fix: versions

[riderx]

Summary

Test plan

Screenshots

Checklist

• My code follows the code style of this project and passes
  bun run lint:backend && bun run lint.
• My change requires a change to the documentation.
• I have updated the documentation
  accordingly.
• My change has adequate E2E test coverage.
• I have tested my code manually, and I have provided steps how to reproduce
  my tests

Summary by CodeRabbit

• Chores
  • Enhanced CI/CD testing infrastructure with improved background service startup and error logging
  • Updated dependencies across the application stack, including Capacitor, Supabase, Vue, and build tools
  • Optimized local development configuration for more efficient test execution

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces a custom background service startup script to replace an external GitHub Actions dependency, integrates it into CI workflows for Edge server, Cloudflare Workers, and Playwright tests, and bumps dependency versions across the stack (Capacitor, Capgo plugins, RevenueCat, frontend libraries, and tooling).

Changes

Cohort / File(s)	Summary
CI/CD Infrastructure .github/scripts/start-background-service.sh, .github/workflows/tests.yml	Adds custom background service startup script with parameter validation, PID management, readiness checks, and log capture. Updates test workflow to use the script for Edge server, Cloudflare Workers, and Playwright services, adding failure-time log inspection and cleanup logic.
Playwright Configuration playwright.config.ts	Adds conditional frontend server startup logic via SKIP_FRONTEND_START environment variable check; minor formatting adjustments.
Package & Dependency Management ios/App/CapApp-SPM/Package.swift, package.json, supabase/functions/deno.json	Bumps Capacitor SDK from 8.0.2 to 8.3.0, adds RevenuecatPurchasesCapacitor package; updates JavaScript dependencies (Capacitor, Capgo, RevenueCat, Supabase, Vue ecosystem, tooling); updates Supabase functions dependencies (hono, stripe, cron-schedule, @supabase/supabase-js, @std/semver).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• [codex] replace background-action with repo-owned helper #1976: Introduces the same background service startup script and workflow updates to replace external GitHub Actions dependencies.

Poem

🐰 Hop, hop, the services now run,
No external actions, just script-based fun,
With PIDs and logs tracked along the way,
Our CI/CD pipeline brightens the day!
Dependencies dance to their newest refrain, 🎉

🚥 Pre-merge checks | ✅ 2 | ❌ 3

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is incomplete and consists entirely of the empty template with no substantive content filled in. The Summary section is blank, Test plan is blank, and all checklist items are unchecked.	Fill in the Summary section describing what versions were updated and why, add testing steps if needed, and complete the checklist items that apply to these changes.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'fix: versions' is vague and generic. It uses non-descriptive phrasing that doesn't clearly convey what versions are being updated or what the primary change is.	Replace with a more specific title that describes the main change, such as 'fix: update dependencies and add background service script' or similar.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bump-versions-29-04-2026

⚔️ Resolve merge conflicts

• Resolve merge conflict in branch bump-versions-29-04-2026

---

_{Review rate limit: 1/5 review remaining, refill in 44 minutes and 1 second.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/scripts/start-background-service.sh (1)

73-73: Pin wait-on in devDependencies instead of dynamic runtime fetch

Line 73 uses bunx to fetch wait-on at runtime, introducing an unnecessary registry dependency to a critical CI path. Since this script runs after bun install --frozen-lockfile, adding wait-on to package.json devDependencies ensures deterministic, cached execution without network overhead during test runs.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/scripts/start-background-service.sh at line 73, The script currently
invokes wait-on via bunx "wait-on@${wait_on_version}" which fetches at runtime;
instead add a pinned wait-on entry to devDependencies in package.json (set the
desired version from wait_on_version) and update the script to call the locally
installed binary (e.g., "wait-on" from node_modules/.bin or via npx) using the
same arguments (${wait_on_resources[@]}, ${wait_timeout_ms},
${wait_interval_ms}); remove the dynamic bunx invocation and any reliance on
wait_on_version at runtime so CI uses the frozen-lockfile cached dependency.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/scripts/start-background-service.sh:
- Line 73: The script currently invokes wait-on via bunx
"wait-on@${wait_on_version}" which fetches at runtime; instead add a pinned
wait-on entry to devDependencies in package.json (set the desired version from
wait_on_version) and update the script to call the locally installed binary
(e.g., "wait-on" from node_modules/.bin or via npx) using the same arguments
(${wait_on_resources[@]}, ${wait_timeout_ms}, ${wait_interval_ms}); remove the
dynamic bunx invocation and any reliance on wait_on_version at runtime so CI
uses the frozen-lockfile cached dependency.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9cee4d69-0aa9-4911-9017-cc42f42ff671

📥 Commits

Reviewing files that changed from the base of the PR and between d8b8f83 and 47c8b96.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (6)

• .github/scripts/start-background-service.sh
• .github/workflows/tests.yml
• ios/App/CapApp-SPM/Package.swift
• package.json
• playwright.config.ts
• supabase/functions/deno.json

[sonarqubecloud]

Quality Gate failed

Failed conditions
5 Security Hotspots

See analysis details on SonarQube Cloud