Skip to content

Moved ghost/core boundary enforcement to dependency-cruiser#29134

Open
ErisDS wants to merge 1 commit into
mainfrom
boundaries-dependency-cruiser
Open

Moved ghost/core boundary enforcement to dependency-cruiser#29134
ErisDS wants to merge 1 commit into
mainfrom
boundaries-dependency-cruiser

Conversation

@ErisDS

@ErisDS ErisDS commented Jul 6, 2026

Copy link
Copy Markdown
Member

Why

ghost/core's frontend/server/shared layer boundaries are enforced by the custom ghost/node/no-restricted-require rule in ghost/core/eslint.config.mjs. That rule is specific to eslint-plugin-ghost and has no equivalent in oxlint, so it stands in the way of the planned ESLint → oxlint migration. It also only inspects require() calls, so it misses ESM imports.

What

Moves the four boundary rules onto dependency-cruiser, which enforces them on the resolved module graph (both require and import) from the repo root:

  • core/shared must not depend on core/server or core/frontend
  • core/frontend must not reach core/server/models directly
  • core/frontend may cross to core/server only via the services/proxy seam (allowlisted)
  • core/server must not depend on core/frontend (allowlisted)

The custom no-restricted-require blocks (and their now-unused path/__dirname imports) are removed from the ESLint config. The original burn-down intent — "adding files to this list is an anti-pattern / work down until the list is empty" — and the per-file allowlist categorisation are carried over verbatim from the pre-flat-config .eslintrc.js (they'd been dropped in the flat-config migration).

Enforced in three places:

  • a cached nx target on the ghost-monorepo root project (lint:boundaries), with scoped inputs so the root project's whole-repo projectRoot glob doesn't defeat caching
  • a CI step in the lint job
  • a lint-staged pre-commit signal on staged ghost/core/core files

Behaviour is unchanged: parity verified (0 violations on the same graph the ESLint rules covered), and each rule still fires on a negative test.

Scope

The cross-package apps/* boundary model (foundation-libraries vs apps) surfaced during this work but is deliberately out of scope here and tabled as a follow-up.

Checklist

  • I've explained my change
  • I've written an automated test to prove my change works — n/a (tooling/config change; enforced by CI + verified for parity)

no ref

The frontend/server/shared boundaries were enforced by the custom
`ghost/node/no-restricted-require` rule in ghost/core/eslint.config.mjs.
That rule is specific to eslint-plugin-ghost and has no equivalent in
oxlint, so it blocks the planned ESLint-to-oxlint migration. It also
only inspects require() calls, missing ESM imports.

The four boundary rules now run on dependency-cruiser, which enforces
them on the resolved module graph (require and import) from the repo
root. This drops the custom rule and lets the boundaries outlive
ESLint. The original burn-down intent — "adding files to this list is
an anti-pattern / work down until the list is empty" — and the per-file
allowlist categorisation are carried over verbatim from the pre-flat-
config .eslintrc.js, having been lost in the flat-config migration.

Enforced in three places: a cached nx target on the ghost-monorepo root
project (scoped inputs so the whole-repo projectRoot glob doesn't defeat
caching), a CI step, and a lint-staged pre-commit signal.

The cross-package apps/library model is deliberately out of scope and
tabled as a follow-up.
@cursor

cursor Bot commented Jul 6, 2026

Copy link
Copy Markdown

Bugbot is not enabled for this team, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

This PR replaces ESLint-based architectural boundary enforcement with dependency-cruiser. A new .dependency-cruiser.cjs config defines forbidden cross-layer requires between core/shared, core/frontend, and core/server. CI gains a "Lint boundaries" step, lint-staged gains a boundary-check command for staged files, package.json adds a lint:boundaries script/nx target and dependency-cruiser devDependency, pnpm-workspace.yaml pins the catalog version, and the corresponding no-restricted-require rules are removed from ghost/core/eslint.config.mjs.

Sequence Diagram(s)

flowchart TD
Developer --> GitCommit
GitCommit --> LintStagedBoundaryCheck
CI --> NxLintBoundariesTarget
LintStagedBoundaryCheck --> DepcruiseCLI
NxLintBoundariesTarget --> DepcruiseCLI
DepcruiseCLI --> DependencyCruiserConfig
DependencyCruiserConfig --> ForbiddenRuleEvaluation
Loading

Possibly related PRs

  • TryGhost/Ghost#28807: Both PRs modify ghost/core/eslint.config.mjs boundary restriction rules for core/sharedcore/server/core/frontend, this PR removing what the other added.

Suggested labels: migration

Suggested reviewers: EvanHahn, 9larsons

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title accurately summarizes the main change: moving ghost/core boundary enforcement to dependency-cruiser.
Description check ✅ Passed The description directly matches the implemented changes and scope, including the boundary migration and enforcement points.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch boundaries-dependency-cruiser

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
package.json (1)

63-63: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Consider err-long output for clearer boundary-violation diagnostics.

Default depcruise output is terse; --output-type err-long includes the rule's comment/name in the failure output, which would help contributors working through the documented allowlist ("Goal: Work down until only proxy.js remains").

♻️ Optional diff
-    "lint:boundaries": "depcruise ghost/core/core --config .dependency-cruiser.cjs",
+    "lint:boundaries": "depcruise ghost/core/core --config .dependency-cruiser.cjs --output-type err-long",

Also applies to: 122-124

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 63, The lint:boundaries depcruise script currently uses
terse default output, so update the lint:boundaries command to use err-long for
clearer boundary-violation diagnostics. Adjust the package.json script that runs
depcruise so contributors get the rule comment/name in failures, making it
easier to work through the allowlist guidance and locate violations in
ghost/core/core.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@package.json`:
- Line 63: The lint:boundaries depcruise script currently uses terse default
output, so update the lint:boundaries command to use err-long for clearer
boundary-violation diagnostics. Adjust the package.json script that runs
depcruise so contributors get the rule comment/name in failures, making it
easier to work through the allowlist guidance and locate violations in
ghost/core/core.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 17b3d2f3-731d-441a-9bc9-a04fc284a5f9

📥 Commits

Reviewing files that changed from the base of the PR and between 1d33898 and 08670eb.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (6)
  • .dependency-cruiser.cjs
  • .github/workflows/ci.yml
  • .lintstagedrc.cjs
  • ghost/core/eslint.config.mjs
  • package.json
  • pnpm-workspace.yaml
💤 Files with no reviewable changes (1)
  • ghost/core/eslint.config.mjs

@nx-cloud

nx-cloud Bot commented Jul 6, 2026

Copy link
Copy Markdown

🤖 Nx Cloud AI Fix

Ensure the fix-ci command is configured to always run in your CI pipeline to get automatic fixes in future runs. For more information, please see https://nx.dev/ci/features/self-healing-ci


View your CI Pipeline Execution ↗ for commit 08670eb

Command Status Duration Result
nx run-many --target=build --projects=tag:publi... ✅ Succeeded <1s View ↗
nx run @tryghost/admin-x-settings:test:acceptance ✅ Succeeded 10m 24s View ↗
nx run-many -t test:unit -p @tryghost/admin-x-d... ✅ Succeeded 8m 58s View ↗
nx run ghost:test:integration ✅ Succeeded 2m 55s View ↗
nx run ghost:test:legacy ✅ Succeeded 2m 57s View ↗
nx run ghost:test:ci:integration ✅ Succeeded 2m 33s View ↗
nx run ghost:test:e2e ✅ Succeeded 2m 26s View ↗
nx run ghost-monorepo:lint:boundaries ✅ Succeeded <1s View ↗
Additional runs (8) ✅ Succeeded ... View ↗

💡 Verify your cache is correct by running tasks in a sandbox. Read docs ↗


☁️ Nx Cloud last updated this comment at 2026-07-06 15:45:16 UTC

@codecov

codecov Bot commented Jul 6, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.26%. Comparing base (0b1596d) to head (08670eb).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main   #29134      +/-   ##
==========================================
- Coverage   74.27%   74.26%   -0.01%     
==========================================
  Files        1565     1565              
  Lines      135716   135728      +12     
  Branches    16457    16453       -4     
==========================================
- Hits       100802   100801       -1     
- Misses      33888    33927      +39     
+ Partials     1026     1000      -26     
Flag Coverage Δ
admin-tests 55.16% <ø> (-0.03%) ⬇️
e2e-tests 76.41% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant