chore(ci): update CI actions

[vancura]

This pull request updates CI/CD workflows and package configuration to improve build consistency and maintainability.

Changes Overview

pnpm Version Update: The package manager version is bumped from 10.24.0 to 10.26.2 across all CI workflows and the package.json configuration. This affects:

• ci.yml: Two occurrences in the quality and test jobs
• deploy.yml: Three occurrences in the Setup pnpm steps across multiple jobs
• package.json: packageManager field updated to reflect the new version

Environment Variable Additions:

• deploy.yml: Adds NODE_ENV: production environment variable to the build step in the Build Demos phase, ensuring production-optimized builds
• pr-checks.yml: Introduces BASE_SHA and HEAD_SHA environment variables in the PR commit validation step and updates commitlint invocation to use these environment variables instead of directly interpolating GitHub contexts, improving clarity and decoupling from GitHub context syntax

These changes standardize the pnpm version across all CI pipelines and introduce environment variable-based configuration for better control flow and maintainability.

[coderabbitai]

Walkthrough

Bumps pnpm version from 10.24.0 to 10.26.2 across CI, deploy, and package configuration files. Adds NODE_ENV production variable to the deploy build step. Refactors PR commit validation to use BASE_SHA and HEAD_SHA environment variables instead of inline GitHub context expressions.

Changes

Cohort / File(s)	Summary
pnpm Version Updates package.json, .github/workflows/ci.yml, .github/workflows/deploy.yml	Bumps pnpm from 10.24.0 to 10.26.2 in three workflow steps and package manager specification
Build Environment Configuration .github/workflows/deploy.yml	Adds NODE_ENV: production environment variable to the build step in the Build Demos phase
PR Validation Refactoring .github/workflows/pr-checks.yml	Introduces BASE_SHA and HEAD_SHA environment variables in PR commit validation step, decoupling from inline GitHub context syntax in commitlint invocation

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'chore(ci): update CI actions' is vague and generic, using non-descriptive language that doesn't clearly convey the specific changes made (pnpm version bump and workflow updates).	Consider a more specific title like 'chore(ci): update pnpm to 10.26.2 and add NODE_ENV variable' to better describe the actual changes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ci-update

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 841d759 and acd9d27.

📒 Files selected for processing (4)

• .github/workflows/ci.yml
• .github/workflows/deploy.yml
• .github/workflows/pr-checks.yml
• package.json

🔇 Additional comments (6)

.github/workflows/ci.yml (2)

92-92: LGTM!

The pnpm version is consistently updated across both jobs in this workflow.

---

42-42: pnpm version 10.26.2 verified as safe and available.

The version is published on npm and has no known security advisories affecting it. The update can proceed.

.github/workflows/deploy.yml (2)

42-42: LGTM!

The pnpm version is consistently updated across all three jobs in the deploy workflow, matching the updates in ci.yml.

Also applies to: 102-102, 154-154

---

175-176: Good addition for production builds.

Setting NODE_ENV to production is a standard practice that enables build-time optimizations and ensures production-appropriate behavior during the build phase.

.github/workflows/pr-checks.yml (1)

53-58: Nice refactor for improved readability.

Extracting BASE_SHA and HEAD_SHA into environment variables makes the commitlint invocation cleaner and more maintainable than inline GitHub context interpolation.

package.json (1)

59-59: LGTM!

The packageManager field is correctly updated to match the pnpm version used across the workflow files. The simplified format without the integrity hash is acceptable and will work correctly with Corepack.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/pr-checks.yml (1)

41-41: Update pnpm version for consistency.

Line 41 still uses pnpm version 10.24.0, while ci.yml and deploy.yml have been updated to 10.26.2. For consistency and to avoid potential behavioral differences across workflows, this should also be updated to 10.26.2.

Proposed fix

       - name: Setup pnpm
         uses: pnpm/action-setup@v4
         with:
-          version: '10.24.0'
+          version: '10.26.2'

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 841d759 and acd9d27.

📒 Files selected for processing (4)

• .github/workflows/ci.yml
• .github/workflows/deploy.yml
• .github/workflows/pr-checks.yml
• package.json

🔇 Additional comments (6)

.github/workflows/ci.yml (2)

92-92: LGTM!

The pnpm version is consistently updated across both jobs in this workflow.

---

42-42: pnpm version 10.26.2 verified as safe and available.

The version is published on npm and has no known security advisories affecting it. The update can proceed.

.github/workflows/deploy.yml (2)

42-42: LGTM!

The pnpm version is consistently updated across all three jobs in the deploy workflow, matching the updates in ci.yml.

Also applies to: 102-102, 154-154

---

175-176: Good addition for production builds.

Setting NODE_ENV to production is a standard practice that enables build-time optimizations and ensures production-appropriate behavior during the build phase.

.github/workflows/pr-checks.yml (1)

53-58: Nice refactor for improved readability.

Extracting BASE_SHA and HEAD_SHA into environment variables makes the commitlint invocation cleaner and more maintainable than inline GitHub context interpolation.

package.json (1)

59-59: LGTM!

The packageManager field is correctly updated to match the pnpm version used across the workflow files. The simplified format without the integrity hash is acceptable and will work correctly with Corepack.