Skip to content

feat(deps): bump @actions/core and @actions/exec to 3.0.0#311

Merged
rhahao merged 10 commits intosws2apps:mainfrom
rhahao:main
Feb 21, 2026
Merged

feat(deps): bump @actions/core and @actions/exec to 3.0.0#311
rhahao merged 10 commits intosws2apps:mainfrom
rhahao:main

Conversation

@rhahao
Copy link
Member

@rhahao rhahao commented Feb 21, 2026

No description provided.

@socket-security
Copy link

socket-security bot commented Feb 21, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​types/​node@​24.10.131001008196100
Updated@​actions/​exec@​2.0.0 ⏵ 3.0.01001008890100
Addedtypescript@​5.9.31001009010090
Updated@​actions/​core@​2.0.2 ⏵ 3.0.09910010093 +2100

View full report

@coderabbitai
Copy link

coderabbitai bot commented Feb 21, 2026
edited
Loading

Warning

Rate limit exceeded

@rhahao has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 10 minutes and 58 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Walkthrough

CI and publish workflows now pin Node.js to LTS (lts/Krypton). The repository migrates the Action implementation from JavaScript to TypeScript (adding src/index.ts and tsconfig.json, removing src/index.js), updates package dependencies and entrypoint, removes the semantic-release npm plugin, and deletes frontend Firebase configuration and build artifacts.

Changes

Cohort / File(s) Summary
GitHub Actions Workflows
.github/workflows/ci.yml, .github/workflows/publish.yml		 Changed node-version from current to lts/Krypton in setup-node steps.
Frontend Configuration & Build Artifacts
frontend/.firebaserc, frontend/firebase.json, frontend/build/asset-manifest.json, frontend/build/index.html, frontend/build/manifest.json, frontend/build/robots.txt, frontend/build/static/css/main.073c9b0a.css, frontend/build/static/js/main.6e01a411.js.LICENSE.txt		 Removed Firebase hosting/project config and deleted generated frontend build artifacts (HTML, manifests, robots, CSS source map reference, and license text).
Action Source (JS → TS)
src/index.js, src/index.ts, tsconfig.json		 Replaced JavaScript action with a TypeScript implementation; added helpers (toErrorMessage, normalizeBooleanInput, isLikelyTransientError), retained deploy argument assembly and retry-on-transient-error flow; added TypeScript config.
Project Configuration
package.json, release.config.cjs		 Updated package.json to use src/index.ts, added/updated devDependencies (typescript, @types/node, @vercel/ncc), bumped @actions/core and @actions/exec to v3; removed @semantic-release/npm plugin from release.config.cjs.

Sequence Diagram(s)

sequenceDiagram
  participant Action as GitHub Action (src/index.ts)
  participant Env as Environment / GITHUB_SHA
  participant CLI as Firebase CLI (child process)
  participant Logs as Action Logs (core)

  Action->>Env: read FIREBASE_PROJECT, inputs (functions/hosting/config)
  Action->>Logs: validate inputs / build deploy args
  Action->>CLI: run `firebase deploy ...` (stream stdout/stderr)
  CLI-->>Logs: stdout / stderr streamed
  alt success
    CLI-->>Action: exit 0
    Action->>Logs: complete
  else transient error
    CLI-->>Action: non-zero (transient)
    Action->>CLI: retry `firebase deploy ... --debug`
    CLI-->>Logs: stdout / stderr streamed
    alt retry success
      CLI-->>Action: exit 0
      Action->>Logs: complete
    else retry failure
      CLI-->>Action: exit non-zero
      Action->>Logs: core.setFailed(error message)
    end
  else non-transient error
    CLI-->>Action: exit non-zero
    Action->>Logs: core.setFailed(error message)
  end
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name Status Explanation Resolution
Title check ⚠️ Warning The PR title focuses on dependency updates but the changeset includes significant refactoring: migration from JavaScript to TypeScript, Node.js version changes in CI/publish workflows, removal of Firebase configuration files, and semantic-release plugin changes. Update the title to reflect the primary changes, such as 'refactor: migrate to TypeScript and update dependencies' or provide a more comprehensive summary of the major structural changes beyond just dependency bumps.
Description check ❓ Inconclusive No pull request description was provided by the author, making it impossible to assess whether the description relates to the changeset. Add a pull request description explaining the rationale for the major changes including TypeScript migration, workflow updates, Firebase configuration removal, and dependency upgrades.
✅ Passed checks (1 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot requested changes Feb 21, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 25: The `@types/node` entry is targeting Node 25 while the runtime is
lts/Krypton (Node 24); update the devDependency "@types/node" in package.json to
a Node 24-compatible range (e.g. ^24.x) to avoid TypeScript allowing Node
25-only APIs, then reinstall to update the lockfile (run your package manager
install) so types and lockfile remain consistent with the Node 24 runtime.

In `@src/index.ts`:
- Around line 74-83: The ExecOptions object currently attaches listeners.stdout
and listeners.stderr that write to process.stdout/process.stderr, which
duplicates output because exec() already routes child output to the default
outStream; either remove the listeners block entirely (preferred) or set the
ExecOptions.silent = true so exec() does not auto-stream and your listeners are
the sole writers. Update the options creation (the ExecOptions object used with
exec()) accordingly and remove or adjust the listeners.stdout/listeners.stderr
handlers to avoid double-printing.

coderabbitai[bot]
coderabbitai bot requested changes Feb 21, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/index.ts`:
- Around line 85-93: The retry logic fails because exec() throws a generic
exit-code error while transient details are emitted to stderr; modify the exec
call in the try block (the one invoking exec('firebase', args, options)) to
attach a listeners.stderr callback that accumulates stderr into a string
variable, then in the catch use that stderr string when calling
isLikelyTransientError (e.g., isLikelyTransientError(stderr) or
isLikelyTransientError(error, stderr)); update isLikelyTransientError to accept
and inspect a stderr string (or both error and stderr) for transient patterns,
and keep using toErrorMessage(error) as a fallback in core.setFailed if not
transient.

---

Duplicate comments:
In `@src/index.ts`:
- Around line 74-83: The ExecOptions object named options currently defines
stdout/stderr listeners that re-emit output already streamed by `@actions/exec`,
causing duplicated Firebase CLI logs; fix by either removing the listeners block
entirely (so default streaming is used) or by adding silent: true to the same
options object (so the custom listeners are the only stream handlers), ensuring
the options constant passed to exec() (the ExecOptions variable) is updated
accordingly.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 21, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@rhahao rhahao merged commit 8690aa4 into sws2apps:main Feb 21, 2026
11 checks passed
@rhahao
Copy link
Member Author

rhahao commented Feb 21, 2026

🎉 This PR is included in version 3.8.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rhahao