Merge remote-tracking branch 'origin/tomaskislan/grn-4762-support-big-number-blocks' into tomaskislan/grn-4776-support-input-blocks

Author: tkislan

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# Default owners for everything in the repository
+* @saltenasl @jamesbhobbs @Artmann @andyjakubowski

.github/actions/create-venv-for-tests/action.yml

@@ -16,7 +16,7 @@ runs:
   using: 'composite'
   steps:
     - name: Install uv
-      uses: astral-sh/setup-uv@v6
+      uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6
 
     # Used by tests for installation of ipykernel.
     # Create a venv & register it as a kernel.

.github/workflows/ci.yml

@@ -26,10 +26,10 @@ jobs:
     timeout-minutes: 15
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
 
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5
         with:
           cache: 'npm'
           node-version: ${{ env.NODE_VERSION }}
@@ -47,16 +47,62 @@ jobs:
       - name: Check Prettier formatting
         run: npm run format
 
+  typecheck:
+    name: TypeCheck
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5
+        with:
+          cache: 'npm'
+          node-version: ${{ env.NODE_VERSION }}
+          registry-url: 'https://npm.pkg.github.com'
+          scope: '@deepnote'
+
+      - name: Install dependencies
+        run: npm ci --prefer-offline --no-audit
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run TypeScript type checking
+        run: npm run typecheck
+
+  qlty:
+    name: Qlty Check
+    runs-on: ubuntu-latest
+    timeout-minutes: 3
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493
+
+      - name: Install qlty
+        uses: qltysh/qlty-action/install@a19242102d17e497f437d7466aa01b528537e899
+
+      - name: Run qlty check
+        run: qlty check
+
+      - name: Run qlty code smells analysis
+        run: qlty smells
+
   build:
     name: Build & Test
     runs-on: ubuntu-latest
     timeout-minutes: 15
+    permissions:
+      id-token: write
+      contents: read
+      packages: read
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
 
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5
         with:
           cache: 'npm'
           node-version: ${{ env.NODE_VERSION }}
@@ -73,6 +119,23 @@ jobs:
 
       - name: Run tests
         run: npm test
+        env:
+          VSC_JUPYTER_INSTRUMENT_CODE_FOR_COVERAGE: true
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5
+        with:
+          use_oidc: true
+          files: coverage/lcov.info
+          fail_ci_if_error: true
+
+      - name: Upload test results to Codecov
+        if: '!cancelled()'
+        uses: codecov/test-results-action@47f89e9acb64b76debcd5ea40642d25a4adced9f # v1
+        with:
+          use_oidc: true
+          files: test-results.xml
+          fail_ci_if_error: true
 
       - name: Check dependencies
         run: npm run checkDependencies
@@ -86,10 +149,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
 
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5
         with:
           cache: 'npm'
           node-version: ${{ env.NODE_VERSION }}
@@ -103,3 +166,51 @@ jobs:
 
       - name: Check Licenses
         run: npm run check-licenses
+
+  audit-prod:
+    name: Audit - Production
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5
+        with:
+          cache: 'npm'
+          node-version: ${{ env.NODE_VERSION }}
+          registry-url: 'https://npm.pkg.github.com'
+          scope: '@deepnote'
+
+      - name: Install dependencies
+        run: npm ci --prefer-offline --no-audit
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run audit for production dependencies
+        run: npm audit --production
+
+  audit-all:
+    name: Audit - All
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5
+        with:
+          cache: 'npm'
+          node-version: ${{ env.NODE_VERSION }}
+          registry-url: 'https://npm.pkg.github.com'
+          scope: '@deepnote'
+
+      - name: Install dependencies
+        run: npm ci --prefer-offline --no-audit
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run audit for all dependencies
+        run: npm audit

.github/workflows/copilot-setup-steps.yml

@@ -37,23 +37,23 @@ jobs:
     # If you do not check out your code, Copilot will do this for you.
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
 
       - name: Use Node ${{env.NODE_VERSION}}
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5
         with:
           node-version: ${{env.NODE_VERSION}}
           registry-url: 'https://npm.pkg.github.com'
           scope: '@deepnote'
 
       - name: Cache npm files
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
         with:
           path: ~/.npm
           key: ${{runner.os}}-${{env.CACHE_NPM_DEPS}}-${{hashFiles('package-lock.json')}}
 
       - name: Cache the out/ directory
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
         with:
           path: ./out
           key: ${{runner.os}}-${{env.CACHE_OUT_DIRECTORY}}-${{hashFiles('src/**')}}
@@ -79,7 +79,7 @@ jobs:
         continue-on-error: true
 
       - name: Install uv
-        uses: astral-sh/setup-uv@v6
+        uses: astral-sh/setup-uv@3259c6206f993105e3a61b142c2d97bf4b9ef83d # v7
 
       - name: Setup Venv
         run: |

.github/workflows/deps.yml

@@ -24,10 +24,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
 
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5
         with:
           cache: 'npm'
           node-version: ${{ env.NODE_VERSION }}
@@ -44,7 +44,7 @@ jobs:
 
       - name: Upload audit report
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
         with:
           name: npm-audit-report
           path: audit-report.json
@@ -57,10 +57,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
 
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: 'npm'

.gitignore

@@ -66,3 +66,9 @@ src/webviews/webview-side/interactive-common/variableExplorerGrid.css
 src/webviews/webview-side/interactive-common/variableExplorerGrid.css.map
 src/webviews/webview-side/react-common/seti/seti.css
 src/webviews/webview-side/react-common/seti/seti.css.map
+# Qlty cache directories
+.qlty/cache
+.qlty/logs
+.qlty/out
+.qlty/plugin_cachedir
+.qlty/results

.qlty/qlty.toml

@@ -0,0 +1,69 @@
+# Qlty Configuration
+# Learn more at https://docs.qlty.sh
+config_version = "0"
+
+# Plugins configuration
+[[plugin]]
+name = "actionlint"
+
+[[plugin]]
+name = "trufflehog"
+
+[[plugin]]
+name = "osv-scanner"
+
+# Source configuration
+[[source]]
+name = "default"
+default = true
+
+# Exclusion patterns
+exclude_patterns = [
+  "node_modules/**",
+  "dist/**",
+  "build/**",
+  "coverage/**",
+  "**/*.min.js",
+  "**/*.min.css",
+  ".git/**",
+]
+
+# Code Smells Configuration
+[smells]
+mode = "block"
+
+[smells.boolean_logic]
+enabled = true
+threshold = 4
+
+[smells.nested_control_flow]
+enabled = true
+threshold = 4
+
+[smells.function_parameters]
+enabled = true
+threshold = 5
+
+[smells.function_length]
+enabled = true
+threshold = 50
+
+[smells.file_length]
+enabled = true
+threshold = 500
+
+[smells.cognitive_complexity]
+enabled = true
+threshold = 15
+
+[smells.duplicate_code]
+enabled = true
+threshold = 6
+
+[smells.large_class]
+enabled = true
+threshold = 500
+
+[smells.long_parameter_list]
+enabled = true
+threshold = 2

CLAUDE.md

@@ -1,6 +1,7 @@
 ## Code Style & Organization
 - Order method, fields and properties, first by accessibility and then by alphabetical order.
 - Don't add the Microsoft copyright header to new files.
+- Use `Uri.joinPath()` for constructing file paths to ensure platform-correct path separators (e.g., `Uri.joinPath(venvPath, 'share', 'jupyter', 'kernels')` instead of string concatenation with `/`)
 
 ## Testing
 - Unit tests use Mocha/Chai framework with `.unit.test.ts` extension