publishing-fixed

[codedbytahir]

Summary by CodeRabbit

• Chores
  • Updated repository metadata across package configurations to reflect Git repository information and directory structure.
  • Minor workflow formatting adjustments for consistency.

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

Repository metadata is standardized across the project by adding or updating the repository field in package.json files at the root and workspace package levels, with consistent git type and GitHub URLs. A minor whitespace adjustment is made to the publish workflow.

Changes

Cohort / File(s)	Summary
Workflow Formatting .github/workflows/publish.yml	Minor whitespace adjustments in the Publish MotionForge step; no functional or execution flow changes.
Repository Metadata Updates package.json, packages/create-motionforge/package.json, packages/motionforge/package.json	Added or updated repository field with type: "git" and GitHub URL; workspace packages include directory path information. Root package.json adds new metadata; motionforge package updates URL format from https to git+https and adds directory field.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• Feature/advanced export ai guidelines 8613210377134183394 #3: Adds/defines the Publish MotionForge step in .github/workflows/publish.yml, the same workflow file touched by whitespace edits in this PR.

Poem

🐰 Hopping through repos with methodical care,
Git metadata tidied, arranged with such flair,
Package by package, a path now so clear,
Organization magic—MotionForge's frontier! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Merge Conflict Detection	⚠️ Warning	❌ Merge conflicts detected (5 files): ⚔️ .github/workflows/ci.yml (content) ⚔️ .github/workflows/publish.yml (content) ⚔️ package.json (content) ⚔️ packages/create-motionforge/package.json (content) ⚔️ packages/motionforge/package.json (content) These conflicts must be resolved before merging into main.	Resolve conflicts locally and push changes to this branch.
Title check	❓ Inconclusive	The title 'publishing-fixed' is vague and generic, lacking specificity about what publishing issues were resolved or what changes were made to achieve the fix.	Use a more descriptive title that clearly indicates the specific improvements, such as 'Refactor CI/CD workflows and add repository metadata' or 'Update GitHub workflows and package.json repository fields'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/advanced-export-ai-guidelines-8613210377134183394

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/publish.yml (1)

36-40: ⚠️ Potential issue | 🟠 Major

Avoid direct secret interpolation in shell scripts — use an environment variable instead.

${{ secrets.NPM_TOKEN }} is interpolated directly into the shell script before execution. If the secret ever contains shell metacharacters (e.g., quotes, backticks), the script could break or be exploited via script injection. Use an env variable to safely pass the secret into the shell context.

🛡️ Proposed fix

       - name: Verify NPM Token
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: |
-          if [ -z "${{ secrets.NPM_TOKEN }}" ]; then
+          if [ -z "$NPM_TOKEN" ]; then
             echo "::error::NPM_TOKEN is missing. Please add it to your GitHub Repository Secrets."
             exit 1
           fi