Add oxlint GitHub Actions workflow

[TinyKitten]

Summary

• .github/workflows/lint.yml を追加し、push と pull_request で npm run lint (oxlint) を実行
• node_modules を package-lock.json のハッシュキーでキャッシュし、ヒット時は npm ci をスキップ

Test plan

• このPRで Lint ワークフローが起動し、成功することを確認
• 2回目の実行で node_modules キャッシュがヒットし npm ci がスキップされることを確認

🤖 Generated with Claude Code

Summary by CodeRabbit

リリースノート

• Chores
  • プルリクエストとプッシュ時に自動でコード整形・静的解析（lint）を実行する継続的インテグレーションワークフローを追加しました。開発品質とコードの一貫性が向上し、問題の早期検出とレビュー負担の軽減に寄与します。

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2eab7289-2637-48ca-a776-fb7344dfabc8

📥 Commits

Reviewing files that changed from the base of the PR and between 08bc946 and c9aef56.

📒 Files selected for processing (1)

• .github/workflows/lint.yml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/lint.yml

---

Walkthrough

GitHub Actions ワークフロー .github/workflows/lint.yml を追加しました。push と pull_request でトリガーされ、oxlint ジョブが ubuntu-latest 上で Node.js v22 をセットアップし、node_modules をキャッシュしつつ（キャッシュミス時にのみ）npm ci を実行し、最後に npm run lint を実行します。

変更内容

CI リントワークフロー

Layer / File(s)	Summary
ワークフロー設定 .github/workflows/lint.yml	新規ワークフロー Lint を追加。on: [push, pull_request] で実行される。
ランナー / ランタイム .github/workflows/lint.yml	ジョブ oxlint を ubuntu-latest で実行、actions/setup-node で Node.js v22 を設定。
キャッシュとインストール .github/workflows/lint.yml	node_modules を OS/Node/version/package-lock.json をキーにキャッシュ。キャッシュヒットしない場合のみ npm ci を実行。
実行ステップ .github/workflows/lint.yml	リポジトリをチェックアウト後、依存を（必要時）インストールし、npm run lint を実行。

見積もりコードレビュー労力

🎯 2 (Simple) | ⏱️ ~10 minutes

詩

🐰 新しい道に跳ねるよ、
Lintの光でコードを照らす、
キャッシュで速く、心は清く、
小さなホップで大きな整頓、
さあ、きれいな木の葉のように舞おう。

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately and clearly summarizes the main change: adding a new GitHub Actions workflow for oxlint linting.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/oxlint-ci

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[TinyKitten]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[TinyKitten]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/lint.yml:
- Around line 19-21: The cache key currently only includes runner.os and the
lockfile hash (node-modules-${{ runner.os }}-${{ hashFiles('package-lock.json')
}}), which can cause stale node_modules to be restored when the workflow's
node-version changes; update the key to include the workflow's node-version
variable (the node-version configured at the top of the job, e.g.
matrix.node-version or whatever variable is used) — for example append -${{
matrix.node-version }} or -${{ steps.setup-node.outputs.node-version }} into the
key so it becomes node-modules-${{ runner.os }}-${{ matrix.node-version }}-${{
hashFiles('package-lock.json') }} ensuring caches are invalidated when
node-version changes.
- Around line 7-9: Job "oxlint" currently doesn't declare GITHUB_TOKEN
permissions; add a minimal permissions block to restrict token scope to what's
needed for actions/checkout and actions/cache. Update the "oxlint" job
definition to include a permissions stanza that at minimum sets contents: read
(and add packages: read if your cache uses package artifacts), so the workflow
only grants the least privilege required for actions/checkout and actions/cache.
- Around line 11-15: The workflow pins mutable action tags to immutable commit
SHAs: replace each occurrence of actions/checkout@v4, actions/setup-node@v4, and
actions/cache@v4 with their respective full 40-character commit SHAs (use the
SHAs from the action repositories corresponding to the v4 release) and add a
trailing comment with the original tag (e.g., # v4) for readability; ensure you
update all three usages in the lint.yml to use the SHA-pinned refs to restore
reproducibility and supply-chain safety.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1ff2f5c5-4888-4f66-b321-0db93c397764

📥 Commits

Reviewing files that changed from the base of the PR and between 53e470d and 08bc946.

📒 Files selected for processing (1)

• .github/workflows/lint.yml

[TinyKitten]

Fixes Applied Successfully

Fixed 1 file based on 2 of 3 CodeRabbit feedback items.

Files modified:

• .github/workflows/lint.yml

Changes:

• Added job-level permissions: contents: read for least-privilege GITHUB_TOKEN
• Included Node major version (node22) in the actions/cache key to prevent stale node_modules restore on a future Node bump

Deferred:

• SHA-pinning of actions/checkout, actions/setup-node, actions/cache. This repo is a personal, single-user, dotfile-style project; the ongoing maintenance cost of SHA-pin bumps wasn't judged worthwhile here.

Commit: c9aef56

The latest autofix changes are on the feature/oxlint-ci branch.

[TinyKitten]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.