chore: update dependencies for GitHub Apps #457
Conversation
- upgraded probot from ^13.4.5 to ^14.0.2 - updated devDependencies: - @types/node from ^20.0.0 to ^24.6.2 - nock from ^14.0.5 to ^15.0.0 - smee-client from ^2.0.0 to ^4.3.1 - vitest from ^2.0.0 to ^3.2.4 - typescript from ^5.8.3 to ^5.9.3
|
Caution Review failedThe pull request is closed. Walkthroughエディタ辞書に語彙を追加し、Firebase Functions と GitHub Apps の依存・TypeScript/tsconfig を更新し、Firebase Functions を検証する GitHub Actions ワークフローを追加した。公開 API の変更はない。 Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant PR as Pull Request
participant GH as GitHub Actions
participant Repo as Repository (openci-runner/firebase/functions)
participant GAuth as google-github-actions/auth
participant Firebase as firebase-tools (emulators)
rect rgb(230,245,255)
PR->>GH: PRイベントでワークフロー起動
end
GH->>Repo: actions/checkout (working-directory設定)
GH->>GH: setup-node (v22)
GH->>Repo: npm ci (install deps)
GH->>GAuth: 認証要求 (FIREBASE_SA_KEY)
GAuth-->>GH: 資格情報提供
GH->>Firebase: emulators:exec --only functions "npm run build"
Firebase-->>GH: エミュレータの実行結果 (成功/失敗)
GH-->>PR: ワークフロー結果を報告
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro Disabled knowledge base sources:
📒 Files selected for processing (1)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (1)
openci-runner/firebase/functions/tsconfig.json (1)
18-20: lib 設定の見直し
target: "ES2022"に対してlib: ["ES2023"]が指定されています。Array.prototype.toSortedなど ES2023 固有機能は検出されなかったため、意図的に ES2023 を使用しているか確認し、不要であればlibを"ES2022"(またはそれ以下)に揃えてください。
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (2)
openci-runner/firebase/functions/package-lock.jsonis excluded by!**/package-lock.jsonopenci-runner/github-apps/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (4)
openci-controller.code-workspace(1 hunks)openci-runner/firebase/functions/package.json(1 hunks)openci-runner/firebase/functions/tsconfig.json(1 hunks)openci-runner/github-apps/package.json(1 hunks)
🔇 Additional comments (7)
openci-controller.code-workspace (1)
79-79: LGTM!
smee-clientの依存関係アップグレードに合わせて、スペルチェック辞書に"smee"を追加しています。適切な変更です。openci-runner/firebase/functions/tsconfig.json (2)
11-12: LGTM!
target: es2022への更新とskipLibCheckの追加は適切です。Node 22のエンジン要件と整合性があります。
15-17: srcディレクトリは存在します
openci-runner/firebase/functions/src/ が確認できたため、include: ["src"]設定に問題はありません。openci-runner/firebase/functions/package.json (2)
24-24: LGTM!Node.jsのエンジン要件(22)に合わせて
@types/nodeを追加しています。適切な対応です。
27-28: TypeScriptとVitestのメジャーアップグレードを確認してください。
typescript(v4→v5)とvitest(v1→v3)の両方をメジャーアップグレードしています。これらには破壊的変更が含まれる可能性があります。特にTypeScript v5では、デコレータやenum、モジュール解決に変更があります。すべてのテストが成功することを確認してください。openci-runner/github-apps/package.json (2)
22-23: LGTM!
vitestのv2→v3へのアップグレードとtypescriptのv5.8→v5.9へのマイナーアップグレードは適切です。TypeScriptのマイナーバージョンアップは通常安全です。
20-21: nock v15とsmee-client v4の破壊的変更確認
- nock v15はβ版でAPI仕様が変更(Web標準準拠、undiciサポート等)されている可能性があるため、公式migration guideを参照して対応し、テストが通ることを確認してください。
- smee-client v4は4.x系列内のアップデートで後方互換性が高いものの、リリースノートを確認のうえテストを実行してください。
| "main": "lib/index.js", | ||
| "dependencies": { | ||
| "firebase-admin": "^12.6.0", | ||
| "firebase-admin": "^13.5.0", |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
🧩 Analysis chain
firebase-adminのメジャーアップグレードを確認してください。
firebase-adminを^12.6.0から^13.5.0にアップグレードしています。メジャーバージョンアップには破壊的変更が含まれる可能性があります。マイグレーションガイドを確認し、すべての機能が正常に動作することをテストしてください。
🌐 Web query:
firebase-admin v13 breaking changes and migration guide
💡 Result:
Summary of firebase-admin v13 breaking changes and quick migration steps
Breaking changes (high‑level)
- Credentials/auth: admin now uses google-auth-library for credentials (adds Workload Identity Federation and service-account impersonation support). [1]
- Node.js engine: support for Node.js 14 and 16 was dropped — Node 18+ required. [1]
- Messaging API removals: several deprecated Cloud Messaging helpers were removed (sendAll, sendMulticast, sendToDevice, sendToDeviceGroup, sendToTopic, sendToCondition). Migrate to the current send/sendEach style messaging APIs. [1]
- Remote Config hashing: percentage-condition random assignment hashing changed (removed farmhash-modern). This can reassign users for percent-based conditions; assignments are persistent going forward. [1]
- TypeScript/tooling: TypeScript dependency upgraded (v5.5.4) and other dependency bumps that may impact typings. [1]
Where these are documented
- Official Admin Node.js release notes (v13.0.0 and subsequent v13.x entries) and Firebase release notes. [1][2]
Quick migration checklist
- Upgrade Node:
- Move your runtime to Node 18 or newer (update engines in package.json, CI, and deployment targets). [1]
- Credentials/auth:
- If you relied on older credential behaviors (custom handling of JSON keys), test auth flows. Consider switching to google-auth-library patterns to use Workload Identity Federation or service-account impersonation where appropriate. Test IAM/credentials in staging. [1]
- Messaging code:
- Replace removed helper calls with the supported Messaging API. For batch/parallel sends use the recommended send/sendAll patterns in the new API (see your existing messaging codepaths and adapt accordingly). Run tests for FCM paths. [1]
- Remote Config percent rules:
- Audit Remote Config percent-based conditions. If percent assignment stability matters, review and re-evaluate experiments/targeting after upgrade to avoid unexpected user reassignment. [1]
- TypeScript and types:
- Update TypeScript or adjust tsconfig and type imports if you compile with TypeScript; confirm no breaking typing changes. [1]
- Dependencies and CI:
- Update package.json to firebase-admin@^13.x, run npm install, and run your test suite. Fix any peer-dependency warnings from other Firebase packages (Cloud Functions, etc.). [2]
- Smoke tests and rollout:
- Deploy to a nonproduction environment, run end-to-end tests for auth, messaging, Remote Config, and any APIs that touch Admin SDK. Monitor logs and metrics during a gradual rollout.
Links / references
- Firebase Admin Node.js release notes (v13.0.0 and v13.x). [1]
- Firebase release notes (SDK release listing). [2]
If you want, I can:
- produce an automated codemod to convert removed messaging calls in your repo, or
- review a small sample of your code and give exact replacement changes.
functions/package.json の Node エンジン設定を確認します。
🏁 Script executed:
#!/bin/bash
rg -n '"engines"' -C3 openci-runner/firebase/functions/package.jsonLength of output: 141
functions/package.json の Node エンジン設定を修正し、Messaging API の置換を実施してください
- engines.node を “>=18”(または “18”)に変更し、Cloud Functions がサポートする Node.js 18 以上で動作することを確認
- sendAll/sendMulticast/sendToDevice 等の削除済みヘルパーを send/sendEach 系 API に置き換え、マイグレーションガイドに沿って認証フローや Remote Config も含めた E2E テストを完了
🤖 Prompt for AI Agents
openci-runner/firebase/functions/package.json around line 18: update the Node
engine and migrate deprecated Messaging helpers; change the "engines.node" field
to ">=18" (or "18") so Cloud Functions runs on Node 18+, then replace any usage
of removed FCM helpers (sendAll / sendMulticast / sendToDevice) with the
supported send/sendEach-style APIs per the Firebase migration guide (adjust call
sites, payloads, and error handling accordingly), verify auth/credential
initialization and Remote Config usage follow the guide, and run full E2E tests
covering authentication flows and Remote Config to confirm messaging behavior
after the changes.
| }, | ||
| "dependencies": { | ||
| "probot": "^13.4.5" | ||
| "probot": "^14.0.2" |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
🧩 Analysis chain
probotのメジャーアップグレードを確認してください。
probotを^13.4.5から^14.0.2にアップグレードしています。メジャーバージョンアップには破壊的変更が含まれる可能性があります。特にイベントハンドラーやAPI、型定義に変更がないか確認してください。
🌐 Web query:
probot v14 breaking changes and migration guide from v13
💡 Result:
Here are the main breaking changes in Probot v14 (from v13) and a concise migration checklist.
Sources: [1][2]
Breaking changes (summary)
- Probot is ESM-only (no CommonJS). [1]
- Minimum Node change (drops older versions; requires Node 20.18+ / 22+; Node 21/18 dropped). [1]
- Switched webhook types to GitHub OpenAPI webhook types (replaces @octokit/webhooks types). [1]
- Legacy REST endpoint shorthand removed — use octokit.rest.* (no legacy endpoint methods). [1]
- Express server removed from built-in Probot; built-in server now listens on localhost by default (not 0.0.0.0). [1]
- Many previously non‑public TypeScript properties marked private (private class fields). [1]
- createNodeMiddleware() is now async. [1]
- Some optional integrations (e.g., @sentry/node, ioredis) must be installed separately if used. [1]
- @octokit / webhook/logger related changes and other internal dependency bumps. [1]
Quick migration checklist (v13 → v14)
- Convert your project to ESM
- Add "type": "module" to package.json or otherwise adopt ESM imports (replace require() with import). [1]
- Update TypeScript config (if used)
- Use node16/nodenext/node20 module + moduleResolution appropriate to your TS version per Probot recommendations. [1]
- Upgrade Node runtime
- Ensure your environment runs a supported Node (20.18+ or 22+ as required). [1]
- Replace legacy REST calls
- Replace any use of legacy endpoint shorthand (context.octokit.request/endpoint shorthand) with octokit.rest.* calls (e.g., octokit.rest.issues.createComment). Test all API usages. [1]
- Replace webhook type imports
- Swap @octokit/webhooks-types imports to the OpenAPI webhook types used by v14. [1]
- Fix code that relied on formerly public internals
- Replace access to properties now private (e.g., Probot#state) with supported public APIs. [1]
- Update middleware/server code
- Await createNodeMiddleware() where used; if you relied on the built-in express server, create your own server integration or adapt to the new behavior. Adjust host binding if you relied on 0.0.0.0. [1]
- Add optional packages if needed
- Install @sentry/node, ioredis, or other packages explicitly if your app expects those integrations. [1]
- Run tests and CI
- Run unit/integration tests under the target Node version; fix type errors and runtime failures (webhook decoding, logger changes, etc.). Check open issues/PRs if you hit edge cases. [2]
If you want, I can:
- inspect your package.json / sample code and provide line-by-line changes to migrate;
- produce a diff/example showing CommonJS → ESM conversion plus REST call replacements.
Sources
- Probot v14.0.0 release notes / migration summary. [1]
- Probot GitHub repository (issues and docs for v13→v14 context). [2]
References
[1] Probot v14.0.0 release notes (summary).
[2] Probot GitHub repository (README / issues).
Probot v14アップグレードに伴う必須マイグレーション対応
- package.jsonに"type": "module"を追加し、require→importへ切り替え
- Nodeエンジン要件を>=20.18(または22+)に更新
- tsconfig.jsonのmodule/moduleResolutionをnode16/nodenext/node20へ設定
- context.octokit.request等のレガシー省略記法をoctokit.rest.*呼び出しに置換
- @octokit/webhooks-types→GitHub OpenAPI webhook typesのimportに置換
- createNodeMiddleware()をawait化し、サーババインド(host)設定を確認
- private化されたプロパティへの直接アクセスをpublic APIへ置換
- 必要なら@sentry/nodeやioredisなどのオプション統合パッケージを依存に追加
- 新Nodeバージョン下でテストを実行し、型・ランタイムエラーを解消
🤖 Prompt for AI Agents
In openci-runner/github-apps/package.json around line 16, the project needs the
mandatory migrations for Probot v14: add "type": "module" to package.json and
update the "engines" node requirement to >=20.18 (or 22+), convert any CommonJS
require() usage in the repo to ES module import syntax, ensure tsconfig.json
uses module/moduleResolution appropriate for Node (node16/nodenext/node20),
update usages of context.octokit.request to octokit.rest.* calls and replace
@octokit/webhooks-types imports with the GitHub OpenAPI webhook types, make
createNodeMiddleware() calls awaitable and verify server bind/host handling,
stop accessing private properties directly and use public API alternatives, add
any optional integration packages (e.g., @sentry/node, ioredis) to dependencies
if required by new Node environment, and then run tests under the new Node
version to fix any type/runtime errors.
| "smee-client": "^2.0.0", | ||
| "vitest": "^2.0.0", | ||
| "typescript": "^5.8.3" | ||
| "@types/node": "^24.6.2", |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
🧩 Analysis chain
Node.jsバージョンとの整合性を確認してください。
@types/nodeを^24.6.2にアップグレードしていますが、enginesの要件はnode >= 18のままです。@types/node v24はNode.js 24用の型定義です。以下を確認してください:
- Node.js 18/20で動作する必要がある場合、@types/nodeをv20またはv22に下げることを検討してください
- Node.js 24のみをサポートする場合、enginesを
"node": ">= 24"に更新してください
🏁 Script executed:
#!/bin/bash
# Description: Check actual Node.js version usage in code
# Check for Node.js version-specific features
rg -n --type=ts --type=js -C3 'process\.version|NODE_VERSION' openci-runner/github-apps/Length of output: 0
以下のスクリプトでpackage.jsonのengines設定を確認してください。
🏁 Script executed:
#!/bin/bash
rg -n '"engines"' -C2 openci-runner/github-apps/package.json
rg -n '"node"\s*:' -C2 openci-runner/github-apps/package.jsonLength of output: 151
Node.jsバージョン要件と@types/nodeの整合性を確認
engines.nodeが>=18のままですが、@types/nodeはv24用です。
- Node.js 18/20を引き続きサポートする場合、
@types/nodeをv20またはv22にダウングレード - Node.js 24以降のみをサポートする場合、
engines.nodeを>=24に更新
🤖 Prompt for AI Agents
In openci-runner/github-apps/package.json around line 19, the engines.node
requirement (>=18) is inconsistent with the pinned @types/node version
(^24.6.2); either align types with supported Node versions or raise engine.
Decide which to support: if you intend to keep supporting Node 18/20, change
@types/node to a v20 or v22 range (e.g. ^20.0.0 or ^22.0.0); if you intend to
require Node >=24, update engines.node to ">=24". Update package.json
accordingly and run npm install / npm ci to refresh lockfiles.
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (1)
.github/workflows/verify-firebase-functions.yml(1 hunks)
| - uses: google-github-actions/auth@v2 | ||
| with: | ||
| credentials_json: ${{ secrets.FIREBASE_SA_KEY }} | ||
|
|
||
| - name: Dry-run check via Emulator on PRs | ||
| run: | | ||
| npx firebase-tools emulators:exec \ | ||
| --only functions \ | ||
| --project ${{ secrets.FIREBASE_PROJECT_ID }} \ | ||
| "npm run build" |
There was a problem hiding this comment.
フォーク PR では secrets が使えず常に失敗します。
pull_request イベントではフォークからの PR にリポジトリ secrets が供給されないため、google-github-actions/auth が空の credentials_json で失敗し、以降の FIREBASE_PROJECT_ID 参照もエラーとなります。外部コントリビューションを想定するなら、このジョブをフォーク PR ではスキップするなどのガードが必須です。
例:
jobs:
firebase:
+ if: github.event.pull_request.head.repo.fork == false
runs-on: ubuntu-latestもしくは secrets を必要としない別経路での検証をご検討ください。
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.FIREBASE_SA_KEY }} | |
| - name: Dry-run check via Emulator on PRs | |
| run: | | |
| npx firebase-tools emulators:exec \ | |
| --only functions \ | |
| --project ${{ secrets.FIREBASE_PROJECT_ID }} \ | |
| "npm run build" | |
| jobs: | |
| firebase: | |
| if: github.event.pull_request.head.repo.fork == false | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.FIREBASE_SA_KEY }} | |
| - name: Dry-run check via Emulator on PRs | |
| run: | | |
| npx firebase-tools emulators:exec \ | |
| --only functions \ | |
| --project ${{ secrets.FIREBASE_PROJECT_ID }} \ | |
| "npm run build" |
🤖 Prompt for AI Agents
.github/workflows/verify-firebase-functions.yml lines 23-32: the workflow fails
for fork PRs because repo secrets are unavailable; guard the job (or at least
the auth step) so it is skipped for forked pull requests by adding an
if-condition checking that either the event is not a pull_request or that
github.event.pull_request.head.repo.fork == false (i.e., the PR originates from
the same repo), and alternatively provide a separate non-secret-dependent
verification path for fork contributions if needed.
Summary by CodeRabbit