Change npm install to ci

[anuruddhal]

Purpose

• Change npm install to ci
• Shai-Hulud 2.0 - Hardening integration-control-plane#212

Summary by CodeRabbit

• Chores
  • Improved build process by switching to a more reproducible install command and adding a flag (with explanatory comment) to avoid dependency conflicts, increasing build reliability and consistency during project generation steps.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Replaces npm install with npm ci and adds a --legacy-peer-deps flag plus an explanatory comment in the Maven exec plugin's exec-npm-install execution; the npm build execution and overall build step order remain unchanged.

Changes

Cohort / File(s)	Change Summary
Maven build configuration monitoring-dashboard/components/org.wso2.micro.integrator.dashboard.web/pom.xml	Replaced npm install with npm ci in the exec-npm-install execution of the Maven exec plugin; added --legacy-peer-deps flag and an explanatory comment to avoid dependency conflicts. Subsequent npm build execution left unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Review focus: confirm npm ci is appropriate (lockfile present), verify the --legacy-peer-deps rationale/comment, and ensure the exec plugin invocation and CI expectations align.

Poem

🐰 I hopped into the POM at dawn,
Swapped the old install for \npm ci``, then yawned,
A flag for peers, a tiny note I penned,
Locks honored now, my hops did send,
Builds snappier — carrot-cake to the end.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is significantly incomplete compared to the repository's template, providing only a minimal 'Purpose' section without goals, approach, or any other required documentation sections.	Expand the description to include Goals, Approach, and other relevant sections from the template, particularly explaining why npm ci is being adopted and the benefits it provides.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Change npm install to ci' directly and clearly describes the main change in the pull request, which replaces npm install with npm ci in the Maven pom.xml file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 73299dc and 4fcd62d.

⛔ Files ignored due to path filters (1)

• monitoring-dashboard/components/org.wso2.micro.integrator.dashboard.web/web-app/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• monitoring-dashboard/components/org.wso2.micro.integrator.dashboard.web/pom.xml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• monitoring-dashboard/components/org.wso2.micro.integrator.dashboard.web/pom.xml

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dc8142a and 088e735.

⛔ Files ignored due to path filters (1)

• monitoring-dashboard/components/org.wso2.micro.integrator.dashboard.web/web-app/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• monitoring-dashboard/components/org.wso2.micro.integrator.dashboard.web/pom.xml (1 hunks)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Justify and document the use of --legacy-peer-deps.

The --legacy-peer-deps flag is a workaround that allows installations despite unmet peer dependencies. This should be a temporary measure, not a permanent solution. Please clarify:

1. Which specific peer dependency conflicts require this flag?
2. Should the dependencies be updated instead to resolve conflicts properly?
3. Is this flag necessary for the build to succeed, or was it added to suppress warnings?

Consider adding an inline comment in the POM explaining why this flag is needed.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

monitoring-dashboard/components/org.wso2.micro.integrator.dashboard.web/pom.xml (1)

37-50: Consider updating the execution ID for clarity.

The execution ID exec-npm-install is now misleading since the execution runs npm ci rather than npm install. For better code clarity and maintainability, consider renaming it to exec-npm-ci.

Apply this diff to improve clarity:

                 <execution>
-                    <id>exec-npm-install</id>
+                    <id>exec-npm-ci</id>

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 088e735 and 73299dc.

⛔ Files ignored due to path filters (1)

• monitoring-dashboard/components/org.wso2.micro.integrator.dashboard.web/web-app/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• monitoring-dashboard/components/org.wso2.micro.integrator.dashboard.web/pom.xml (1 hunks)

🔇 Additional comments (1)

monitoring-dashboard/components/org.wso2.micro.integrator.dashboard.web/pom.xml (1)

44-44: Approve: npm ci aligns with CI/CD best practices.

Using npm ci instead of npm install is the recommended approach for deterministic, reproducible builds in CI/CD pipelines. It installs exact versions from package-lock.json, ensuring consistency across builds.

Verify that the web-app directory has a committed package-lock.json (or npm-shrinkwrap.json). If the lock file is missing or out of date, npm ci will fail during the build.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (dc8142a) to head (4fcd62d).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@      Coverage Diff      @@
##   master   #479   +/-   ##
=============================
=============================

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.