⚙️ setup: add Biome linter, CodeQL, Dependabot, and consolidate CI workflows#20
Merged
warengonzaga merged 20 commits intomainfrom Feb 24, 2026
Merged
⚙️ setup: add Biome linter, CodeQL, Dependabot, and consolidate CI workflows#20warengonzaga merged 20 commits intomainfrom
warengonzaga merged 20 commits intomainfrom
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
📦 Package Build Flow — Monorepo Build🔀 Pull Request Build — Pre-release package for testing PR changes
📥 Quick Install (changed packages)npm i @tinyclaw/types@2.0.0-dev.5772a1f @tinyclaw/plugins@2.0.0-dev.5772a1f @tinyclaw/plugin-channel-discord@2.0.0-dev.5772a1f @tinyclaw/plugin-channel-friends@2.0.0-dev.5772a1f @tinyclaw/plugin-provider-openai@2.0.0-dev.5772a1f tinyclaw@2.0.0-dev.5772a1fThis package was built automatically by the Package Build Flow action. |
There was a problem hiding this comment.
Pull request overview
This PR introduces Biome for linting and formatting, consolidates CI workflows by merging commit linting into the main CI workflow, and adds CodeQL security scanning and Dependabot dependency management. The changes primarily consist of automated formatting fixes across the entire TypeScript/JavaScript codebase to ensure consistency.
Changes:
- Added Biome linter/formatter configuration and integrated it into the CI pipeline
- Consolidated commit message linting into the main CI workflow and removed the separate workflow file
- Added CodeQL workflow for automated security vulnerability scanning
- Added Dependabot configuration for automated dependency updates (npm, GitHub Actions, Docker)
- Applied consistent formatting across all TypeScript/JavaScript files (import ordering, semicolons, quote style, multi-line formatting)
Reviewed changes
Copilot reviewed 150 out of 151 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| biome.json | Biome linter/formatter configuration with recommended rules |
| .github/dependabot.yml | Dependabot config for npm, GitHub Actions, and Docker updates |
| .github/workflows/codeql.yml | CodeQL security scanning workflow |
| .github/workflows/ci.yml | Consolidated CI workflow including commit linting and Biome checks |
| .github/workflows/commit-lint.yml | Removed (consolidated into ci.yml) |
| package.json | Added Biome scripts (lint, lint:fix, format) |
| packages/**/*.ts | Formatting changes: imports, semicolons, quotes, multi-line |
| src//*.ts, src//*.js | Formatting changes across web, landing, and CLI |
| plugins/**/*.ts | Formatting changes in provider and channel plugins |
🛠️ Container Build Complete - Dev BuildBuild Status: ✅ Success 📦 Pull ImageDocker Hub: docker pull warengonzaga/tinyclaw:dev-9d6e531GHCR: docker pull ghcr.io/warengonzaga/tinyclaw:dev-9d6e531📋 Build Details
🏷️ Image Tags• 🔍 Testing Your Changes
🚀 Quick Start# Pull and run the container
Docker Hub: docker pull warengonzaga/tinyclaw:dev-9d6e531
docker run <your-options> <image>🔒 Security Scan Results📋 Pre-Build Security Checks✅ Source Code Scan: 0 vulnerabilities found 🐳 Container Image Vulnerabilities
📊 Detailed Security ReportsView detailed vulnerability reports in the GitHub Security tab. 🤖 Powered by Container Build Flow Action v1.2.0 |
…eset (#22) * Initial plan * 🔧 update (release): use GH_PAT token in checkout to bypass branch ruleset Co-authored-by: warengonzaga <15052701+warengonzaga@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: warengonzaga <15052701+warengonzaga@users.noreply.github.com>
📦 Package Build Flow — Monorepo Build🔀 Pull Request Build — Pre-release package for testing PR changes
📥 Quick Install (changed packages)npm i @tinyclaw/types@2.0.0-dev.c03f78a @tinyclaw/plugins@2.0.0-dev.c03f78a @tinyclaw/plugin-channel-discord@2.0.0-dev.c03f78a @tinyclaw/plugin-channel-friends@2.0.0-dev.c03f78a @tinyclaw/plugin-provider-openai@2.0.0-dev.c03f78a tinyclaw@2.0.0-dev.c03f78aThis package was built automatically by the Package Build Flow action. |
* ☕ chore: initial plan for lint fixes * ☕ chore: fix all 14 bun lint errors using Biome * 🔧 update: address code review comments on dead code and invariant handling * 🔧 update: fix regex pattern in correction patterns for better matching * ⚙️ setup: add CI tolerance for bot commits and update AGENTS.md * 🔧 update: reorder correction patterns for consistency --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Waren Gonzaga <opensource@warengonzaga.com>
📦 Package Build Flow — Monorepo Build🔀 Pull Request Build — Pre-release package for testing PR changes
📥 Quick Install (changed packages)npm i @tinyclaw/types@2.0.0-dev.d977929 @tinyclaw/plugins@2.0.0-dev.d977929 @tinyclaw/plugin-channel-discord@2.0.0-dev.d977929 @tinyclaw/plugin-channel-friends@2.0.0-dev.d977929 @tinyclaw/plugin-provider-openai@2.0.0-dev.d977929 tinyclaw@2.0.0-dev.d977929This package was built automatically by the Package Build Flow action. |
📦 Package Build Flow — Monorepo Build🔀 Pull Request Build — Pre-release package for testing PR changes
📥 Quick Install (changed packages)npm i @tinyclaw/types@2.0.0-dev.ee8f821 @tinyclaw/plugins@2.0.0-dev.ee8f821 @tinyclaw/plugin-channel-discord@2.0.0-dev.ee8f821 @tinyclaw/plugin-channel-friends@2.0.0-dev.ee8f821 @tinyclaw/plugin-provider-openai@2.0.0-dev.ee8f821 tinyclaw@2.0.0-dev.ee8f821This package was built automatically by the Package Build Flow action. |
- use QueryTier type instead of any for tier casts in background.ts and tools.ts - use err instanceof Error guard instead of err: any in runner.ts - use Parameters<TemplateManager['update']>[1] for template updates - replace non-null assertions with optional chaining in templates.test.ts Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- type PulseJob extension instead of any for __touchActivity property - import and use OutboundSource type in categoryToSource return type - map companion category to agent source value - replace any with unknown in intercom handler signatures Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…is access Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- use nullish coalescing instead of non-null assertion for toolName - reformat keywords chain for readability - add biome-ignore comments for intentional any usage in tests Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- use nullish coalescing for non-null assertions in setup.ts, supervisor.ts, banner.ts - use typed record cast for dynamic property access in start.ts shutdown handlers - replace any with unknown in test mock signatures Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- add typed server parameter for getClientIP instead of any - use explicit fallback instead of non-null assertion for claimToken - add null check before returning recovery attempt record in security-db - replace any with unknown in test mock signatures Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
📦 Package Build Flow — Monorepo Build🔀 Pull Request Build — Pre-release package for testing PR changes
📥 Quick Install (changed packages)npm i @tinyclaw/types@2.0.0-dev.9d6e531 @tinyclaw/plugins@2.0.0-dev.9d6e531 @tinyclaw/plugin-channel-discord@2.0.0-dev.9d6e531 @tinyclaw/plugin-channel-friends@2.0.0-dev.9d6e531 @tinyclaw/plugin-provider-openai@2.0.0-dev.9d6e531 tinyclaw@2.0.0-dev.9d6e531This package was built automatically by the Package Build Flow action. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several improvements to the repository's infrastructure, code formatting, and code quality automation. The most significant changes include consolidating and enhancing CI workflows (especially commit linting and security scanning), introducing Biome for linting and formatting, and making code style more consistent across the compactor package. Below are the most important changes grouped by theme:
CI/CD and Automation Improvements
.github/workflows/ci.yml) and removed the separatecommit-lint.ymlfile, ensuring commit messages follow the Clean Commit convention as part of the standard CI process. [1] [2]dependabot.ymlconfiguration to automate dependency update PRs for npm, GitHub Actions, and Docker, with grouping and labeling for better manageability.Formatting and Linting Enhancements
biome.jsonfor configuration and updatedpackage.jsonscripts to run linting and formatting via Biome. [1] [2]Code Style and Consistency
compactorpackage to use more consistent and readable styles, such as replacing/ +/gwith/ {2,}/g, expanding multi-line function arguments into single lines where appropriate, and improving table parsing logic for Markdown and KV tables. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]These changes collectively improve the project's maintainability, code quality, and security posture.