feat: dependency dashboard

[epsjunior]

CI and dependency updates

• Update GitHub Actions to actions/checkout@v5 in publish.yml, publish-beta.yml, and validate-code.yml
• Bump Node.js version in CI (validate-code.yml) from 18 to 22
• Upgrade Docker image ollama/ollama from 0.9.6 to 0.11.4 in docker-compose.yml
• Bump dependencies:
  • cross-env to ^10.0.0
  • genlayer-js to ^0.14.0
• Refresh package-lock.json

No functional code changes; CI and infra/deps only.

Summary by CodeRabbit

• CI / Infrastructure
  • Updated GitHub Actions checkout to v5 across workflows
  • Bumped Node.js used in validation workflow from 18 to 22
• Dependency Updates
  • Updated Ollama service image to 0.11.4
  • Bumped dev dependency cross-env from 7.0.3 to 10.0.0

[coderabbitai]

Walkthrough

Update CI workflows to use actions/checkout@v5; bump Node.js to 22 in the validate-code workflow; bump ollama image tag in docker-compose to 0.11.4; update dev dependency cross-env in package.json. No structural changes to workflows or application code.

Changes

Cohort / File(s)	Summary of Changes
CI Workflows .github/workflows/publish.yml, .github/workflows/publish-beta.yml, .github/workflows/validate-code.yml	Replace uses: actions/checkout@v4 with uses: actions/checkout@v5 in all workflows; additionally set node-version from 18 → 22 in validate-code.yml.
Docker Compose Images docker-compose.yml	Update ollama service image tag from ollama/ollama:0.9.6 → ollama/ollama:0.11.4.
Dependencies package.json	Bump devDependency cross-env from ^7.0.3 → ^10.0.0.

Sequence Diagram(s)

(omitted — changes are version bumps and do not alter control flow)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related issues

• Dependency Dashboard #81 — Appears to track the same dependency and CI updates (checkout v5, Node 22, cross-env, ollama image).

Possibly related PRs

• chore: dependency dashboard #239 — Modifies the same docker-compose ollama image tag; likely related.

Suggested reviewers

• cristiam86

Poem

A rabbit hops through CI tonight,
Bumping versions with a tiny bite.
Checkout, Node, and Ollama climb,
cross-env updated—right on time.
Thump-thump, release dreams take flight! 🥕🐇

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 5e8af07 and 4461d40.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• .github/workflows/publish.yml (1 hunks)
• .github/workflows/validate-code.yml (1 hunks)
• package.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• .github/workflows/publish.yml
• package.json
• .github/workflows/validate-code.yml

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dxp-92-dependency-dashboard

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

.github/workflows/publish.yml (1)

20-24: Checkout v5 looks good; consider fetching full history for release tooling.

If release-it relies on tags/commit history, shallow clones can cause issues. Suggest setting fetch-depth: 0 to ensure full history is available during publishing.

Apply this diff in the same step:

       - name: Checkout source code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v5
         with:
           token: ${{ steps.ci_bot_token.outputs.token }}
+          fetch-depth: 0

.github/workflows/publish-beta.yml (1)

20-24: Same note as stable publish: fetch full history to avoid release/tagging hiccups.

actions/checkout@v5 is fine. Consider fetch-depth: 0 so release tooling sees all tags/commits.

Apply this diff in the same step:

       - name: Checkout source code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v5
         with:
           token: ${{ steps.ci_bot_token.outputs.token }}
+          fetch-depth: 0

docker-compose.yml (1)

86-101: Ollama image bump OK; consider model persistence and image pinning.

• Persistence: Without a volume, pulled models are lost on container restart. Recommend mounting the models directory.
• Supply chain: Consider pinning by digest to avoid tag drift.
• Optional: add a healthcheck for early readiness detection.

Apply this diff to persist models:

   ollama:
-    image: ollama/ollama:0.11.4
+    image: ollama/ollama:0.11.4
     ports:
       - 11434:11434
     container_name: genlayer-ollama
     tty: true
     restart: always
+    volumes:
+      - ollama_models:/root/.ollama
     security_opt:
       - "no-new-privileges=true"
     logging:
       driver: "json-file"
       options:
         max-size: "10m"
         max-file: "3"
     profiles:
       - ollama

And append under volumes:

 volumes:
   hardhat_artifacts:
   hardhat_deployments:
   hardhat_cache:
   hardhat_snapshots:
+  ollama_models:

.github/workflows/validate-code.yml (1)

25-26: Node 22 in CI: verify ecosystem compatibility; consider a matrix if you still support older Node.

• Ensure all deps (esbuild, vitest, inquirer, etc.) are green on Node 22.
• If users run Node 18/20, a small matrix helps catch regressions.

You can test across versions by switching to a matrix:

strategy:
  matrix:
    node: [18, 22]

# ...
- name: Set up Node.js
  uses: actions/setup-node@v4
  with:
    node-version: ${{ matrix.node }}
    cache: npm

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b2f0e99 and 5e8af07.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (5)

• .github/workflows/publish-beta.yml (1 hunks)
• .github/workflows/publish.yml (1 hunks)
• .github/workflows/validate-code.yml (1 hunks)
• docker-compose.yml (1 hunks)
• package.json (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-07-10T23:50:34.628Z

Learnt from: epsjunior
PR: genlayerlabs/genlayer-cli#239
File: package.json:60-66
Timestamp: 2025-07-10T23:50:34.628Z
Learning: In the genlayer-cli project, dotenv is used with manual parsing via dotenv.parse() rather than automatic loading via dotenv.config(), so warnings about implicit .env.local auto-loading changes in dotenv v17 are not applicable to this project.

Applied to files:

• package.json

🔇 Additional comments (2)

package.json (1)

48-48: cross-env@^10.0.0 bump: update Node engines and validate scripts

Node’s minimum engine requirement has been raised from ≥10.14 (v7) to ≥18 (v10). Please ensure your CI images and local dev machines are on Node 18+ and re-test any cross-env or cross-env-shell invocations—especially on Windows—to catch any quoting/escaping regressions.

• File to update/verify: package.json (check engines field and your CI configs)
• Ensure all CI workflows, Docker images, and dev toolchains are running Node 18+
• Run representative scripts with environment-variable quoting (including JSON flags) on both UNIX and Windows shells

.github/workflows/validate-code.yml (1)

20-20: Checkout v5: LGTM.

Modernizes the action runtime; no issues expected.