chore: router ci improvement

[miklosbarabas]

Summary by CodeRabbit

• Chores
  • CI now performs Redis ACL setup and health checks inside the running container rather than on the host.
  • Host-level cluster setup and host-installed redis-tools are no longer used, reducing runner dependencies.
  • Standardized container-scoped port usage and dynamic container selection to improve CI stability and reduce flakiness.
  • No user-facing changes; improves build reliability and contributor experience.

Checklist

• I have discussed my proposed changes in an issue and have received approval to proceed.
• I have followed the coding standards of the project.
• Tests or benchmarks have been added or updated.
• Documentation has been updated on https://github.com/wundergraph/cosmo-docs.
• I have read the Contributors Guide.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Host-level Redis cluster setup step was commented out; Redis ACL creation and health checks now run inside the Redis container via docker exec (container resolved by ancestor=redis:7) targeting internal port 6379; host redis-tools install was removed. (32 words)

Changes

Cohort / File(s)	Summary of changes
CI workflow updates .github/workflows/router-ci.yaml	Commented out host-level "Setup Redis Cluster" step; removed host redis-tools installation; replaced host redis-cli usage with docker exec calls against the Redis container (resolved via docker ps --filter "ancestor=redis:7" -q) to run ACL SETUSER and ping on internal port 6379; port loop adjusted accordingly.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "chore: router ci improvement" is concise, follows Conventional Commits style, and accurately describes the primary change in the diff (CI workflow updates to router CI, specifically Redis-related adjustments in .github/workflows/router-ci.yaml), so it is relevant and informative for reviewers scanning history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Router image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-9efbdee38adc39dd8f93c37dec9db2f4622ff1aa

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

.github/workflows/router-ci.yaml (2)

159-159: Runner label typo will break the job

runs-on: ubuntu-latest-l is invalid; use ubuntu-latest to schedule a runner.

-    runs-on: ubuntu-latest-l
+    runs-on: ubuntu-latest

---

282-282: Action input mismatch — workflow passes load_Image but the action has no matching input

.github/workflows/router-ci.yaml (around line 282) sets with: load_Image: 'true', but .github/actions/build-push-image/action.yaml declares inputs: and shows image_description only — there is no load_Image or load_image, so the input will be ignored. Rename the workflow key to the action’s actual input name or add the expected input to action.yaml.

🧹 Nitpick comments (2)

.github/workflows/router-ci.yaml (2)

241-245: Add readiness retry to reduce Redis flakiness

Cluster may not be ready immediately after the action. Add a simple ping retry before ACL to avoid intermittent failures.

-          for port in 7001 7002 7003; do
+          for port in 7001 7002 7003; do
+            # wait until node responds
+            for i in {1..30}; do
+              if docker exec "$REDIS_CONTAINER" redis-cli -h 127.0.0.1 -p "$port" ping | grep -q PONG; then break; fi
+              sleep 1
+              if [ "$i" -eq 30 ]; then echo "Redis $port not ready"; exit 1; fi
+            done

---

242-242: Least privilege for ACL (optional)

+@all grants everything; if tests don’t require admin commands, restrict to the minimal categories/commands (e.g., +@read +@write +client +cluster). Otherwise keep as-is for CI convenience.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9a55be8 and 56c5e62.

📒 Files selected for processing (1)

• .github/workflows/router-ci.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Analyze (go)
• GitHub Check: build_test

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/router-ci.yaml (1)

159-159: Runner label typo will break the job

runs-on: ubuntu-latest-l is invalid; should be ubuntu-latest.

-    runs-on: ubuntu-latest-l
+    runs-on: ubuntu-latest

♻️ Duplicate comments (1)

.github/workflows/router-ci.yaml (1)

241-243: Drop -it, fix quoting for ACL password, and resolve container ID once

Interactive TTY flags can break CI; quoting of >test is unsafe; and resolving the container twice is brittle. Apply:

-          for port in 6379; do
-            docker exec -it $(docker ps --filter "ancestor=redis:7" -q | head -n 1) redis-cli -h 127.0.0.1 -p $port ACL SETUSER cosmo on ">test" "~*" "+@all"
-            docker exec -it $(docker ps --filter "ancestor=redis:7" -q | head -n 1) redis-cli -u "redis://cosmo:test@127.0.0.1:$port" ping
+          REDIS_CONTAINER="$(docker ps --filter 'ancestor=redis:7' --format '{{.ID}}' | head -n1)"
+          if [ -z "$REDIS_CONTAINER" ]; then echo 'redis:7 container not found'; exit 1; fi
+          for port in 6379; do
+            docker exec "$REDIS_CONTAINER" redis-cli -h 127.0.0.1 -p "$port" ACL SETUSER cosmo on '>test' '~*' '+@all'
+            docker exec "$REDIS_CONTAINER" redis-cli --user cosmo --pass test -h 127.0.0.1 -p "$port" ping
           done

🧹 Nitpick comments (3)

.github/workflows/router-ci.yaml (3)

241-245: Single‑port loop is unnecessary

If we only ever touch 6379, simplify for readability.

-          for port in 6379; do
-            docker exec "$REDIS_CONTAINER" redis-cli -h 127.0.0.1 -p "$port" ACL SETUSER cosmo on '>test' '~*' '+@all'
-            docker exec "$REDIS_CONTAINER" redis-cli --user cosmo --pass test -h 127.0.0.1 -p "$port" ping
-            echo "ACL user 'cosmo' created with full access on port $port"
-          done
+          port=6379
+          docker exec "$REDIS_CONTAINER" redis-cli -h 127.0.0.1 -p "$port" ACL SETUSER cosmo on '>test' '~*' '+@all'
+          docker exec "$REDIS_CONTAINER" redis-cli --user cosmo --pass test -h 127.0.0.1 -p "$port" ping
+          echo "ACL user 'cosmo' created with full access on port $port"

---

227-236: Disabling Redis cluster: confirm no tests depend on it

You commented out cluster setup. Ensure cluster‑dependent tests are gated/filtered, or provide a lightweight replacement.

If needed, I can add a conditional that only enables cluster when the test target matches cluster suites.

---

239-239: Reduce noisy logs

docker ps -a adds noise and can leak unrelated container info. Drop unless debugging.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 56c5e62 and 9f9f334.

📒 Files selected for processing (1)

• .github/workflows/router-ci.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: build-router
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: Analyze (go)
• GitHub Check: build_push_image
• GitHub Check: integration_test (./. ./fuzzquery ./lifecycle ./modules)
• GitHub Check: build_push_image (nonroot)
• GitHub Check: image_scan
• GitHub Check: image_scan (nonroot)
• GitHub Check: build_test
• GitHub Check: integration_test (./telemetry)

[StarpTech]

Remove it if not needed

[miklosbarabas]

Will clean everything up i touch once im done 👍

[miklosbarabas]

closing in favor of #2234