Conversation
- Move copilot instructions to .github/instructions - Add sonarqube MCP instructions - Update publish workflow
|
There was a problem hiding this comment.
Pull request overview
Updates the repository’s operational tooling around publishing and contributor guidance, primarily by adjusting the NPM publish GitHub Action and adding GitHub/Copilot instruction documents plus Changesets configuration.
Changes:
- Modified the NPM publish workflow to run on
master, validate a version tag onHEAD, and publish with npm provenance. - Added GitHub instruction documents (Copilot guide + SonarQube MCP guidance).
- Introduced Changesets configuration and a patch changeset entry.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/publish.yml |
Adjusts publish triggers/steps, adds tag validation and npm provenance. |
.github/instructions/sonarqube_mcp.instructions.md |
Adds internal usage guidelines for SonarQube MCP tooling. |
.github/instructions/copilot-instructions.md |
Adds a contributor/Copilot guide describing project structure, testing, and conventions. |
.changeset/config.json |
Adds Changesets configuration for versioning/changelog generation. |
.changeset/authkit_71368.md |
Adds a patch changeset describing the PR’s user-facing change. |
| - name: Lint | ||
| run: npm run lint --if-present 2>/dev/null || true | ||
|
|
||
| - name: Build package | ||
| run: npm run build | ||
| - name: Test | ||
| run: npm test --if-present 2>/dev/null || true |
There was a problem hiding this comment.
Lint and Test are effectively disabled here: redirecting stderr to /dev/null hides failure output, and || true forces success even when the script exists and fails. This can publish broken builds to NPM. Prefer running npm run lint --if-present / npm test --if-present without || true (the --if-present already handles missing scripts) so failures block publishing.
| "baseBranch": "develop", | ||
| "updateInternalDependencies": "patch", | ||
| "ignore": [], | ||
| "repo": "ciscode/nest-js-developer-kit", |
There was a problem hiding this comment.
Changesets repo is set to ciscode/nest-js-developer-kit, but this package’s repository URL is CISCODE-MA/AuthKit (see package.json). This will generate incorrect changelog links and metadata. Update repo to the actual GitHub owner/repo used by this project.
| "repo": "ciscode/nest-js-developer-kit", | |
| "repo": "CISCODE-MA/AuthKit", |
| ## Summary | ||
|
|
||
| Enhanced GitHub workflows with Dependabot configuration for automated security dependency updates | ||
|
|
||
| ## Changes | ||
|
|
There was a problem hiding this comment.
This changeset summary mentions adding a Dependabot configuration, but this PR doesn’t add or modify any Dependabot files (e.g. .github/dependabot.yml). Please update the changeset text to accurately describe the actual changes in this PR (publish workflow + GitHub instruction docs + Changesets config).
| tags: | ||
| - "v*.*.*" | ||
| branches: | ||
| - master |
There was a problem hiding this comment.
The workflow no longer triggers on tag pushes (only on push to master), but the job requires a version tag on HEAD. This means creating/pushing a vX.Y.Z tag (or GitHub Release) without a simultaneous commit push to master will not run the publish workflow. Re-add a push.tags trigger (e.g. v*.*.*) or switch to release: published so publishing runs when the tag/release is created.
| - master | |
| - master | |
| tags: | |
| - "v*.*.*" |
No description provided.