feat(ci): move web checks to x workflow namepsace#4440
Conversation
📝 WalkthroughSummary by CodeRabbit
WalkthroughAdds a new Rust xtask-generated GitHub Actions workflow, "Web App Pr Checks," implemented in a new Changes
Sequence Diagram(s)Not applicable — changes are workflow/configuration generation rather than runtime request flows. Related PRs: None specified. Suggested labels: ci, xtask, github-actions Suggested reviewers: None specified. 🐰 A workflow reborn in Rust's embrace, 🚥 Pre-merge checks | ✅ 3 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (3 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@rust/cloud-storage/tools/xtask/src/workflows/web_app_check_main.rs`:
- Around line 137-145: The shared checkout() helper is leaving Git credentials
persisted for the rest of each job. Update checkout() in web_app_check_main.rs
so every actions/checkout use sets persist-credentials to false, and keep the
existing full_history fetch-depth behavior unchanged. Because all workflow jobs
call this helper, fixing Step::new(...).uses("actions","checkout",...) here will
apply the credential opt-out everywhere.
- Around line 22-46: Add a least-privilege permissions block to the workflow
returned by web_app_check_main so the generated GitHub Actions job does not
inherit broad GITHUB_TOKEN access. Update the Workflow builder in
web_app_check_main to explicitly set permissions, using contents: read as the
scope for this PR-check workflow, and keep the rest of the job setup unchanged.
- Around line 94-99: The Cycles workflow is still using a shallow checkout via
the `cycles()` job’s `checkout("Checkout", false)` step, which can break `biome
lint --changed` in CI. Update `cycles()` in `web_app_check_main.rs` to use a
full-history checkout like the other jobs that need git ancestry, so the base
ref/common ancestor is available during `cycles_import_check()`.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: d805ba7c-3d42-45d6-8e9d-b9aeeafe0613
📒 Files selected for processing (4)
.github/workflows/web-app-check-main.ymlrust/cloud-storage/tools/xtask/src/workflows/mod.rsrust/cloud-storage/tools/xtask/src/workflows/steps.rsrust/cloud-storage/tools/xtask/src/workflows/web_app_check_main.rs
No description provided.