ci: fix CI workflow YAML, remove broken Super-Linter, and document CI jobs

[shazzar00ni]

Motivation

• Remove duplicate top-level YAML keys and malformed step entries so the CI workflow is syntactically valid and maintainable.
• Normalize job and step naming to improve readability and make failure diagnostics clearer.
• Decide to remove the unconfigured Super-Linter step from this workflow to avoid ambiguous behavior and invalid syntax.
• Add a brief CI note to docs/DEVELOPMENT.md so contributors understand each job’s purpose and execution order.

Description

• Rewrote .github/workflows/ci.yml to remove the duplicate permissions key and convert malformed list entries into proper - name + uses/run step objects.
• Standardized job and step names such as Lint & Style Check, TypeScript Type Check, Unit Tests, Production Build, and explicit steps like Checkout repository, Set up Node.js, and Install dependencies.
• Removed the super-linter/super-linter step from the CI workflow to keep the job deterministic and syntactically valid.
• Added a succinct ### CI Jobs (GitHub Actions) section to docs/DEVELOPMENT.md documenting the four CI jobs and their roles.

Testing

• Validated the updated workflow with actionlint installed via Go (/tmp/actionlint .github/workflows/ci.yml) and it reported no issues.
• Attempted npx actionlint .github/workflows/ci.yml which failed in this environment due to executable resolution, so the Go-installed actionlint was used instead.
• Pre-commit tasks (lint-staged / prettier) executed during the commit process and completed successfully.

---

Codex Task

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docugen	Canceled		May 13, 2026 8:14pm

[strix-security]

Strix is installed on this repository, but we could not run this PR security review because this workspace does not have an active plan. If you'd like to continue receiving code reviews, you can add a payment method or manage billing here.

[coderabbitai]

Warning

Rate limit exceeded

@shazzar00ni has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 37 minutes and 56 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 76339fca-421d-40b2-a70b-205fc06d06a3

📥 Commits

Reviewing files that changed from the base of the PR and between a7af0d7 and b055518.

📒 Files selected for processing (2)

• .github/workflows/ci.yml
• docs/DEVELOPMENT.md

Walkthrough

GitHub Actions CI workflow refactored to simplify the lint job (removes Super-Linter, runs npm commands directly), rename all jobs for clarity, and keep minimal token permissions. Development guide updated with CI jobs overview.

Changes

CI Workflow Update

Layer / File(s)	Summary
Lint job refactor and workflow permissions .github/workflows/ci.yml	Workflow-level permissions remain at minimal contents: read. Lint job replaces Super-Linter action with direct npm run lint command, updates step naming to "Lint & Style Check" and "Run ESLint".
CI job renames (typecheck, test, build) .github/workflows/ci.yml	TypeScript type check, unit test, and production build jobs renamed with clearer labels ("TypeScript Type Check", "Unit Tests", "Production Build") while preserving identical command flows and npm ci dependency installation.
CI jobs documentation docs/DEVELOPMENT.md	Development guide adds "CI Jobs (GitHub Actions)" subsection describing the four CI jobs and their purpose in the workflow for pushes and pull requests targeting main.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• shazzar00ni/docugen#60: Updates docs/DEVELOPMENT.md alongside changes to workflow configuration.
• shazzar00ni/docugen#115: Directly related CI configuration changes to .github/workflows/ci.yml.

Suggested labels

codacy-review

Poem

🤖 CI pipes now flow with clearer names,

No Super-Linter in our games,

Four jobs march in lockstep true—

Lint, test, type-check, and build anew. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly and accurately summarizes the main changes: fixing CI workflow YAML issues, removing Super-Linter, and documenting CI jobs in the README.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset, clearly explaining the motivation, specific changes, and testing performed.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/clean-up-ci-workflow-configuration

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/setup-node	49933ea5288caeca8642d1e84afbd3f7d6820020	🟢 5.8	Details Check Score Reason Maintained 🟢 7 9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7 Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 9 binaries present in source code Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9

Scanned Files

• .github/workflows/ci.yml

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}

[Copilot]

Pull request overview

This PR fixes and clarifies the repository’s main CI workflow by making the YAML syntactically valid, removing a broken/unconfigured Super-Linter step, and documenting what each CI job does for contributors.

Changes:

• Refactored .github/workflows/ci.yml to use well-formed steps with standardized job/step names and removed the malformed Super-Linter step.
• Kept CI split into four jobs (lint, typecheck, tests, build) with build depending on the other three.
• Added a “CI Jobs (GitHub Actions)” section to docs/DEVELOPMENT.md describing the four CI jobs.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
.github/workflows/ci.yml	Rewrites CI workflow structure/naming and removes the broken Super-Linter step.
docs/DEVELOPMENT.md	Documents the CI jobs and their execution order/purpose for contributors.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Line 20: The workflow inconsistently pins actions: replace the tag reference
"actions/setup-node@v4" with the corresponding v4 commit SHA to match the pinned
"actions/checkout" usage; find every occurrence of "actions/setup-node@v4"
(there are four spots) and update them to the exact commit hash for the latest
v4 release so all action usages are consistently pinned.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: f6a46308-40e4-4a6c-8f53-16d559b04f52

📥 Commits

Reviewing files that changed from the base of the PR and between 2d442a9 and a7af0d7.

📒 Files selected for processing (2)

• .github/workflows/ci.yml
• docs/DEVELOPMENT.md

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Agent
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Security Scan
• GitHub Check: Run eslint scanning
• GitHub Check: Analyze (javascript-typescript)

🧰 Additional context used

🪛 LanguageTool

docs/DEVELOPMENT.md

[uncategorized] ~168-~168: The official name of this software platform is spelled with a capital “H”.
Context: ... ``` ### CI Jobs (GitHub Actions) The .github/workflows/ci.yml workflow runs four fo...

(GITHUB)

🔇 Additional comments (5)

.github/workflows/ci.yml (4)

3-4: LGTM!

---

64-64: LGTM!

---

13-76: LGTM!

---

18-18: No action required. The actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 pinning is correct—the commit hash matches the v6.0.2 tag and represents the current latest release.

docs/DEVELOPMENT.md (1)

166-176: LGTM!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[greptile-apps]

Greptile Summary

This PR fixes a syntactically broken CI workflow by removing the duplicate permissions key and a malformed Super-Linter step, adds explicit names to every step, pins actions/setup-node to a commit hash, replaces inline npx tsc --noEmit with npm run typecheck, and adds a CI jobs section to docs/DEVELOPMENT.md.

• .github/workflows/ci.yml: Duplicate top-level permissions key removed; Super-Linter entry (which had no valid uses or run key) removed; setup-node upgraded from a floating @v4 tag to a pinned SHA; all anonymous run: and uses: entries now have explicit name: fields.
• docs/DEVELOPMENT.md: New ### CI Jobs (GitHub Actions) section documents all four jobs and their order; two occurrences of npx tsc --noEmit in troubleshooting examples replaced with npm run typecheck to stay consistent with the package.json script.

Confidence Score: 4/5

Safe to merge — the workflow is now syntactically valid and the documentation is accurate, with one minor wording imprecision worth addressing.

The workflow fixes are straightforward and correct. The only noteworthy gap is that docs/DEVELOPMENT.md describes the Lint job as enforcing "ESLint and style rules", implying Prettier is checked, when in fact npm run format:check is never invoked in CI. This means formatted-code enforcement relies entirely on lint-staged hooks, which are bypassable, and contributors reading the docs may have a false expectation about what CI catches.

The wording in docs/DEVELOPMENT.md (line 170) overstates what the Lint job enforces — worth a second look to either add format:check to the job or correct the description.

Important Files Changed

Filename	Overview
.github/workflows/ci.yml	Duplicate permissions key removed, Super-Linter removed, all steps named, setup-node pinned to a commit hash, and npx tsc --noEmit replaced with npm run typecheck — YAML is now syntactically valid and deterministic
docs/DEVELOPMENT.md	Added CI jobs section documenting four jobs and their roles; two inline npx tsc --noEmit commands updated to npm run typecheck — minor inaccuracy: the Lint job description says "ESLint and style rules" but Prettier format-check is not run in CI

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    trigger([Push / PR to main]) --> lint[Lint & Style Check\nnpm run lint]
    trigger --> typecheck[TypeScript Type Check\nnpm run typecheck]
    trigger --> test[Unit Tests\nnpm run test:run]
    lint --> build
    typecheck --> build
    test --> build
    build[Production Build\nnpm run build]
    build --> done([CI Complete])

Loading

_{Reviews (1): Last reviewed commit: "ci: pin setup-node and use typecheck scr..." | Re-trigger Greptile}

[greptile-apps]

The description says "ESLint and style rules", implying Prettier formatting is enforced here. In practice the lint job only runs npm run lint (ESLint); npm run format:check is never called in CI. A PR from a fork or a direct push that skips lint-staged will pass CI even if the code is unformatted. Either add format:check to the job or tighten the wording so it doesn't suggest Prettier is checked.

Suggested change

	- **Lint & Style Check**: Runs `npm run lint` to enforce ESLint and style rules.
	- **Lint & Style Check**: Runs `npm run lint` to enforce ESLint rules.