feat!: move from NodeJS to Bun

[lorenzocorallo]

No description provided.

[coderabbitai]

Walkthrough

Replaces Node/pnpm with Bun across runtime, CI, Docker, and scripts; adds root .dockerignore and Bun Dockerfile; moves DB init to src/db and runs migrations; rewires WebSocket to use a Bun Engine + Socket.IO binding; updates env vars (removes GitHub, adds Azure); assorted build/config and docs updates.

Changes

Cohort / File(s)	Summary
Runtime & package manager package.json, package/package.json, .github/workflows/test.yaml, backend/.npmrc	Migrate from pnpm/Node to Bun: update scripts (dev/build/start/check), bump versions, add/remove dependencies and typings, CI uses oven-sh/setup-bun, remove engine-strict and packageManager/engines.
Root Docker & ignore Dockerfile, .dockerignore	Add multi-stage Bun-based Dockerfile and new root .dockerignore excluding node_modules, build outputs, VCS and editor files.
Backend Docker & ignores removed backend/Dockerfile, backend/.dockerignore	Remove backend Dockerfile; delete ignore entries in backend/.dockerignore (node_modules, dist, lib, Dockerfile, .dockerignore).
CI docker action .github/workflows/docker.yaml	Bump actions/checkout v4→v5 and remove explicit docker build context (defaults to repo root).
Database relocation & migrations backend/src/db/db.ts (removed), src/db/db.ts (added)	Remove old backend DB module; add src/db/db.ts using bun-sql + Drizzle, export db, and run top-level migrations with logging and error handling.
Server & WebSocket rework src/server.ts, src/websocket/index.ts	Replace @hono/node-server with Bun.serve; introduce a Bun Engine, change WebSocketServer to parameterless constructor, bind Socket.IO via engine, and route WS upgrades through engine handler.
Env & auth provider changes .env.example, src/env.ts	Reorder env variables, default DB port to 5432, add AZURE_* and AZURE_EMAIL_SENDER and BETTER_AUTH_SECRET, remove GitHub client envs, and make NODE_ENV default derive from runtime enum.
Build/bundler config changes backend/tsup.node.config.ts (removed), tsup.npm.config.ts, tsconfig.json, package/package.json, package.json	Remove backend tsup config; change npm tsup output to package/dist; adjust tsconfig extends/exclude; update build/publish scripts to Bun flows and bump package versions.
Utilities & logger src/utils/cipher.ts, src/logger.ts	Make Cipher.encrypt/decrypt synchronous; logger now reads level from centralized env.LOG_LEVEL.
Repo ignores & docs .gitignore, README.md, biome.jsonc	Remove global **/lib ignore; add WIP Quickstart and Bun/Azure requirements to README; update Biome schema version.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Client
  participant BunServer as Bun.Server
  participant App as Router/Application
  participant Engine as wssEngine (Bun Engine)
  participant WSS as Socket.IO Server
  Client->>BunServer: HTTP request or WS upgrade
  BunServer->>App: forward request to router
  App->>Engine: on WS route call handleRequest(c.req.raw, BunServer)
  Engine->>WSS: bind/upgrade connection
  WSS->>Client: complete WS handshake / exchange events

Loading

sequenceDiagram
  autonumber
  participant Startup as App Startup
  participant DB as Postgres (bun-sql/Drizzle)
  participant Logger as Logger
  Startup->>DB: create connection using env config and export db
  Startup->>DB: migrate(db, { migrationsFolder: "./drizzle" })
  DB-->>Startup: success / error
  Startup->>Logger: log result (info / error & rethrow)

Loading

Possibly related PRs

• backend #22 — Migrates email sending to Azure/Microsoft Graph (adds AZURE_* env vars and replaces SMTP/email client), strongly related to the Azure env variable changes in this PR.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat!: move from NodeJS to Bun' directly and clearly describes the main objective of the changeset: migrating the repository's runtime from Node.js to Bun.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Fix all issues with AI agents

In @.github/workflows/test.yaml:
- Around line 15-21: CI is failing because the workflow uses bun install
--frozen-lockfile without committing bun.lockb and also leaves the Bun action
unpinned; add the generated bun.lockb to the repository root alongside
package.json and update the workflow's setup action reference (uses:
oven-sh/setup-bun@v2) to a fixed tag or commit (pin the version) so CI uses a
stable Bun release, keeping the bun install --frozen-lockfile step as-is to
ensure reproducible installs.

In `@package.json`:
- Line 47: The dependency "@socket.io/bun-engine": "^0.1.0" should be changed to
an exact version pin (e.g., "@socket.io/bun-engine": "0.1.0") to avoid pulling
incompatible minor updates; update package.json to use an exact version string
for the "@socket.io/bun-engine" entry, run CI install and dependency lockfile
update, then execute your load/stress tests against the Bun runtime you plan to
use to validate behavior before promoting to production.

In `@src/db/db.ts`:
- Around line 7-17: The current drizzle initialization using a connection object
must be changed to follow drizzle-orm's Bun SQL API: either call drizzle with a
single connection string (use env.DATABASE_URL) like drizzle(env.DATABASE_URL, {
schema }) or construct a Bun SQL client (import SQL from "bun", build new SQL({
url:
`postgres://${env.DB_USER}:${env.DB_PASS}@${env.DB_HOST}:${env.DB_PORT}/${env.DB_NAME}`,
tls: false, ... })) and pass it to drizzle as drizzle({ client, schema });
update the export of db accordingly and ensure the SQL import and env variables
are referenced (db, drizzle, env, SQL, client, schema).
- Around line 19-21: The current migration call swallows errors by logging them
only; change the migrate handling so failures abort startup: call migrate(db, {
migrationsFolder: "./drizzle" }) and on rejection rethrow or terminate (e.g.,
throw the caught error or call process.exit(1)) instead of only calling
logger.error, ensuring the migration error bubbles from this initialization code
(reference the migrate call and logger usage in src/db/db.ts) so the application
fails fast on migration errors.

🧹 Nitpick comments (4)

package/package.json (1)

30-33: Build script relies on being run from the package directory.

The cd .. pattern assumes the script is always executed from within the package/ directory. This works for npm publish workflows but could be confusing if someone runs bun run build from the repository root.

Consider adding a brief comment in the README or package docs to clarify this is the npm package manifest and should be published from this directory.

Dockerfile (1)

11-15: Consider adding a health check.

For production deployments, a HEALTHCHECK instruction can help container orchestrators determine if the service is healthy.

Example health check

 FROM base AS release
 COPY --from=build /build/dist ./
 USER bun
 EXPOSE 3000
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1
 ENTRYPOINT ["bun", "run", "server.js"]

This assumes you have a /health endpoint. Adjust the path as needed for your application.

package.json (1)

37-38: Remove unused tsx dependency.

With the project's migration to Bun, which natively supports TypeScript execution, the tsx package is no longer needed. No npm scripts or code references invoke it; all TypeScript execution is handled by bun or tsup.

.github/workflows/docker.yaml (1)

19-19: Pin GitHub Actions to commit SHAs for supply‑chain safety.

Tags are mutable; pinning to a commit SHA improves reproducibility and hardens the workflow against tag mutation attacks.

To find the SHA for v5, visit the actions/checkout releases page and use the commit SHA listed there.

🔧 Example pin

-      - uses: actions/checkout@v5
+      - uses: actions/checkout@<COMMIT_SHA> # v5

[lorenzocorallo]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@README.md`:
- Around line 5-22: Change the markdown heading "### WIP" to "## WIP" to
maintain proper heading hierarchy; fix the typo "fullfil" to "fulfill" in the
sentence starting "If you are using another language than TS..."; and hyphenate
the compound adjective by changing "Azure related" to "Azure-related" in the
note about making AZURE_* env vars optional and removing Azure related auth.

♻️ Duplicate comments (2)

src/db/db.ts (1)

7-17: Connection configuration uses undocumented pattern - verify stability.

The connection: { host, port, database, ... } object pattern doesn't appear in drizzle-orm's official Bun SQL documentation. While the developer confirmed this works, it may rely on internal implementation details that could change in future drizzle-orm updates.

package.json (1)

47-47: Pin @socket.io/bun-engine to exact version for pre-1.0 stability.

This package is still at 0.1.0 (pre-1.0), where even minor/patch versions could introduce breaking changes. Consider using exact version "0.1.0" instead of "^0.1.0" until the package stabilizes.

🧹 Nitpick comments (1)

src/db/db.ts (1)

14-14: Consider making ssl configurable via environment variable.

Hardcoding ssl: false works for local development but may not suit production deployments where TLS is required for database connections (e.g., cloud-hosted Postgres).

♻️ Suggested approach

Add an optional DB_SSL environment variable in env.ts:

DB_SSL: z.coerce.boolean().default(false),

Then use it here:

-    ssl: false,
+    ssl: env.DB_SSL,

[toto04]

Ottima cosa aver spostato tutto a root level, mi dava un po' fastidio prima ngl
Sembra tutto ok ma ho 2 domande

1. serve avere un tsconfig separato per package anche se è vuoto? nitpick più per curiosità tbh, anche prima era così anyway
2. per essere sicuro, hai testato che il package funzioni correttamente quando installato in un ambiente di node ora che è stato radicalmente cambiato il processo di build?

[lorenzocorallo]

1. serve avere un tsconfig separato per package anche se è vuoto? nitpick più per curiosità tbh, anche prima era così anyway

Credo sia corretto fare così, anche se è tendenzialmente vuoto il tsconfig di package, perché altrimenti usa quello del backend che non è totalmente corretto.
Inoltre, il tsconfig del backend ignora la cartella package di per sè.
Infine, il package dovrebbe essere quanto più isolato e indipendente possibile.

2. per essere sicuro, hai testato che il package funzioni correttamente quando installato in un ambiente di node ora che è stato radicalmente cambiato il processo di build?

Ho provato a fare una build locale ed utilizzarla e non mi ha dato alcun problema, anche perché il package alla fine non ha niente che sia in relazione con il runtime utilizzato, vengono soltanto esportati tipi e variabili (costanti), quindi con che runtime esegui il backend non influisce su quello.
Le modifiche fatte per passare a Bun non hanno granchè modificato i nostri tipi, qualcosa su WS (dando una rapida occhiata, la modifica di tipi è soltanto backend-side perché riguarda l'engine con il quale viene avviato, mentre la definizione del Socket vero e proprio è immutata poiché custom) e qualcosa su come viene avviato Hono, ma non cambia i principali tipi utilizzati dal package (tRPC principalmente).