Skip to content

Add CI/CD automation: linting, formatting checks, and auto-fix workflow #964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AXD-dev01 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add CI/CD automation: linting, formatting checks, and auto-fix workflow #964

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e3c2a49
feat: add detect-and-fix workflow with ESLint integration
claude Feb 23, 2026
49626f4
style: fix markdown formatting in docs and config files
claude Feb 23, 2026
6f7d788
fix: resolve bun.lock merge conflict
AXD-dev01 Feb 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 0 additions & 3 deletions .claude/commands/label-issue.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ TASK OVERVIEW:
1. First, fetch the list of labels available in this repository by running: `gh label list`. Run exactly this command with nothing else.

2. Next, use gh commands to get context about the issue:

- Use `gh issue view ${{ github.event.issue.number }}` to retrieve the current issue's details
- Use `gh search issues` to find similar issues that might provide context for proper categorization
- You have access to these Bash commands:
Expand All @@ -27,7 +26,6 @@ TASK OVERVIEW:
- Bash(gh search:\*) - to search for similar issues

3. Analyze the issue content, considering:

- The issue title and description
- The type of issue (bug report, feature request, question, etc.)
- Technical areas mentioned
Expand All @@ -36,7 +34,6 @@ TASK OVERVIEW:
- Components affected

4. Select appropriate labels from the available labels list provided above:

- Choose labels that accurately reflect the issue's nature
- Be specific but comprehensive
- IMPORTANT: Add a priority label (P1, P2, or P3) based on the label descriptions from gh label list
Expand Down
31 changes: 31 additions & 0 deletions .eslintrc.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
{
"root": true,
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": "latest",
"sourceType": "module",
"project": "./tsconfig.json"
},
"plugins": ["@typescript-eslint"],
"extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
"env": {
"node": true,
"es2024": true
},
"rules": {
"@typescript-eslint/no-unused-vars": [
"error",
{
"argsIgnorePattern": "^_",
"varsIgnorePattern": "^_"
}
],
"@typescript-eslint/no-explicit-any": "warn",
"@typescript-eslint/consistent-type-imports": "error",
"no-console": "warn",
"no-debugger": "error",
"prefer-const": "error",
"no-var": "error"
},
"ignorePatterns": ["node_modules/", "dist/", "test/fixtures/"]
}
126 changes: 126 additions & 0 deletions .github/workflows/detect_and_fix.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
name: Detect and Fix

on:
push:
branches: [main, master]
pull_request:
branches: [main, master]

permissions:
contents: write
pull-requests: write

Comment on lines +9 to +12
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Workflow sets repository-wide contents: write and pull-requests: write permissions for all jobs, including detect and audit, even though they only need read access. Consider setting top-level permissions to read-only (or omit), then granting write permissions only on the auto-fix job/step that pushes commits.

Copilot uses AI. Check for mistakes.
jobs:
detect:
name: Detect Issues
runs-on: ubuntu-latest
outputs:
format_failed: ${{ steps.format.outcome == 'failure' }}
lint_failed: ${{ steps.lint.outcome == 'failure' }}
typecheck_failed: ${{ steps.typecheck.outcome == 'failure' }}
test_failed: ${{ steps.test.outcome == 'failure' }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref || github.ref_name }}
token: ${{ secrets.GITHUB_TOKEN }}

Comment on lines +23 to +27
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actions/checkout is forced to ref: ${{ github.head_ref || github.ref_name }}. For pull_request events from forks, github.head_ref is a branch name that exists only in the fork, so checkout in the base repo will fail. Consider removing the explicit ref for PR events (so checkout uses the default PR merge ref), or conditionally set repository/ref (e.g., use github.event.pull_request.head.repo.full_name + github.event.pull_request.head.sha) when the PR is from a fork.

Suggested change
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref || github.ref_name }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout code (non-PR)
if: github.event_name != 'pull_request'
uses: actions/checkout@v4
with:
ref: ${{ github.head_ref || github.ref_name }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout code (PRs, including forks)
if: github.event_name == 'pull_request'
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}

Copilot uses AI. Check for mistakes.
- uses: oven-sh/setup-bun@v2
with:
bun-version: 1.2.12

- name: Install dependencies
run: bun install

- name: Check formatting
id: format
continue-on-error: true
run: bun run format:check

- name: Lint
id: lint
continue-on-error: true
run: bun run lint

- name: Type check
id: typecheck
continue-on-error: true
run: bun run typecheck

- name: Run tests
id: test
continue-on-error: true
run: bun test
Comment on lines +35 to +53
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All checks in detect use continue-on-error: true and there is no final gating step to fail the job when formatting/lint/typecheck/tests fail. This makes the workflow appear successful even when checks fail (especially on push events where auto-fix won’t run). Add a final step that evaluates the step outcomes (or needs.detect.outputs.*) and exits non-zero when any required check failed, after writing the step summary.

Copilot uses AI. Check for mistakes.

- name: Summarize results
run: |
echo "## Detection Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Check | Status |" >> $GITHUB_STEP_SUMMARY
echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY
echo "| Formatting | ${{ steps.format.outcome == 'success' && '✅ Pass' || '❌ Fail' }} |" >> $GITHUB_STEP_SUMMARY
echo "| Linting | ${{ steps.lint.outcome == 'success' && '✅ Pass' || '❌ Fail' }} |" >> $GITHUB_STEP_SUMMARY
echo "| Type Check | ${{ steps.typecheck.outcome == 'success' && '✅ Pass' || '❌ Fail' }} |" >> $GITHUB_STEP_SUMMARY
echo "| Tests | ${{ steps.test.outcome == 'success' && '✅ Pass' || '❌ Fail' }} |" >> $GITHUB_STEP_SUMMARY

auto-fix:
name: Auto-fix Issues
needs: detect
if: |
github.event_name == 'pull_request' &&
(needs.detect.outputs.format_failed == 'true' || needs.detect.outputs.lint_failed == 'true')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
token: ${{ secrets.GITHUB_TOKEN }}
Comment on lines +69 to +77
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

auto-fix runs on every pull_request where lint/format failed, but git push will fail for PRs from forks (read-only token) and may create noisy failures. Add an if guard to skip auto-fix when github.event.pull_request.head.repo.fork is true or when github.event.pull_request.head.repo.full_name != github.repository.

Copilot uses AI. Check for mistakes.

- uses: oven-sh/setup-bun@v2
with:
bun-version: 1.2.12

- name: Install dependencies
run: bun install

- name: Fix formatting
if: needs.detect.outputs.format_failed == 'true'
run: bun run format

- name: Fix lint issues
if: needs.detect.outputs.lint_failed == 'true'
run: bun run lint:fix

- name: Commit fixes
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add -A
if git diff --cached --quiet; then
echo "No auto-fixable changes detected."
else
git commit -m "fix: auto-fix formatting and lint issues"
git push
fi

audit:
name: Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- uses: oven-sh/setup-bun@v2
with:
bun-version: 1.2.12

- name: Install dependencies
run: bun install

- name: Audit dependencies
continue-on-error: true
run: bun pm ls --all > /dev/null 2>&1 || echo "Dependency audit completed with warnings"

- name: Check for known vulnerabilities
run: |
echo "## Security Audit" >> $GITHUB_STEP_SUMMARY
echo "Dependency tree checked for known issues." >> $GITHUB_STEP_SUMMARY
Comment on lines +119 to +126
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The audit job claims to perform a security audit, but bun pm ls --all only lists dependencies and (with continue-on-error) won’t fail on known vulnerabilities. Either switch to a real vulnerability scanner/audit command and surface results in the summary, or rename/reword the job so it doesn’t imply vulnerability detection.

Copilot uses AI. Check for mistakes.
7 changes: 7 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,11 @@
.DS_Store
node_modules
dist/
*.log
.env
.env.*
!.env.example
coverage/
*.tsbuildinfo

**/.claude/settings.local.json
1 change: 0 additions & 1 deletion base-action/CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ Thank you for your interest in contributing to Claude Code Base Action! This doc
```

This script:

- Installs `act` if not present (requires Homebrew on macOS)
- Runs the GitHub Action workflow locally using Docker
- Requires your `ANTHROPIC_API_KEY` to be set
Expand Down
41 changes: 20 additions & 21 deletions base-action/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,26 +85,26 @@ Add the following to your workflow file:

## Inputs

| Input | Description | Required | Default |
| ------------------------- | ----------------------------------------------------------------------------------------------------------------------- | -------- | ---------------------------- |
| `prompt` | The prompt to send to Claude Code | No\* | '' |
| `prompt_file` | Path to a file containing the prompt to send to Claude Code | No\* | '' |
| `allowed_tools` | Comma-separated list of allowed tools for Claude Code to use | No | '' |
| `disallowed_tools` | Comma-separated list of disallowed tools that Claude Code cannot use | No | '' |
| `max_turns` | Maximum number of conversation turns (default: no limit) | No | '' |
| `mcp_config` | Path to the MCP configuration JSON file, or MCP configuration JSON string | No | '' |
| `settings` | Path to Claude Code settings JSON file, or settings JSON string | No | '' |
| `system_prompt` | Override system prompt | No | '' |
| `append_system_prompt` | Append to system prompt | No | '' |
| `claude_env` | Custom environment variables to pass to Claude Code execution (YAML multiline format) | No | '' |
| `model` | Model to use (provider-specific format required for Bedrock/Vertex) | No | 'claude-4-0-sonnet-20250219' |
| `anthropic_model` | DEPRECATED: Use 'model' instead | No | 'claude-4-0-sonnet-20250219' |
| `fallback_model` | Enable automatic fallback to specified model when default model is overloaded | No | '' |
| `anthropic_api_key` | Anthropic API key (required for direct Anthropic API) | No | '' |
| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No | '' |
| `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | 'false' |
| `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | 'false' |
| `use_node_cache` | Whether to use Node.js dependency caching (set to true only for Node.js projects with lock files) | No | 'false' |
| Input | Description | Required | Default |
| ------------------------- | ---------------------------------------------------------------------------------------------------------------------- | -------- | ---------------------------- |
| `prompt` | The prompt to send to Claude Code | No\* | '' |
| `prompt_file` | Path to a file containing the prompt to send to Claude Code | No\* | '' |
| `allowed_tools` | Comma-separated list of allowed tools for Claude Code to use | No | '' |
| `disallowed_tools` | Comma-separated list of disallowed tools that Claude Code cannot use | No | '' |
| `max_turns` | Maximum number of conversation turns (default: no limit) | No | '' |
| `mcp_config` | Path to the MCP configuration JSON file, or MCP configuration JSON string | No | '' |
| `settings` | Path to Claude Code settings JSON file, or settings JSON string | No | '' |
| `system_prompt` | Override system prompt | No | '' |
| `append_system_prompt` | Append to system prompt | No | '' |
| `claude_env` | Custom environment variables to pass to Claude Code execution (YAML multiline format) | No | '' |
| `model` | Model to use (provider-specific format required for Bedrock/Vertex) | No | 'claude-4-0-sonnet-20250219' |
| `anthropic_model` | DEPRECATED: Use 'model' instead | No | 'claude-4-0-sonnet-20250219' |
| `fallback_model` | Enable automatic fallback to specified model when default model is overloaded | No | '' |
| `anthropic_api_key` | Anthropic API key (required for direct Anthropic API) | No | '' |
| `claude_code_oauth_token` | Claude Code OAuth token (alternative to anthropic_api_key) | No | '' |
| `use_bedrock` | Use Amazon Bedrock with OIDC authentication instead of direct Anthropic API | No | 'false' |
| `use_vertex` | Use Google Vertex AI with OIDC authentication instead of direct Anthropic API | No | 'false' |
| `use_node_cache` | Whether to use Node.js dependency caching (set to true only for Node.js projects with lock files) | No | 'false' |
| `show_full_output` | Show full JSON output (⚠️ May expose secrets - see [security docs](../docs/security.md#️-full-output-security-warning)) | No | 'false'\*\* |

\*Either `prompt` or `prompt_file` must be provided, but not both.
Expand Down Expand Up @@ -490,7 +490,6 @@ This example shows how to use OIDC authentication with GCP Vertex AI:
To securely use your Anthropic API key:

1. Add your API key as a repository secret:

- Go to your repository's Settings
- Navigate to "Secrets and variables" → "Actions"
- Click "New repository secret"
Expand Down
Loading
Loading