Merge template

[t0mdavid-m]

Summary by CodeRabbit

• New Features

  • Added hardware resource monitoring in the sidebar, displaying CPU and RAM usage with live updates.
  • Introduced Docker Compose support for easier containerized deployment.
  • Automated dependency updates with Dependabot configuration.
  • Added new configuration options for enabling workspaces and test mode.

• Improvements

  • Enhanced workspace management with configurable directories and conditional UI.
  • Upgraded package versions for Streamlit and captcha; added psutil dependency.
  • Improved Windows installer build and versioning process.
  • Disabled Streamlit usage statistics collection for privacy.
  • Streamlined Dockerfile and removed unused Conda environment file.
  • Added dynamic app versioning and improved user environment setup in Windows build.
  • Initialized app settings from JSON on startup.

• Bug Fixes

  • Prevented creation of workspaces with empty names.
  • Improved handling of workspace parameters when workspaces are disabled.

• Chores

  • Updated .gitignore to exclude more temporary and environment-specific files.
  • Added placeholder and credential configuration files for Streamlit.
  • Added Dependabot configuration for automated dependency updates.

• Style

  • Minor code formatting and comment improvements for clarity.

[coderabbitai]

Walkthrough

This update introduces new configuration files for dependency management and containerization, refines Windows build workflows, and enhances application settings and resource monitoring. It removes the Conda environment file in favor of explicit Python dependency management, updates package versions, and improves workspace and hardware monitoring logic within the application.

Changes

File(s)	Change Summary
.github/dependabot.yml	Added Dependabot configuration for automated Python dependency updates.
.github/workflows/build-windows-executable-app.yaml, .github/workflows/test-win-exe-w-embed-py.yaml	Updated Windows build workflows: dynamic versioning, OpenMS CI file patch, Python setup action upgrade, WiX installer XML improvements, and new environment variable for UpgradeCode.
.gitignore	Added ignore patterns for gdpr_consent/node_modules/, *-embed-amd64, and files ending with ~.
.streamlit/config.toml	Disabled Streamlit browser usage stats, reordered and commented maxUploadSize.
.streamlit/credentials.toml	Added with empty [general] email field for Streamlit credentials.
Dockerfile	Switched from Conda environment.yml to explicit Python 3.10 environment, filtered pyopenms from requirements.txt, improved asset download, and updated comments.
docker-compose.yml	Added Docker Compose file defining a service for the Streamlit app with volume, port, and build args.
environment.yml	Deleted Conda environment specification file.
requirements.txt	Upgraded streamlit to 1.43.0 and captcha to 0.7.1; added psutil dependency.
app.py	Loads settings.json into Streamlit session state at startup.
run_app.py	Reformatted function call for clarity; no logic changes.
settings.json	Added version, enable_workspaces, test, and workspaces_dir fields.
src/common/captcha_.py	Added an unused Streamlit empty container before text input in captcha form.
src/common/common.py	Added hardware monitoring in sidebar, improved workspace logic, conditional workspace UI, version info, and test mode for dataframe display.
src/workflow/ParameterManager.py	Changed get_parameters_from_json return type from None to dict.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant StreamlitApp
    participant settings.json
    participant Sidebar
    participant psutil

    User->>StreamlitApp: Launch app
    StreamlitApp->>settings.json: Load settings (if not in session state)
    StreamlitApp->>Sidebar: Render sidebar
    Sidebar->>psutil: Fetch CPU/RAM stats (every 5s)
    Sidebar->>User: Display resource utilization, workspace UI (if enabled), version info
    User->>Sidebar: Interact with workspace or settings

Loading

Poem

Oh, what a patchwork, neat and bright,
With Docker Compose and workflows right!
Workspaces toggled, hardware watched,
Versioned settings finely notched.
Dependabot hops in to keep things clean—
A rabbit’s dream, so swift, so keen!
🐇✨

Note

⚡️ AI Code Reviews for VS Code, Cursor, Windsurf

CodeRabbit now has a plugin for VS Code, Cursor and Windsurf. This brings AI code reviews directly in the code editor. Each commit is reviewed immediately, finding bugs before the PR is raised. Seamless context handoff to your AI code agent ensures that you can easily incorporate review feedback.
Learn more here.

---

Note

⚡️ Faster reviews with caching

CodeRabbit now supports caching for code and dependencies, helping speed up reviews. This means quicker feedback, reduced wait times, and a smoother review experience overall. Cached data is encrypted and stored securely. This feature will be automatically enabled for all accounts on May 16th. To opt out, configure Review - Disable Cache at either the organization or repository level. If you prefer to disable all data retention across your organization, simply turn off the Data Retention setting under your Organization Settings.
Enjoy the performance boost—your workflow just got faster.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 090518d and b2a8fe9.

📒 Files selected for processing (1)

• requirements.txt (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• requirements.txt

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: build-full-app
• GitHub Check: build-openms

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (1)

.github/workflows/build-windows-executable-app.yaml (1)

282-286: ⚠️ Potential issue

sed is not available in the default Windows shell – step will fail

These lines run in the default PowerShell shell on windows-latest. sed -i is *nix-only and will raise “sed : The term 'sed' is not recognized…”.

Fix by either:

1. Switching the step to a bash shell (Git for Windows provides sed):

- name: Uncomment 'import site' in python311._pth file
+ name: Uncomment 'import site' in python311._pth file
  shell: bash
  run: |
    sed -i 's/#import site/import site/' python-${{ env.PYTHON_VERSION }}/python311._pth

2. Or keep PowerShell and use native commands:

- name: Uncomment 'import site' in python311._pth file
  run: |
    (Get-Content python-${{ env.PYTHON_VERSION }}/python311._pth) `
      -replace '#import site','import site' |
      Set-Content python-${{ env.PYTHON_VERSION }}/python311._pth

Choose one to prevent the build from breaking.

🧹 Nitpick comments (9)

app.py (1)

4-5: Consider silencing the linter warning for pyopenms.

The static analysis tool flags pyopenms as unused, but your comment explains it's needed for Windows compatibility. Consider adding a # noqa: F401 comment to silence the linter warning.

-# For some reason the windows version only works if this is imported here
-import pyopenms
+# For some reason the windows version only works if this is imported here
+import pyopenms  # noqa: F401

🧰 Tools

🪛 Ruff (0.8.2)

5-5: pyopenms imported but unused

Remove unused import: pyopenms

(F401)

requirements.txt (1)

1-12: Consider documenting version changes.

Consider adding comments noting when and why versions were upgraded to help with future maintenance. This is especially helpful for understanding compatibility requirements and the reasoning behind specific version constraints.

src/common/captcha_.py (1)

237-237: Remove unused Streamlit empty container.

The code creates an empty Streamlit container with st.empty() that is immediately overwritten in the next line, making it unnecessary.

-            capta2_text = st.empty()

.github/workflows/build-windows-executable-app.yaml (1)

61-61: Trailing whitespace picked up by YAML-lint

There is stray whitespace on this otherwise blank line.
While harmless, it keeps the workflow from passing yaml-lint in some strict pipelines.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 61-61: trailing spaces

(trailing-spaces)

src/common/common.py (5)

13-40: Hardware monitor works, but make it lighter & future-proof

1. Streamlit’s @st.fragment decorator requires Streamlit ≥ 1.28. If you ship to users with an older version the app will crash.
2. psutil.virtual_memory() is called twice; capture it once to avoid redundant sys-calls.
3. Confirm psutil is listed in requirements.txt; the new import will break fresh installs otherwise.

-    cpu_progress = psutil.cpu_percent(interval=None) / 100
-    ram_progress = 1 - psutil.virtual_memory().available / psutil.virtual_memory().total
+    vm = psutil.virtual_memory()
+    cpu_progress = psutil.cpu_percent(interval=None) / 100
+    ram_progress = 1 - vm.available / vm.total

---

98-109: Micro-optimisation & Ruff warnings – drop redundant .keys()

Using key in dict is both faster and cleaner.

-    for key, value in st.session_state.items():
-        if key in params.keys():
-            params[key] = value
+    for key, value in st.session_state.items():
+        if key in params:
+            params[key] = value

Same pattern appears in render_sidebar (lines 329-331). Applying the change silences Ruff SIM118 warnings.

🧰 Tools

🪛 Ruff (0.8.2)

105-105: Use key in dict instead of key in dict.keys()

Remove .keys()

(SIM118)

---

282-286: Boolean comparison – simplify & silence Ruff E712

-if "controllo" in params.keys() and params["controllo"] == False
+if "controllo" in params and not params["controllo"]

🧰 Tools

🪛 Ruff (0.8.2)

283-283: Use key in dict instead of key in dict.keys()

Remove .keys()

(SIM118)

---

283-283: Avoid equality comparisons to False; use if not params["controllo"]: for false checks

Replace with not params["controllo"]

(E712)

---

464-472: Test mode index should start at 0 to stay consistent

st.dataframe returns zero-based indices.
Returning 1 in test mode can hide off-by-one errors in production.

-    if st.session_state.settings["test"]:
-        return 1
+    if st.session_state.settings["test"]:
+        return 0

---

226-236: workspaces_dir may not exist – guard against FileNotFoundError

workspaces_dir.iterdir() (later in the sidebar) will raise if the path hasn’t been created yet.
Consider ensuring the directory exists right after computing it:

workspaces_dir.mkdir(parents=True, exist_ok=True)

This avoids a crash on first run.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 24c7fbe and 393b685.

⛔ Files ignored due to path filters (1)

• assets/openms_transparent_bg_logo.svg is excluded by !**/*.svg

📒 Files selected for processing (16)

• .github/dependabot.yml (1 hunks)
• .github/workflows/build-windows-executable-app.yaml (6 hunks)
• .github/workflows/test-win-exe-w-embed-py.yaml (2 hunks)
• .gitignore (2 hunks)
• .streamlit/config.toml (2 hunks)
• .streamlit/credentials.toml (1 hunks)
• Dockerfile (3 hunks)
• app.py (1 hunks)
• docker-compose.yml (1 hunks)
• environment.yml (0 hunks)
• requirements.txt (1 hunks)
• run_app.py (1 hunks)
• settings.json (2 hunks)
• src/common/captcha_.py (1 hunks)
• src/common/common.py (10 hunks)
• src/workflow/ParameterManager.py (1 hunks)

💤 Files with no reviewable changes (1)

• environment.yml

🧰 Additional context used

🧬 Code Graph Analysis (1)

src/common/common.py (1)

src/common/captcha_.py (1)

• captcha_control (180-256)

🪛 Ruff (0.8.2)

app.py

5-5: pyopenms imported but unused

Remove unused import: pyopenms

(F401)

src/common/common.py

283-283: Use key in dict instead of key in dict.keys()

Remove .keys()

(SIM118)

---

283-283: Avoid equality comparisons to False; use if not params["controllo"]: for false checks

Replace with not params["controllo"]

(E712)

---

329-329: Use key in dict instead of key in dict.keys()

Remove .keys()

(SIM118)

---

330-330: Use key in dict instead of key in dict.keys()

Remove .keys()

(SIM118)

---

364-365: Use a single if statement instead of nested if statements

(SIM102)

🪛 YAMLlint (1.35.1)

.github/workflows/build-windows-executable-app.yaml

[error] 61-61: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: build-openms
• GitHub Check: build-full-app

🔇 Additional comments (18)

.gitignore (1)

8-29: Changes to .gitignore look good

The added patterns are appropriate:

• Ignoring gdpr_consent/node_modules/ prevents Node.js dependencies from being committed
• Ignoring *-embed-amd64 helps with build artifacts
• Ignoring backup files with *~ is a good practice

run_app.py (1)

3-7: Code formatting improvements look good

The added blank line after imports and splitting arguments into separate lines improves readability without changing functionality. These changes follow good Python style practices.

src/workflow/ParameterManager.py (1)

80-80: Return type annotation correction is appropriate

Fixed the return type annotation from None to dict to correctly reflect that this method returns a dictionary. This improves type safety and aligns the annotation with the method's actual behavior.

settings.json (2)

4-4: Version tracking is a good addition

Adding a version field helps with tracking application releases and can be used for compatibility checks.

---

17-19: Verify default settings for production use

A few considerations about the new settings:

1. "test": true - Having test mode enabled by default in a template could cause unexpected behavior if not changed before deploying to production.

2. "workspaces_dir": ".." - Using a relative path may lead to inconsistent behavior depending on the working directory when the application is started. Consider using an absolute path or a path relative to the application directory.

Please confirm these default settings are appropriate for the template, especially the test mode being enabled by default.

app.py (2)

3-3: LGTM! Added import for JSON loading.

The json module is correctly imported to support the new settings loading functionality.

---

7-10: Well-implemented settings initialization.

This is a clean implementation that loads settings from a JSON file once per session. Using a context manager for file operations follows best practices.

.streamlit/config.toml (2)

1-3: Good privacy practice.

Disabling usage statistics gathering is a good privacy-oriented configuration that improves user experience.

---

8-8: Improved configuration clarity.

Moving the maxUploadSize setting and adding the unit in the comment improves readability and clarity.

.streamlit/credentials.toml (1)

1-2: Good user experience enhancement.

This configuration disables the Streamlit email prompt by providing an empty email field, improving the initial user experience.

requirements.txt (2)

7-7: LGTM! Captcha version upgrade.

Upgrading to captcha 0.7.1 from 0.5.0 is a good practice for security and feature enhancements.

---

4-4:

Details

✅ Verification successful

LGTM! Streamlit version upgrade.

Upgrading to Streamlit 1.43.0 from 1.39.0 is a good practice for security and new features.

---

🌐 Web query:

What are the major changes between Streamlit 1.39.0 and 1.43.0?

💡 Result:

Major Changes Between Streamlit 1.39.0 and 1.43.0

From version 1.39.0 to 1.43.0, Streamlit introduced a series of significant enhancements and new features. Below is a summary organized by theme and functionality, focusing on the most notable changes.

Key Feature Additions in 1.43.0

• File Upload in Chat Input:
  st.chat_input can now accept file uploads, enabling richer interactions for chatbots and analytical apps that need file-based input[2][3][4][5].

• New Column Type: JsonColumn:
  A new column configuration, JsonColumn, allows developers to display JSON-compatible objects directly in dataframes, which is especially useful for handling complex nested data[2][3][4].

• User Timezone in Context:
  The st.context object now exposes a user’s timezone and timezone offset, useful for global applications where time-based personalization is needed[2][3].

• Dataframe and Data Editor Improvements:

  • Configurable row heights in st.dataframe and st.data_editor[2][3][5].
  • Both widgets now use use_container_width=True by default for responsive layouts[2][3].
  • Users can now hide columns and auto-size column widths in dataframes[3].
  • Ability to change the format of numbers, dates, and times in dataframes[3].

• Convenience and Theming Enhancements:

  • Markdown now supports a small text directive for finer text control[3].
  • Expanded theming options, including settings for roundness, border color, link color, custom fonts, and base font size[5].
  • New preconfigured format options for common columns like number, progress, datetime, date, and time columns, simplifying setup for typical data structures[3][5].

• Navigation and Component Updates:
  st.navigation can now accept strings, paths, and callables, making navigation in multi-page apps more flexible[2][3][5].
  A custom component (streamlit-bokeh) allows displaying Bokeh charts with newer Bokeh versions, extending visualization capabilities[3][4].

• Static File Serving:
  Added support for static files with JSON, XML, and common font file extensions[3][5].

Other Notable Improvements

• rich library is no longer required, reducing dependencies[3][5].
• Polars dataframe and series hashing is now supported, broadening compatibility with high-performance dataframes[3].
• st.file_uploader received improved display in narrow containers, and bug fixes enhance its reliability[3][5].
• Numerous bug fixes for visuals, tab sizing, column ordering, and null-handling in dataframes improved the stability and user experience[3][5].

Summary Table of Major Changes

Feature/Area	1.39.0 Status	1.43.0 Enhancements & Additions
File upload in chat input	Not available	File uploads via st.chat_input
JSON column in dataframes	Not available	New JsonColumn for handling JSON objects
User timezone support	Not available	Access via st.context
Dataframe/editor improvements	Basic	Row height config, container width default, column hiding, etc.
Markdown text options	Standard	Support for small text directive
Navigation handling	Limited	Accepts strings, paths, callables in st.navigation
Column formatting	Manual	Preconfigured format for number/date/time/progress columns
Bokeh custom component support	Limited	New streamlit-bokeh component
Static file serving	Basic	JSON, XML, font files supported
Polars dataframe hashing	Not supported	Supported
Theming	Default options	More theming options (font size, roundness, borders)
Dependency on rich	Required	Not required
File uploader improvements	Basic	Improved display and bug fixes

---

These changes collectively offer developers more flexibility, new data handling capabilities, greater customization, and an improved end-user experience[2][3][5]. For the full, detailed changelog and minor updates, see the official Streamlit release notes.

Citations:

• 1: https://docs.streamlit.io/develop/quick-reference/release-notes
• 2: https://discuss.streamlit.io/t/version-1-43-0/94139
• 3: https://docs.streamlit.io/develop/quick-reference/release-notes/2025
• 4: https://www.youtube.com/watch?v=MjXlnl98abk
• 5: https://github.com/streamlit/streamlit/releases
• 6: https://docs.streamlit.io/develop/quick-reference/release-notes/2024
• 7: https://docs.streamlit.io/develop/api-reference/charts/st.plotly_chart
• 8: https://docs.snowflake.com/en/release-notes/streamlit-in-snowflake
• 9: https://docs.streamlit.io/1.43.0/develop/api-reference/data/st.dataframe
• 10: https://docs.streamlit.io/develop/api-reference/data/st.table

---

Streamlit 1.43.0 Upgrade Approved – Key Enhancements Summarized

Upgrading from 1.39.0 to 1.43.0 delivers important new features, security improvements, and bug fixes:

• File uploads in st.chat_input for richer chatbot interactions
• New JsonColumn to display nested JSON objects in dataframes
• st.context now exposes user timezone and offset
• DataFrame/DataEditor enhancements: configurable row heights, container-width default, column hiding/auto-sizing, and custom formatting for numbers, dates, and times
• Expanded theming options (roundness, borders, link colors, fonts, base font size)
• Flexible navigation API accepting strings, paths, and callables
• Static file serving for JSON, XML, and common font formats
• Polars dataframe/series hashing support
• Removal of the rich dependency
• Numerous bug fixes for visuals, tab sizing, column ordering, and null-handling

This upgrade is recommended for enhanced functionality, customization, and overall stability.

.github/workflows/test-win-exe-w-embed-py.yaml (2)

13-13: LGTM: Good practice to define the GUID as an environment variable.

Defining the APP_UpgradeCode as an environment variable improves maintainability by centralizing this important identifier.

---

119-119: LGTM: Improved Windows installer versioning.

Using Id="*" for the Product and the environment variable for UpgradeCode follows best practices for Windows installers. This ensures:

1. Each build generates a unique Product ID
2. The UpgradeCode remains consistent to enable proper upgrade paths

.github/dependabot.yml (1)

1-9: LGTM: Well-configured Dependabot setup.

This Dependabot configuration establishes automated dependency updates for Python packages, which will help keep the project secure and up-to-date. The weekly check interval and PR limit are sensible defaults.

Dockerfile (3)

76-76: LGTM: Explicit environment creation.

Explicitly creating the mamba environment with a specific Python version makes the build process more transparent and deterministic.

---

117-120: LGTM: Clean dependency management approach.

The approach to filter out pyopenms from requirements.txt is clean and logical since pyopenms is already built and installed from source earlier in the Dockerfile.

---

181-181: LGTM: More precise asset download command.

The updated GitHub CLI command uses explicit asset naming rather than a pattern match, making the download more reliable and specific.

[coderabbitai]

💡 Verification agent

❓ Verification inconclusive

Build-arg placeholder won’t be expanded – use ${VARNAME} syntax

Compose only substitutes environment variables when they are written as ${VARNAME} (or $$ to escape).
Keeping $GITHUB_TOKEN will pass the literal string to Docker, resulting in an empty value inside the image unless you manually quote & export it again.

-      args:
-        GITHUB_TOKEN: $GITHUB_TOKEN
+      args:
+        GITHUB_TOKEN: ${GITHUB_TOKEN}

(If the variable is optional, use ${GITHUB_TOKEN:-}.)

---

Use ${VARNAME} for build-arg interpolation in docker-compose.yml

Docker Compose only substitutes variables written as ${VARNAME} (or $$ to escape). Using $GITHUB_TOKEN without braces will pass the literal string "$GITHUB_TOKEN" into the build context, not the value of your environment variable.

Apply this change:

   build:
     context: .
     dockerfile: Dockerfile
     args:
-      GITHUB_TOKEN: $GITHUB_TOKEN
+      GITHUB_TOKEN: ${GITHUB_TOKEN}

If the token may be undefined, you can provide an empty default:

      GITHUB_TOKEN: "${GITHUB_TOKEN:-}"

🤖 Prompt for AI Agents

In docker-compose.yml around lines 8 to 10, the build-arg GITHUB_TOKEN is
referenced as $GITHUB_TOKEN, which will not be expanded by Docker Compose and
will pass the literal string instead. To fix this, change the reference to use
the syntax ${GITHUB_TOKEN} for proper environment variable substitution. If the
variable might be undefined, use the default empty value syntax
${GITHUB_TOKEN:-} to avoid errors.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

.github/workflows/build-windows-executable-app.yaml (4)

17-18: Consider normalizing environment variable naming and verifying version consistency.

While functionally correct, it’s more idiomatic to use all-uppercase with underscores for env var names (e.g. APP_UPGRADE_CODE), and to confirm that APP_NAME: FLASHApp-0.7.2 aligns with the version set elsewhere (like in settings.json and installer metadata).

---

62-63: Remove trailing whitespace.

Lines 62–63 contain trailing spaces, which trigger YAML lint errors. Please remove them to keep the workflow file clean.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 62-62: trailing spaces

(trailing-spaces)

---

228-234: Explicitly specify the PowerShell shell and handle errors.

This step uses PowerShell cmdlets (Get-Content, ConvertFrom-Json, etc.) but doesn’t set shell:. On windows-latest, it defaults to PowerShell, yet adding:

      shell: pwsh

improves clarity. Additionally, consider wrapping the JSON update in error handling to catch missing or invalid settings.json.

---

298-306: Guard the credentials copy in the batch script.

The .bat creation unconditionally copies credentials.toml, which may not exist and cause failures. You might wrap it in:

if exist ".streamlit\credentials.toml" (
  copy /Y ".streamlit\credentials.toml" "%USERPROFILE%\.streamlit\credentials.toml" >nul
)

to prevent runtime errors.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 393b685 and 090518d.

📒 Files selected for processing (1)

• .github/workflows/build-windows-executable-app.yaml (6 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/build-windows-executable-app.yaml

[error] 62-62: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: build-full-app
• GitHub Check: build-openms

🔇 Additional comments (1)

.github/workflows/build-windows-executable-app.yaml (1)

249-249: Verify compatibility of actions/setup-python@v5.

You’ve upgraded to actions/setup-python@v5. Please confirm that v5 is released, supports the python-version input, and behaves identically to v4.

[coderabbitai]

⚠️ Potential issue

Fix static WiX Product version attribute.

The <Product> element’s Version="1.0.0.0" is hardcoded and will diverge from APP_NAME. This can lead to upgrade/patch mismatches. You should inject the actual release version (e.g. from ${{ github.event.release.tag_name }}) into the Version attribute so the installer version tracks the app version.

🤖 Prompt for AI Agents

In .github/workflows/build-windows-executable-app.yaml at line 388, the Product
element's Version attribute is hardcoded to "1.0.0.0". Replace this static
version with a dynamic reference to the actual release version, such as using
the GitHub release tag (e.g., ${{ github.event.release.tag_name }}), so the
installer version matches the app version and avoids upgrade or patch
mismatches.