ci(cliproxyapi-plusplus): add golangci-lint configuration#1004
ci(cliproxyapi-plusplus): add golangci-lint configuration#1004KooshaPari wants to merge 7 commits intomainfrom
Conversation
…p-go Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…` lines Gitleaks identified multiple broken YAML patterns where `with:` keywords were concatenated to the end of `uses:` comment lines (e.g. `# v5with:`). Also fix step-level structure issues where `run:` / `env:` were misaligned. Affected workflows: ci, codeql, coderabbit-rate-limit-retry, docker-image, generate-sdks, pr-path-guard, pr-test-build, release-drafter, sast-quick, security-guard-hook-audit, alert-sync-issues, auto-merge, ci-rerun-flaky. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
CodeAnt AI is reviewing your PR. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the project's CI/CD pipeline by integrating golangci-lint for automated code quality checks. Additionally, it updates the package configuration to pin the package manager version, ensuring a more predictable and reproducible development environment for all contributors. Highlights
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
|
Warning Rate limit exceeded
To continue reviewing without waiting, purchase usage credits in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (28)
Note
|
codeant-ai
Bot
added
the
size:L
![codeant-ai[bot]](https://avatars.githubusercontent.com/in/646884?s=60&v=4){kind=small}
| - with: | ||
| fetch-depth: 0 | ||
| - name: Detect pkg/llmproxy/translator changes | ||
| id: changed-files | ||
| uses: tj-actions/changed-files@48d8f15b2aaa3d255ca5af3eba4870f807ce6b3c # v45with: | ||
| uses: tj-actions/changed-files@48d8f15b2aaa3d255ca5af3eba4870f807ce6b3c # v45 | ||
| with: | ||
| files: | | ||
| pkg/llmproxy/translator/** | ||
| - name: Fail when restricted paths change | ||
| if: steps.changed-files.outputs.any_changed == 'true' && !(startsWith(github.head_ref, 'feature/koosh-migrate') || startsWith(github.head_ref, 'feature/migrate-') || startsWith(github.head_ref, 'migrated/') || startsWith(github.head_ref, 'ci/fix-feature-koosh-migrate') || startsWith(github.head_ref, 'ci/fix-feature-migrate-') || startsWith(github.head_ref, 'ci/fix-migrated/') || startsWith(github.head_ref, 'ci/fix-feat-')) | ||
| run: | | ||
| - run: | | ||
| # Filter out whitelisted translator files (formatting-only and hotfix paths) |
There was a problem hiding this comment.
🔴 Architect Review — CRITICAL
The translator path guard job has structurally invalid steps: with: is an orphan step without a uses/run, and the "Fail when restricted paths change" step has only an if condition while the enforcement shell script has been moved into a separate, unnamed run step. This breaks the intended conditional execution and can cause workflow syntax errors or apply the guard unconditionally without the branch-based exemptions.
Suggestion: Attach with: to the checkout step and move the run: | shell script back under the named "Fail when restricted paths change" step together with its if: condition, then trigger a PR that touches pkg/llmproxy/translator/** to confirm the guard fails only on non-whitelisted branches and files.
Fix in Cursor | Fix in VSCode Claude
(Use Cmd/Ctrl + Click for best experience)
Prompt for AI Agent 🤖
This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/pr-path-guard.yml
**Line:** 18:29
**Comment:**
*CRITICAL: The translator path guard job has structurally invalid steps: `with:` is an orphan step without a `uses`/`run`, and the "Fail when restricted paths change" step has only an `if` condition while the enforcement shell script has been moved into a separate, unnamed `run` step. This breaks the intended conditional execution and can cause workflow syntax errors or apply the guard unconditionally without the branch-based exemptions.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix| uses: arduino/setup-task@{"message":"Not Found","documentation_url":"https://docs.github.com/rest/git/refs#get-a-reference","status":"404"} # v2 | ||
| with: | ||
| version: 3.x | ||
| repo-token: ${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
🔴 Architect Review — CRITICAL
The workflow uses an invalid action reference arduino/setup-task@{"message":"Not Found",...} for installing Task; this string is an API error payload, not a valid git ref, so every Task-based gate (quality-ci, quality-staged-check, fmt-check, test-smoke, etc.) will fail when the runner tries to resolve the action, preventing those quality checks from running.
Suggestion: Replace the placeholder with a valid pinned ref for arduino/setup-task (for example a stable tag or commit SHA) and add a quick task --version step so any future resolution failures surface clearly in CI.
Fix in Cursor | Fix in VSCode Claude
(Use Cmd/Ctrl + Click for best experience)
Prompt for AI Agent 🤖
This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/pr-test-build.yml
**Line:** 89:92
**Comment:**
*CRITICAL: The workflow uses an invalid action reference `arduino/setup-task@{"message":"Not Found",...}` for installing Task; this string is an API error payload, not a valid git ref, so every Task-based gate (`quality-ci`, `quality-staged-check`, `fmt-check`, `test-smoke`, etc.) will fail when the runner tries to resolve the action, preventing those quality checks from running.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix| title: "pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked"," | ||
| summary, |
There was a problem hiding this comment.
🔴 Architect Review — CRITICAL
Inside the GitHub Script step, output.title is set to a malformed JavaScript string literal ("pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked","), which has unbalanced quotes and is syntactically invalid. This causes the github.rest.checks.create call to throw at runtime so the CodeRabbit gate check cannot be published.
Suggestion: Restore a valid expression for output.title (for example title: pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked",) and optionally assert that checks.create succeeds (e.g., by catching and failing on errors) to ensure the gate status is reliably reported.
Fix in Cursor | Fix in VSCode Claude
(Use Cmd/Ctrl + Click for best experience)
Prompt for AI Agent 🤖
This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/coderabbit-rate-limit-retry.yml
**Line:** 173:174
**Comment:**
*CRITICAL: Inside the GitHub Script step, `output.title` is set to a malformed JavaScript string literal (`"pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked","`), which has unbalanced quotes and is syntactically invalid. This causes the `github.rest.checks.create` call to throw at runtime so the CodeRabbit gate check cannot be published.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix
| - name: Checkout | ||
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4- name: Initialize CodeQL | ||
| uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4with: | ||
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 |
There was a problem hiding this comment.
🔴 Architect Review — CRITICAL
The CodeQL workflow's analyze job has multiple step/job definitions merged into a single mapping: the "Checkout" and "Initialize CodeQL" actions are combined into one step with duplicate uses keys, and the skip-branch job configuration is partially inlined after the "Perform CodeQL Analysis" step. This breaks the intended job-level if logic and step structure, so the Go CodeQL analysis behavior for PRs/pushes is misconfigured.
Suggestion: Split checkout, CodeQL init, analysis, and the skip-branch variant into separate, well-formed jobs/steps (one uses per step, one if per job) and validate with act or a workflow linter that CodeQL runs for normal branches and is skipped only for the intended compatibility branch.
Fix in Cursor | Fix in VSCode Claude
(Use Cmd/Ctrl + Click for best experience)
Prompt for AI Agent 🤖
This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/codeql.yml
**Line:** 25:39
**Comment:**
*CRITICAL: The CodeQL workflow's `analyze` job has multiple step/job definitions merged into a single mapping: the "Checkout" and "Initialize CodeQL" actions are combined into one step with duplicate `uses` keys, and the skip-branch job configuration is partially inlined after the "Perform CodeQL Analysis" step. This breaks the intended job-level `if` logic and step structure, so the Go CodeQL analysis behavior for PRs/pushes is misconfigured.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix
|
CodeAnt AI finished reviewing your PR. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds the packageManager field to package.json. Feedback includes a recommendation to use a concrete version for npm to ensure Corepack compatibility, a note regarding a discrepancy between the PR description and the actual changes, and a reminder to synchronize the package-lock.json file.
| "oxlint-tsgolint": "^0.16.0" | ||
| } | ||
| }, | ||
| "packageManager": "npm@10" |
There was a problem hiding this comment.
The packageManager field should specify a concrete version (e.g., npm@10.9.2) rather than just a major version (npm@10). Corepack, which is the primary consumer of this field, requires a specific version to ensure reproducibility and may fail to resolve the package manager if a range or major version is provided.
| "packageManager": "npm@10" | |
| "packageManager": "npm@10.9.2" |
| "oxlint-tsgolint": "^0.16.0" | ||
| } | ||
| }, | ||
| "packageManager": "npm@10" |
There was a problem hiding this comment.
There is a discrepancy between the pull request title/description and the actual changes. The PR claims to add golangci-lint configuration and workflows, but the diff only shows the addition of the packageManager field to package.json. Please verify if the intended configuration files (such as .golangci.yml or GitHub Action workflows) were omitted from this commit.
| "oxlint-tsgolint": "^0.16.0" | ||
| } | ||
| }, | ||
| "packageManager": "npm@10" |
There was a problem hiding this comment.
The package-lock.json file is currently out of sync as it does not include the packageManager field added here. Running npm install will update the lockfile to reflect this change and ensure environment consistency.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| conclusion: pass ? "success" : "failure", | ||
| output: { | ||
| title: pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked", | ||
| title: "pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked"," |
There was a problem hiding this comment.
JavaScript ternary expression corrupted into broken string literal
High Severity
The title field was changed from a valid JavaScript ternary expression pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked" into a malformed string "pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked",". The outer double quotes cause the inner double quotes to prematurely terminate the string, resulting in a JavaScript syntax error that will crash the publishGate function every time it runs.
Reviewed by Cursor Bugbot for commit b00b205. Configure here.
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | ||
| name: Initialize CodeQL | ||
| uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 | ||
| with: |
There was a problem hiding this comment.
Checkout and CodeQL init merged into single step
High Severity
The Checkout step and Initialize CodeQL step have been merged into a single YAML mapping with duplicate name: and uses: keys. YAML uses the last value for duplicate keys, so only github/codeql-action/init runs — the actions/checkout step is silently dropped. CodeQL analysis will fail because no code is checked out.
Reviewed by Cursor Bugbot for commit b00b205. Configure here.
| fetch-depth: 0 | ||
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5with: | ||
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | ||
| - with: |
There was a problem hiding this comment.
Action with: parameters split into separate empty steps
High Severity
Multiple with: blocks were converted into separate steps (prefixed with - ) instead of being properties of their parent action steps. For example, actions/checkout and actions/setup-python in the semgrep job each lose their with: config (like fetch-depth: 0 and python-version). The same issue affects the secrets job's checkout. These orphaned - with: steps will cause YAML parse errors.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit b00b205. Configure here.
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4- name: Set up Go | ||
| uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5with: |
There was a problem hiding this comment.
Stop proxy run: separated from if: always() guard
Medium Severity
The "Stop proxy" step's run: block was split into a separate step (with - run:). The original step had name:, if: always(), and run: together — now the name: and if: always() are in an empty step, and the run: is in an unnamed step that won't inherit the if: always() condition. The proxy cleanup will be skipped when earlier steps fail, potentially leaking background processes. Same issue occurs in both provider-smoke-matrix and provider-smoke-matrix-cheapest jobs.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit b00b205. Configure here.
| - name: Fail when restricted paths change | ||
| if: steps.changed-files.outputs.any_changed == 'true' && !(startsWith(github.head_ref, 'feature/koosh-migrate') || startsWith(github.head_ref, 'feature/migrate-') || startsWith(github.head_ref, 'migrated/') || startsWith(github.head_ref, 'ci/fix-feature-koosh-migrate') || startsWith(github.head_ref, 'ci/fix-feature-migrate-') || startsWith(github.head_ref, 'ci/fix-migrated/') || startsWith(github.head_ref, 'ci/fix-feat-')) | ||
| run: | | ||
| - run: | |
There was a problem hiding this comment.
Path guard run: detached from conditional if: expression
High Severity
Two breakages in this workflow: (1) with: fetch-depth: 0 is split into its own step (- with:) separate from actions/checkout, so the checkout won't do a full fetch. (2) The run: block that checks for disallowed translator file changes is split from the step containing the if: condition, so the translator path guard script runs unconditionally on every push/PR, potentially failing CI even when no restricted files were changed.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit b00b205. Configure here.
| - name: Build docs | ||
| working-directory: docs | ||
| run: | | ||
| - run: | |
There was a problem hiding this comment.
Docs-build run: detached from working-directory setting
Medium Severity
The "Build docs" step's run: block was split into a separate step (- run:), detaching it from the working-directory: docs setting. The npm install and npm run docs:build commands will now execute in the repository root instead of the docs/ directory, causing them to fail because the docs package.json is not in the root.
Reviewed by Cursor Bugbot for commit b00b205. Configure here.
| branches: [main, master, develop] | ||
| schedule: | ||
| - cron: "0 2 * * *" | ||
| - cron: '17 * * * *' |
There was a problem hiding this comment.
SAST schedule changed from daily to hourly
Medium Severity
The SAST Full Analysis schedule cron was changed from "0 2 * * *" (daily at 2 AM) to '17 * * * *' (every hour at minute 17). This causes the full security analysis suite — including CodeQL, Trivy, Semgrep, and TruffleHog — to run 24 times more frequently than intended, wasting CI resources significantly.
Reviewed by Cursor Bugbot for commit b00b205. Configure here.
| branches: [main, master, develop] | ||
| pull_request: | ||
| branches: [main, master, develop] | ||
| branch_protection_rule: |
There was a problem hiding this comment.
OpenSSF Scorecard weekly schedule trigger silently removed
Medium Severity
The schedule trigger with its weekly cron ('17 3 * * 6') was removed entirely from the OpenSSF Scorecard workflow. The Scorecard is designed to run periodically to track security posture over time. Without scheduled runs, the scorecard score won't be updated during periods of inactivity, which could cause the project's OpenSSF badge to go stale or be lost.
Reviewed by Cursor Bugbot for commit b00b205. Configure here.
…` lines (batch 2) Fix broken YAML syntax where `with:` keywords were concatenated to `uses:` comment lines (e.g. `# v4with:`). Also fix step structure issues where `run:` / `env:` / `name:` prefixes were misaligned or missing. Affected workflows: auto-merge, ci-rerun-flaky, docs, journey-gate, pages-deploy, release-batch, release, sast-full, scorecard. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| fi | ||
| - name: Install Task | ||
| uses: arduino/setup-task@{"message":"Not Found","documentation_url":"https://docs.github.com/rest/git/refs#get-a-reference","status":"404"} # v2with: | ||
| uses: arduino/setup-task@{"message":"Not Found","documentation_url":"https://docs.github.com/rest/git/refs#get-a-reference","status":"404"} # v2 |
| fi | ||
| - name: Install Task | ||
| uses: arduino/setup-task@{"message":"Not Found","documentation_url":"https://docs.github.com/rest/git/refs#get-a-reference","status":"404"} # v2with: | ||
| uses: arduino/setup-task@{"message":"Not Found","documentation_url":"https://docs.github.com/rest/git/refs#get-a-reference","status":"404"} # v2 |
| cache: true | ||
| - name: Install Task | ||
| uses: arduino/setup-task@{"message":"Not Found","documentation_url":"https://docs.github.com/rest/git/refs#get-a-reference","status":"404"} # v2with: | ||
| uses: arduino/setup-task@{"message":"Not Found","documentation_url":"https://docs.github.com/rest/git/refs#get-a-reference","status":"404"} # v2 |
| cache: true | ||
| - name: Install Task | ||
| uses: arduino/setup-task@{"message":"Not Found","documentation_url":"https://docs.github.com/rest/git/refs#get-a-reference","status":"404"} # v2with: | ||
| uses: arduino/setup-task@{"message":"Not Found","documentation_url":"https://docs.github.com/rest/git/refs#get-a-reference","status":"404"} # v2 |
| cache: true | ||
| - name: Install Task | ||
| uses: arduino/setup-task@{"message":"Not Found","documentation_url":"https://docs.github.com/rest/git/refs#get-a-reference","status":"404"} # v2with: | ||
| uses: arduino/setup-task@{"message":"Not Found","documentation_url":"https://docs.github.com/rest/git/refs#get-a-reference","status":"404"} # v2 |
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
There are 12 total unresolved issues (including 10 from previous reviews).
Bugbot Autofix is ON, but it could not run because on-demand usage is turned off. To enable Bugbot Autofix, turn on on-demand usage and set a spend limit in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 9f684c9. Configure here.
| - name: Discover manifests | ||
| id: discover | ||
| run: | | ||
| - run: | |
There was a problem hiding this comment.
Discover step outputs lost due to step split
High Severity
The - run: | on line 108 creates a new step, separating the run: block from the id: discover on line 107. The discover step now has id but no run, while the manifest-finding logic runs in a nameless step whose outputs are invisible. Downstream steps referencing steps.discover.outputs.MANIFEST_LIST will get an empty value, breaking the entire journey gate pipeline. The same pattern on line 194 separates env:/run: from the if: condition on the Live verification step.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 9f684c9. Configure here.
| - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5with: | ||
| go-version: ">=1.26.0" | ||
| cache: true | ||
| - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 |
There was a problem hiding this comment.
Release batch lost checkout depth and Go config
Medium Severity
The checkout step lost its with: fetch-depth: 0 and the setup-go step lost its with: block containing go-version: ">=1.26.0" and cache: true. The release batch tool now runs with a shallow clone (potentially missing tags needed for versioning) and uses whatever Go version happens to be on the runner instead of the required >=1.26.0.
Reviewed by Cursor Bugbot for commit 9f684c9. Configure here.
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
| @@ -166,7 +170,7 @@ jobs: | |||
| status: "completed", | |||
| conclusion: pass ? "success" : "failure", | |||
There was a problem hiding this comment.
CRITICAL: JavaScript syntax error - mismatched quotes in title string
The line has invalid JavaScript due to quote mismatch. It should be:
| conclusion: pass ? "success" : "failure", | |
| title: pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked", |
| @@ -166,7 +170,7 @@ jobs: | |||
| status: "completed", | |||
There was a problem hiding this comment.
CRITICAL: JavaScript syntax error - ternary expression incorrectly wrapped in quotes
The entire ternary expression has been wrapped in quotes, making it a string literal instead of executable code. This will cause a JavaScript syntax error.
| status: "completed", | |
| title: pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked", |
Code Review SummaryStatus: 2 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)CRITICAL
Files Reviewed (9 files)
Reviewed by nemotron-3-super-120b-a12b-20230311:free · 497,691 tokens |
| conclusion: pass ? "success" : "failure", | ||
| output: { | ||
| title: pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked", | ||
| title: "pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked"," |
There was a problem hiding this comment.
CRITICAL: JavaScript syntax error - ternary expression incorrectly wrapped in quotes
The entire ternary expression has been wrapped in quotes, making it a string literal instead of executable code. This will cause a JavaScript syntax error.
| title: "pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked"," | |
| title: pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked", |
User description
Adds golangci-lint workflow and configuration for Go code quality enforcement.
Note
Medium Risk
Medium risk because it changes when and how CI/security/release workflows run (new push/PR triggers, concurrency, and deeper checkouts), which can increase load or accidentally block merges; there is also an apparent syntax error in
coderabbit-rate-limit-retry.ymlthat could break that workflow.Overview
Expands GitHub Actions coverage across branches and events. Most workflows now run on
pushandpull_requestformain/master/develop, and several workflows addconcurrencyto cancel superseded runs.Tightens CI/quality/security automation.
pr-test-build.ymladds/standardizes Go quality gates (includinggolangci-lint,staticcheck, Task-based checks, smoke tests, and artifacts), SAST workflows are updated to run more frequently and upload SARIF for CodeQL/Trivy/Semgrep/secret scans, and release/docs/docker/SDK generation workflows are adjusted with more explicitwith:blocks and deeper checkouts.Also sets
packageManager: "npm@10"inpackage.json, and introduces a likely broken string incoderabbit-rate-limit-retry.yml(output.title) that may prevent that workflow from running.Reviewed by Cursor Bugbot for commit 9f684c9. Bugbot is set up for automated code reviews on this repo. Configure here.
CodeAnt-AI Description
Fix broken CI workflows and expand them to run on common branches
What Changed
main,master, anddevelopImpact
✅ Fewer broken CI runs✅ Earlier feedback on pull requests✅ Clearer security scan coverage🔄 Retrigger CodeAnt AI Review
Details
💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.