chore: setup spell-check and root pnpm config#2
Conversation
|
Warning Rate limit exceeded@jamesbhobbs has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 4 minutes and 22 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (8)
📝 WalkthroughWalkthroughAdds CI and spell-check tooling: new GitHub Actions workflow .github/workflows/ci.yml named "CI" that runs a spell-check job on pushes to main and on PRs; job checks out code, sets up pnpm and Node.js (using .nvmrc), installs dependencies with a frozen lockfile, and runs the pnpm Sequence Diagram(s)sequenceDiagram
autonumber
actor Dev as Developer
participant GH as GitHub
participant Runner as Actions Runner
participant Node as Node.js (.nvmrc)
participant PNPM as pnpm
participant CSpell as cspell
Dev->>GH: Push to main / Open PR
GH-->>Runner: Trigger "CI" workflow
rect rgb(245,250,240)
note over Runner: Job: spell-check
Runner->>Runner: actions/checkout
Runner->>Node: setup-node (node-version-file: .nvmrc)
Runner->>PNPM: setup-pnpm (cache enabled)
Runner->>PNPM: pnpm install --frozen-lockfile
Runner->>CSpell: pnpm run spell-check
alt No spelling issues
CSpell-->>Runner: exit 0
Runner-->>GH: Job success
else Spelling issues
CSpell-->>Runner: non-zero exit
Runner-->>GH: Job failure
end
end
Possibly related PRs
Suggested reviewers
Pre-merge checks✅ Passed checks (3 passed)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 7
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
⛔ Files ignored due to path filters (2)
package-lock.jsonis excluded by!**/package-lock.jsonpnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (5)
.github/workflows/ci.yml(1 hunks).gitignore(1 hunks).nvmrc(1 hunks)cspell.json(1 hunks)package.json(1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📚 Learning: 2025-08-25T14:42:02.289Z
Learnt from: CR
PR: deepnote/deepnote#0
File: CLAUDE.md:0-0
Timestamp: 2025-08-25T14:42:02.289Z
Learning: Applies to {.nvmrc,.node-version,package.json} : Use Node.js 22 for this project
Applied to files:
.nvmrc
📚 Learning: 2025-09-29T10:19:33.783Z
Learnt from: CR
PR: deepnote/deepnote-internal#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-29T10:19:33.783Z
Learning: Applies to {.nvmrc,.node-version,package.json} : Use Node.js 22 for this project (e.g., nvm use 22)
Applied to files:
.nvmrc
🪛 YAMLlint (1.37.1)
.github/workflows/ci.yml
[warning] 3-3: truthy value should be one of [false, true]
(truthy)
🔇 Additional comments (2)
package.json (1)
6-6: Align pnpm version in CI
package.json already declares"packageManager": "[email protected]", engines.pnpm is>=10.17.1and pnpm-lock.yaml exists. Ensure your CI workflows install and run [email protected] to match..github/workflows/ci.yml (1)
14-27: Pin GitHub Actions to specific SHAs and lock PNPM to 10.17.1
- Replace
actions/checkout@v4,actions/setup-node@v4, andpnpm/action-setup@v2with their commit SHAs for supply-chain safety.- Update
pnpm/action-setupversionfromlatestto'10.17.1'(matches package.json).
| jobs: | ||
| spell-check: | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Harden workflow permissions and add concurrency.
Limit GITHUB_TOKEN and cancel superseded runs.
jobs:
+ # Principle of least privilege
+ permissions:
+ contents: read
+
spell-check:
runs-on: ubuntu-latest
+ concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: trueCommittable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In .github/workflows/ci.yml around lines 9-11, harden the workflow by adding a
top-level permissions block that restricts GITHUB_TOKEN to the minimum needed
(e.g., permissions: contents: read) and add a top-level concurrency block to
cancel superseded runs (e.g., concurrency: group: ${{ github.workflow }}-${{
github.ref }}, cancel-in-progress: true). Update the file to include both blocks
above the jobs section so the spell-check job inherits the limited token scope
and runs will be cancelled when a newer run for the same workflow/ref starts.
| - name: Install dependencies | ||
| run: pnpm install --frozen-lockfile |
There was a problem hiding this comment.
--frozen-lockfile will fail without pnpm-lock.yaml.
Either commit a lockfile or drop the flag. Also, Node cache=pnpm is ineffective without a lockfile.
- run: pnpm install --frozen-lockfile
+ run: pnpm install --frozen-lockfile
+# Commit pnpm-lock.yaml, or change to:
+# run: pnpm installCommittable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In .github/workflows/ci.yml around lines 28 to 29, the job runs "pnpm install
--frozen-lockfile" which will fail if pnpm-lock.yaml is not committed and also
makes the Node cache=pnpm ineffective; either commit and include pnpm-lock.yaml
in the repo and keep --frozen-lockfile (so CI uses the lockfile and cache
works), or remove the --frozen-lockfile flag and/or change the cache strategy to
a generic node_modules/cache so installs won't fail when the lockfile is
absent—update the workflow to reflect the chosen approach and ensure the cache
step matches (pnpm cache/node setup) if keeping the lockfile.
| @@ -0,0 +1 @@ | |||
| node_modules No newline at end of file | |||
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Good start; consider trailing slash and common folders.
Use a trailing slash and include typical tool dirs.
-node_modules
+node_modules/
+.pnpm-store/
+dist/
+build/
+coverage/📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| node_modules | |
| node_modules/ | |
| .pnpm-store/ | |
| dist/ | |
| build/ | |
| coverage/ |
🤖 Prompt for AI Agents
In .gitignore around line 1, the entry "node_modules" should use a trailing
slash and you should add other common ignores; replace "node_modules" with
"node_modules/" and add typical tool and build folders (e.g. dist/, build/,
.next/, .cache/ or .parcel-cache/, coverage/), editor/IDE folders (.vscode/,
.idea/), local env and OS files (.env, .DS_Store), and common logs
(npm-debug.log, yarn-error.log, package-lock.json if you want to avoid
committing lockfiles) so the repo ignores generated modules, builds, caches,
editor settings and sensitive env files.
| @@ -0,0 +1 @@ | |||
| 22.14.0 | |||
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
🧩 Analysis chain
Pin looks right. Align engines to Node 22 only.
.nvmrc pins 22.14.0; tighten package.json engines to avoid Node 23.
Proposed engines change (in package.json):
- "node": ">=22.14.0",
+ "node": ">=22.14.0 <23",Based on learnings.
🏁 Script executed:
#!/bin/bash
grep -R -n '"engines"' -n package.json -A 5Length of output: 176
Tighten Node engine range to <23
Update package.json to match .nvmrc by restricting Node to versions below 23.
- "node": ">=22.14.0",
+ "node": ">=22.14.0 <23",Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
.nvmrc lines 1-1: .nvmrc pins Node to 22.14.0 but package.json currently allows
broader Node versions; update package.json's "engines.node" to match and
restrict to <23 (for example ">=22.14.0 <23") so the declared Node engine range
aligns with .nvmrc; modify the package.json engines field accordingly and save.
| { | ||
| "version": "0.2", | ||
| "language": "en", | ||
| "words": [ | ||
| "deepnote", | ||
| "jupyter", | ||
| "jupyterlab", | ||
| "ipynb", | ||
| "pnpm", | ||
| "monorepo", | ||
| "dockerised", | ||
| "vscode", | ||
| "windsurf", | ||
| "oss", | ||
| "toolkit", | ||
| "eslint", | ||
| "prettier", | ||
| "typescript", | ||
| "github", | ||
| "workflows", | ||
| "repo" | ||
| ], | ||
| "ignorePaths": [ | ||
| "node_modules/**", | ||
| "pnpm-lock.yaml", | ||
| ".git/**", | ||
| "dist/**", | ||
| "build/**", | ||
| "coverage/**", | ||
| "*.min.js", | ||
| "*.min.css" | ||
| ], | ||
| "overrides": [ | ||
| { | ||
| "filename": "**/*.md", | ||
| "words": [ | ||
| "deepnote", | ||
| "jupyter", | ||
| "jupyterlab", | ||
| "ipynb", | ||
| "pnpm", | ||
| "monorepo", | ||
| "dockerised", | ||
| "vscode", | ||
| "windsurf", | ||
| "oss", | ||
| "toolkit" | ||
| ] | ||
| } | ||
| ] | ||
| } |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Config is sensible; minor tweaks for clarity.
- Words duplicated between root and Markdown override; consider keeping in one place to avoid drift.
- Consider
"useGitignore": truefor clarity (often default in v8). - Optionally ignore
.github/**if workflow noise appears.
{
"version": "0.2",
"language": "en",
+ "useGitignore": true,📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| { | |
| "version": "0.2", | |
| "language": "en", | |
| "words": [ | |
| "deepnote", | |
| "jupyter", | |
| "jupyterlab", | |
| "ipynb", | |
| "pnpm", | |
| "monorepo", | |
| "dockerised", | |
| "vscode", | |
| "windsurf", | |
| "oss", | |
| "toolkit", | |
| "eslint", | |
| "prettier", | |
| "typescript", | |
| "github", | |
| "workflows", | |
| "repo" | |
| ], | |
| "ignorePaths": [ | |
| "node_modules/**", | |
| "pnpm-lock.yaml", | |
| ".git/**", | |
| "dist/**", | |
| "build/**", | |
| "coverage/**", | |
| "*.min.js", | |
| "*.min.css" | |
| ], | |
| "overrides": [ | |
| { | |
| "filename": "**/*.md", | |
| "words": [ | |
| "deepnote", | |
| "jupyter", | |
| "jupyterlab", | |
| "ipynb", | |
| "pnpm", | |
| "monorepo", | |
| "dockerised", | |
| "vscode", | |
| "windsurf", | |
| "oss", | |
| "toolkit" | |
| ] | |
| } | |
| ] | |
| } | |
| { | |
| "version": "0.2", | |
| "language": "en", | |
| "useGitignore": true, | |
| "words": [ | |
| "deepnote", | |
| "jupyter", | |
| "jupyterlab", | |
| "ipynb", | |
| "pnpm", | |
| "monorepo", | |
| "dockerised", | |
| "vscode", | |
| "windsurf", | |
| "oss", | |
| "toolkit", | |
| "eslint", | |
| "prettier", | |
| "typescript", | |
| "github", | |
| "workflows", | |
| "repo" | |
| ], | |
| "ignorePaths": [ | |
| "node_modules/**", | |
| "pnpm-lock.yaml", | |
| ".git/**", | |
| "dist/**", | |
| "build/**", | |
| "coverage/**", | |
| "*.min.js", | |
| "*.min.css" | |
| ], | |
| "overrides": [ | |
| { | |
| "filename": "**/*.md", | |
| "words": [ | |
| "deepnote", | |
| "jupyter", | |
| "jupyterlab", | |
| "ipynb", | |
| "pnpm", | |
| "monorepo", | |
| "dockerised", | |
| "vscode", | |
| "windsurf", | |
| "oss", | |
| "toolkit" | |
| ] | |
| } | |
| ] | |
| } |
🤖 Prompt for AI Agents
In cspell.json around lines 1 to 51, the review notes duplicate word lists
between the root "words" array and the Markdown override, suggests adding
"useGitignore": true, and optionally ignoring .github/**; remove duplication by
keeping shared words only at the root (or only in the Markdown override) and
remove them from the other location to avoid drift, add "useGitignore": true at
the top-level to respect .gitignore, and add ".github/**" to "ignorePaths" if
you want workflow files excluded.
| "engines": { | ||
| "node": ">=22.14.0", | ||
| "pnpm": ">=10.17.1" | ||
| }, |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
Constrain engines to Node 22 to match .nvmrc.
Prevents accidental Node 23 usage.
- "node": ">=22.14.0",
+ "node": ">=22.14.0 <23",Based on learnings.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| "engines": { | |
| "node": ">=22.14.0", | |
| "pnpm": ">=10.17.1" | |
| }, | |
| "engines": { | |
| "node": ">=22.14.0 <23", | |
| "pnpm": ">=10.17.1" | |
| }, |
🤖 Prompt for AI Agents
In package.json around lines 7 to 10, the "engines.node" range is too permissive
and allows Node 23; update it to constrain to Node 22 to match .nvmrc by
changing the node engine value to a 22-only range (for example ">=22.14.0
<23.0.0" or "22.x"); leave the pnpm engine as-is and commit the package.json
change so CI and developers will be prevented from using Node 23.
| "notebook", | ||
| "data-science" | ||
| ], | ||
| "license": "UNLICENSED until specific license is agreed upon" |
There was a problem hiding this comment.
Invalid license value.
Use a valid SPDX expression. If unlicensed/private, use “UNLICENSED”.
- "license": "UNLICENSED until specific license is agreed upon"
+ "license": "UNLICENSED"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| "license": "UNLICENSED until specific license is agreed upon" | |
| "license": "UNLICENSED" |
🤖 Prompt for AI Agents
In package.json around line 25 the license field uses an invalid value
"UNLICENSED until specific license is agreed upon"; replace it with a valid SPDX
expression (for example "UNLICENSED" if the package is private/unlicensed, or a
valid identifier like "MIT" or "Apache-2.0") by updating the license property to
the chosen SPDX string.
1 participant
Summary by CodeRabbit
Chores
CI