Skip to content

ci: test and build against Node 20 and 22#133

Merged
zeshi-du merged 1 commit into
TestSprite:mainfrom
lxcario:ci/node-20-test-matrix
Jul 2, 2026
Merged

ci: test and build against Node 20 and 22#133
zeshi-du merged 1 commit into
TestSprite:mainfrom
lxcario:ci/node-20-test-matrix

Conversation

@lxcario

@lxcario lxcario commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

What

Run the Unit Tests and Build CI jobs across a Node version matrix of 20 and 22, instead of only 22.

Why

package.json declares engines.node >= 20 and the README/quickstart advertise Node 20 as supported, but CI only exercises Node 22. A regression that breaks on Node 20 (the advertised minimum) would pass CI today and only surface for users on 20. Testing the floor closes that gap.

Change

  • Add a strategy.matrix.node-version of [20, 22] to the test and build jobs.
  • Parameterize setup-node with matrix.node-version.
  • Name the jobs 'Unit Tests (Node )' / 'Build (Node )' so each leg is distinguishable in the checks UI.

No source changes; CI-only. Both legs run on ubuntu-latest with npm caching unchanged.

Summary by CodeRabbit

  • Chores
    • Updated the CI pipeline to run tests and builds against multiple Node.js versions.
    • Improved validation coverage across supported Node.js releases, helping catch environment-specific issues earlier.

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

The CI workflow's test and build jobs were updated to run on a Node.js version matrix (20 and 22) instead of a single fixed Node version, with corresponding updates to the Setup Node.js steps and job display names.

Changes

CI Workflow Matrix Update

Layer / File(s) Summary
Node.js matrix for test and build jobs
.github/workflows/ci.yml
The test and build jobs now run against a Node.js matrix of versions 20 and 22, with Setup Node.js steps using `matrix.node-version` and job names updated to reflect the selected version.

Estimated code review effort: 1 (Trivial) | ~3 minutes

Poem

A rabbit hops through workflows bright,
Testing twenty, testing twenty-two, day and night,
Matrix rows now multiply the run,
CI's coverage doubled, work well done!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the CI update to run test and build jobs against Node 20 and 22.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/ci.yml (1)

52-52: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Consider disabling credential persistence on checkout.

Static analysis flags both checkout steps for not setting persist-credentials: false, which leaves the GitHub token persisted in the git config for the remainder of the job and could be exfiltrated by any script executed later in the workflow (e.g., during npm ci/npm run build if a malicious postinstall script runs).

🔒 Proposed fix
       - uses: actions/checkout@v5
+        with:
+          persist-credentials: false

Apply to both the test and build job checkout steps.

Also applies to: 72-72

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml at line 52, The checkout steps in the workflow
currently persist the GitHub token in git config, which should be disabled for
both jobs. Update each `actions/checkout` usage in the `test` and `build` jobs
to set `persist-credentials: false`, using the existing checkout step
identifiers so the token is not left available to later commands in the job.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/ci.yml:
- Line 52: The checkout steps in the workflow currently persist the GitHub token
in git config, which should be disabled for both jobs. Update each
`actions/checkout` usage in the `test` and `build` jobs to set
`persist-credentials: false`, using the existing checkout step identifiers so
the token is not left available to later commands in the job.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 1e9f5874-06ee-4b11-b788-386051747500

📥 Commits

Reviewing files that changed from the base of the PR and between 3ab8136 and b3f221d.

📒 Files selected for processing (1)
  • .github/workflows/ci.yml

@zeshi-du zeshi-du left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed and verified — merging. Thanks for the contribution!

@zeshi-du zeshi-du merged commit 000c196 into TestSprite:main Jul 2, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants