fix(ci/coderabbit): unblock review pipeline#86
Conversation
CodeRabbit was rejecting the config with "String must contain at most 250 character(s) at tone_instructions" and falling back to defaults, disabling the project-specific review tone for every PR. Trimmed the value to ~185 chars while preserving the critical signals (secrets, SQL injection, unhandled promises, any without narrowing, destructive ops without backup). https://claude.ai/code/session_016crk2XNP846FHdJo6cPEVR
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (4)
WalkthroughEste PR agrupa quatro tipos de mudanças: atualização de instruções de tone PT-BR para revisão de código, remoção de emojis em steps de workflow, integração de Prettier, e refatoração de logging e limpeza no módulo de retry com formatação de assinatura. ChangesAtualizações Gerais e Refatoração
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
Two pre-existing issues blocking commits and CI: 1. .prettierrc references prettier-plugin-tailwindcss but neither prettier nor the plugin are in devDependencies, so the husky pre-commit hook crashes for every staged TS/TSX file. Added both as devDependencies so the configured tooling actually runs. 2. The Branch Protection Sentinel grep was matching the console.log inside a JSDoc @example block in src/lib/retry.ts, failing the check-quality CI on every PR. Rewrote the example to use the file's existing logger and dropped the unused dbFrom import that the example was the only consumer of. https://claude.ai/code/session_016crk2XNP846FHdJo6cPEVR
adm01-debug
changed the title
Commit 4c35285 ("Fast Visual Edit") truncated security.yml down to a malformed YAML stub: line 2 was a bare `...` (document end marker), and the gitleaks job had been replaced by an orphaned env line plus an indentation-broken rls-audit job. The result was an invalid workflow file in .github/workflows/, almost certainly contributing to GitHub Actions misbehavior on every PR. Reconstructed by: - Restoring the original gitleaks job (Security Scan from c32ba76), keeping the new GITLEAKS_ENABLE_SUMMARY: "false" env intent. - Renaming workflow to "Security & Compliance" as the broken edit intended. - Re-adding the rls-audit job under jobs:, gated by github.event_name == 'schedule' || workflow_dispatch. - Adding oven-sh/setup-bun@v1 to rls-audit so its bun-based script step can actually run (it was using `bun ...` without bun installed). - Added workflow_dispatch: trigger so rls-audit is manually runnable. YAML now validates with yaml.safe_load. https://claude.ai/code/session_016crk2XNP846FHdJo6cPEVR
adm01-debug
changed the title
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4121e43a99
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| cancel-in-progress: true | ||
|
|
||
| jobs: |
There was a problem hiding this comment.
With this workflow restored under jobs:, the rls-audit job now runs on the scheduled/manual Security workflow, but its report step invokes bun scripts/verify_rls_compliance.ts; I checked the repository with git ls-files '*verify*rls*' '*rls*compliance*' 'scripts/*' and that script is not present. As a result, every weekly or manually dispatched security workflow will fail as soon as this job reaches the report step.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
This PR aims to unblock the automated review/CI pipeline by fixing configuration and workflow breakages (CodeRabbit config schema, quality checks impacted by grep, missing formatter deps, and invalid security workflow YAML).
Changes:
- Shortens
.coderabbit.yamltone_instructionsto comply with the CodeRabbit schema limit. - Updates
src/lib/retry.tsJSDoc example to avoidconsole.log(preventing sentinel grep failures) and removes the now-unuseddbFromimport. - Adds missing
prettier+prettier-plugin-tailwindcssdevDependencies (and updatesbun.lockaccordingly). - Rebuilds
.github/workflows/security.ymlinto valid YAML and adds anrls-auditscheduled job.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/lib/retry.ts | Removes console.log from JSDoc example and drops unused import to avoid CI grep/eslint issues. |
| package.json | Adds Prettier + Tailwind plugin to match existing .prettierrc config. |
| bun.lock | Lockfile update for newly added devDependencies. |
| .github/workflows/security.yml | Restores valid workflow structure; defines gitleaks scan and adds scheduled RLS audit job. |
| .coderabbit.yaml | Reduces tone_instructions length to satisfy schema validation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Generate RLS Report | ||
| run: bun scripts/verify_rls_compliance.ts > rls-compliance-report.md | ||
| - name: 📜 Publish Weekly Compliance | ||
| - name: Publish Weekly Compliance |
| - name: Setup Bun | ||
| uses: oven-sh/setup-bun@v1 | ||
| - name: Install dependencies | ||
| run: npm install --no-audit --no-fund |
Summary
Quatro correções relacionadas ao desbloqueio da pipeline de review:
.coderabbit.yaml—tone_instructionsexcedia o limite do schema (String must contain at most 250 character(s)). Reduzi para ~185 chars preservando os sinais críticos. CodeRabbit agora carrega o config (verificado:Configuration used: Path: .coderabbit.yaml).src/lib/retry.ts— o grep do Branch Protection Sentinel matava check-quality em todo PR porque encontravaconsole.logdentro de um JSDoc@example. Reescrevi o exemplo usando o logger do próprio arquivo e removi o import dedbFromque só era usado pelo exemplo (também flagado pelo eslint).package.json—prettiereprettier-plugin-tailwindcssestavam referenciados em.prettierrcmas ausentes emdevDependencies, quebrando o husky pre-commit em qualquer staged*.ts/tsx. Adicionados..github/workflows/security.yml— o commit4c35285("Fast Visual Edit" do gpt-engineer-app[bot]) truncou o arquivo deixando YAML inválido: linha 2 era um bare...(marcador de fim de documento), seguido de uma env-line órfã e um jobrls-auditsem o paijobs:. Reconstruí mesclando o gitleaks original (commitc32ba76) com orls-auditque o gpt-engineer queria adicionar, e adicioneisetup-bun@v1no rls-audit pra que obun scripts/...consiga rodar quando agendado.Falhas de CI ainda esperadas (pré-existentes, fora deste PR)
test(ci.yml) —bun run lintretorna 1383 erros e 911 warnings em main. Dívida técnica: ~47console, ~198:any, unused vars, etc. Refactor amplo, não tractável aqui.Analyze (codeql)—continue-on-error: trueno workflow, então não bloqueia merge mesmo falhando.Test plan
check-quality(após fix do grep + retry.ts)path_instructions(sem warning de parsing)*.tsxPróximos passos (separados deste PR)
https://claude.ai/code/session_016crk2XNP846FHdJo6cPEVR
Summary by CodeRabbit
Release Notes
Chores
Refactor