Conversation
…230) * feat(self-release): force-update floating major tag on stable release * refactor(update-major-tag): extract major-tag logic into composite * feat(update-major-tag): expose skip and tag-updated outputs * fix(update-major-tag): qualify tag refs to avoid branch/tag ambiguity
…n the notifications group (#118) * chore(deps): bump slackapi/slack-github-action Bumps the notifications group with 1 update: [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action). Updates `slackapi/slack-github-action` from 1.24.0 to 2.1.1 - [Release notes](https://github.com/slackapi/slack-github-action/releases) - [Commits](slackapi/slack-github-action@v1.24.0...v2.1.1) --- updated-dependencies: - dependency-name: slackapi/slack-github-action dependency-version: 2.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: notifications ... Signed-off-by: dependabot[bot] <support@github.com> * fix(gptchangelog): migrate slack-github-action to v3 webhook inputs --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lucas Bedatty <lucas.bedatty@lerian.studio>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
WalkthroughReplaced GitHub App Changes
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Suggested labels
🚥 Pre-merge checks | ✅ 1 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
lerian-studio
added
size/M
Contributor
🔍 Lint Analysis
|
Contributor
🛡️ CodeQL Analysis ResultsLanguages analyzed: ✅ No security issues found. 🔍 View full scan logs | 🛡️ Security tab |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Warning
CodeRabbit couldn't request changes on this pull request because it doesn't have sufficient GitHub permissions.
Please grant CodeRabbit Pull requests: Read and write permission and re-run the review.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/config/update-major-tag/action.yml`:
- Around line 65-67: The current unconditional git push --force can let a stale
run move the major tag backward; instead, read the current remote tag value and
use a lease when updating the tag: resolve the current remote commit for
refs/tags/$MAJOR (e.g. via git ls-remote or git fetch + git rev-parse) and then
replace the unconditional git push with a forced push that uses the lease for
that ref (--force-with-lease or
--force-with-lease=refs/tags/$MAJOR:<remote_sha>) so the push will fail if the
remote tag changed between reading and writing; update the lines that
create/push the tag (the git tag -f -a "$MAJOR" "$SHA" and git push ... --force)
to use this lease-based push using the resolved remote SHA for $MAJOR.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 85d7f2b9-b3b8-428b-b852-168554b02654
📒 Files selected for processing (12)
.github/workflows/gptchangelog.yml.github/workflows/helm-update-chart.yml.github/workflows/release-notification.yml.github/workflows/release.yml.github/workflows/self-release.yml.github/workflows/typescript-release.ymlsrc/config/update-major-tag/README.mdsrc/config/update-major-tag/action.ymlsrc/lint/pinned-actions/README.mdsrc/lint/pinned-actions/action.ymlsrc/security/codeql-reporter/README.mdsrc/security/codeql-reporter/action.yml
14 tasks
* fix(workflows): address codeql medium findings on release and helm workflows * fix(helm-update-chart): avoid untrusted-checkout pattern by switching branch after checkout * docs(helm-update-chart): sync base_branch description with allowlist and actual default * fix(helm-update-chart): reset base branch to fresh remote tracking ref * fix(helm-update-chart): add workflow-level least-privilege permissions
14 tasks
…rent tag rewinds (#235)
There was a problem hiding this comment.
Warning
CodeRabbit couldn't request changes on this pull request because it doesn't have sufficient GitHub permissions.
Please grant CodeRabbit Pull requests: Read and write permission and re-run the review.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/config/update-major-tag/action.yml`:
- Around line 70-73: The lease is being obtained from the remote right before
push (REMOTE_MAJOR_SHA/LEASE_SHA) which allows a race; instead, capture and
freeze the lease when you decide to push (the decision-to-push block that
computes TARGET and confirms a push), e.g. resolve the current local ref for
refs/tags/$MAJOR into a variable (replace REMOTE_MAJOR_SHA/LEASE_SHA
read-from-remote) and carry that frozen value through to the final git push
--force-with-lease="refs/tags/$MAJOR:$LEASE_SHA" so the push uses the
locally-captured lease expectation (fall back to the zero SHA if no ref exists).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 36269796-4d35-4958-8022-dfadbdd14017
📒 Files selected for processing (1)
src/config/update-major-tag/action.yml
14 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GitHub Actions Shared Workflows
Description
Type of Change
feat: New workflow or new input/output/step in an existing workflowfix: Bug fix in a workflow (incorrect behavior, broken step, wrong condition)perf: Performance improvement (e.g. caching, parallelism, reduced steps)refactor: Internal restructuring with no behavior changedocs: Documentation only (README, docs/, inline comments)ci: Changes to self-CI (workflows under.github/workflows/that run on this repo)chore: Dependency bumps, config updates, maintenancetest: Adding or updating testsBREAKING CHANGE: Callers must update their configuration after this PRBreaking Changes
None.
Testing
@developor the beta tagCaller repo / workflow run:
Related Issues
Closes #
Summary by CodeRabbit
New Features
Chores
Documentation