ci: pin mintlify@4.2.284, remove libsecret workaround

[pengying]

Newer unpinned mint versions added openid-client which transitively
requires keytar and libsecret on Linux. Pin to the same version used
locally to avoid the issue entirely.

Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
grid-flow-builder	Ready	Preview, Comment	Apr 2, 2026 3:17pm

[pengying]

• ci: pin mintlify@4.2.284, remove libsecret workaround #316 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[greptile-apps]

Greptile Summary

This PR removes the libsecret-1-dev apt workaround and the unpinned npm i -g mint global install step from the CI lint workflow, replacing them by relying on the version of mint already installed via npm ci (locked to 4.2.105 in package-lock.json). To achieve this cleanly, the mint openapi-check openapi.yaml call is also removed from the Makefile lint target, since that step required the globally-installed (and version-unpinned) mint binary that introduced the transitive libsecret dependency.

Key changes:

• .github/workflows/lint.yml: Drops the apt-get install libsecret-1-dev and npm i -g mint steps; make lint now runs purely from dependencies installed by npm ci.
• Makefile: Removes cd mintlify && mint openapi-check openapi.yaml from the lint target, so CI linting now only runs Redocly's OpenAPI validation — Mintlify-specific OpenAPI compatibility checking is no longer enforced in CI.

Confidence Score: 5/5

• Safe to merge — the CI fix is clean and correct; the only concern is the loss of Mintlify-specific OpenAPI validation, which is a P2 quality observation.
• All remaining findings are P2: the dropped mint openapi-check step is a coverage regression but not a build break or data-loss issue. The CI pipeline will work correctly after this change, and the libsecret problem is fully resolved.
• Makefile — the removed mint openapi-check line is worth revisiting to decide whether an alternative Mintlify validation step should be added back.

Important Files Changed

Filename	Overview
.github/workflows/lint.yml	Removes the libsecret apt workaround and the global npm i -g mint install step; make lint now runs only via the locally-installed npm packages from npm ci.
Makefile	Drops mint openapi-check openapi.yaml from the lint target, meaning Mintlify-specific OpenAPI validation is no longer run in CI.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    subgraph BEFORE["Before (old CI)"]
        A1[Checkout code] --> B1[Setup Node 24]
        B1 --> C1["apt-get install libsecret-1-dev"]
        C1 --> D1[npm ci]
        D1 --> E1["npm i -g mint (latest, unpinned)"]
        E1 --> F1["make lint"]
        F1 --> G1["npm run lint:openapi (Redocly)"]
        F1 --> H1["mint openapi-check openapi.yaml"]
    end

    subgraph AFTER["After (new CI)"]
        A2[Checkout code] --> B2[Setup Node 24]
        B2 --> C2[npm ci]
        C2 --> D2["make lint"]
        D2 --> E2["npm run lint:openapi (Redocly only)"]
    end

    style C1 fill:#f99,stroke:#c00
    style E1 fill:#f99,stroke:#c00
    style H1 fill:#f99,stroke:#c00
    style E2 fill:#9f9,stroke:#090

Loading

Prompt To Fix All With AI

This is a comment left during a code review.
Path: Makefile
Line: 22-23

Comment:
**`mint openapi-check` validation silently dropped**

The `lint` target previously ran both `npm run lint` (Redocly) **and** `mint openapi-check openapi.yaml` for Mintlify-specific OpenAPI compatibility validation. By removing the latter, the CI no longer validates that `openapi.yaml` satisfies Mintlify's constraints — only Redocly's.

These two checkers have different rule sets; Redocly passing does not imply Mintlify compatibility. Any Mintlify-incompatible changes to the OpenAPI spec will now go undetected until they surface in a deployment or local `mint dev` run.

If skipping the check is intentional (e.g., because `mint openapi-check` is unreliable in CI), a comment to that effect, or adding the check back as a separate non-blocking job, would help future readers understand the intent.

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (3): Last reviewed commit: "fix: add trailing newline to lint.yml" | Re-trigger Greptile}