feat: re-usable action for checking dirty git

[comatory]

Summary by CodeRabbit

• Chores
  • CI now uses a reusable check to verify the repo is clean after code generation; it posts PR comments when uncommitted/generated changes are detected and posts a hidden/resolved comment on success.
• New Features
  • Added a new boolean field "OK" to the Label proto, exposing an additional status flag in the platform API.

Checklist

• I have discussed my proposed changes in an issue and have received approval to proceed.
• I have followed the coding standards of the project.
• Tests or benchmarks have been added or updated. (N/A)
• Documentation has been updated on https://github.com/wundergraph/cosmo-docs. (N/A)
• I have read the Contributors Guide.

We have repeated code in CI that checks whether we have some files, which might be missing
in version control, such as generated artifacts. But there could be another cause: formatting.

Caution

This PR bumps version of trivy + changes source for vulnerability DB. It seems like the release for 0.58.0 does not exist anymore, it could be related to recent attack. Only 0.69.x release seems to exist. With this version, it was not able to use the default vulnerability database, so I switched to alternative one and that seemed to work.

I created a Github action which centralizes the logic, but the main reason is to provide
helpful message as a PR comment with some remediation steps. Example of how the comment
looks on a PR:

The comment is removed once the check passes

😞 Unfortunately, it can get a bit noisy. For example, if I don't commit .proto file, it gets raised in several packages, which means multiple comments (one per each package) will be posted to the PR. I was trying a solution where we would have a single comment if any of the checks for git-dirty-check fail, but it's not working correctly: The checks run in parallel (each per package), so if any one of them are successful, the comment would get removed, even if there were other failures. This is caused by a race condition, so it would not be reliable.

But since this action removes the comments when the check is successful, I don't think it will matter much once developer fixes the problem.¹

Note

I decided to use marocchino/sticky-pull-request-comment over mshick/add-pr-comment because it allows me to remove the PR comment when it's no longer needed (re-run after failures).

Footnotes

1. Ignore the collapsed comments in this PR. I was experimenting with different approaches and it's a leftover from previous attempts. ↩

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Replaces inline git-dirty checks in multiple CI workflows with a new composite action .github/actions/git-dirty-check/action.yaml; the action runs git diff --no-ext-diff --exit-code, posts a sticky PR comment on failure, and on success posts a hidden sticky PR comment marking the check resolved. Also adds bool OK = 3; to proto/wg/cosmo/platform/v1/platform.proto.

Changes

Cohort / File(s)	Summary
Git Dirty Check action .github/actions/git-dirty-check/action.yaml	Adds/updates composite action that runs git diff --no-ext-diff --exit-code. On failure posts a sticky PR comment with header git-dirty-check and descriptive message; on success posts a hidden sticky PR comment (hide: true, hide_classify: RESOLVED) instead of deleting the comment.
Workflow updates — replaced inline git diff with action .github/workflows/aws-lambda-router-ci.yaml, .github/workflows/cli-ci.yaml, .github/workflows/composition-ci.yaml, .github/workflows/connect-go-ci.yaml, .github/workflows/controlplane-ci.yaml, .github/workflows/graphqlmetrics-ci.yaml, .github/workflows/playground-ci.yaml, .github/workflows/protographic.yaml, .github/workflows/router-ci.yaml, .github/workflows/studio-ci.yaml	Replaced inline git diff --no-ext-diff --exit-code steps with uses: ./.github/actions/git-dirty-check. Placement and intent of the dirtiness checks are preserved; control flow delegated to the new action.
Proto change proto/wg/cosmo/platform/v1/platform.proto	Adds a new boolean field OK = 3; to the Label message.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: introducing a reusable GitHub Action for checking dirty git state across multiple CI workflows.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 35.92%. Comparing base (ffeaf59) to head (02570ca).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2580      +/-   ##
==========================================
+ Coverage   30.88%   35.92%   +5.03%     
==========================================
  Files         595      755     +160     
  Lines       89547   105183   +15636     
  Branches     4912     4883      -29     
==========================================
+ Hits        27661    37785   +10124     
- Misses      61580    65651    +4071     
- Partials      306     1747    +1441     

see 762 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Router image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-a8e43d0c326d55fc48a58932eba52438002a6879

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

.github/workflows/router-ci.yaml (1)

68-70: Finish migration in this workflow to remove remaining duplicate dirty-check logic.

Nice update for build_test_fork, but build_test still uses inline git diff at Line 160-Line 161. Replacing that step with the same reusable action will keep behavior consistent across both jobs and avoid drift.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/router-ci.yaml around lines 68 - 70, The build_test job
still uses inline git-diff logic (the inline `git diff` step at the build_test
job) while build_test_fork was migrated to the reusable action
`.github/actions/git-dirty-check`; replace the inline git diff step in the
build_test job with the reusable action invocation (same `uses:
./.github/actions/git-dirty-check` and `with: package-name: router`) so both
jobs call the same `git-dirty-check` action and remove the duplicate inline
logic.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/actions/git-dirty-check/action.yaml:
- Line 19: Update the PR-facing failure message string that currently reads
"uncommited changes" to the correct spelling "uncommitted changes" (the comment
referencing ${{ inputs.package-name }} - uncommited changes) so automated
comments use the correct word; search for the exact phrase "uncommited" in the
action.yaml and replace it with "uncommitted".

In @.github/workflows/cli-ci.yaml:
- Around line 40-43: The workflow references the local reusable action via
"uses: ./.github/actions/git-dirty-check" but the pull_request path filters
don't include that action, so changes to it won't trigger the workflow; update
the workflow's pull_request paths to include
".github/actions/git-dirty-check/**" (and do the same for any other workflows
that use "uses: ./.github/actions/git-dirty-check") so edits to the action
itself will run the CI when PRs touch the action code.

In @.github/workflows/graphqlmetrics-ci.yaml:
- Around line 49-51: The pull_request.paths filter omits the reusable action
directory used by the workflow; update the workflow's pull_request.paths to
include the action path './.github/actions/git-dirty-check' (or the encompassing
directory like '.github/actions/**' if consistent with other workflows) so
changes to the custom action will trigger this CI; locate the string
'./.github/actions/git-dirty-check' in the workflow and add the matching path
entry near the existing pull_request.paths entries.

In @.github/workflows/studio-ci.yaml:
- Around line 46-48: The workflow currently uses a local action
(git-dirty-check) but the pull_request trigger’s path filters don’t include
changes to the action itself; update the workflow’s pull_request.paths block to
add '.github/actions/git-dirty-check/**' so edits to the local action trigger
the workflow, locating the pull_request trigger and the uses:
./.github/actions/git-dirty-check entry to make this change.

---

Nitpick comments:
In @.github/workflows/router-ci.yaml:
- Around line 68-70: The build_test job still uses inline git-diff logic (the
inline `git diff` step at the build_test job) while build_test_fork was migrated
to the reusable action `.github/actions/git-dirty-check`; replace the inline git
diff step in the build_test job with the reusable action invocation (same `uses:
./.github/actions/git-dirty-check` and `with: package-name: router`) so both
jobs call the same `git-dirty-check` action and remove the duplicate inline
logic.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between abfe4b5 and 0729bf5.

📒 Files selected for processing (11)

• .github/actions/git-dirty-check/action.yaml
• .github/workflows/aws-lambda-router-ci.yaml
• .github/workflows/cli-ci.yaml
• .github/workflows/composition-ci.yaml
• .github/workflows/connect-go-ci.yaml
• .github/workflows/controlplane-ci.yaml
• .github/workflows/graphqlmetrics-ci.yaml
• .github/workflows/playground-ci.yaml
• .github/workflows/protographic.yaml
• .github/workflows/router-ci.yaml
• .github/workflows/studio-ci.yaml

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)

.github/workflows/protographic.yaml (1)

4-7: ⚠️ Potential issue | 🟡 Minor

Add .github/actions/git-dirty-check/** to path filters.

The workflow depends on the git-dirty-check action (lines 32-34), but changes to the action won't trigger this workflow.

Suggested patch

 on:
   pull_request:
     paths:
       - 'pnpm-lock.yaml'
       - "protographic/**/*"
       - ".github/workflows/protographic.yaml"
+      - ".github/actions/git-dirty-check/**"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/protographic.yaml around lines 4 - 7, The workflow's path
filters don't include changes to the local action used for git-dirty-check, so
edits to that action won't trigger the workflow; update the paths list in the
protographic.yaml workflow to include the directory for the local action (add
'.github/actions/git-dirty-check/**') so that changes under that action (used in
the workflow steps referencing git-dirty-check) will trigger the workflow run.

.github/workflows/playground-ci.yaml (1)

4-7: ⚠️ Potential issue | 🟡 Minor

Add .github/actions/git-dirty-check/** to path filters.

The workflow now depends on the git-dirty-check action (lines 32-34), but changes to the action won't trigger this workflow. Add the action path to ensure CI runs when the action is modified.

Suggested patch

 on:
   pull_request:
     paths:
       - 'pnpm-lock.yaml'
       - 'playground/**/*'
       - '.github/workflows/playground-ci.yaml'
+      - '.github/actions/git-dirty-check/**'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/playground-ci.yaml around lines 4 - 7, The workflow's path
filters omit the custom action directory so changes to
.github/actions/git-dirty-check won't trigger the CI; update the paths array in
the playground-ci.yaml (the top-level paths list) to include
'.github/actions/git-dirty-check/**' alongside the existing entries so that
modifications to that action cause the workflow to run.

.github/workflows/composition-ci.yaml (1)

3-10: ⚠️ Potential issue | 🟡 Minor

Add .github/actions/git-dirty-check/** to path filters.

The workflow depends on the git-dirty-check action (lines 41-43), but changes to the action won't trigger this workflow.

Suggested patch

 on:
   pull_request:
     paths:
       - 'pnpm-lock.yaml'
       - "composition/**/*"
       - "composition-go/**/*"
       # composition-go uses code from shared/
       - "shared/**/*"
       - ".github/workflows/composition-ci.yaml"
+      - ".github/actions/git-dirty-check/**"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/composition-ci.yaml around lines 3 - 10, The pull_request
path filters in the pull_request.paths block are missing the custom action
directory used by the workflow (the git-dirty-check action), so edits to
.github/actions/git-dirty-check/** won't trigger the workflow; update the
pull_request.paths list to include ".github/actions/git-dirty-check/**" so
changes to that action will cause the workflow to run (locate the
pull_request.paths block and the step that uses the git-dirty-check action to
confirm placement).

.github/workflows/aws-lambda-router-ci.yaml (1)

3-7: ⚠️ Potential issue | 🟡 Minor

Add .github/actions/git-dirty-check/** to path filters.

The workflow depends on the git-dirty-check action (lines 37-39), but changes to the action won't trigger this workflow.

Suggested patch

 on:
   pull_request:
     paths:
       - "aws-lambda-router/**/*"
       - "router-tests/**/*"
       - ".github/workflows/aws-lambda-router-ci.yaml"
+      - ".github/actions/git-dirty-check/**"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/aws-lambda-router-ci.yaml around lines 3 - 7, The
workflow's pull_request.paths filter is missing the git-dirty-check action so
changes to that action won't trigger the workflow; update the pull_request.paths
list (the YAML key pull_request.paths in the workflow) to include the pattern
".github/actions/git-dirty-check/**" so modifications to the git-dirty-check
action directory will trigger the aws-lambda-router-ci workflow.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/actions/git-dirty-check/action.yaml:
- Around line 23-25: Update the remediation message in the GitHub Action config
to remove or replace the invalid "make format ${{ inputs.package-name }}"
suggestion: locate the remediation string that currently lists "* Formatting
drift, fix with `make format ${{ inputs.package-name }}`" in action.yaml and
either delete that line or replace it with package-specific valid commands
(e.g., mention running the repository's actual formatter such as "prettier
--write" for protographic or appropriate linter/format targets per package) so
the remediation message no longer points to a non-existent Makefile target.

---

Outside diff comments:
In @.github/workflows/aws-lambda-router-ci.yaml:
- Around line 3-7: The workflow's pull_request.paths filter is missing the
git-dirty-check action so changes to that action won't trigger the workflow;
update the pull_request.paths list (the YAML key pull_request.paths in the
workflow) to include the pattern ".github/actions/git-dirty-check/**" so
modifications to the git-dirty-check action directory will trigger the
aws-lambda-router-ci workflow.

In @.github/workflows/composition-ci.yaml:
- Around line 3-10: The pull_request path filters in the pull_request.paths
block are missing the custom action directory used by the workflow (the
git-dirty-check action), so edits to .github/actions/git-dirty-check/** won't
trigger the workflow; update the pull_request.paths list to include
".github/actions/git-dirty-check/**" so changes to that action will cause the
workflow to run (locate the pull_request.paths block and the step that uses the
git-dirty-check action to confirm placement).

In @.github/workflows/playground-ci.yaml:
- Around line 4-7: The workflow's path filters omit the custom action directory
so changes to .github/actions/git-dirty-check won't trigger the CI; update the
paths array in the playground-ci.yaml (the top-level paths list) to include
'.github/actions/git-dirty-check/**' alongside the existing entries so that
modifications to that action cause the workflow to run.

In @.github/workflows/protographic.yaml:
- Around line 4-7: The workflow's path filters don't include changes to the
local action used for git-dirty-check, so edits to that action won't trigger the
workflow; update the paths list in the protographic.yaml workflow to include the
directory for the local action (add '.github/actions/git-dirty-check/**') so
that changes under that action (used in the workflow steps referencing
git-dirty-check) will trigger the workflow run.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0729bf5 and cfbbd1f.

📒 Files selected for processing (11)

• .github/actions/git-dirty-check/action.yaml
• .github/workflows/aws-lambda-router-ci.yaml
• .github/workflows/cli-ci.yaml
• .github/workflows/composition-ci.yaml
• .github/workflows/connect-go-ci.yaml
• .github/workflows/controlplane-ci.yaml
• .github/workflows/graphqlmetrics-ci.yaml
• .github/workflows/playground-ci.yaml
• .github/workflows/protographic.yaml
• .github/workflows/router-ci.yaml
• .github/workflows/studio-ci.yaml

🚧 Files skipped from review as they are similar to previous changes (4)

• .github/workflows/router-ci.yaml
• .github/workflows/studio-ci.yaml
• .github/workflows/connect-go-ci.yaml
• .github/workflows/controlplane-ci.yaml

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/router-ci.yaml (1)

160-161: ⚠️ Potential issue | 🟠 Major

Inconsistent: build_test job still uses inline git diff instead of the reusable action.

The build_test_fork job (line 68-70) uses the new git-dirty-check action, but this build_test job retains the inline git diff --no-ext-diff --exit-code. This inconsistency means:

• External contributors (fork) get helpful PR comments on dirty state
• Organization members (this job) do not

Replace this with the reusable action for consistency.

Suggested patch

-      - name: Check if git is not dirty after generating files
-        run: git diff --no-ext-diff --exit-code
+      - uses: ./.github/actions/git-dirty-check
+        with:
+          package-name: router

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/router-ci.yaml around lines 160 - 161, Replace the inline
git diff call in the build_test job with the reusable git-dirty-check action to
match build_test_fork; specifically, remove the run: git diff --no-ext-diff
--exit-code step inside the build_test job and invoke the reusable action used
by build_test_fork (the git-dirty-check reusable workflow) with the same
inputs/permissions so both jobs use the same check and produce PR comments for
dirty state.

🧹 Nitpick comments (1)

.github/actions/git-dirty-check/action.yaml (1)

27-28: Minor: Redundant condition check.

The condition success() && steps.git-dirty-check.outcome == 'success' is redundant since success() already evaluates to false if any prior step (including git-dirty-check) failed. You can simplify to just if: success() or keep the explicit check for clarity—either works.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/actions/git-dirty-check/action.yaml around lines 27 - 28, The if
condition on the marocchino/sticky-pull-request-comment@v2 step redundantly
checks both success() and steps.git-dirty-check.outcome == 'success'; simplify
it by removing the duplicate outcome check and use just if: success() (or, if
you prefer explicitness, keep only steps.git-dirty-check.outcome == 'success'),
updating the step that references the git-dirty-check step and the uses entry to
reflect this single simplified condition.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/aws-lambda-router-ci.yaml:
- Around line 37-39: The workflow's pull_request trigger is missing the reusable
action directory so changes under .github/actions/git-dirty-check/** won't
trigger the workflow; update the pull_request.paths section in the
aws-lambda-router-ci.yaml to include the action path (add
".github/actions/git-dirty-check/**") so modifications to the git-dirty-check
action used by the job (the uses entry ".github/actions/git-dirty-check") will
cause the workflow to run.

In @.github/workflows/composition-ci.yaml:
- Around line 41-43: The workflow uses the reusable action
./.github/actions/git-dirty-check but the pull_request.paths trigger doesn't
include that action directory; update the pull_request.paths array to include
".github/actions/**" or specifically ".github/actions/git-dirty-check/**" so the
workflow will trigger when the action code changes, ensuring the reusable action
path is covered by the trigger.

In @.github/workflows/protographic.yaml:
- Around line 32-34: The workflow uses the reusable action path
"./.github/actions/git-dirty-check" but that path is not included under the
workflow's pull_request.paths filter; add the action directory path to the
pull_request.paths array so changes to .github/actions/git-dirty-check will
trigger this workflow. Locate the pull_request.paths section in the protographic
workflow and append "./.github/actions/git-dirty-check" (or the equivalent
relative path) to the list so updates to the git-dirty-check action are picked
up.

In @.github/workflows/router-ci.yaml:
- Around line 68-70: Add the reusable action path
(./.github/actions/git-dirty-check) to the workflow's pull_request.paths so
changes to that custom action will trigger this workflow; update the workflow's
pull_request.paths list to include "./.github/actions/git-dirty-check" alongside
existing paths referenced for the router job (refer to the uses entry
".github/actions/git-dirty-check" in the workflow to locate the correct action
to add).

---

Outside diff comments:
In @.github/workflows/router-ci.yaml:
- Around line 160-161: Replace the inline git diff call in the build_test job
with the reusable git-dirty-check action to match build_test_fork; specifically,
remove the run: git diff --no-ext-diff --exit-code step inside the build_test
job and invoke the reusable action used by build_test_fork (the git-dirty-check
reusable workflow) with the same inputs/permissions so both jobs use the same
check and produce PR comments for dirty state.

---

Nitpick comments:
In @.github/actions/git-dirty-check/action.yaml:
- Around line 27-28: The if condition on the
marocchino/sticky-pull-request-comment@v2 step redundantly checks both success()
and steps.git-dirty-check.outcome == 'success'; simplify it by removing the
duplicate outcome check and use just if: success() (or, if you prefer
explicitness, keep only steps.git-dirty-check.outcome == 'success'), updating
the step that references the git-dirty-check step and the uses entry to reflect
this single simplified condition.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cfbbd1f and e85444f.

📒 Files selected for processing (11)

• .github/actions/git-dirty-check/action.yaml
• .github/workflows/aws-lambda-router-ci.yaml
• .github/workflows/cli-ci.yaml
• .github/workflows/composition-ci.yaml
• .github/workflows/connect-go-ci.yaml
• .github/workflows/controlplane-ci.yaml
• .github/workflows/graphqlmetrics-ci.yaml
• .github/workflows/playground-ci.yaml
• .github/workflows/protographic.yaml
• .github/workflows/router-ci.yaml
• .github/workflows/studio-ci.yaml

🚧 Files skipped from review as they are similar to previous changes (4)

• .github/workflows/cli-ci.yaml
• .github/workflows/playground-ci.yaml
• .github/workflows/connect-go-ci.yaml
• .github/workflows/controlplane-ci.yaml

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/actions/git-dirty-check/action.yaml:
- Around line 13-26: The workflow uses a hardcoded sticky-comment header
"git-dirty-check" and a literal "<package-name>" in the message which causes
comment races and unclear guidance; update the sticky comment header and message
to be unique per workflow/package (e.g., include variables like github.workflow,
matrix.package or an env var) so the "header:" passed to
marocchino/sticky-pull-request-comment@v2 is distinct for each run, and replace
the "<package-name>" placeholder in the "message:" text with the actual package
identifier variable used by the workflow (so formatting/generate hints point to
the specific module); touch the two fields named header and message and ensure
the conditional still references steps.git-dirty-check.outcome.
- Around line 7-9: The current git-dirty-check step (id: git-dirty-check) uses
"git diff --no-ext-diff --exit-code", which ignores untracked files; change the
run command to use "git status --porcelain --untracked-files=all" and make the
step fail if that command produces any output (i.e., treat any non-empty output
as a dirty working tree). Update the action's run script for the git-dirty-check
step to run the git status command and exit non-zero when its output is
non-empty so both tracked changes and untracked files are detected.

In `@proto/wg/cosmo/platform/v1/platform.proto`:
- Line 13: The proto change adds an unrelated public field to the Label message;
remove the newly added field declaration (the bool field named OK on message
Label) so the Label schema remains unchanged in this PR, and if this change is
intended open a separate API/schema PR that updates consumers and generated
code; also regenerate any generated artifacts only in that dedicated PR rather
than here.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e85444f and 7166817.

📒 Files selected for processing (12)

• .github/actions/git-dirty-check/action.yaml
• .github/workflows/aws-lambda-router-ci.yaml
• .github/workflows/cli-ci.yaml
• .github/workflows/composition-ci.yaml
• .github/workflows/connect-go-ci.yaml
• .github/workflows/controlplane-ci.yaml
• .github/workflows/graphqlmetrics-ci.yaml
• .github/workflows/playground-ci.yaml
• .github/workflows/protographic.yaml
• .github/workflows/router-ci.yaml
• .github/workflows/studio-ci.yaml
• proto/wg/cosmo/platform/v1/platform.proto

🚧 Files skipped from review as they are similar to previous changes (4)

• .github/workflows/playground-ci.yaml
• .github/workflows/aws-lambda-router-ci.yaml
• .github/workflows/router-ci.yaml
• .github/workflows/controlplane-ci.yaml

[coderabbitai]

♻️ Duplicate comments (2)

.github/workflows/composition-ci.yaml (1)

3-10: ⚠️ Potential issue | 🟡 Minor

Add the reusable action path to workflow triggers.

Since Line 41 uses a local action (./.github/actions/git-dirty-check), pull_request.paths should include that action directory; otherwise action-only changes won’t run this workflow.

Suggested patch

 on:
   pull_request:
     paths:
       - 'pnpm-lock.yaml'
       - "composition/**/*"
       - "composition-go/**/*"
       # composition-go uses code from shared/
       - "shared/**/*"
       - ".github/workflows/composition-ci.yaml"
+      - ".github/actions/git-dirty-check/**"

Also applies to: 41-41

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/composition-ci.yaml around lines 3 - 10, The workflow's
pull_request.paths list is missing the local reusable action directory used
later (./.github/actions/git-dirty-check), so update the pull_request.paths in
composition-ci.yaml to include the action directory (e.g., add
'.github/actions/git-dirty-check' or '.github/actions/**') so changes to that
action trigger the workflow; modify the pull_request.paths block that currently
lists 'pnpm-lock.yaml', 'composition/**/*', 'composition-go/**/*',
'shared/**/*', and '.github/workflows/composition-ci.yaml' to also include the
action path.

.github/workflows/protographic.yaml (1)

32-32: ⚠️ Potential issue | 🟡 Minor

Add the reusable action directory to pull_request.paths.

This workflow now relies on ./.github/actions/git-dirty-check, but changes to that action won’t trigger this CI due to the current path filter.

Suggested patch

 on:
   pull_request:
     paths:
       - 'pnpm-lock.yaml'
       - "protographic/**/*"
       - ".github/workflows/protographic.yaml"
+      - ".github/actions/git-dirty-check/**"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/protographic.yaml at line 32, Update the workflow's
pull_request.paths filter to include the reusable action directory so edits to
the action trigger CI; specifically, add the action path pattern (e.g.
'.github/actions/git-dirty-check' or a broader '.github/actions/**') to the
pull_request.paths list that currently filters files for the protographic
workflow, ensuring the existing uses: ./.github/actions/git-dirty-check entry is
covered.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/composition-ci.yaml:
- Around line 3-10: The workflow's pull_request.paths list is missing the local
reusable action directory used later (./.github/actions/git-dirty-check), so
update the pull_request.paths in composition-ci.yaml to include the action
directory (e.g., add '.github/actions/git-dirty-check' or '.github/actions/**')
so changes to that action trigger the workflow; modify the pull_request.paths
block that currently lists 'pnpm-lock.yaml', 'composition/**/*',
'composition-go/**/*', 'shared/**/*', and
'.github/workflows/composition-ci.yaml' to also include the action path.

In @.github/workflows/protographic.yaml:
- Line 32: Update the workflow's pull_request.paths filter to include the
reusable action directory so edits to the action trigger CI; specifically, add
the action path pattern (e.g. '.github/actions/git-dirty-check' or a broader
'.github/actions/**') to the pull_request.paths list that currently filters
files for the protographic workflow, ensuring the existing uses:
./.github/actions/git-dirty-check entry is covered.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7166817 and 38664aa.

📒 Files selected for processing (12)

• .github/actions/git-dirty-check/action.yaml
• .github/workflows/aws-lambda-router-ci.yaml
• .github/workflows/cli-ci.yaml
• .github/workflows/composition-ci.yaml
• .github/workflows/connect-go-ci.yaml
• .github/workflows/controlplane-ci.yaml
• .github/workflows/graphqlmetrics-ci.yaml
• .github/workflows/playground-ci.yaml
• .github/workflows/protographic.yaml
• .github/workflows/router-ci.yaml
• .github/workflows/studio-ci.yaml
• proto/wg/cosmo/platform/v1/platform.proto

🚧 Files skipped from review as they are similar to previous changes (7)

• .github/actions/git-dirty-check/action.yaml
• .github/workflows/playground-ci.yaml
• .github/workflows/controlplane-ci.yaml
• .github/workflows/cli-ci.yaml
• .github/workflows/graphqlmetrics-ci.yaml
• proto/wg/cosmo/platform/v1/platform.proto
• .github/workflows/router-ci.yaml

[pepol]

LGTM

[StarpTech]

Lgtm