chore: adopt Astro toolchain (typecheck, format, lint, dead-code, security)#16
Conversation
Phase 1 of the toolchain rollout: reproducible environment. - .editorconfig: 2-space, LF, UTF-8, final newline, trim trailing (markdown exempt, hard breaks use trailing spaces) - bunfig.toml [install] exact=true: lockfile/package.json never drift Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Phase 2 of the toolchain rollout: type safety. - @astrojs/check + typescript devDeps (the Astro-native typecheck; tsc alone can't see .astro files) - tsconfig: types:[bun] so bun:test resolves in *.test.ts (also pulls Node globals via bun-types' node reference) - typecheck/test/gate scripts; gate grows each phase - ci.yml runs 'bun run gate' before build, so every later phase is validated end-to-end by CI automatically Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Phase 3 of the toolchain rollout: formatting. - prettier + prettier-plugin-astro + prettier-plugin-tailwindcss - .prettierrc.json: singleQuote, printWidth 100, tailwindStylesheet pointed at the v4 entry (src/styles/global.css) - .prettierignore: dist/.astro/node_modules/bun.lock, public (served verbatim), the synced docker-compose.example.yml, docs (design/plan artifacts whose fenced blocks aren't valid JS) - format/format:fix scripts; gate grown to typecheck + format - one-time repo-wide reformat Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Phase 4 of the toolchain rollout: linting + dead-code. - oxlint (.oxlintrc.json): correctness=error, suspicious=warn; lints .ts and embedded .astro scripts. no-underscore-dangle off (noise on __dirname, _fbq, project analytics globals) - knip: zero-config, Astro plugin auto-detected; respects .gitignore - fixes: drop needless 'export' on internal interfaces (SectionColumn, ConsoleCta); replace unused Object.entries key with Object.values; scope-disable no-unused-expressions around the Meta Pixel vendor snippet - .gitignore: .remember/ (local session state, like .superpowers/) - lint/knip scripts; gate = typecheck + format + lint + knip Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Phase 5 of the toolchain rollout: finalize the gate. - gate is now the full chain: typecheck -> format -> lint -> knip -> test - ci.yml already runs 'bun run gate' (added in phase 2), so CI now enforces the complete chain on every push/PR - no coverage threshold: relaxed for a website (tests run, but we don't gate on a percentage the way the library repo does) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Phase 6 of the toolchain rollout: edge security + hooks. - secretlint (.secretlintrc.json, recommend preset): scans for committed secrets. .secretlintignore excludes the synced docker-compose example (its connection string is a commented-out template default, not a secret) - bun audit: advisory, NON-blocking in CI (continue-on-error) and pre-push. Current advisories are transitive build-time deps (picomatch/js-yaml) with no static-site attack surface; Dependabot bumps them upstream - .githooks/ (zero-dep, via core.hooksPath set by prepare script): pre-commit = secrets + format (fast); pre-push = gate + audit - knip.json: ignore the secretlint preset (loaded via config, untraceable) - secrets/audit scripts; secret scan added to CI Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A continue-on-error step still surfaces a red 'exit code 1' annotation, which reads as a failure on an otherwise-clean PR. Use '|| echo ::notice::' so the step is green and advisories show as a blue informational notice instead — matching the pre-push hook's non-blocking 'bun audit || true'. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adopts a Bun-based toolchain for this Astro static site, wiring typechecking, formatting, linting, dead-code detection, secret scanning, and an advisory dependency audit into local workflows and CI to improve correctness and consistency.
Changes:
- Adds
bun run gate(typecheck → format → lint → knip → test) plus secret scanning and non-blockingbun audit, and wires them into CI and git hooks. - Introduces tool configuration files for Prettier, oxlint, knip, and secretlint, plus Bun install settings.
- Applies repo-wide formatting/cleanup across Astro/TS/CSS sources to align with the new formatter/linter.
Reviewed changes
Copilot reviewed 64 out of 68 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tsconfig.json | Adds Bun types for tests |
| src/styles/global.css | Prettier-driven formatting only |
| src/scripts/studio.ts | Formatting + minor refactor formatting |
| src/scripts/lib/export.test.ts | Formatting only |
| src/scripts/lib/console-copy.ts | Formatting; unexports internal type |
| src/scripts/lib/console-copy.test.ts | Formatting + small test loop tweak |
| src/pages/privacy-policy.astro | Formatting/layout only |
| src/pages/index.astro | Formatting only |
| src/pages/404.astro | Formatting/layout only |
| src/pages/[section].astro | Formatting of JSON-LD mapping |
| src/lib/github-stars.ts | Parentheses for clarity in ternary |
| src/lib/github-stars.test.ts | Formatting only |
| src/layouts/Layout.astro | Formatting + JSON-LD key style |
| src/data/sections.ts | Formatting + internal type visibility tweak |
| src/data/sections.test.ts | Formatting only |
| src/data/section-seo.ts | Formatting only |
| src/data/schemas.ts | Formatting only |
| src/data/deploy-targets.ts | Large formatting expansion (no logic change) |
| src/data/deploy-categories.ts | Formatting only |
| src/components/studio/TopBar.astro | Formatting/layout only |
| src/components/studio/StudioShell.astro | Formatting/layout only |
| src/components/studio/StatusBar.astro | Formatting/layout only |
| src/components/studio/Sql.astro | Keyword list formatting only |
| src/components/studio/SectionShell.astro | Formatting/layout only |
| src/components/studio/QueryChrome.astro | Formatting/layout only |
| src/components/studio/MobileTopBar.astro | Formatting/layout only |
| src/components/studio/MobileQueryCard.astro | Formatting/layout only |
| src/components/studio/Explorer.astro | Formatting/layout + map layout changes |
| src/components/studio/Console.astro | Formatting only |
| src/components/studio/CommandPalette.astro | Formatting/layout only |
| src/components/sections/TechStackSection.astro | Formatting/layout only |
| src/components/sections/SectionHeader.astro | Formatting only |
| src/components/sections/ProvidersSection.astro | Formatting/layout only |
| src/components/sections/PlatformSection.astro | Formatting/layout only |
| src/components/sections/HomeSection.astro | Formatting/layout only |
| src/components/sections/GetStartedSection.astro | Formatting/layout only |
| src/components/sections/FeaturesSection.astro | Formatting/layout only |
| src/components/sections/FaqSection.astro | Formatting/layout only |
| src/components/sections/DockerComposeSection.astro | Formatting/layout only |
| src/components/sections/DeploySection.astro | Formatting/layout only |
| src/components/sections/DatabaseSection.astro | Formatting/layout only |
| src/components/sections/DatabaseReliabilitySection.astro | Formatting/layout only |
| src/components/sections/DatabaseCtaFooter.astro | Formatting/layout only |
| src/components/sections/DatabaseArchitectureSection.astro | Formatting/layout only |
| src/components/sections/CompareSection.astro | Formatting/layout only |
| src/components/Header.astro | Formatting/layout only |
| src/components/deploy/StatusBadge.astro | Formatting/layout only |
| src/components/deploy/PlatformCard.astro | Formatting/layout only |
| src/components/CookieConsent.astro | Formatting + oxlint suppression comments |
| scripts/sync-docker-compose.mjs | Formatting only |
| package.json | Adds toolchain scripts/deps; gate + hooks |
| knip.json | Adds knip config + ignore deps |
| bunfig.toml | Enables exact installs; documents intent |
| astro.config.mjs | Formatting only |
| .secretlintrc.json | Adds secretlint config |
| .secretlintignore | Adds secretlint ignore paths |
| .prettierrc.json | Adds Prettier config + plugins |
| .prettierignore | Adds Prettier ignore paths |
| .oxlintrc.json | Adds oxlint config + ignores |
| .gitignore | Ignores local tooling state directory |
| .github/workflows/deploy.yml | YAML formatting tweak |
| .github/workflows/ci.yml | Runs gate + secret scan + advisory audit |
| .github/dependabot.yml | YAML formatting tweak |
| .githooks/pre-push | Adds pre-push gate + advisory audit |
| .githooks/pre-commit | Adds pre-commit secrets + format check |
| .editorconfig | Adds editor consistency settings |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Reproducible installs: pin exact versions (no ^ ranges) so the lockfile and | ||
| # package.json never drift. Mirrors the toolchain decision in the sibling | ||
| # libredb-database repo, relaxed for a website. |
There was a problem hiding this comment.
Fixed in the pin commit: @astrojs/sitemap and @types/bun are now pinned exact (same resolved versions), so the manifest matches the reproducible-install intent. The bunfig.toml comment was also reworded to describe what install.exact actually guarantees. Dependabot proposes future bumps explicitly.
Copilot flagged that bunfig.toml claimed 'no ^ ranges' while package.json still had carets on @astrojs/sitemap and @types/bun. Pin both exact (same resolved versions) so the manifest matches the stated reproducible-install intent, and reword the bunfig.toml comment to describe what install.exact actually guarantees. Dependabot proposes bumps explicitly. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
| # Reproducible installs: pin exact versions (no ^ ranges) so the lockfile and | ||
| # package.json never drift. Mirrors the toolchain decision in the sibling | ||
| # libredb-database repo, relaxed for a website. |
| "audit": "bun audit", | ||
| "test": "bun test", | ||
| "gate": "bun run typecheck && bun run format && bun run lint && bun run knip && bun run test", | ||
| "prepare": "git config core.hooksPath .githooks" |
| dist | ||
| .astro | ||
| node_modules | ||
| bun.lock |
Align with the sibling libredb-database repo and the JetBrains default (80 is terminal-era inertia; 120 keeps one logical statement per line without straining side-by-side review). Repo-wide reflow, no logic change. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Toolchain for libredb-website (Astro)
Adapts the sibling libredb-database
TOOLCHAIN.mddecision record to this Astro static site — keeping the correctness gates (typecheck, format, dead-code, secrets) and dropping the packaging ones (attw/publint/size-limit/changesets) that only apply to a published npm library.Astro-specific corrections vs the DB doc:
astro check(nottsc) —tsccan't see.astrofiles.prettier-plugin-astro(not Biome) — Biome's.astrosupport is still experimental..ts+ embedded.astroscripts.Shipped in phases, each its own commit, each gated green by CI before the next.
Phases — all complete ✅
.editorconfig,bunfig.tomlexact installs@astrojs/check,typecheckscript,gatewired into CI (tsconfigtypes:[bun]sobun:testresolves)public/, synced compose,docs/ignoredtypecheck → format → lint → knip → testbun audit(advisory), zero-dep.githooks(pre-commit: secrets+format; pre-push: gate+audit)The gate
bun run gate=typecheck → format → lint → knip → test. CI runs it plus a blocking secret scan and a non-blocking dependency audit, then builds.Reviewer note —
bun auditis intentionally non-blocking8 advisories exist in transitive build-time deps (picomatch ReDoS, js-yaml DoS via Astro/tooling). These have no attack surface in a static-site build (no attacker-controlled input), so audit reports them as an informational notice rather than failing CI. Dependabot (already configured) tracks the upstream bumps.
Explicitly rejected (library-only, N/A to a website)
attw,publint,size-limit,isolatedDeclarations,changesets,license-checker.🤖 Generated with Claude Code