Skip to content

ci: drop attw, keep publint#43

Merged
samuelho-dev merged 1 commit into
mainfrom
ci/drop-attw
May 24, 2026
Merged

ci: drop attw, keep publint#43
samuelho-dev merged 1 commit into
mainfrom
ci/drop-attw

Conversation

@samuelho-dev

@samuelho-dev samuelho-dev commented May 24, 2026

Copy link
Copy Markdown
Owner

Removes attw from CI entirely (reverting the #41 advisory workaround and #42 local-patch machinery).

attw crashes decompressing this package's tarball — its core overwrites the fflate Gunzip output per chunk instead of concatenating, so any package that streams in multiple chunks (this one: 341 KB → fflate emits [341504, 0, 0], last chunk kept = empty → 0 files → crash). That's a checker-tool bug; the generated package itself is valid (verified: untar of the concatenated output = 92 files, matches tar tzf).

Carrying a pinned dep + local patch for a third-party tool isn't worth it. publint stays as the gating export validator ("All good!"). Drops: the @arethetypeswrong/cli dev dep, the bun patch + patchedDependencies, the attw script, and the attw CI step.

Summary by CodeRabbit

Release Notes

  • Chores
    • Updated package verification process in continuous integration workflow.
    • Removed associated development dependencies.

Review Change Stack

@arethetypeswrong/cli crashes ("Cannot read properties of undefined (reading
'filename')") decompressing this package's tarball — its core overwrites the
fflate Gunzip output per chunk instead of concatenating, so any package large
enough to stream in multiple chunks (ours: 341KB/92 files) loses all but the
last empty chunk. That's a checker bug, not a problem with the generated package.

Rather than carry a local patch + pinned dep for a third-party tool, drop attw
entirely. publint remains the gating export validator. Removes the pinned
@arethetypeswrong/cli dev dep, the bun patch, and the attw script/CI step added
in #41/#42.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented May 24, 2026

Copy link
Copy Markdown

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7e292f21-e5ea-4731-87ff-28b6301d30b3

📥 Commits

Reviewing files that changed from the base of the PR and between 9f2eb46 and f6042d6.

⛔ Files ignored due to path filters (1)
  • bun.lock is excluded by !**/*.lock
📒 Files selected for processing (3)
  • .github/workflows/ci.yml
  • package.json
  • patches/@arethetypeswrong%2Fcore@0.18.2.patch

Disabled knowledge base sources:

  • Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.


📝 Walkthrough

Walkthrough

The PR replaces the @arethetypeswrong/cli package verification tool with publint in the CI workflow. The attw npm script, dependency, and patchedDependencies configuration are removed from package.json, and the associated patch file is deleted.

Changes

Package Verification Tool Migration

Layer / File(s) Summary
CI workflow verification step migration
.github/workflows/ci.yml
The CI workflow test job's package verification step replaces the prior bun run attw --pack ... invocation with npx --yes publint.
Remove attw dependency and patch
package.json, patches/@arethetypeswrong%2Fcore@0.18.2.patch
The attw npm script is removed from scripts, @arethetypeswrong/cli is removed from devDependencies, and the patchedDependencies configuration block for the Gunzip patch is deleted. The patch file is removed as it is no longer needed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/drop-attw

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@samuelho-dev samuelho-dev merged commit 8ccf83b into main May 24, 2026
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant