Add automatic update action workflow#473
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughA new GitHub Actions workflow file Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
0425224 to
8fa9588
Compare
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/update.yml:
- Line 33: The workflow checkout is shallow, which can break the path-scoped git
history lookups used later by generate-stackbrew-library.sh for GitCommit and
the header link, causing stale or empty library/ghost metadata. Update the
initial actions/checkout step in the workflow to fetch full history by setting
fetch-depth to 0 so the script can read complete git history after the update
commit is created.
- Around line 135-145: The update-ghost flow can reach the commit step even when
the regenerated downstream file is unchanged, causing git commit to fail with
nothing to commit. In the workflow block around gh repo clone,
generate-stackbrew-library.sh, and the git commit/push sequence, add a check
after regenerating official-images/library/ghost to detect whether that file
changed; if it did not, exit early before creating the branch or committing. Use
the existing update-ghost branch/commit logic as the location to guard so the
force-push only runs when library/ghost actually differs.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: d5148ae4-bad3-4220-ba2a-b0b95638b200
📒 Files selected for processing (1)
.github/workflows/update.yml
8fa9588 to
dffdfa1
Compare
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/update.yml:
- Line 163: The PR body currently links to GITHUB_SHA, which can point to the
workflow-triggering commit instead of the generated update commit. Update the PR
body construction in the workflow step that builds the --body text to use the
current repository HEAD commit for the link instead of GITHUB_SHA, so the
generated update commit is the one referenced.
- Around line 50-63: Validate the dispatch-derived values in the workflow before
appending them to $GITHUB_OUTPUT. In the update.yml step that sets dry_run,
make_image_pr, and official_images_fork_repo, add checks to reject malformed
repository_dispatch inputs (especially newlines in fork_repo) and ensure
dry_run/make_image_pr are only accepted when they are valid boolean-like values.
Keep the output-writing block after validation so the later commit/PR logic in
this job only receives sanitized values.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 8d655cb1-d84c-44df-80fd-fd6bac6c9377
📒 Files selected for processing (1)
.github/workflows/update.yml
dffdfa1 to
e55ae5b
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/update.yml:
- Around line 33-35: The checkout step is still storing a push-capable
credential in git config, which can be reused by later steps unintentionally.
Update the `actions/checkout` usage in the workflow to set `persist-credentials:
false`, then make the commit/push step authenticate explicitly before calling
`git push` so only that step has push access.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 94ab8250-dd17-4f69-b9fc-d0c4b3720f2a
📒 Files selected for processing (1)
.github/workflows/update.yml
no ref This workflow can be triggered manually, as well as automatically via a repository_dispatch action in the TryGhost/Ghost repo itself. Replicates for the most part the behavior of the jenkins scripts used in Docker's Official Images infrastructure.
e55ae5b to
fb1893a
Compare
no ref
This workflow can be triggered manually, as well as automatically via a repository_dispatch action in the TryGhost/Ghost repo itself. Replicates for the most part the behavior of the jenkins scripts used in Docker's Official Images infrastructure.