Skip to content

Fixed Tailwind Issues #118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bharathk08 merged 4 commits into from
Apr 14, 2026
Merged

Fixed Tailwind Issues #118

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9d18c7b
Fixed Tailwind Issues
bharathk08 Apr 10, 2026
2aef1f9
Update gatsby-config.js
bharathk08 Apr 10, 2026
037d50d
Fix CI: upgrade to Node 20 and pin dependencies with package-lock.json
bharathk08 Apr 14, 2026
efcbcec
Fix CI: use --legacy-peer-deps and remove package-lock.json from giti…
bharathk08 Apr 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions .github/workflows/cd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,12 @@ jobs:
- name: Install libvips
run: sudo apt-get install libvips
- uses: actions/checkout@v2
- name: Setup Node 18
- name: Setup Node 20
uses: actions/setup-node@v2
with:
node-version: '18'
node-version: '20'
- name: Install dependencies
run: |
npm i --force --unsafe-perm
run: npm ci --legacy-peer-deps --unsafe-perm
- name: Force installing sharp
run: npm install --ignore-scripts=false --verbose sharp@0.30.7 --force --unsafe-perm
- name: 'Create env file'
Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,12 @@ jobs:
- name: Install libvips
run: sudo apt-get install libvips
- uses: actions/checkout@v2
- name: Setup Node 18
- name: Setup Node 20
uses: actions/setup-node@v2
with:
node-version: '18'
node-version: '20'
Comment on lines +14 to +17
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

actions/setup-node v2 deprecated 2025 2026 current version support

💡 Result:

actions/setup-node v2 is deprecated. Users should upgrade to the current version v6 (latest release v6.3.0 on 2026-03-04). Older versions like v2 run on outdated Node.js runtimes (pre-Node 16), which are incompatible with GitHub's runner changes: Node 20 deprecated (EOL April 2026, runners switch to Node 24 default on June 2, 2026, Node 20 removed fall 2026). v5+ support Node 24 (upgraded Sep 2025). v2 has no specific deprecation date but will fail post-June 2026 due to runtime incompatibility. All versions fully supported today (2026-04-14), but upgrade recommended for future compatibility. Use: uses: actions/setup-node@v6 with node-version: '24'.

Citations:

Upgrade actions/setup-node to v6 and Node to 24.

actions/setup-node@v2 is deprecated and will fail after June 2, 2026 when runners switch to Node 24. Node 20 reaches EOL in April 2026 (today) and will be removed from runners in fall 2026. Upgrade to the current version v6 with Node 24 for future compatibility.

🔧 Proposed fix 
      - name: Setup Node 20
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v6
         with:
-          node-version: '20'
+          node-version: '24'
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Setup Node 20
uses: actions/setup-node@v2
with:
node-version: '18'
node-version: '20'
- name: Setup Node 20
uses: actions/setup-node@v6
with:
node-version: '24'
🧰 Tools
🪛 actionlint (1.7.12)

[error] 15-15: the runner of "actions/setup-node@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 14 - 17, Update the GitHub Actions
step currently named "Setup Node 20" that uses actions/setup-node@v2 and
node-version '20' to use actions/setup-node@v6 and node-version '24'; locate the
step by the "Setup Node 20" name (and the uses: actions/setup-node@v2 line) and
replace the version pin and node-version value accordingly to ensure
compatibility with Node 24.

- name: Install dependencies
run: |
rm -rf node_modules && npm i --force --unsafe-perm
run: npm ci --legacy-peer-deps --unsafe-perm
- name: Force installing sharp
run: npm install --ignore-scripts=false --verbose sharp@0.30.7 --force --unsafe-perm
- name: 'Create env file'
Expand Down
8 changes: 3 additions & 5 deletions .github/workflows/staging-cd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,12 @@ jobs:
- name: Install libvips
run: sudo apt-get install libvips
- uses: actions/checkout@v2
- name: Setup Node 18
- name: Setup Node 20
uses: actions/setup-node@v2
with:
node-version: '18'
node-version: '20'
Comment on lines +15 to +18
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify deprecated setup-node usage across workflow files
rg -n --iglob '*.yml' 'actions/setup-node@v2|actions/setup-node@v[0-9]+' .github/workflows

Repository: testsigmahq/testsigma-tutorials

Length of output: 274

🌐 Web query:

actions/setup-node v2 deprecated GitHub Actions official documentation

💡 Result:

Yes, actions/setup-node v2 is deprecated. The official GitHub documentation and repository recommend updating to the latest version, which is v6.3.0 as of March 2026. Key points from official sources: - Current version: v6.3.0 (released 2026-03-04). Use uses: actions/setup-node@v6. - Older versions like v2 are no longer actively maintained or documented in recent releases. Updates from v2 to v3 involved breaking changes such as runtime upgrade to Node 16 and removal of deprecated inputs. - Breaking changes in recent versions: - v6: Automatic caching for npm if packageManager field present; removed always-auth input. - v5: Default caching enabled; upgraded to Node 24 runtime (requires runner v2.327.1+). - v3: Node 16 runtime; removed 'version' input (use 'node-version'). - Migration: Update your workflow to uses: actions/setup-node@v6 with node-version: '24' or desired version. Pin to major version (e.g., @v6) for stability, as minor/patch updates include fixes. - Repository: https://github.com/actions/setup-node (latest README shows v6 usage examples). - Releases page lists all versions, confirming v2 is outdated: https://github.com/actions/setup-node/releases. No explicit "deprecated" banner for v2, but standard practice for GitHub Actions is to upgrade from unmaintained tags to latest major.

Citations:

🌐 Web query:

actions/setup-node latest version 2024 2025 supported versions

💡 Result:

The latest version of the actions/setup-node GitHub Action is v6.3.0, released on 2026-03-04. It supports all Node.js versions available in the actions/node-versions repository, including the latest releases as of 2026: Node.js 24.14.1 (March 2026), 22.22.2 (March 2026), 20.20.2 (March 2026), and earlier patch versions. Examples from documentation include major versions 20, 22, 24; specific versions like 20.19, 22.17.1, 24.8.0; LTS aliases like lts/iron, lts/jod, lts/; and latest/. In 2024-2025, it supported Node.js 20+ (upgraded from Node 16/18 deprecations), with v5.0.0 (2025-09) introducing Node 24 support for the action itself, and ongoing updates through v6.x. The action downloads LTS versions from actions/node-versions releases and caches them. Use node-version: '24', 'lts/*', or 'latest' (resolves to newest dist version).

Citations:

Upgrade actions/setup-node from v2 to v6.

actions/setup-node@v2 is deprecated and unmaintained. The latest supported version is v6.3.0 (released March 2026).

🔧 Proposed fix 
-      - name: Setup Node 20
-        uses: actions/setup-node@v2
+      - name: Setup Node 20
+        uses: actions/setup-node@v6
         with:
           node-version: '20'
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Setup Node 20
uses: actions/setup-node@v2
with:
node-version: '18'
node-version: '20'
- name: Setup Node 20
uses: actions/setup-node@v6
with:
node-version: '20'
🧰 Tools
🪛 actionlint (1.7.12)

[error] 16-16: the runner of "actions/setup-node@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/staging-cd.yml around lines 15 - 18, Update the GitHub
Actions step that sets up Node to use the maintained setup action: change the
uses value in the "Setup Node 20" step from actions/setup-node@v2 to
actions/setup-node@v6 (or actions/setup-node@v6.3.0) while keeping the
node-version: '20' argument; ensure the step name "Setup Node 20" and the
node-version remain unchanged so other workflow steps continue to work.

- name: Install dependencies
run: |
rm -rf .cache node_modules
npm i --force --unsafe-perm
run: npm ci --legacy-peer-deps --unsafe-perm
- name: Force installing sharp
run: npm install --ignore-scripts=false --verbose sharp@0.30.7 --force --unsafe-perm
- name: 'Create env file'
Expand Down
1 change: 0 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,3 @@ public
.idea/*
*.iml
.DS_Store
package-lock.json
13 changes: 6 additions & 7 deletions gatsby-config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,15 @@ module.exports = {
"gatsby-plugin-postcss",
"gatsby-plugin-sass",
"gatsby-plugin-image",
"gatsby-transformer-remark",
"gatsby-plugin-sharp",
"gatsby-transformer-sharp",
'gatsby-plugin-react-helmet',
{
resolve: 'gatsby-plugin-env-variables',
options: {
allowList: ['TYPESENSE_HOST', 'TYPESENSE_PORT', 'TYPESENSE_PROTOCOL', 'TYPESENSE_API_KEY', "TYPESENSE_SEARCH_API_KEY", "TYPESENSE_COLLECTION"],
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether TYPESENSE_API_KEY is actually consumed anywhere besides gatsby-config.js.
# Expected: client code should only reference TYPESENSE_SEARCH_API_KEY.

rg -n -C2 'TYPESENSE_API_KEY|TYPESENSE_SEARCH_API_KEY|TYPESENSE_COLLECTION|TYPESENSE_HOST|TYPESENSE_PORT|TYPESENSE_PROTOCOL'

Repository: testsigmahq/testsigma-tutorials

Length of output: 3835

Remove TYPESENSE_API_KEY from the client allow-list.

The client-side code in src/components/SearchInputBox.jsx only consumes TYPESENSE_SEARCH_API_KEY (plus host/port/protocol/collection). The gatsby-plugin-env-variables plugin exposes every allowList entry to the frontend bundle, making them visible to client-side scripts. TYPESENSE_API_KEY is the admin key used by scripts/indexr.js (a server-side build script) and should never be exposed to the browser.

Suggested change 
-        allowList: ['TYPESENSE_HOST', 'TYPESENSE_PORT', 'TYPESENSE_PROTOCOL', 'TYPESENSE_API_KEY', "TYPESENSE_SEARCH_API_KEY", "TYPESENSE_COLLECTION"],
+        allowList: ['TYPESENSE_HOST', 'TYPESENSE_PORT', 'TYPESENSE_PROTOCOL', 'TYPESENSE_SEARCH_API_KEY', 'TYPESENSE_COLLECTION'],
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
allowList: ['TYPESENSE_HOST', 'TYPESENSE_PORT', 'TYPESENSE_PROTOCOL', 'TYPESENSE_API_KEY', "TYPESENSE_SEARCH_API_KEY", "TYPESENSE_COLLECTION"],
allowList: ['TYPESENSE_HOST', 'TYPESENSE_PORT', 'TYPESENSE_PROTOCOL', 'TYPESENSE_SEARCH_API_KEY', 'TYPESENSE_COLLECTION'],
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@gatsby-config.js` at line 25, The allowList array in the
gatsby-plugin-env-variables configuration currently includes the admin key
string 'TYPESENSE_API_KEY' which exposes the server-side admin key to the
frontend; remove 'TYPESENSE_API_KEY' from the allowList (leaving
'TYPESENSE_SEARCH_API_KEY' plus host/port/protocol/collection) so only the
search key and non-sensitive vars are exposed via the allowList in the plugin
configuration.

},
},
{
resolve: `gatsby-plugin-s3`,
options: {
Expand Down Expand Up @@ -104,12 +109,6 @@ module.exports = {
},
},
},
{
resolve: 'gatsby-plugin-env-variables',
options: {
allowList: ['TYPESENSE_HOST', 'TYPESENSE_PORT', 'TYPESENSE_PROTOCOL', 'TYPESENSE_API_KEY', "TYPESENSE_SEARCH_API_KEY", "TYPESENSE_COLLECTION"],
},
}
],
},
}
Expand Down
Loading
Loading