Configure CI workflow and use published @listee packages

[gentamura]

Summary

• update dependencies to use the published @listee/auth and @listee/types v0.2.3 packages
• add reusable listee-ci workflow so lint/typecheck/test run in GitHub Actions

Testing

• bun run build

Summary by CodeRabbit

• Chores

  • Added a reusable CI workflow to run lint, typecheck, and tests on pushes and pull requests.
  • Updated package dependencies from local links to published versioned releases.

• Style

  • Applied formatting adjustments to authentication command code (no behavior changes).

• Tests

  • Made token payload generation in auth tests dynamic to use current timestamps.

[coderabbitai]

Walkthrough

Adds a new reusable GitHub Actions CI workflow, updates two package dependencies from local links to semantic versions, reformats an auth command file (no behavior change), and makes tests generate JWT payloads dynamically instead of using a fixed token.

Changes

Cohort / File(s)	Summary
CI Workflow .github/workflows/ci.yml	New GitHub Actions workflow triggered on pushes to main and on pull_request, composing lint, typecheck, and test jobs by reusing external workflows from listee-dev/listee-ci.
Dependency Updates package.json	Replaced local link dependencies with versioned ranges: @listee/auth and @listee/types updated to ^0.2.3.
Auth command formatting src/commands/auth.ts	Non-functional formatting changes: multiline function signatures, condition wrapping, and object literal line-breaking; no logic changed.
Test payload generation src/services/auth-service.test.ts	Tests changed to build JWT payload dynamically at runtime (payloadSegment) for access token construction instead of using a static precomputed payload.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Dev as Developer (push/pr)
  participant GH as GitHub Actions
  participant Reuse as listee-dev/listee-ci (reusable workflows)

  Dev->>GH: push to main / open PR
  GH->>GH: trigger .github/workflows/ci.yml
  note right of GH #DDEBF7: CI workflow composes three jobs\nby reusing external workflows
  GH->>Reuse: call lint workflow (.github/workflows/lint.yml@main)
  Reuse-->>GH: lint result (success/failure)
  GH->>Reuse: call typecheck workflow (.github/workflows/typecheck.yml@main)
  Reuse-->>GH: typecheck result (success/failure)
  GH->>Reuse: call test workflow (.github/workflows/test.yml@main)
  Reuse-->>GH: test result (success/failure)
  GH-->>Dev: workflow conclusion (aggregate result)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat: bootstrap Supabase CLI auth with loopback signup #2 — Edits touch the same src/commands/auth.ts and src/services/auth-service.test.ts files; likely related changes to auth command and tests.

Poem

🐇 I hopped through code, with CI in sight,

Reused workflows dancing, tests set to flight.
Links turned to versions, tokens built anew,
A tidy auth file — just whitespace grew.
— signed, the celebratory rabbit 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "Configure CI workflow and use published @Listee packages" accurately summarizes both primary objectives of the changeset. The first part addresses the addition of the new GitHub Actions CI workflow in .github/workflows/ci.yml, and the second part captures the dependency updates in package.json where @listee/auth and @listee/types are switched from local links to published versions (v0.2.3). The title is concise, clear, and specific enough that a teammate reviewing the history would immediately understand the main changes without being vague or misleading.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch add-workflow

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/ci.yml (1)

1-16: CI workflow relies entirely on external listee-dev/listee-ci repository; consider version pinning for stability.

The reusable workflow composition is clean and follows the DRY principle, but using @main creates a tight coupling to the external repository's main branch. Changes or failures upstream will immediately break CI without warning.

Consider pinning to a specific workflow version/tag (e.g., @v1.0.0) instead of @main to avoid unexpected CI breakage:

-    uses: listee-dev/listee-ci/.github/workflows/lint.yml@main
+    uses: listee-dev/listee-ci/.github/workflows/lint.yml@v1.0.0

Apply the same change to typecheck.yml and test.yml jobs.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5133211 and 0ac12c1.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• .github/workflows/ci.yml (1 hunks)
• package.json (1 hunks)

🔇 Additional comments (2)

.github/workflows/ci.yml (1)

3-6: Workflow trigger configuration is appropriate.

The workflow runs on pushes to main and all pull requests, which is a sensible baseline for CI coverage.

package.json (1)

17-18: Dependency verification passed — both packages are published on npm.

The shell script confirms @listee/auth@0.2.3 and @listee/types@0.2.3 both exist on the npm registry. The switch from local link: dependencies to npm versioning is valid and can be merged safely.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/services/auth-service.test.ts (1)

70-79: LGTM! Dynamic JWT payload generation improves test realism.

The refactor from a static payload to a dynamic payloadSegment() function with epoch-based timestamps makes the test tokens more realistic and aligns with the updated dependencies.

Consider adding test assertions for the new JWT fields if parseSignupFragment or downstream code validates token expiration:

it("validates JWT expiration", () => {
  const accessToken = `${header}.${payloadSegment()}.${signature}`;
  const fragment = `#access_token=${accessToken}&refresh_token=refresh123&expires_in=3600&token_type=bearer&type=signup`;
  const result = parseSignupFragment(fragment);
  
  // Verify JWT fields are parsed correctly
  const [, payloadB64] = accessToken.split(".");
  const payload = JSON.parse(Buffer.from(payloadB64, "base64url").toString());
  expect(payload.exp).toBeGreaterThan(Math.floor(Date.now() / 1000));
});

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0ac12c1 and 260bd0e.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• .github/workflows/ci.yml (1 hunks)
• package.json (1 hunks)
• src/commands/auth.ts (4 hunks)
• src/services/auth-service.test.ts (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• src/commands/auth.ts

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/workflows/ci.yml
• package.json

🧰 Additional context used

📓 Path-based instructions (3)

src/services/**/*.ts

📄 CodeRabbit inference engine (AGENTS.md)

src/services/**/*.ts: Place Supabase-facing logic under src/services/
Read SUPABASE_URL and SUPABASE_ANON_KEY from environment variables or .env; never hardcode credentials
Default Keytar service name to "listee-cli"; allow overrides via env vars or CLI flags

Files:

• src/services/auth-service.test.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx}: Use TypeScript strict practices: forbid any, forbid as assertions, no implicit any; implement type guards for narrowing
Use two-space indentation and LF line endings
Use camelCase for identifiers
Keep comments purposeful; add brief context only for non-trivial flows
Maintain ASCII in files unless the file already uses Unicode

Files:

• src/services/auth-service.test.ts

src/**/[a-z0-9-]*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Use kebab-case filenames for modules under src/

Files:

• src/services/auth-service.test.ts

🔇 Additional comments (1)

src/services/auth-service.test.ts (1)

83-83: LGTM! Proper usage of dynamic payload generation.

The access token now uses the dynamic payloadSegment() function, ensuring each test run generates realistic JWT timestamps while maintaining test reliability.