Skip to content

[codex] Upload build env vars during init#2306

Merged
riderx merged 1 commit into
mainfrom
codex/build-init-ci-secrets
May 20, 2026
Merged

[codex] Upload build env vars during init#2306
riderx merged 1 commit into
mainfrom
codex/build-init-ci-secrets

Conversation

@riderx
Copy link
Copy Markdown
Member

@riderx riderx commented May 20, 2026

Summary (AI generated)

  • Added build-init CI secret upload prompts after iOS and Android credentials are saved.
  • Added GitHub Actions secret upload through gh and GitLab CI/CD variable upload through glab.
  • Added setup guidance when the matching CLI is missing or not authenticated, with a retry prompt before continuing.
  • Added focused CI secret helper coverage and included it in the CLI test suite.

Motivation (AI generated)

Users who finish build init have local signing credentials, but still need the same env vars in their git hosting CI/CD provider to run cloud builds from pipelines. This adds an assisted path directly at the end of onboarding while preserving explicit confirmation before overwriting existing remote values.

Business Impact (AI generated)

This reduces setup friction for native cloud builds, especially for users configuring GitHub Actions or GitLab CI. Easier CI setup should improve activation for Capgo native builds and reduce support around manually copying large signing env vars.

Test Plan (AI generated)

  • bun run cli:check
  • Commit hook: bun run cli:build && vue-tsc --noEmit
  • Verified PR is opened as draft so CI can run before review-ready state.

Generated with AI

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 20, 2026
edited
Loading

Warning

Rate limit exceeded

@riderx has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 1 minute and 13 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5a0e6aef-8926-4e3e-8ead-592a9394c2b6

📥 Commits

Reviewing files that changed from the base of the PR and between 7712cd5 and 925ab1a.

📒 Files selected for processing (7)
  • cli/package.json
  • cli/src/build/onboarding/android/types.ts
  • cli/src/build/onboarding/android/ui/app.tsx
  • cli/src/build/onboarding/ci-secrets.ts
  • cli/src/build/onboarding/types.ts
  • cli/src/build/onboarding/ui/app.tsx
  • cli/test/test-ci-secrets.mjs
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/build-init-ci-secrets

Comment @coderabbitai help to get the list of available commands and usage tips.

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 20, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedhusky@​9.1.71001006280100
Added@​capgo/​find-package-manager@​0.0.18691007584100
Addedis-wsl@​3.1.11001006980100
Addednode-forge@​1.4.0951001008770
Updated@​supabase/​supabase-js@​2.105.1 ⏵ 2.106.071 +1100100100100
Added@​types/​tmp@​0.2.61001007280100
Added@​types/​jsonwebtoken@​9.0.101001007381100
Added@​types/​qrcode@​1.5.61001007481100
Addedink-spinner@​5.0.01001007682100
Added@​types/​node-forge@​1.3.141001007682100
Added@​tanstack/​intent@​0.0.237710010098100
Added@​types/​react@​18.3.291001007988100
Added@​types/​prettyjson@​0.0.33991008680100
Addedprettyjson@​1.2.510010010080100
Added@​inkjs/​ui@​2.0.09910010081100
Addedopen@​11.0.010010010081100
Addedtmp@​0.2.510010010082100
Addedqrcode@​1.5.49910010082100
Addedgit-format-staged@​4.0.1961009483100
Addedtus-js-client@​4.3.1991009483100
Addedjsonwebtoken@​9.0.39910010084100
Updatedreact@​19.2.6 ⏵ 18.3.110010084 +196100
Added@​vercel/​ncc@​0.38.49910010085100
Updatedeslint@​10.2.1 ⏵ 9.39.48910010096100
Updatedtypescript@​6.0.3 ⏵ 5.9.3100100909690
Addedpartysocket@​1.1.1910010010094100
Added@​antfu/​eslint-config@​7.7.39710010095100
Added@​modelcontextprotocol/​sdk@​1.29.09910010095100
Addedink@​5.2.19810010096100

View full report

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 20, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@codspeed-hq
Copy link
Copy Markdown
Contributor

codspeed-hq Bot commented May 20, 2026

Merging this PR will not alter performance

✅ 43 untouched benchmarks
⏩ 2 skipped benchmarks1

Comparing codex/build-init-ci-secrets (925ab1a) with main (7712cd5)

Open in CodSpeed

Footnotes

  1. 2 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@riderx riderx marked this pull request as ready for review May 20, 2026 11:29
@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector Bot commented May 20, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@riderx riderx merged commit fda8acf into main May 20, 2026
57 of 58 checks passed
@riderx riderx deleted the codex/build-init-ci-secrets branch May 20, 2026 13:36
@WcaleNieWolny WcaleNieWolny mentioned this pull request May 21, 2026
Merged
7 tasks
WcaleNieWolny added a commit that referenced this pull request May 21, 2026
@WcaleNieWolny
fix(cli): offer CI secret upload only after a successful first build
a7fe3e0 
Following review of PR #2306, the build onboarding wizard now defers
GitHub Actions / GitLab CI secret upload until AFTER a build has been
successfully queued — rather than before. This prevents users from ending
up with orphan secrets in a repo whose build was never proven to work.

New ordering on both iOS and Android tracks:

  save credentials
    → ask-build
      ├─ user skips build  → exit (no secrets pushed)
      ├─ build request OK  → detecting-ci-secrets (if entries) → … → exit
      └─ build request err → exit (no secrets pushed)

All ci-secrets-* state transitions that previously fell back to ask-build
on skip / failure now route to build-complete instead, because by the
time those paths fire the build has already been dispatched.

bun.lock: workspace version bump from 7.104.0 → 7.108.2, picked up
mechanically by bun install (was stale on main).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@riderx