Chore: refactor dependency ci

[black7375]

Description

Refactor dependency action

Related Issue

Summary by CodeRabbit

• Chores
  • Streamlined the strict installation path in our internal setup to reduce noise and speed up CI runs, keeping only the essential install step.
  • Enhanced the dependencies stage in CI by adding automated checks for peer dependencies, package consistency, and security audits, improving early detection of issues and overall pipeline reliability.

Additional context

Checklist

[black7375]

/fast-forward

[github-actions]

Triggered from #254 (comment) by @​black7375.

Trying to fast forward main (50bc9d0) to ci-dependency (51133c5).

Target branch (main):

commit 50bc9d0ea0acada8bfd11e19d458db420055984e (HEAD -> main, origin/main)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Fri Sep 12 00:00:00 2025 +0900

    Chore(Bump): deps

Pull request (ci-dependency):

commit 51133c5b8bc0f9e42d2fe8172000a9e5e6487a75 (pull_request/ci-dependency)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Sun Sep 14 00:00:00 2025 +0900

    Chore: refactor dependency ci

Fast forwarding main (50bc9d0) to ci-dependency (51133c5).

$ git push origin 51133c5b8bc0f9e42d2fe8172000a9e5e6487a75:main
To https://github.com/mincho-js/mincho.git
   50bc9d0..51133c5  51133c5b8bc0f9e42d2fe8172000a9e5e6487a75 -> main

[changeset-bot]

⚠️ No Changeset found

Latest commit: 51133c5

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

Triggered from #254 by @​black7375.

Checking if we can fast forward main (51133c5) to ci-dependency (51133c5).

Target branch (main):

commit 51133c5b8bc0f9e42d2fe8172000a9e5e6487a75 (HEAD -> main, origin/main, pull_request/ci-dependency)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Sun Sep 14 00:00:00 2025 +0900

    Chore: refactor dependency ci

Pull request (ci-dependency):

commit 51133c5b8bc0f9e42d2fe8172000a9e5e6487a75 (HEAD -> main, origin/main, pull_request/ci-dependency)
Author: alstjr7375 <alstjr7375@daum.net>
Date:   Sun Sep 14 00:00:00 2025 +0900

    Chore: refactor dependency ci

It is possible to fast forward main (51133c5) to ci-dependency (51133c5). If you have write access to the target repository, you can add a comment with /fast-forward to fast forward main to ci-dependency.

[black7375]

@coderabbitai fullreview

[coderabbitai]

@black7375: I'll perform a comprehensive review of all the changes in this PR.

✅ Actions performed

Full review triggered.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

The node-setup composite action removed strict-mode diagnostic and security commands, leaving only yarn install. The CI workflow’s dependencies job now explicitly runs peer dependency checks, constraints validation, and an audit step before the existing project reference check. No exported interfaces or public APIs changed.

Changes

Cohort / File(s)	Summary of Changes
GitHub Action: node-setup \.github/actions/node-setup/action.yml	In the strict branch of the Package Install step, removed echoed messages and commands: yarn check:pkgs and yarn npm audit --all. Retained only yarn install. Else branch unchanged.
CI Workflow: dependencies job \.github/workflows/ci.yml	Inserted three steps after setup: run yarn check:peers, yarn constraints, and yarn npm audit --all before the existing Project Reference Check. No other control flow changes.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Dev as GitHub Actions Runner
    participant CI as dependencies job
    participant Steps as Steps

    Dev->>CI: Trigger job
    Note over CI: Existing setup
    CI->>Steps: Setup (checkout, node, install)
    rect rgba(200,230,255,0.3)
    Note right of Steps: Newly inserted checks
    CI->>Steps: Check peer dependencies (yarn check:peers)
    CI->>Steps: Check package constraints (yarn constraints)
    CI->>Steps: Audit packages (yarn npm audit --all)
    end
    CI->>Steps: Project Reference Check (existing)
    CI-->>Dev: Job result

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• More fast CI and strict package check #207 — Also adjusts .github/actions/node-setup/action.yml and .github/workflows/ci.yml to modify package checks (peer, constraints, audit), indicating a closely related CI configuration change.

Suggested labels

config/build

Poem

I thump my paw on pipeline ground,
Moved checks from action to workflow round—
Peer squeaks pass, constraints align,
Audits nibble every vine.
Yarn spins clean in nightly light,
CI carrots stacked just right.
— A busy bun by moonlit byte 🥕🐇

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ci-dependency

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 50bc9d0 and 51133c5.

📒 Files selected for processing (2)

• .github/actions/node-setup/action.yml (0 hunks)
• .github/workflows/ci.yml (1 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}