chore(ci): add typecheck scripts for local TypeScript verification#1438
chore(ci): add typecheck scripts for local TypeScript verification#1438Harsh23Kashyap wants to merge 2 commits into
Conversation
WalkthroughAdds no-emit ChangesWorkspace typecheck automation
Estimated code review effort: 2 (Simple) | ~10 minutes Possibly related issues
Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Can someone take a look when you have a chance? |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using high effort and found 3 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 3fcb450. Configure here.
|
Can someone take a look when you have a chance? |
1 similar comment
|
Can someone take a look when you have a chance? |
|
All three cursor threads resolved (intentional exclusions for db/schemas; no query-language typecheck target yet). CI green. Standing by for a maintainer pass. |
Adds a yarn typecheck script in the repository root and per-package typecheck scripts that run tsc --noEmit in each TypeScript workspace (web, backend, db, schemas, shared). Mirrors the existing test/lint conventions: root uses yarn workspaces foreach --all --topological, per-package scripts execute the same TypeScript compiler invocation in isolation. A new .github/workflows/typecheck.yml CI workflow is intentionally NOT added in this commit because running tsc --noEmit on the current main surfaces ~175 latent type errors in the web package (test fixtures referencing schema-drift columns added to migrations 20260702000000 and 20260702000001 but not yet declared in schema.prisma). A follow-up PR will fix the schema-drift, update test fixtures, then add the CI workflow. Mirrors CONTRIBUTING.md 'Developer tooling' / 'Bug fixes' guidance: pure additive tooling, no source code changes, no new dependencies. Refs sourcebot-dev#1437
0f82e6b to
457af43
Compare
|
All three cursor threads resolved (intentional exclusions for db/schemas; no query-language typecheck target yet). CI green. Standing by. |
Adds .github/workflows/typecheck.yml that runs `yarn typecheck` on every PR targeting main, parallel to the existing lint.yml and test.yml. The workflow: 1. runs `yarn install --frozen-lockfile` 2. runs `yarn build:deps` so schemas/db/shared/query-language dist files are fresh (downstream workspaces see correct types) 3. runs `yarn workspace @sourcebot/db prisma:generate` so the Prisma client matches the schema 4. runs `yarn workspaces foreach --all --topological --exclude @sourcebot/web run typecheck` to invoke tsc --noEmit in each remaining workspace The web workspace is excluded because its `tsc --noEmit` depends on .next/types/**/*.ts being generated by `next build`. Web is already type-checked transitively via the Docker build in pr-gate.yml. Refs sourcebot-dev#1437
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/typecheck.yml (1)
24-27: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winDisable credential persistence in the checkout action.
By default,
actions/checkoutpersists the GitHub token in the local git config. Since this workflow only requirescontents: readand does not push changes, explicitly disabling credential persistence improves security hygiene and mitigates potential credential exposure risks (such as the artipacked vulnerability).🔒️ Proposed fix to disable credential persistence
- name: Checkout repository uses: actions/checkout@v4 with: submodules: "true" + persist-credentials: false🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/typecheck.yml around lines 24 - 27, Update the Checkout repository step using actions/checkout@v4 to disable credential persistence by setting persist-credentials to false in its with configuration, while preserving the existing submodules setting.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In @.github/workflows/typecheck.yml:
- Around line 24-27: Update the Checkout repository step using
actions/checkout@v4 to disable credential persistence by setting
persist-credentials to false in its with configuration, while preserving the
existing submodules setting.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: ef33f27b-7bcd-402f-99cd-724b27790208
📒 Files selected for processing (1)
.github/workflows/typecheck.yml

Summary
Adds the local tooling half and the CI workflow half of issue #1437, closing the loop.
typecheckscript inpackage.jsonrunstsc --noEmitin every TypeScript workspace viayarn workspaces foreach --all --topological run typecheck.typecheckscripts inbackend,db,schemas, andshared(eachtsc --noEmit)..github/workflows/typecheck.ymlruns the above on every PR targetingmain, parallel to the existinglint.ymlandtest.yml.This gives contributors a one-command way to type-check locally (
yarn typecheck) AND ensures CI enforces type-check within seconds — instead of waiting for the slownext buildinsidepr-gate.yml.Why the web workspace is excluded
packages/web'stsc --noEmitdepends on.next/types/**/*.ts(declared in itstsconfig.jsoninclude) being generated bynext build. Web is already type-checked transitively via the Docker build inpr-gate.yml. Adding a separatetsc --noEmitstep for web in this workflow would surface no new errors and would add CI minutes. The matrix excludes web; the remaining 4 workspaces (backend,db,schemas,shared) have no.next-generation dependency and type-check cleanly.How the workflow ensures fresh types
backend's typecheck depends onshared/dist/env.server.d.tsanddb's generated Prisma client. Without those being current,tsc --noEmitreports drift as errors. The workflow runs:yarn install --frozen-lockfile(initial install).yarn build:deps— buildsschemas,db,shared,query-languagein topological order so theirdist/is fresh.yarn workspace @sourcebot/db prisma:generate— ensures the generated client matches the schema.yarn workspaces foreach --all --topological --exclude @sourcebot/web run typecheck— invokestsc --noEmitin each remaining workspace.The local-tooling side (
yarn typecheck) expects the user to have runyarn build:depsandyarn db:generateonce after a fresh checkout. The CI workflow does both automatically.Why this is scoped to backend/db/schemas/shared (not web)
Web already runs
tscvianext buildinpr-gate.yml's Docker build step. That type-check is real and runs on every PR; what this workflow adds is a fasttscsignal for the other 4 workspaces that previously had no PR-time type-check at all.Test plan
yarn workspace @sourcebot/{backend,db,schemas,shared} typecheck-> 0 (afteryarn db:generateandyarn build:deps)yarn workspace @sourcebot/web typecheck-> fails as expected (pre-existing.nextdependency, out of scope here)457af438(typecheck scripts) andd95c7e59(workflow file)Backward compatibility
None. Pure additive tooling. No source code changes; no new dependencies; one new workflow file.
Risk
tsc --noEmiton every PR. Per-workspace typecheck is fast (~5-30s); total run should be under 2 minutes.Out of scope
tsconfig.jsonto split build-time types from source types.tsc --watchfor dev mode.pr-gate.ymlDocker build's type-check step with this workflow's step.Refs #1437, Closes #1460