Skip to content

chore: update actions versions, use frozen bun lockfile #1509

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: update actions versions, use frozen bun lockfile #1509

wants to merge 1 commit into from
+6 −6

Conversation

@DaxServer
Copy link
Contributor

@DaxServer DaxServer commented Oct 24, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated CI/CD workflows to use the latest versions of GitHub Actions tools and build runners.
    • Implemented deterministic dependency installation to ensure reproducible builds across all environment configurations and prevent unexpected dependency updates during deployments.

@coderabbitai
Copy link

coderabbitai bot commented Oct 24, 2025
edited
Loading

Walkthrough

Updated GitHub Actions workflows to use newer action versions: actions/checkout v5 and oven-sh/setup-bun v2. Added --frozen-lockfile flag to bun install commands to enforce deterministic builds across both CI and publish workflows.

Changes

Cohort / Cohort(s) Summary
GitHub Actions version upgrades and lockfile enforcement
.github/workflows/ci.yml, .github/workflows/publish.yml		 Updated actions/checkout from v4 to v5, oven-sh/setup-bun from v1 to v2, and added --frozen-lockfile flag to bun install for deterministic dependency resolution.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 Workflows hop to newer heights,
Actions v5 ignite the lights,
Bun v2 and frozen locks align,
Deterministic builds so fine!
CI runs swift and pure,
These upgrades we endure!

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The pull request title "chore: update actions versions, use frozen bun lockfile" directly and accurately describes the changes across both workflow files. It captures both primary modifications: the GitHub Actions version updates (checkout v4→v5 and setup-bun v1→v2) and the addition of the --frozen-lockfile flag to enforce deterministic builds. The title is clear, concise, and specific enough that a teammate scanning the commit history would immediately understand the nature of these maintenance updates without vague or misleading language.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 94abb3c and 8f4e579.

📒 Files selected for processing (2)
  • .github/workflows/ci.yml (1 hunks)
  • .github/workflows/publish.yml (2 hunks)
🔇 Additional comments (2)
.github/workflows/ci.yml (1)

14-14: Action versions and frozen lockfile strategy look solid.

actions/checkout v5 updates to use Node 24, and oven-sh/setup-bun v2 introduces support for bun-version-file option. Both are stable releases. The --frozen-lockfile flag ensures exact versions from the lockfile and prevents updates if package.json disagrees with bun.lock, which is the right approach for deterministic CI builds.

To verify these changes will work correctly, please confirm that:

  1. The lockfile (bun.lock or bun.lockb) is committed and current
  2. Your local dependencies match the lockfile before merging (if a monorepo, ensure all workspaces are handled correctly)

Also applies to: 17-17, 22-22

.github/workflows/publish.yml (1)

24-24: Consistent updates align CI and publish workflows.

The same action versions and --frozen-lockfile approach are applied here, maintaining consistency between your build and publish pipelines. This is important for ensuring the exact same dependency versions are used across environments.

Also applies to: 27-27, 38-38

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@pkg-pr-new
Copy link

pkg-pr-new bot commented Oct 24, 2025

Open in StackBlitz

npm i https://pkg.pr.new/elysiajs/elysia@1509

commit: 8f4e579

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DaxServer