-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add auto deps version update workflow #2707
Add auto deps version update workflow #2707
Conversation
Warning Rate limit exceeded@vankichi has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 18 minutes and 40 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📝 Walkthrough📝 Walkthrough📝 Walkthrough📝 Walkthrough📝 WalkthroughWalkthroughThe changes involve modifications to the GitHub Actions workflow in Changes
Possibly related PRs
Suggested labels
Suggested reviewers
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
Deploying vald with Cloudflare Pages
|
[CHATOPS:HELP] ChatOps commands.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Outside diff range and nitpick comments (5)
.github/workflows/update-deps.yaml (3)
22-26
: LGTM: Context logging job is well-structured.The
dump-contexts-to-log
job is correctly set up and uses the latest version ofactions/checkout
, which is good practice. The custom action for dumping context can be valuable for debugging.Consider adding a comment explaining the purpose of the
dump-contexts-to-log
job and what kind of information it logs. This would improve the workflow's self-documentation.
27-40
: LGTM: Job setup and Git configuration are well-implemented.The
update-version
job is correctly configured with appropriate Git and GPG settings. Using a custom token and signing commits with GPG are good security practices.Consider using GitHub's built-in
${{ github.workspace }}
context variable instead of${GITHUB_WORKSPACE}
in the Git config command for consistency and to ensure it's always correctly expanded:git config --global --add safe.directory "${{ github.workspace }}"
🧰 Tools
🪛 actionlint
34-34: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting
(shellcheck)
53-64
: LGTM: PR creation is well-configured.The PR creation step is correctly implemented and includes all necessary details. Using a conditional check and a separate token for PR creation are good practices.
Consider adding more details to the PR body, such as a list of updated dependencies or a link to the workflow run. This can be achieved by using the
diff_output
suggested in the previous comment:body: | Automated pull request to update Dependencies. ### Changes: ```diff ${{ steps.check_diff.outputs.diff_output }}[Workflow run](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
This will provide more context in the PR, making it easier for reviewers to understand the changes. </blockquote></details> <details> <summary>Makefile.d/dependencies.mk (2)</summary><blockquote> `156-160`: **LGTM: New `update/buf` target added correctly** The new target for updating the buf version is implemented consistently with other similar targets in the file. It correctly fetches the latest release version from GitHub and writes it to the appropriate version file. Consider adding error handling to the curl command, similar to other targets in this file. For example: ```diff update/buf: - curl -fsSL https://api.github.com/repos/bufbuild/buf/releases/latest | grep -Po '"tag_name": "\K.*?(?=")' > $(ROOTDIR)/versions/BUF_VERSION + @{ \ + RESULT=$$(curl -fsSL https://api.github.com/repos/bufbuild/buf/releases/latest | grep -Po '"tag_name": "\K.*?(?=")'); \ + if [ -n "$$RESULT" ]; then \ + echo $$RESULT > $(ROOTDIR)/versions/BUF_VERSION; \ + else \ + echo "No version found for buf" >&2; \ + exit 1; \ + fi \ + }
This change would make the target more robust and consistent with other targets in the file.
201-205
: LGTM: Newupdate/usearch
target added correctlyThe new target for updating the usearch version is implemented consistently with other similar targets in the file. It correctly fetches the latest release version from GitHub and writes it to the appropriate version file.
Consider adding error handling to the curl command, similar to other targets in this file. For example:
update/usearch: - curl -fsSL https://api.github.com/repos/unum-cloud/usearch/releases/latest | grep -Po '"tag_name": "\K.*?(?=")' | sed 's/v//g' > $(ROOTDIR)/versions/USEARCH_VERSION + @{ \ + RESULT=$$(curl -fsSL https://api.github.com/repos/unum-cloud/usearch/releases/latest | grep -Po '"tag_name": "\K.*?(?=")' | sed 's/v//g'); \ + if [ -n "$$RESULT" ]; then \ + echo $$RESULT > $(ROOTDIR)/versions/USEARCH_VERSION; \ + else \ + echo "No version found for usearch" >&2; \ + exit 1; \ + fi \ + }This change would make the target more robust and consistent with other targets in the file.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (2)
- .github/workflows/update-deps.yaml (1 hunks)
- Makefile.d/dependencies.mk (4 hunks)
🧰 Additional context used
🪛 actionlint
.github/workflows/update-deps.yaml
34-34: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting
(shellcheck)
46-46: shellcheck reported issue in this script: SC2086:info:5:31: Double quote to prevent globbing and word splitting
(shellcheck)
🔇 Additional comments (4)
.github/workflows/update-deps.yaml (2)
16-20
: LGTM: Workflow name and triggers are well-defined.The workflow name clearly describes its purpose, and the trigger configuration allows for both manual and automated execution. The daily schedule ensures regular dependency checks, which is a good practice for maintaining up-to-date dependencies.
1-64
: Overall assessment: Well-implemented workflow with room for minor improvements.This GitHub Actions workflow for updating dependencies is well-structured and achieves its purpose effectively. It includes necessary steps such as checking out the repository, updating dependencies, checking for changes, and creating a pull request when needed. The use of GPG signing and a separate token for PR creation are good security practices.
The suggested improvements throughout the review are mainly focused on:
- Enhancing readability and self-documentation
- Addressing potential shell scripting issues
- Providing more context in the created pull requests
These changes will make the workflow more robust and easier to maintain in the long run. Great job on implementing this automated dependency update process!
🧰 Tools
🪛 actionlint
34-34: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting
(shellcheck)
46-46: shellcheck reported issue in this script: SC2086:info:5:31: Double quote to prevent globbing and word splitting
(shellcheck)
Makefile.d/dependencies.mk (2)
20-20
: LGTM: New dependencies added correctlyThe
update/buf
andupdate/usearch
targets have been appropriately added to theupdate/libs
target. They are placed in alphabetical order, maintaining the existing structure of the file.Also applies to: 42-42
Line range hint
1-305
: Overall assessment: Changes are well-implemented and consistentThe additions to the
Makefile.d/dependencies.mk
file effectively introduce support for updating two new dependencies: buf and usearch. The implementation is consistent with existing targets in the file, maintaining the overall structure and purpose of the Makefile.The suggested improvements for error handling in both new targets would further enhance the robustness of the update process, aligning them more closely with some of the more comprehensive targets in the file.
These changes contribute positively to the project's dependency management capabilities.
95d3fcd
to
aa86724
Compare
b25a165
to
f00d518
Compare
* 💚 Add auto deps version update workflow Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Update make commands Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Fix Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Add make permission Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Add labels Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Fix Signed-off-by: vankichi <kyukawa315@gmail.com> --------- Signed-off-by: vankichi <kyukawa315@gmail.com>
* 💚 Add auto deps version update workflow Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Update make commands Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Fix Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Add make permission Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Add labels Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Fix Signed-off-by: vankichi <kyukawa315@gmail.com> --------- Signed-off-by: vankichi <kyukawa315@gmail.com>
* 💚 Add auto deps version update workflow Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Update make commands Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Fix Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Add make permission Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Add labels Signed-off-by: vankichi <kyukawa315@gmail.com> * 💚 Fix Signed-off-by: vankichi <kyukawa315@gmail.com> --------- Signed-off-by: vankichi <kyukawa315@gmail.com>
Description
SSIA
Related Issue
Versions
Checklist
Special notes for your reviewer
Summary by CodeRabbit
New Features
buf
andusearch
tools.Chores