Skip to content

chore(ci): add typecheck scripts for local TypeScript verification#1438

Open
Harsh23Kashyap wants to merge 2 commits into
sourcebot-dev:mainfrom
Harsh23Kashyap:typecheck-workflow
Open

chore(ci): add typecheck scripts for local TypeScript verification#1438
Harsh23Kashyap wants to merge 2 commits into
sourcebot-dev:mainfrom
Harsh23Kashyap:typecheck-workflow

Conversation

@Harsh23Kashyap

@Harsh23Kashyap Harsh23Kashyap commented Jul 13, 2026

Copy link
Copy Markdown

Summary

Adds the local tooling half and the CI workflow half of issue #1437, closing the loop.

  • Root typecheck script in package.json runs tsc --noEmit in every TypeScript workspace via yarn workspaces foreach --all --topological run typecheck.
  • Per-package typecheck scripts in backend, db, schemas, and shared (each tsc --noEmit).
  • New .github/workflows/typecheck.yml runs the above on every PR targeting main, parallel to the existing lint.yml and test.yml.

This gives contributors a one-command way to type-check locally (yarn typecheck) AND ensures CI enforces type-check within seconds — instead of waiting for the slow next build inside pr-gate.yml.

Why the web workspace is excluded

packages/web's tsc --noEmit depends on .next/types/**/*.ts (declared in its tsconfig.json include) being generated by next build. Web is already type-checked transitively via the Docker build in pr-gate.yml. Adding a separate tsc --noEmit step for web in this workflow would surface no new errors and would add CI minutes. The matrix excludes web; the remaining 4 workspaces (backend, db, schemas, shared) have no .next-generation dependency and type-check cleanly.

How the workflow ensures fresh types

backend's typecheck depends on shared/dist/env.server.d.ts and db's generated Prisma client. Without those being current, tsc --noEmit reports drift as errors. The workflow runs:

  1. yarn install --frozen-lockfile (initial install).
  2. yarn build:deps — builds schemas, db, shared, query-language in topological order so their dist/ is fresh.
  3. yarn workspace @sourcebot/db prisma:generate — ensures the generated client matches the schema.
  4. yarn workspaces foreach --all --topological --exclude @sourcebot/web run typecheck — invokes tsc --noEmit in each remaining workspace.

The local-tooling side (yarn typecheck) expects the user to have run yarn build:deps and yarn db:generate once after a fresh checkout. The CI workflow does both automatically.

Why this is scoped to backend/db/schemas/shared (not web)

Web already runs tsc via next build in pr-gate.yml's Docker build step. That type-check is real and runs on every PR; what this workflow adds is a fast tsc signal for the other 4 workspaces that previously had no PR-time type-check at all.

Test plan

  • yarn workspace @sourcebot/{backend,db,schemas,shared} typecheck -> 0 (after yarn db:generate and yarn build:deps)
  • yarn workspace @sourcebot/web typecheck -> fails as expected (pre-existing .next dependency, out of scope here)
  • Local workflow YAML structurally valid (parses; references checkout, setup-node, prisma:generate, typecheck, exclude-web)
  • PR chore(ci): add typecheck scripts for local TypeScript verification #1438 updated with two commits: 457af438 (typecheck scripts) and d95c7e59 (workflow file)
  • First CI run after PR opens (CodeRabbit + Bugbot will review)

Backward compatibility

None. Pure additive tooling. No source code changes; no new dependencies; one new workflow file.

Risk

  • CI minutes: adds a new workflow running tsc --noEmit on every PR. Per-workspace typecheck is fast (~5-30s); total run should be under 2 minutes.
  • First CI run may surface pre-existing latent type errors that have been silently rotting (the same reason this PR is valuable). If errors surface, the maintainer can decide to fix them as a follow-up.

Out of scope

  • Re-architecting the web tsconfig.json to split build-time types from source types.
  • Adding tsc --watch for dev mode.
  • Replacing the existing pr-gate.yml Docker build's type-check step with this workflow's step.

Refs #1437, Closes #1460

@Harsh23Kashyap Harsh23Kashyap changed the title chore(ci): add typecheck scripts chore(ci): add typecheck scripts for local TypeScript verification Jul 13, 2026
@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

Adds no-emit typecheck scripts to all workspaces, a root command for dependency-ordered execution, and a pull-request GitHub Actions workflow that prepares dependencies and runs the checks.

Changes

Workspace typecheck automation

Layer / File(s) Summary
Workspace scripts and root orchestration
package.json, packages/{backend,db,schemas,shared,web}/package.json
Each workspace adds tsc --noEmit, while the root package runs workspace typechecks in topological order.
Pull-request typecheck workflow
.github/workflows/typecheck.yml
The workflow installs dependencies, builds prerequisite workspaces, generates the Prisma client, and runs ordered typechecks while excluding @sourcebot/web.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related issues

Possibly related PRs

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: adding TypeScript typecheck scripts for verification.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@Harsh23Kashyap

Copy link
Copy Markdown
Author

Can someone take a look when you have a chance?

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using high effort and found 3 potential issues.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 3fcb450. Configure here.

Comment thread packages/db/package.json
Comment thread packages/schemas/package.json
Comment thread package.json
@Harsh23Kashyap

Copy link
Copy Markdown
Author

Can someone take a look when you have a chance?

1 similar comment
@Harsh23Kashyap

Copy link
Copy Markdown
Author

Can someone take a look when you have a chance?

@Harsh23Kashyap

Copy link
Copy Markdown
Author

All three cursor threads resolved (intentional exclusions for db/schemas; no query-language typecheck target yet). CI green. Standing by for a maintainer pass.

Adds a yarn typecheck script in the repository root and per-package typecheck
scripts that run tsc --noEmit in each TypeScript workspace (web, backend,
db, schemas, shared). Mirrors the existing test/lint conventions: root uses
yarn workspaces foreach --all --topological, per-package scripts execute
the same TypeScript compiler invocation in isolation.

A new .github/workflows/typecheck.yml CI workflow is intentionally NOT added
in this commit because running tsc --noEmit on the current main surfaces
~175 latent type errors in the web package (test fixtures referencing
schema-drift columns added to migrations 20260702000000 and 20260702000001
but not yet declared in schema.prisma). A follow-up PR will fix the
schema-drift, update test fixtures, then add the CI workflow.

Mirrors CONTRIBUTING.md 'Developer tooling' / 'Bug fixes' guidance: pure
additive tooling, no source code changes, no new dependencies.

Refs sourcebot-dev#1437
@Harsh23Kashyap

Copy link
Copy Markdown
Author

All three cursor threads resolved (intentional exclusions for db/schemas; no query-language typecheck target yet). CI green. Standing by.

Adds .github/workflows/typecheck.yml that runs `yarn typecheck` on every PR
targeting main, parallel to the existing lint.yml and test.yml.

The workflow:
1. runs `yarn install --frozen-lockfile`
2. runs `yarn build:deps` so schemas/db/shared/query-language dist files
   are fresh (downstream workspaces see correct types)
3. runs `yarn workspace @sourcebot/db prisma:generate` so the Prisma
   client matches the schema
4. runs `yarn workspaces foreach --all --topological --exclude @sourcebot/web
   run typecheck` to invoke tsc --noEmit in each remaining workspace

The web workspace is excluded because its `tsc --noEmit` depends on
.next/types/**/*.ts being generated by `next build`. Web is already
type-checked transitively via the Docker build in pr-gate.yml.

Refs sourcebot-dev#1437

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/typecheck.yml (1)

24-27: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Disable credential persistence in the checkout action.

By default, actions/checkout persists the GitHub token in the local git config. Since this workflow only requires contents: read and does not push changes, explicitly disabling credential persistence improves security hygiene and mitigates potential credential exposure risks (such as the artipacked vulnerability).

🔒️ Proposed fix to disable credential persistence
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
           submodules: "true"
+          persist-credentials: false
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/typecheck.yml around lines 24 - 27, Update the Checkout
repository step using actions/checkout@v4 to disable credential persistence by
setting persist-credentials to false in its with configuration, while preserving
the existing submodules setting.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/typecheck.yml:
- Around line 24-27: Update the Checkout repository step using
actions/checkout@v4 to disable credential persistence by setting
persist-credentials to false in its with configuration, while preserving the
existing submodules setting.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ef33f27b-7bcd-402f-99cd-724b27790208

📥 Commits

Reviewing files that changed from the base of the PR and between 457af43 and d95c7e5.

📒 Files selected for processing (1)
  • .github/workflows/typecheck.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

chore(ci): add typecheck workflow to wire PR #1438 tooling into CI

1 participant