failures; update
.github/workflows/release.yml to restore an explicit install with retry (or use
a retry wrapper) by either setting run_install: false and adding a dedicated
step that runs pnpm install with retry logic (e.g., a small shell loop or a
retry action) or keep run_install: true but add a subsequent install step that
wraps `pnpm install` in retry, ensuring you reference the pnpm/action-setup
usage and the run_install flag so reviewers can see the change.
In @.husky/pre-commit:
- Around line 1-2: The pre-commit hook (.husky/pre-commit) unconditionally
mutates and stages packages/core/package.json by running the Node one-liner and
git add; remove or gate that behavior so unrelated commits aren't polluted.
Update .husky/pre-commit to either (1) remove the Node one-liner and git add
entirely and move timestamping to release/publish/build, or (2) wrap the logic
so it first checks staged files for packages/core/** (using git diff --cached)
and only then reads, updates, and stages packages/core/package.json, and add
error handling for missing/invalid JSON to avoid blocking commits.
In `@packages/core/package.json`:
- Line 201: The package.json in packages/core contains an undocumented "time"
field that is only updated by the husky pre-commit hook; either document its
purpose in packages/core/package.json (add a brief comment in the repo README or
package.json "notes"/"description" explaining that "time" is a commit-timestamp
written by .husky/pre-commit) or remove the field and the pre-commit updater if
unused; if you choose to keep it, update .husky/pre-commit (the script that sets
pkg.time = new Date().toISOString()) to target all package.json files
consistently (or limit it to a documented single package), and add a short
README entry clarifying the "time" semantics and tooling that writes it.
---
Outside diff comments:
In `@packages/core/package.json`:
- Line 153: The package script "build:main": "tsc && tsdown" in packages such as
the core package (see the "build:main" script in package.json) relies on an
implicit hoisted tsdown binary; make the package self-contained by either adding
"tsdown" to the package's devDependencies (for packages: core, onebot,
cli-Internal, create-karin) or change the script to invoke a workspace-resolved
binary (e.g., via pnpm/npx invocation) so the binary is available when installed
standalone; also remove or document the top-level "time" field (e.g., "time":
"2026-06-11T06:55:01.883Z") in those package.json files if it is unused.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: ba4fd8f7-2323-4af8-b961-4193881ff204
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (7)
.github/workflows/release.yml.husky/pre-commitpackage.jsonpackages/cli-Internal/package.jsonpackages/core/package.jsonpackages/create-karin/package.jsonpackages/onebot/package.json
|
你可以通过以下命令安装该版本: |
Sourcery 提供的总结
改进 CI 依赖安装流程并集成 Git 钩子,同时清理未使用的构建工具。
新特性:
prepare脚本,引入 pre-commit 钩子配置。改进:
pnpm/action-setup内置的依赖安装功能,替代自定义的重试循环。tsdown开发依赖,并刷新相关的元数据和锁定文件条目。CI:
pnpm/action-setup来安装依赖。Original summary in English
Summary by Sourcery
Improve CI dependency installation and integrate Git hooks while cleaning up unused build tooling.
New Features:
Enhancements:
CI:
Summary by CodeRabbit