action port input and outputs declarations, bump deps

[MrSquaare]

Summary by CodeRabbit

• Chores
  • Removed multiple ignore entries leaving ignore configs empty.
  • Updated CI to newer action versions, added SSH-backed test steps for both Git providers, and enabled pnpm caching.
  • Migrated to a new ESLint config format, overhauled developer tooling/dependencies, added package manager metadata, and bumped package version to 3.1.1.
• Changes
  • Action input "port" default now stored as a string ("22") and the action now exposes SSH-related outputs (ssh-path, ssh-agent-pid, ssh-auth-sock).

[coderabbitai]

Walkthrough

Replaces legacy ESLint config with a new flat config, removes .eslintrc.js and prunes ignore files, updates package metadata and dev-dependencies, modifies GitHub Actions to newer action versions and adds SSH-driven test steps for GitHub and GitLab, and adjusts action.yml inputs/outputs and quoting.

Changes

Cohort / File(s)	Change summary
ESLint config & ignores eslint.config.mjs, .eslintrc.js, .eslintignore	Added eslint.config.mjs exporting a flat config (js + typescript + prettier) with ignores: ["lib/"]; removed module.exports from .eslintrc.js; removed node_modules/ and lib/ entries from .eslintignore.
Ignore configuration .dcignore	Removed a previous global catch-all ignore and its exception; file now contains no ignore rules.
CI workflow .github/workflows/pull-request.yml	Upgraded action versions (actions/checkout@v4→@v5, pnpm/action-setup@v3→@v4), added cache: "pnpm" to actions/setup-node@v4, added step ids (github, gitlab), switched GitLab SSH host to altssh.gitlab.com with port 443, and added/renamed dedicated "Run tests for GitHub" and "Run tests for GitLab" steps that consume SSH setup outputs.
Action metadata action.yml	Changed inputs.port to remove type: number and set default "22" (string); added outputs ssh-path, ssh-agent-pid, ssh-auth-sock; normalized runs.post/runs.post-if quoting.
Package manifest package.json	Bumped version 3.0.0 → 3.1.1; added packageManager: "pnpm@10.14.0"; updated dependencies (@actions/core, nanoid); overhauled devDependencies to ESLint v9 flat stack and related tooling (added @eslint/js, typescript-eslint, upgraded eslint, prettier, typescript, @vercel/ncc, @types/node, etc.).

Sequence Diagram(s)

sequenceDiagram
  participant WF as GitHub Workflow
  participant Checkout as actions/checkout
  participant SetupPNPM as pnpm/action-setup
  participant SetupNode as actions/setup-node
  participant SSH_GH as Setup GitHub SSH (id: github)
  participant SSH_GL as Setup GitLab SSH (id: gitlab)
  participant TestsGH as Run tests for GitHub
  participant TestsGL as Run tests for GitLab

  WF->>Checkout: checkout code (v5)
  WF->>SetupPNPM: install pnpm (v4)
  WF->>SetupNode: setup node (cache: "pnpm")
  WF->>SSH_GH: setup SSH for GitHub -> outputs (ssh-path, ssh-agent-pid, ssh-auth-sock)
  WF->>TestsGH: run ./test/test.sh (use SSH_GH outputs)
  WF->>SSH_GL: setup SSH for GitLab (altssh.gitlab.com:443) -> outputs
  WF->>TestsGL: run ./test/test.sh (use SSH_GL outputs)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~35 minutes

Poem

I nibble at configs beneath the moon,
Flattened lint trails and a newer tune.
SSH hops, tests align in rows,
Versions rise as the soft wind blows.
A rabbit grins — the repo grows. 🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d97fcf9 and bd22d3b.

📒 Files selected for processing (2)

• .github/workflows/pull-request.yml (3 hunks)
• action.yml (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• action.yml
• .github/workflows/pull-request.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Codacy Static Code Analysis

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch deps-and-action-ref

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.github/workflows/pull-request.yml (1)

53-53: Same note on pinning actions to SHAs

Repeat of the earlier suggestion for checkout in the test job.

🧹 Nitpick comments (5)

eslint.config.mjs (2)

1-10: Optionally include eslint-config-prettier to avoid rule conflicts

With eslint-plugin-prettier/recommended you typically also include eslint-config-prettier to disable formatting-related ESLint rules that clash with Prettier. You already added it as a devDependency but it’s not wired here.

Apply this diff to include it:

 import js from "@eslint/js";
 import prettier from "eslint-plugin-prettier/recommended";
-import ts from "typescript-eslint";
+import ts from "typescript-eslint";
+import eslintConfigPrettier from "eslint-config-prettier";

 export default ts.config(
   { ignores: ["lib/"] },
   js.configs.recommended,
   ts.configs.recommended,
+  eslintConfigPrettier,
   prettier,
 );

---

3-3: Nit: prefer a more descriptive import name

Renaming ts to tseslint is a minor clarity win when scanning configs.

-import ts from "typescript-eslint";
+import tseslint from "typescript-eslint";

-export default ts.config(
+export default tseslint.config(
-  ts.configs.recommended,
+  tseslint.configs.recommended,

.github/workflows/pull-request.yml (2)

20-20: Pin actions to commit SHAs for supply-chain hardening

actions/checkout@v5 is fine functionally, but consider pinning to a specific commit SHA per security best practices to prevent tag-hijack risks.

---

25-25: Pin pnpm version to match packageManager

To ensure CI uses the same pnpm version declared in package.json (pnpm@10.14.0), set it explicitly.

       - name: Install pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10.14.0

package.json (1)

15-15: Nit: align main to built artifact (optional)

If anyone imports this package (even if not published), main typically points to lib/index.js after ncc. Not required for GitHub Actions to function.

-  "main": "src/index.ts",
+  "main": "lib/index.js",

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 017f4d9 and 5258f63.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (7)

• .dcignore (0 hunks)
• .eslintignore (0 hunks)
• .eslintrc.js (0 hunks)
• .github/workflows/pull-request.yml (2 hunks)
• action.yml (2 hunks)
• eslint.config.mjs (1 hunks)
• package.json (2 hunks)

💤 Files with no reviewable changes (3)

• .dcignore
• .eslintignore
• .eslintrc.js

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (6)

action.yml (3)

11-14: Correct fix: inputs must be strings in action metadata

Changing the port default to the string "22" and removing a numeric type aligns with GitHub Actions input semantics (inputs are strings in action.yml). This resolves type-mismatch quirks downstream.

---

25-26: Post-action script presence verified

Both lib/index.js and lib/cleanup.js are present, and post-if: "always()" will correctly execute the cleanup step regardless of build outcome. No further changes needed.

---

11-14: No explicit port conversion needed for CLI flags

All usages of the port input are passed directly as string arguments to CLI commands (e.g., ssh-keyscan via execute("ssh-keyscan", ["-p", port, host])). Since these tools expect their flags as strings, there’s no need to convert the port to a number.

Key locations:

• src/index.ts:175–176 — reading const port: string = core.getInput("port")
• src/index.ts:136–142 — calling execute("ssh-keyscan", ["-p", port, host])

No changes required.

eslint.config.mjs (1)

5-10: Flat config migration looks solid

Good use of ts.config to compose js/ts recommended presets, add Prettier, and ignore lib/. This matches the tooling updates in package.json.

package.json (2)

3-3: Version bump acknowledged

3.1.1 reflects the dependency upgrades and metadata fixes in this PR.

---

24-33: Confirm usage of eslint-config-prettier

You’ve added eslint-config-prettier but the flat config doesn’t include it. Either wire it in (see eslint.config.mjs suggestion) or drop the devDependency.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.github/workflows/pull-request.yml (1)

80-83: Using altssh.gitlab.com:443 is correct; ensure known_hosts covers this host

When switching to altssh.gitlab.com on port 443, verify your action adds the correct host key entry for altssh.gitlab.com to known_hosts (do not disable StrictHostKeyChecking). If your action already manages known_hosts, nothing to change here.

Would you like me to propose a snippet to add/update known_hosts within the composite action for altssh.gitlab.com?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5258f63 and d97fcf9.

📒 Files selected for processing (1)

• .github/workflows/pull-request.yml (4 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-08-12T19:36:42.818Z

Learnt from: MrSquaare
PR: MrSquaare/ssh-setup-action#53
File: .github/workflows/pull-request.yml:28-32
Timestamp: 2025-08-12T19:36:42.818Z
Learning: When using actions/setup-nodev4 with cache: "pnpm", the action automatically detects and uses pnpm-lock.yaml from the repository root by default. The cache-dependency-path parameter is only needed for non-standard lockfile locations, monorepos with multiple lockfiles, or when using wildcard patterns. For standard single-repository setups with pnpm-lock.yaml at the root, specifying cache-dependency-path is redundant and unnecessary.

Applied to files:

• .github/workflows/pull-request.yml

📚 Learning: 2025-08-12T19:36:42.818Z

Learnt from: MrSquaare
PR: MrSquaare/ssh-setup-action#53
File: .github/workflows/pull-request.yml:28-32
Timestamp: 2025-08-12T19:36:42.818Z
Learning: When using actions/setup-nodev4 with cache: "pnpm", the action automatically detects and uses pnpm-lock.yaml as the cache dependency path. Adding cache-dependency-path: pnpm-lock.yaml is redundant and unnecessary.

Applied to files:

• .github/workflows/pull-request.yml

🪛 actionlint (1.7.7)

.github/workflows/pull-request.yml

70-70: property "ssh-path" is not defined in object type {}

(expression)

---

71-71: property "ssh-agent-pid" is not defined in object type {}

(expression)

---

72-72: property "ssh-auth-sock" is not defined in object type {}

(expression)

---

94-94: property "ssh-path" is not defined in object type {}

(expression)

---

95-95: property "ssh-agent-pid" is not defined in object type {}

(expression)

---

96-96: property "ssh-auth-sock" is not defined in object type {}

(expression)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (6)

.github/workflows/pull-request.yml (6)

20-20: Upgrade to actions/checkout@v5 looks good

v5 is stable and aligns with the rest of the workflow updates.

---

25-25: pnpm/action-setup@v4 is appropriate

v4 supports recent pnpm versions and integrates well with setup-node caching.

---

31-31: Correct use of setup-node caching for pnpm (no cache-dependency-path needed)

Good call keeping only cache: "pnpm". Per our retrieved learnings for this repo, setup-node@v4 auto-detects pnpm-lock.yaml at the repo root; adding cache-dependency-path would be redundant.

---

53-53: Upgrade to actions/checkout@v5 in test job looks good

Consistent with the build job; no issues spotted.

---

59-59: Adding id: github is correct and necessary for downstream outputs

This enables referencing steps.github.outputs.* in later steps.

---

78-78: Adding id: gitlab is correct and necessary for downstream outputs

Enables steps.gitlab.outputs.* references later.