chore: update docker-build workflow to remove main branch trigger #43
Conversation
- Removed the main branch trigger from the docker-build workflow, allowing builds to focus on release branches and version tags only.
WalkthroughThe GitHub Actions workflows for Docker build and client generation were updated to refine trigger conditions and separate commit-and-push logic into distinct jobs using a bot token. The Makefile's backend test target was changed to run a different test script. The default superuser password in the backend config was updated. A type precision improvement was made in a boolean conversion fallback function. The Next.js config's experimental Changes
Poem
Note ⚡️ AI Code Reviews for VS Code, Cursor, WindsurfCodeRabbit now has a plugin for VS Code, Cursor and Windsurf. This brings AI code reviews directly in the code editor. Each commit is reviewed immediately, finding bugs before the PR is raised. Seamless context handoff to your AI code agent ensures that you can easily incorporate review feedback. Note ⚡️ Faster reviews with cachingCodeRabbit now supports caching for code and dependencies, helping speed up reviews. This means quicker feedback, reduced wait times, and a smoother review experience overall. Cached data is encrypted and stored securely. This feature will be automatically enabled for all accounts on May 16th. To opt out, configure 📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (3)
✅ Files skipped from review due to trivial changes (2)
🚧 Files skipped from review as they are similar to previous changes (1)
✨ Finishing Touches
🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
PR Review 🔍
|
PR Code Suggestions ✨
|
- Updated the commit logic to check for both staged and unstaged changes before committing, ensuring that only relevant changes are pushed. - Added a message for cases where no changes are detected after rebase, enhancing clarity in the workflow's output.
…ed type safety - Updated the strtobool function to return a Literal[0, 1] instead of an int, ensuring better type clarity and consistency in return types. - This change improves the function's usability in type-annotated contexts.
- Replaced the backend test command in the Makefile to use `tests-start.sh` for improved test execution. - Updated the default superuser password in the configuration file for enhanced security.
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 16943385 | Triggered | Generic Password | bf29bdd | backend/app/core/config.py | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
.github/workflows/generate-client.yml (1)
91-99: Refactor push logic to reduce duplication and simplify diff checksYou can DRY-up this block by:
- Extracting the branch name into a variable.
- Using a single diff-index check instead of two separate
git diffcalls.- Moving the
git pushout of the inner condition to avoid repeating it.For example:
run: | - if ! git diff --staged --quiet; then - echo "✅ Changes detected in generated client. Committing and pushing..." - git pull --rebase origin ${{ github.head_ref || github.ref_name }} - if ! git diff --quiet || ! git diff --staged --quiet; then - git commit -a -m "ci: ✨ Autogenerate frontend client" - git push origin HEAD:${{ github.head_ref || github.ref_name }} - else - echo "✅ No changes to commit after rebase." - git push origin HEAD:${{ github.head_ref || github.ref_name }} - fi - else - echo "✅ No changes detected in generated client." + BRANCH="${{ github.head_ref || github.ref_name }}" + if ! git diff-index --quiet HEAD --; then + echo "✅ Changes detected in generated client. Rebasing…" + git pull --rebase origin "$BRANCH" + if ! git diff-index --quiet HEAD --; then + git commit -a -m "ci: ✨ Autogenerate OpenAPI clients [skip ci]" + else + echo "✅ No changes to commit after rebase." + fi + git push origin HEAD:"$BRANCH" + else + echo "✅ No changes detected in generated client." fiThis makes the logic clearer and concise.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting
📒 Files selected for processing (4)
.github/workflows/generate-client.yml(1 hunks)Makefile(1 hunks)backend/app/core/config.py(1 hunks)backend/app/tests_pre_start.py(1 hunks)
✅ Files skipped from review due to trivial changes (2)
- backend/app/tests_pre_start.py
- backend/app/core/config.py
⏰ Context from checks skipped due to timeout of 90000ms (4)
- GitHub Check: test-playwright (4, 4)
- GitHub Check: test-playwright (1, 4)
- GitHub Check: test-playwright (3, 4)
- GitHub Check: test-playwright (2, 4)
🔇 Additional comments (1)
.github/workflows/generate-client.yml (1)
103-105: Verify BOT_GITHUB_TOKEN configurationThis step relies on:
env: GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}Ensure that:
BOT_GITHUB_TOKENis defined in your repo’s secrets.- It has
contents: writepermissions to push commits.Alternatively, you can use the built-in
secrets.GITHUB_TOKEN, which is already grantedcontents: writeby this workflow.
- Modified the workflow to trigger on closed pull requests and pushes to the main branch. - Added a new job for auto-committing changes with a timestamped message, enhancing clarity in generated client updates. - Configured Git user settings for the auto-commit step to ensure proper authentication during pushes.
- Changed the serverActions property from a boolean to an object in the Next.js configuration for improved flexibility and future extensibility.
- Modified the commit message in the generate-client workflow to specify both frontend and admin clients, enhancing clarity in the auto-generated commit logs. - Added a [skip ci] tag to the commit message to prevent unnecessary CI runs for autogenerated commits.
User description
This pull request makes a minor change to the
.github/workflows/docker-build.ymlfile. The change removes themainbranch from the list of branches that trigger the Docker build workflow on a push event.Description
mainbranch trigger.release-*branches and version tags only.Changes walkthrough 📝
docker-build.yml
Update Docker Build Workflow Branch Triggers.github/workflows/docker-build.yml
mainbranch trigger from the Docker build workflow.release-*branches and version tagsonly.
Summary by CodeRabbit