Skip to content

feat(ci): move web checks to x workflow namepsace#4440

Merged
synoet merged 1 commit into
mainfrom
synoet/web-checks-x-task
Jul 1, 2026
Merged

feat(ci): move web checks to x workflow namepsace#4440
synoet merged 1 commit into
mainfrom
synoet/web-checks-x-task

Conversation

@synoet

@synoet synoet commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

No description provided.

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Summary by CodeRabbit

  • New Features
    • Added a new pull request check workflow for the web app, covering type checks, linting, styling, tests, dependency cycle checks, and builds.
    • The workflow now only runs the relevant checks when related files change, helping speed up feedback.
  • Chores
    • Updated workflow configuration formatting and pinned automation steps to specific revisions for consistency.

Walkthrough

Adds a new Rust xtask-generated GitHub Actions workflow, "Web App Pr Checks," implemented in a new web_app_check_main.rs module defining jobs for path filtering, TypeScript, Biome, Tailwind, tests, import-cycle checks, build, and a consolidated status check. The module is registered in the workflows aggregator's WORKFLOWS list, and a step helper (uses_local) visibility is widened to pub(crate). The corresponding web-app-check-main.yml is regenerated with normalized formatting and pinned action commit SHAs, preserving existing job logic and conditions.

Changes

Area Change
xtask workflows New web_app_check_main.rs defining workflow jobs, gating, and reusable step helpers; registered in mod.rs; uses_local visibility widened
CI workflow YAML web-app-check-main.yml regenerated with pinned SHAs, reformatted job definitions, updated status-check runner and echo text

Sequence Diagram(s)

Not applicable — changes are workflow/configuration generation rather than runtime request flows.

Related PRs: None specified.

Suggested labels: ci, xtask, github-actions

Suggested reviewers: None specified.

🐰 A workflow reborn in Rust's embrace,
Pinned SHAs lock each step in place,
Jobs gated by paths that changed,
Status checks now rearranged,
Hop, hop — the pipeline finds its pace.

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Description check ❓ Inconclusive No pull request description was provided, so there is no meaningful context to evaluate. Add a brief description of the CI/workflow changes and why they were made.
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title uses conventional-commit style and clearly matches the workflow CI changes.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@rust/cloud-storage/tools/xtask/src/workflows/web_app_check_main.rs`:
- Around line 137-145: The shared checkout() helper is leaving Git credentials
persisted for the rest of each job. Update checkout() in web_app_check_main.rs
so every actions/checkout use sets persist-credentials to false, and keep the
existing full_history fetch-depth behavior unchanged. Because all workflow jobs
call this helper, fixing Step::new(...).uses("actions","checkout",...) here will
apply the credential opt-out everywhere.
- Around line 22-46: Add a least-privilege permissions block to the workflow
returned by web_app_check_main so the generated GitHub Actions job does not
inherit broad GITHUB_TOKEN access. Update the Workflow builder in
web_app_check_main to explicitly set permissions, using contents: read as the
scope for this PR-check workflow, and keep the rest of the job setup unchanged.
- Around line 94-99: The Cycles workflow is still using a shallow checkout via
the `cycles()` job’s `checkout("Checkout", false)` step, which can break `biome
lint --changed` in CI. Update `cycles()` in `web_app_check_main.rs` to use a
full-history checkout like the other jobs that need git ancestry, so the base
ref/common ancestor is available during `cycles_import_check()`.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d805ba7c-3d42-45d6-8e9d-b9aeeafe0613

📥 Commits

Reviewing files that changed from the base of the PR and between 448a56f and 07fa7d8.

📒 Files selected for processing (4)
  • .github/workflows/web-app-check-main.yml
  • rust/cloud-storage/tools/xtask/src/workflows/mod.rs
  • rust/cloud-storage/tools/xtask/src/workflows/steps.rs
  • rust/cloud-storage/tools/xtask/src/workflows/web_app_check_main.rs

Comment thread rust/cloud-storage/tools/xtask/src/workflows/web_app_check_main.rs
Comment thread rust/cloud-storage/tools/xtask/src/workflows/web_app_check_main.rs
Comment thread rust/cloud-storage/tools/xtask/src/workflows/web_app_check_main.rs
@synoet synoet merged commit 20983b8 into main Jul 1, 2026
26 checks passed
@synoet synoet deleted the synoet/web-checks-x-task branch July 1, 2026 23:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant