[ci] Clean up workflows#3954
Conversation
[docs] Update API reference docs
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
dosubot
bot
added
size:XXL
|
@mmabrouk -- at or after 
|
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Railway Preview Environment
|
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
|
|
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 63 out of 74 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| - name: Run ESLint fix | ||
| run: cd web && pnpm run lint-fix |
There was a problem hiding this comment.
This job runs pnpm run lint-fix (auto-fix) instead of a check-only lint command. That can mask lint issues by fixing them in the runner workspace and still exiting 0, which defeats the purpose of a PR check. Prefer pnpm run lint (or an equivalent non-fixing lint command) so violations cause CI to fail.
| - name: Run ESLint fix | |
| run: cd web && pnpm run lint-fix | |
| - name: Run ESLint lint check | |
| run: cd web && pnpm run lint |
| The scripts default to compose-like placeholder values for `AGENTA_AUTH_KEY`, | ||
| `AGENTA_CRYPT_KEY`, and `POSTGRES_PASSWORD`. This is acceptable for ephemeral | ||
| preview environments, but not for persistent deployments. For persistent | ||
| deployments, set unique values: |
There was a problem hiding this comment.
This section says the scripts default POSTGRES_PASSWORD to a placeholder, but configure.sh actually resolves an existing password or generates a random one when unset. Update the note so it matches the actual behavior (placeholder vs generated/retained password), otherwise operators may assume an insecure default.
| resolve_postgres_password() { | ||
| if [ -n "$POSTGRES_PASSWORD" ]; then | ||
| return 0 | ||
| fi | ||
|
|
||
| local existing_password | ||
| existing_password="$(railway_call variable list -k --service "$POSTGRES_REF_NS" --environment "$ENV_NAME" | grep '^POSTGRES_PASSWORD=' | cut -d= -f2- || true)" | ||
| if [ -n "$existing_password" ]; then | ||
| POSTGRES_PASSWORD="$existing_password" | ||
| else | ||
| POSTGRES_PASSWORD="$(openssl rand -hex 24)" | ||
| fi |
There was a problem hiding this comment.
resolve_postgres_password calls openssl rand, but openssl is not included in the script’s required-command checks. If this script is run in a minimal environment without OpenSSL installed, it will fail at runtime. Add require_cmd openssl (or avoid the dependency) before this function can execute.
| - name: Run Prettier formatting fix | ||
| run: cd web && pnpm run format-fix |
There was a problem hiding this comment.
This job runs pnpm run format-fix (Prettier write) rather than a check-only command. In CI this can succeed while silently modifying files, so it won’t reliably enforce formatting. Use a check-only command (e.g., pnpm run format) or run Prettier with --check so the job fails when formatting is required.
| - name: Run Prettier formatting fix | |
| run: cd web && pnpm run format-fix | |
| - name: Run Prettier formatting check | |
| run: cd web && pnpm run format |
| - name: Run Prettier formatting fix | ||
| run: cd web && pnpm run format-fix |
There was a problem hiding this comment.
🔴 CI workflow step name says "fix" instead of "check" for Prettier and ESLint
In .github/workflows/11-check-code-styling.yml, the prettier-format job's step is named "Run Prettier formatting fix" (line 71) and runs pnpm run format-fix (line 72), and the eslint job's step is named "Run ESLint fix" (line 95) and runs pnpm run lint-fix (line 96). A CI check workflow should only check for violations (non-zero exit on failure), not fix them. Running format-fix and lint-fix will auto-correct files and the job will always pass, defeating the purpose of a PR gate check. The deleted workflows (02-check-python-formatting.yml, 04-check-frontend-linting.yml) correctly used ruff format --check and pnpm lint (check-only commands).
Prompt for agents
In .github/workflows/11-check-code-styling.yml, the prettier-format job (lines 71-72) should run a check-only command instead of a fix command. Change the step name to 'Run Prettier formatting check' and the command to 'cd web && pnpm run format-check' (or equivalent check-only script). Similarly, the eslint job (lines 95-96) should run a check-only command. Change the step name to 'Run ESLint check' and the command to 'cd web && pnpm run lint' (or equivalent). Running fix commands in CI will silently auto-correct issues and always succeed, making the check useless as a PR gate.
Was this helpful? React with 👍 or 👎 to provide feedback.
Uh oh!
There was an error while loading. Please reload this page.