Template update and use new skip duplicate check#47
Conversation
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis PR updates tooling, CI/workflow orchestration, template defaults, devcontainer setup, and many pinned dependency/version values; adds a check-skip-duplicates action and Pulumi preview-comment flow; and replaces manual repo sync with rsync in devcontainer helpers. Changes
Sequence Diagram(s)sequenceDiagram
participant Dev as Developer
participant GHA as GitHub Actions
participant Check as check-skip-duplicates
participant GHAPI as GitHub API (gh)
participant Pulumi as pulumi_ephemeral_deploy
participant PR as Pull Request
Dev->>GHA: push / workflow dispatch
GHA->>Check: invoke check-skip-duplicates
Check->>GHAPI: gh pr list --branch (check open PR)
alt open PR exists
Check-->>GHA: outputs.should-run = false
GHA->>GHA: skip downstream jobs
else no open PR
Check-->>GHA: outputs.should-run = true
GHA->>Pulumi: run pulumi_ephemeral_deploy (capture stdout)
Pulumi-->>GHA: captured stdout
alt SHOW_PREVIEW_COMMENT_ON_PR = true
GHA->>PR: post Pulumi preview comment with captured stdout
end
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~50 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 11
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (5)
.github/actions/update-devcontainer-hash/action.yml (1)
26-31: Verify actions/checkout@v6.0.1 compatibility (and pinning policy).Please confirm the tag is intended and compatible with your workflows. If your security policy requires SHA pinning, consider switching to a full commit SHA.
template/.github/workflows/hash_git_files.py (1)
57-70: Ensure directory-like entries still influence the hash.
SkippingIsADirectoryErrormeans a tracked symlink-to-dir only contributes its filename to the checksum, so changes to the link target won't update the devcontainer hash. If that's not intended, hash the symlink target or fail with a clear message.🔧 Possible fix (hash symlink target instead of skipping)
- except IsADirectoryError: - # Ignore symlinks that on windows sometimes get confused as being directories - continue + except IsADirectoryError: + # Symlink-to-dir on Windows: hash the link target to keep the checksum stable + if file_path.is_symlink(): + checksum = zlib.adler32( + str(file_path.readlink()).encode("utf-8"), checksum + ) + continue + raise.github/workflows/hash_git_files.py (1)
57-70: Symlink target changes won't update the devcontainer hash.When
IsADirectoryErroris caught (typically symlinks-to-directories on Windows), only the filename gets hashed; the symlink target path is ignored. This means changes to where a tracked symlink points won't trigger a devcontainer rebuild. Hash the symlink target or fail with a clear error if this detection is important.🔧 Possible fix (hash symlink target instead of skipping)
except IsADirectoryError: - # Ignore symlinks that on windows sometimes get confused as being directories - continue + # Symlink-to-dir on Windows: hash the link target to keep the checksum stable + if file_path.is_symlink(): + checksum = zlib.adler32( + str(file_path.readlink()).encode("utf-8"), checksum + ) + continue + raisetemplate/.github/workflows/ci.yaml.jinja (1)
35-67: Gate downstream jobs onshould-runoutputThe
check-skip-duplicatejob outputsshould-run, butpulumi-workflowdoesn't use it. Add anifcondition to gate the job:Example: gate pulumi-workflow on should-run
pulumi-workflow: uses: ./.github/workflows/pulumi-aws.yml needs: [ get-values, check-skip-duplicate ] + if: needs.check-skip-duplicate.outputs.should-run == 'true'Note:
lintdepends only onget-values, notcheck-skip-duplicate, so it cannot currently use theshould-runoutput without adding that dependency.extensions/context.py (1)
52-83: Addnode_versioncompatibility alias to prevent template rendering failuresThe template
template/.devcontainer/devcontainer.json.jinjareferences{{ node_version }}whentemplate_uses_javascriptis enabled. Currently, onlycontext["default_node_version"]is defined, so child templates that settemplate_uses_javascript = Truewill fail during template rendering due to the missing variable. Add the compatibility alias:context["node_version"] = context["default_node_version"]This ensures the Node feature configuration works correctly when child templates enable JavaScript support.
🤖 Fix all issues with AI agents
In @.devcontainer/install-ci-tooling.py:
- Around line 10-14: Normalize the version constant format so all package
version constants follow the same pattern: either include the "==" prefix in
each constant (UV_VERSION, PNPM_VERSION, COPIER_VERSION,
COPIER_TEMPLATE_EXTENSIONS_VERSION, PRE_COMMIT_VERSION) and keep usage sites
like f"copier{COPIER_VERSION}" and f"pre-commit{PRE_COMMIT_VERSION}", or remove
"==" from COPIER_* constants and update callers to add "==" where needed (e.g.,
change f"copier{COPIER_VERSION}" to f"copier=={COPIER_VERSION}"). Update the
constants and adjust the string interpolation at the usage sites to match the
chosen convention so all constants and usages are consistent.
In @.devcontainer/windows-host-helper.sh:
- Around line 30-33: Remove the redundant deletion of markdown files by deleting
the sudo rm -rf "./$repoName/*.md" line (it’s dead because sudo rm -rf
"./$repoName" already removes the directory), leaving sudo rm -rf "./$repoName"
followed by mkdir -p "./$repoName" and sudo chown -R "$(whoami):$(whoami)"
"./$repoName" intact to recreate and set ownership.
In @.github/workflows/pre-commit.yaml:
- Around line 72-79: Quote the PRE_COMMIT_EXIT_CODE variable to avoid
word-splitting (SC2086): assign it with PRE_COMMIT_EXIT_CODE="$?" instead of
PRE_COMMIT_EXIT_CODE=$?, and use the quoted form when exiting: exit
"$PRE_COMMIT_EXIT_CODE"; keep the echo line as a double-quoted string (echo
"Pre-commit failed with exit code $PRE_COMMIT_EXIT_CODE") and ensure any other
uses of PRE_COMMIT_EXIT_CODE in this block are similarly quoted.
In `@copier.yml`:
- Around line 35-36: Remove the extra blank line in copier.yml that violates the
YAML lint empty-lines rule by deleting the redundant blank row so the file no
longer contains consecutive/extra blank lines; update the file content to have a
single blank line where appropriate and run yamllint to confirm the empty-lines
warning is resolved.
In `@template/.devcontainer/windows-host-helper.sh`:
- Around line 30-33: The second remove command targeting "./$repoName/*.md" is
redundant because sudo rm -rf "./$repoName" already deletes the directory;
either delete that line entirely or move the md-specific removal before the full
directory removal if you intended to preserve the directory but clear markdown
files; update the script around the $repoName removal (the sudo rm -rf
"./$repoName" and sudo rm -rf "./$repoName/*.md" commands) so only the intended
deletion remains.
In `@template/.github/actions/check-skip-duplicates/action.yml`:
- Around line 12-44: The composite action step with id "check" currently calls
"gh pr list" and "jq" without verifying they exist; add preflight checks at the
start of the run block (before using GH_TOKEN/REF_NAME/REPO_NAME/EVENT_NAME) to
detect missing tools and fail fast with clear error messages and non-zero exit
codes. Specifically, test that the "gh" CLI and "jq" are in PATH (e.g., via
command -v or which) and if either is missing, echo a descriptive error to
stdout/stderr (mentioning which tool is missing) and exit 1 so the action
doesn't continue; keep the rest of the logic (the pr_json/jq parsing and setting
should_run output) unchanged once the checks pass.
In `@template/.github/actions/install_deps/action.yml`:
- Around line 60-68: Update the composite action YAML to document the breaking
changes introduced by the updated actions: add a clear comment near the uses
entries for setup-python@v6.1.0 and setup-node@v6.1.0 stating that setup-python
v6.1.0 targets Node 24 and requires GitHub Actions Runner v2.327.1+ and that
setup-node v6.1.0 removes npm "always-auth" support and changes caching
behavior; also note configure-aws-credentials v5.1.1 has no breaking changes;
ensure callers are advised to verify their runner version and to remove or
migrate any use of npm "always-auth" in workflows that set inputs.node-version /
inputs.python-version.
In `@template/.github/actions/pulumi_ephemeral_deploy/action.yml`:
- Around line 81-101: Add a blank line between the "Run CLI" step header and its
inline comment to satisfy YAML linting: edit the step with name "Run CLI" (uses
mathiasvr/command-output, id pulumi-run) and insert an empty line before the
comment that starts with "# apparently getting the stdout..." so there is
spacing between the key and the comment.
In `@template/.github/workflows/pre-commit.yaml`:
- Around line 72-79: The workflow's error handling should reliably quote the
PRE_COMMIT_EXIT_CODE variable; update the block that sets and checks
PRE_COMMIT_EXIT_CODE so that uses of the variable are quoted (e.g., in the echo
and exit calls) — locate the shell block where PRE_COMMIT_EXIT_CODE is assigned
and referenced (the pre-commit run -a || PRE_COMMIT_EXIT_CODE=$? section) and
change occurrences like echo "Pre-commit failed with exit code
$PRE_COMMIT_EXIT_CODE" and exit $PRE_COMMIT_EXIT_CODE to use quoted variable
expansions ("$PRE_COMMIT_EXIT_CODE").
In `@template/README.md.jinja`:
- Around line 1-15: Remove the Git merge conflict markers (<<<<<<<, =======,
>>>>>>>) in template/README.md.jinja, keep the updated static badge block (the
"after updating" section) instead of the old mixed/raw block, and ensure any
Jinja raw/endraw pairs ({% raw %} and {% endraw %}) are properly balanced around
the remaining badge URLs/placeholders (e.g., the GitHub repo_org_name/repo_name
usages) so no stray raw blocks remain.
In `@tests/copier_data/data1.yaml`:
- Around line 9-14: There are too many consecutive blank lines before the key
python_package_registry in tests/copier_data/data1.yaml; edit the file to
collapse consecutive empty lines to no more than two so that the yaml block
containing python_package_registry: PyPI has at most one or two blank lines
preceding it (remove the extra blank lines between the preceding content and the
python_package_registry entry).
♻️ Duplicate comments (2)
template/.github/actions/update-devcontainer-hash/action.yml (1)
26-31: Same verification as repo action: confirm actions/checkout@v6.0.1 usage and pinning.tests/copier_data/data2.yaml (1)
9-14: Reduce consecutive blank lines to satisfy YAMLlint.YAMLlint reports too many blank lines here; trim to at most two.
🔧 Suggested fix
use_windows_in_ci: true - - - - -python_package_registry: AWS CodeArtifact + +python_package_registry: AWS CodeArtifact
| UV_VERSION = "0.9.21" | ||
| PNPM_VERSION = "10.27.0" | ||
| COPIER_VERSION = "==9.11.0" | ||
| COPIER_TEMPLATE_EXTENSIONS_VERSION = "==0.3.3" | ||
| PRE_COMMIT_VERSION = "4.5.0" |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Version constant formatting is inconsistent with PRE_COMMIT_VERSION.
COPIER_VERSION and COPIER_TEMPLATE_EXTENSIONS_VERSION now embed == in the constant value, while PRE_COMMIT_VERSION (line 14) does not. This creates an inconsistency when constructing version specifiers:
- Line 79:
f"copier{COPIER_VERSION}"→copier==9.11.0 - Line 91:
f"pre-commit=={PRE_COMMIT_VERSION}"→pre-commit==4.5.0
Consider using a consistent format across all version constants to reduce cognitive overhead for future maintainers.
♻️ Suggested consistent format
Either embed == in all version constants:
-PRE_COMMIT_VERSION = "4.5.0"
+PRE_COMMIT_VERSION = "==4.5.0"And update line 91 to:
- f"pre-commit=={PRE_COMMIT_VERSION}",
+ f"pre-commit{PRE_COMMIT_VERSION}",Or remove == from COPIER_VERSION and COPIER_TEMPLATE_EXTENSIONS_VERSION and keep the current pattern at usage sites.
🤖 Prompt for AI Agents
In @.devcontainer/install-ci-tooling.py around lines 10 - 14, Normalize the
version constant format so all package version constants follow the same
pattern: either include the "==" prefix in each constant (UV_VERSION,
PNPM_VERSION, COPIER_VERSION, COPIER_TEMPLATE_EXTENSIONS_VERSION,
PRE_COMMIT_VERSION) and keep usage sites like f"copier{COPIER_VERSION}" and
f"pre-commit{PRE_COMMIT_VERSION}", or remove "==" from COPIER_* constants and
update callers to add "==" where needed (e.g., change f"copier{COPIER_VERSION}"
to f"copier=={COPIER_VERSION}"). Update the constants and adjust the string
interpolation at the usage sites to match the chosen convention so all constants
and usages are consistent.
| sudo rm -rf "./$repoName" || true | ||
| sudo rm -rf "./$repoName/*.md" | ||
| mkdir -p "./$repoName" | ||
| sudo chown -R "$(whoami):$(whoami)" "./$repoName" # TODO: see if this alone is enough to fix everything |
There was a problem hiding this comment.
Line 31 is dead code — the directory was already removed on line 30.
After sudo rm -rf "./$repoName" deletes the entire directory, sudo rm -rf "./$repoName/*.md" has no effect since the path no longer exists. This line should be removed.
🔧 Proposed fix
sudo rm -rf "./$repoName" || true
-sudo rm -rf "./$repoName/*.md"
mkdir -p "./$repoName"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| sudo rm -rf "./$repoName" || true | |
| sudo rm -rf "./$repoName/*.md" | |
| mkdir -p "./$repoName" | |
| sudo chown -R "$(whoami):$(whoami)" "./$repoName" # TODO: see if this alone is enough to fix everything | |
| sudo rm -rf "./$repoName" || true | |
| mkdir -p "./$repoName" | |
| sudo chown -R "$(whoami):$(whoami)" "./$repoName" # TODO: see if this alone is enough to fix everything |
🤖 Prompt for AI Agents
In @.devcontainer/windows-host-helper.sh around lines 30 - 33, Remove the
redundant deletion of markdown files by deleting the sudo rm -rf
"./$repoName/*.md" line (it’s dead because sudo rm -rf "./$repoName" already
removes the directory), leaving sudo rm -rf "./$repoName" followed by mkdir -p
"./$repoName" and sudo chown -R "$(whoami):$(whoami)" "./$repoName" intact to
recreate and set ownership.
| run: | | ||
| pre-commit run -a || PRE_COMMIT_EXIT_CODE=$? | ||
| if [ -n "$PRE_COMMIT_EXIT_CODE" ]; then | ||
| echo "Pre-commit failed with exit code $PRE_COMMIT_EXIT_CODE" | ||
| echo "Showing git diff:" | ||
| git --no-pager diff | ||
| exit $PRE_COMMIT_EXIT_CODE | ||
| fi |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Good improvement for debugging pre-commit failures.
Capturing the exit code and displaying git diff on failure will help diagnose formatting/linting issues in CI. One minor fix per static analysis:
🔧 Quote the exit code variable (SC2086)
- exit $PRE_COMMIT_EXIT_CODE
+ exit "$PRE_COMMIT_EXIT_CODE"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| run: | | |
| pre-commit run -a || PRE_COMMIT_EXIT_CODE=$? | |
| if [ -n "$PRE_COMMIT_EXIT_CODE" ]; then | |
| echo "Pre-commit failed with exit code $PRE_COMMIT_EXIT_CODE" | |
| echo "Showing git diff:" | |
| git --no-pager diff | |
| exit $PRE_COMMIT_EXIT_CODE | |
| fi | |
| run: | | |
| pre-commit run -a || PRE_COMMIT_EXIT_CODE=$? | |
| if [ -n "$PRE_COMMIT_EXIT_CODE" ]; then | |
| echo "Pre-commit failed with exit code $PRE_COMMIT_EXIT_CODE" | |
| echo "Showing git diff:" | |
| git --no-pager diff | |
| exit "$PRE_COMMIT_EXIT_CODE" | |
| fi |
🧰 Tools
🪛 actionlint (1.7.10)
72-72: shellcheck reported issue in this script: SC2086:info:6:8: Double quote to prevent globbing and word splitting
(shellcheck)
🤖 Prompt for AI Agents
In @.github/workflows/pre-commit.yaml around lines 72 - 79, Quote the
PRE_COMMIT_EXIT_CODE variable to avoid word-splitting (SC2086): assign it with
PRE_COMMIT_EXIT_CODE="$?" instead of PRE_COMMIT_EXIT_CODE=$?, and use the quoted
form when exiting: exit "$PRE_COMMIT_EXIT_CODE"; keep the echo line as a
double-quoted string (echo "Pre-commit failed with exit code
$PRE_COMMIT_EXIT_CODE") and ensure any other uses of PRE_COMMIT_EXIT_CODE in
this block are similarly quoted.
|
|
||
|
|
There was a problem hiding this comment.
Remove extra blank line to satisfy YAMLlint.
Line 36 exceeds the blank-line limit.
🧹 Proposed fix
@@
use_windows_in_ci:
type: bool
help: Should CI in the instantiated template also use Windows runners?
default: no
-
-
+
python_version:Based on static analysis, please address the empty-lines rule.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| use_windows_in_ci: | |
| type: bool | |
| help: Should CI in the instantiated template also use Windows runners? | |
| default: no | |
| python_version: |
🧰 Tools
🪛 YAMLlint (1.38.0)
[error] 36-36: too many blank lines (3 > 2)
(empty-lines)
🤖 Prompt for AI Agents
In `@copier.yml` around lines 35 - 36, Remove the extra blank line in copier.yml
that violates the YAML lint empty-lines rule by deleting the redundant blank row
so the file no longer contains consecutive/extra blank lines; update the file
content to have a single blank line where appropriate and run yamllint to
confirm the empty-lines warning is resolved.
| sudo rm -rf "./$repoName" || true | ||
| sudo rm -rf "./$repoName/*.md" | ||
| mkdir -p "./$repoName" | ||
| sudo chown -R "$(whoami):$(whoami)" "./$repoName" # TODO: see if this alone is enough to fix everything |
There was a problem hiding this comment.
Line 31 is ineffective after line 30.
Line 30 removes the entire $repoName directory, so line 31's attempt to remove *.md files within it will always match nothing (the directory was just deleted and recreated empty on line 32). This appears to be leftover from previous logic.
Suggested fix
sudo rm -rf "./$repoName" || true
-sudo rm -rf "./$repoName/*.md"
mkdir -p "./$repoName"
sudo chown -R "$(whoami):$(whoami)" "./$repoName" # TODO: see if this alone is enough to fix everything📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| sudo rm -rf "./$repoName" || true | |
| sudo rm -rf "./$repoName/*.md" | |
| mkdir -p "./$repoName" | |
| sudo chown -R "$(whoami):$(whoami)" "./$repoName" # TODO: see if this alone is enough to fix everything | |
| sudo rm -rf "./$repoName" || true | |
| mkdir -p "./$repoName" | |
| sudo chown -R "$(whoami):$(whoami)" "./$repoName" # TODO: see if this alone is enough to fix everything |
🤖 Prompt for AI Agents
In `@template/.devcontainer/windows-host-helper.sh` around lines 30 - 33, The
second remove command targeting "./$repoName/*.md" is redundant because sudo rm
-rf "./$repoName" already deletes the directory; either delete that line
entirely or move the md-specific removal before the full directory removal if
you intended to preserve the directory but clear markdown files; update the
script around the $repoName removal (the sudo rm -rf "./$repoName" and sudo rm
-rf "./$repoName/*.md" commands) so only the intended deletion remains.
| if: ${{ inputs.python-version != 'notUsing' }} | ||
| uses: actions/setup-python@v6.0.0 | ||
| uses: actions/setup-python@v6.1.0 | ||
| with: | ||
| python-version: ${{ env.PYTHON_VERSION }} | ||
|
|
||
| - name: Setup node | ||
| if: ${{ inputs.node-version != 'notUsing' }} | ||
| uses: actions/setup-node@v6.0.0 | ||
| uses: actions/setup-node@v6.1.0 | ||
| with: |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat template/.github/actions/install_deps/action.ymlRepository: LabAutomationAndScreening/copier-aws-organization
Length of output: 3520
🌐 Web query:
actions/setup-python v6.1.0 release notes breaking changes
💡 Result:
Summary of breaking changes affecting v6.1.0
-
The v6 line (including v6.1.0) upgraded the action runtime from Node 20 → Node 24. Runners must be GitHub Actions Runner v2.327.1 or later for compatibility. [1][2]
-
Dependency upgrade: urllib3 was bumped to 2.5.0 and the release documents urllib3 v2.x breaking changes that can affect consumers (see the release notes/docs linked in the changelog). [1]
Sources
- actions/setup-python releases (v6.1.0 / v6). [1]
- actions/setup-python README — “Breaking changes in V6”. [2]
🌐 Web query:
actions/setup-node v6.1.0 release notes breaking changes
💡 Result:
Summary — v6.1.0 breaking changes
- v6.1.0 removes handling of the deprecated npm "always-auth" configuration (you should remove any workflow reliance on that). (github.com)
Context (related v6 breaking changes)
- v6.0.0 introduced breaking changes around automatic caching (automatic npm caching behavior and documentation/workflow updates). (github.com)
Citations:
- 1: https://github.com/actions/setup-node/releases?utm_source=openai
- 2: https://github.com/actions/setup-node/releases?utm_source=openai
🌐 Web query:
aws-actions/configure-aws-credentials v5.1.1 release notes breaking changes
💡 Result:
There are no breaking changes listed for v5.1.1. The notable breaking change happened in v5.0.0 (cleanup of input handling which changed how invalid boolean inputs are treated). [1][2][3]
Sources:
- Release notes / changelog showing v5.0.0 breaking change (invalid-boolean input behavior). [1]
- v5.1.0 release notes (features/bugfixes) — no breaking changes listed. [2]
- Repository README / docs referencing v5.1.1. [3]
Document breaking changes in action versions.
The new versions introduce breaking changes:
- setup-python v6.1.0: Node 24 runtime (upgraded from v20); requires GitHub Actions Runner v2.327.1 or later
- setup-node v6.1.0: Removes deprecated npm "always-auth" support; automatic caching behavior changed
- configure-aws-credentials v5.1.1: No breaking changes
Confirm that workflows using this composite action meet the runner version requirement and do not rely on npm "always-auth" configuration. Consider adding a comment or release notes documenting these breaking changes for users.
Also applies to: 76-79
🤖 Prompt for AI Agents
In `@template/.github/actions/install_deps/action.yml` around lines 60 - 68,
Update the composite action YAML to document the breaking changes introduced by
the updated actions: add a clear comment near the uses entries for
setup-python@v6.1.0 and setup-node@v6.1.0 stating that setup-python v6.1.0
targets Node 24 and requires GitHub Actions Runner v2.327.1+ and that setup-node
v6.1.0 removes npm "always-auth" support and changes caching behavior; also note
configure-aws-credentials v5.1.1 has no breaking changes; ensure callers are
advised to verify their runner version and to remove or migrate any use of npm
"always-auth" in workflows that set inputs.node-version / inputs.python-version.
| - name: Run CLI | ||
| working-directory: ${{ github.workspace }}/${{ inputs.project-dir }} | ||
| run: uv run python -m ${{ inputs.deploy-script-module-name }}.${{ inputs.deploy-script-name }} --stack=${{ inputs.stack-name }} ${{ inputs.cli-action }} | ||
| shell: bash | ||
| # apparently getting the stdout is nigh impossible in GHA, so this action helps | ||
| uses: mathiasvr/command-output@34408ea3d0528273faff3d9e201761ae96106cd0 # ratchet:mathiasvr/command-output@v2.0.0 | ||
| id: pulumi-run | ||
| with: | ||
| # can't use working-directory with this action, so specifying it in the uv command | ||
| run: uv --directory ${{ github.workspace }}/${{ inputs.project-dir }} run python -m ${{ inputs.deploy-script-module-name }}.${{ inputs.deploy-script-name }} --stack=${{ inputs.stack-name }} ${{ inputs.cli-action }} | ||
| shell: bash | ||
|
|
||
| - name: Comment the Preview on the Pull Request | ||
| if: ${{ inputs.show-preview-comment-on-pr == 'true' }} | ||
| # pin this sha (v3.0.1) for extra security since this action has some permissions to write to the pull request comments | ||
| uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b | ||
| with: | ||
| message: | | ||
| :eyes: **Pulumi Preview for ${{ inputs.deploy-script-module-name }}:** :eyes: | ||
|
|
||
| ```bash | ||
| ${{ steps.pulumi-run.outputs.stdout }} | ||
| ``` | ||
| comment-tag: previewonpr-${{ inputs.deploy-script-module-name }} |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
LGTM - Good approach for capturing command output.
The refactor to use mathiasvr/command-output enables capturing stdout for the PR comment. Both actions are properly pinned to commit SHAs for security. The comment-tag ensures subsequent runs update the same comment rather than creating duplicates.
Minor: YAMLlint flagged line 83 for spacing before the comment. Consider adding a space:
- # apparently getting the stdout is nigh impossible in GHA, so this action helps
+ # apparently getting the stdout is nigh impossible in GHA, so this action helps📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Run CLI | |
| working-directory: ${{ github.workspace }}/${{ inputs.project-dir }} | |
| run: uv run python -m ${{ inputs.deploy-script-module-name }}.${{ inputs.deploy-script-name }} --stack=${{ inputs.stack-name }} ${{ inputs.cli-action }} | |
| shell: bash | |
| # apparently getting the stdout is nigh impossible in GHA, so this action helps | |
| uses: mathiasvr/command-output@34408ea3d0528273faff3d9e201761ae96106cd0 # ratchet:mathiasvr/command-output@v2.0.0 | |
| id: pulumi-run | |
| with: | |
| # can't use working-directory with this action, so specifying it in the uv command | |
| run: uv --directory ${{ github.workspace }}/${{ inputs.project-dir }} run python -m ${{ inputs.deploy-script-module-name }}.${{ inputs.deploy-script-name }} --stack=${{ inputs.stack-name }} ${{ inputs.cli-action }} | |
| shell: bash | |
| - name: Comment the Preview on the Pull Request | |
| if: ${{ inputs.show-preview-comment-on-pr == 'true' }} | |
| # pin this sha (v3.0.1) for extra security since this action has some permissions to write to the pull request comments | |
| uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b | |
| with: | |
| message: | | |
| :eyes: **Pulumi Preview for ${{ inputs.deploy-script-module-name }}:** :eyes: | |
| ```bash | |
| ${{ steps.pulumi-run.outputs.stdout }} | |
| ``` | |
| comment-tag: previewonpr-${{ inputs.deploy-script-module-name }} | |
| - name: Run CLI | |
| # apparently getting the stdout is nigh impossible in GHA, so this action helps | |
| uses: mathiasvr/command-output@34408ea3d0528273faff3d9e201761ae96106cd0 # ratchet:mathiasvr/command-output@v2.0.0 | |
| id: pulumi-run | |
| with: | |
| # can't use working-directory with this action, so specifying it in the uv command | |
| run: uv --directory ${{ github.workspace }}/${{ inputs.project-dir }} run python -m ${{ inputs.deploy-script-module-name }}.${{ inputs.deploy-script-name }} --stack=${{ inputs.stack-name }} ${{ inputs.cli-action }} | |
| shell: bash | |
| - name: Comment the Preview on the Pull Request | |
| if: ${{ inputs.show-preview-comment-on-pr == 'true' }} | |
| # pin this sha (v3.0.1) for extra security since this action has some permissions to write to the pull request comments | |
| uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b | |
| with: | |
| message: | | |
| :eyes: **Pulumi Preview for ${{ inputs.deploy-script-module-name }}:** :eyes: |
🧰 Tools
🪛 YAMLlint (1.38.0)
[warning] 83-83: too few spaces before comment: expected 2
(comments)
🤖 Prompt for AI Agents
In `@template/.github/actions/pulumi_ephemeral_deploy/action.yml` around lines 81
- 101, Add a blank line between the "Run CLI" step header and its inline comment
to satisfy YAML linting: edit the step with name "Run CLI" (uses
mathiasvr/command-output, id pulumi-run) and insert an empty line before the
comment that starts with "# apparently getting the stdout..." so there is
spacing between the key and the comment.
| run: | | ||
| pre-commit run -a || PRE_COMMIT_EXIT_CODE=$? | ||
| if [ -n "$PRE_COMMIT_EXIT_CODE" ]; then | ||
| echo "Pre-commit failed with exit code $PRE_COMMIT_EXIT_CODE" | ||
| echo "Showing git diff:" | ||
| git --no-pager diff | ||
| exit $PRE_COMMIT_EXIT_CODE | ||
| fi |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Same improvement as non-template version — consider quoting the variable.
The enhanced error handling mirrors .github/workflows/pre-commit.yaml. Apply the same optional fix:
🔧 Quote the exit code variable
- exit $PRE_COMMIT_EXIT_CODE
+ exit "$PRE_COMMIT_EXIT_CODE"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| run: | | |
| pre-commit run -a || PRE_COMMIT_EXIT_CODE=$? | |
| if [ -n "$PRE_COMMIT_EXIT_CODE" ]; then | |
| echo "Pre-commit failed with exit code $PRE_COMMIT_EXIT_CODE" | |
| echo "Showing git diff:" | |
| git --no-pager diff | |
| exit $PRE_COMMIT_EXIT_CODE | |
| fi | |
| run: | | |
| pre-commit run -a || PRE_COMMIT_EXIT_CODE=$? | |
| if [ -n "$PRE_COMMIT_EXIT_CODE" ]; then | |
| echo "Pre-commit failed with exit code $PRE_COMMIT_EXIT_CODE" | |
| echo "Showing git diff:" | |
| git --no-pager diff | |
| exit "$PRE_COMMIT_EXIT_CODE" | |
| fi |
🤖 Prompt for AI Agents
In `@template/.github/workflows/pre-commit.yaml` around lines 72 - 79, The
workflow's error handling should reliably quote the PRE_COMMIT_EXIT_CODE
variable; update the block that sets and checks PRE_COMMIT_EXIT_CODE so that
uses of the variable are quoted (e.g., in the echo and exit calls) — locate the
shell block where PRE_COMMIT_EXIT_CODE is assigned and referenced (the
pre-commit run -a || PRE_COMMIT_EXIT_CODE=$? section) and change occurrences
like echo "Pre-commit failed with exit code $PRE_COMMIT_EXIT_CODE" and exit
$PRE_COMMIT_EXIT_CODE to use quoted variable expansions
("$PRE_COMMIT_EXIT_CODE").
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
| python_package_registry: PyPI |
There was a problem hiding this comment.
Reduce consecutive blank lines to satisfy YAMLlint.
YAMLlint reports too many blank lines here; trim to at most two.
🔧 Suggested fix
use_windows_in_ci: false
-
-
-
-
-python_package_registry: PyPI
+
+python_package_registry: PyPI📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| python_package_registry: PyPI | |
| use_windows_in_ci: false | |
| python_package_registry: PyPI |
🧰 Tools
🪛 YAMLlint (1.38.0)
[error] 13-13: too many blank lines (5 > 2)
(empty-lines)
🤖 Prompt for AI Agents
In `@tests/copier_data/data1.yaml` around lines 9 - 14, There are too many
consecutive blank lines before the key python_package_registry in
tests/copier_data/data1.yaml; edit the file to collapse consecutive empty lines
to no more than two so that the yaml block containing python_package_registry:
PyPI has at most one or two blank lines preceding it (remove the extra blank
lines between the preceding content and the python_package_registry entry).
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@template/README.md.jinja`:
- Around line 1-5: The README template currently hard-codes links to the
template repository in the badge URLs, causing generated projects to show the
template repo instead of the target repo; update each badge link (the Actions
badge, Open in Dev Containers link, isitmaintained badge, and any GitHub repo
links) to use the template placeholders {{ repo_org_name }} and {{ repo_name }}
(e.g., replace LabAutomationAndScreening/copier-aws-organization with {{
repo_org_name }}/{{ repo_name }}) so generated READMEs point to the new
repository.
♻️ Duplicate comments (1)
template/README.md.jinja (1)
20-28: Fix unbalanced{% raw %}/{% endraw %}tokens (Jinja render break).Line 23 and Line 28 include
{% endraw %}without a matching{% raw %}, which will cause a Jinja syntax error. If the intent is to render the stack name, you can drop the raw markers entirely.🐛 Proposed fix
-uv run python -m aws_organization.lib.pulumi_deploy --stack={% endraw %}{{ pulumi_stack_name }}{% raw %} +uv run python -m aws_organization.lib.pulumi_deploy --stack={{ pulumi_stack_name }}-`copier update --trust --conflict rej --defaults`{% endraw %} +`copier update --trust --conflict rej --defaults`
zendern
force-pushed
the
template-update
branch
from
8c25ab3 to
6371627
Compare
|
@zendern - this ready to merge? |
2 participants
Link to Issue or Message thread
LabAutomationAndScreening/copier-base-template#123
Why is this change necessary?
Pull latest template and use new skip duplicate check to save on GHA minutes.
What side effects does this change have?
N/A
How is this change tested?
CI
Summary by CodeRabbit
New Features
Improvements
Bug Fixes
✏️ Tip: You can customize this high-level summary in your review settings.