fix the resolution of docusaurus-og

[sawka]

No description provided.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Updated docs/package.json to change the "@waveterm/docusaurus-og" dependency from a git repository URL to a tarball URL pinned to a specific commit. Added a new step "Force git deps to HTTPS" in .github/workflows/build-helper.yml under the build-app job that sets two git config entries to rewrite SSH GitHub URLs to HTTPS. No other dependencies, scripts, exported/public declarations, or files were modified.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description Check	❓ Inconclusive	No pull request description was provided, so there is no author-supplied context beyond the title and the changeset; because the description is missing rather than clearly related or off-topic, this check is inconclusive under the "very vague or generic" criterion. The code changes are visible, but the lack of a description prevents confirmation of motivation or related issues.	Please add a brief PR description explaining why the dependency resolution was changed (e.g., to pin docusaurus-og to a specific tarball to avoid git-resolution or build issues), reference the modified file (docs/package.json), and link any related issue or CI failures; once added this check can be re-evaluated.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The PR title "fix the resolution of docusaurus-og" directly reflects the main change in the diff — altering how the docusaurus-og dependency is resolved (switching from a git URL to a pinned tarball in docs/package.json) — and is concise and clear enough for a reviewer to understand the primary intent. It avoids noisy details and focuses on the main fix, meeting the title criteria.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0fbc2cc and 5ec0ea6.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• .github/workflows/build-helper.yml (1 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

docs/package.json (3)

27-27: Prefer GitHub shorthand for readability and cross‑PM compatibility.

Functionally equivalent and still resolves via tarball (no Git required):

Apply:

-        "@waveterm/docusaurus-og": "https://codeload.github.com/wavetermdev/docusaurus-og/tar.gz/2156619012b8970d922c1ef47789d2f14e47e283",
+        "@waveterm/docusaurus-og": "github:wavetermdev/docusaurus-og#2156619012b8970d922c1ef47789d2f14e47e283",

---

1-16: Lock the package manager for reproducible installs.

Consider adding the packageManager field (e.g., “npm@X”/“pnpm@X”/“yarn@X”) so contributors and CI use the same tool version; this reduces resolution drift for GitHub tarball deps.

Example:

 {
     "name": "waveterm-docs",
     "version": "0.0.0",
+    "packageManager": "npm@10.8.2",
     "scripts": {

---

27-27: Long‑term: consider publishing @waveterm/docusaurus-og to npm.

Publishing a tagged package would enable semver, better caching, and Dependabot updates instead of pinning to a commit tarball.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8232465 and 0fbc2cc.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• docs/package.json (1 hunks)

🔇 Additional comments (2)

docs/package.json (2)

27-27: Sanity check: confirm @waveterm/docusaurus-og tarball includes built artifacts

Could not inspect the tarball (docusaurus-og.tgz not found), so I couldn't verify whether that package uses a 'prepare' build that requires devDependencies. Tarball installs do not install devDeps — verify the published tarball or repo tag includes compiled output (dist/ or lib/) or remove/avoid a prepare/build step that needs devDeps. File: docs/package.json (line 27).

---

27-27: Tarball reachable and installable on Linux — built artifacts present; Windows untested

Tarball contains lib/ and package.json; repo lockfile references the codeload URL; npm i --ignore-scripts succeeded and require.resolve returned node_modules/@waveterm/docusaurus-og/lib/index.js. Run the same smoke install on Windows/CI and inspect the pinned commit to confirm the intended "OG resolution" fix.