Fix CI failures for Dependabot PRs due to missing REACT_ON_RAILS_PRO_LICENSE secret

[justin808]

Fix CI Failures for Dependabot PRs

Summary

Dependabot PRs consistently fail CI because they don't have access to the REACT_ON_RAILS_PRO_LICENSE secret. This blocks automated dependency updates from being merged.

Example PR

PR #2170 - Bump webpack and webpack-dev-server

Root Cause

GitHub restricts Dependabot from accessing repository secrets for security reasons. When Dependabot creates a PR, the CI workflows that require the REACT_ON_RAILS_PRO_LICENSE secret fail with:

```
ReactOnRailsPro::Error: [React on Rails Pro] License validation error: [React on Rails Pro] No license found.
Please set REACT_ON_RAILS_PRO_LICENSE environment variable or create
/home/runner/work/react_on_rails/react_on_rails/react_on_rails_pro/spec/dummy/config/react_on_rails_pro_license.key file.
```

Affected Workflows

• React on Rails Pro - Package Tests - Fails at "Generate file-system based entrypoints"
• React on Rails Pro - Lint - Fails due to missing license
• React on Rails Pro - Integration Tests - Fails due to missing license
• JS unit tests for Renderer package - May fail if it requires Pro license

Why This Happens

1. Dependabot PRs run in a restricted context with no access to secrets
2. Pro package workflows require the REACT_ON_RAILS_PRO_LICENSE env var
3. The Pro package's license validation happens during Rails initialization
4. Without a valid license, the Pro package raises an error and exits

Proposed Solutions

Option 1: Skip Pro Workflows for Dependabot PRs (Recommended)

Add a condition to skip Pro-specific workflows when triggered by Dependabot:

```yaml

In .github/workflows/pro-integration-tests.yml, pro-lint.yml, etc.

jobs:
build:
# Skip for Dependabot PRs since they can't access secrets
if: github.actor != 'dependabot[bot]'
runs-on: ubuntu-22.04
# ...
```

Pros:

• Simple to implement
• Dependabot PRs will pass open-source tests
• Maintainers can re-run Pro tests after merge or by checking out the branch

Cons:

• Pro tests won't run on dependency updates automatically
• Need to manually verify Pro compatibility before merging

Option 2: Use Dependabot Secrets

GitHub allows Dependabot-specific secrets. Add the Pro license as a Dependabot secret:

1. Go to Settings → Secrets and variables → Dependabot
2. Add REACT_ON_RAILS_PRO_LICENSE secret

Pros:

• Full CI runs for Dependabot PRs
• No workflow changes needed

Cons:

• Need to maintain separate secret
• May have security implications

Option 3: Allow Evaluation License for CI

Modify the Pro package to accept a special "CI_EVALUATION" mode that skips license validation for Dependabot PRs:

```ruby

In react_on_rails_pro initializer

if ENV['CI'] == 'true' && ENV['GITHUB_ACTOR'] == 'dependabot[bot]'

Skip license validation for Dependabot CI

ReactOnRailsPro.configure { |c| c.skip_license_validation = true }
end
```

Pros:

• Full CI runs for Dependabot PRs
• No secret management needed

Cons:

• Requires code changes to Pro package
• Could be bypassed (security consideration)

Option 4: Hybrid Approach

1. Skip Pro workflows for Dependabot PRs (Option 1)
2. Add a manual workflow trigger that maintainers can run after reviewing the PR
3. Require the manual workflow to pass before merging

```yaml

.github/workflows/pro-manual-test.yml

name: Pro Tests (Manual)
on:
workflow_dispatch:
inputs:
pr_number:
description: 'PR number to test'
required: true
```

Recommended Implementation

Use Option 1 (Skip Pro workflows) as the primary solution with documentation explaining the limitation.

Implementation Steps

1. Update Pro workflows to skip Dependabot PRs:

   ```yaml

   .github/workflows/pro-integration-tests.yml

   jobs:
   detect-changes:
   if: github.actor != 'dependabot[bot]'
   ```

2. Update Dependabot auto-merge settings (if any) to not auto-merge without Pro tests

3. Document the limitation in CONTRIBUTING.md:

   Dependabot PRs skip React on Rails Pro tests due to secret restrictions.
   Maintainers should manually verify Pro compatibility before merging dependency updates.

4. Add a comment bot (optional) that posts a reminder on Dependabot PRs about missing Pro tests

Affected Files

• .github/workflows/pro-integration-tests.yml
• .github/workflows/pro-lint.yml
• .github/workflows/pro-test-package-and-gem.yml
• .github/workflows/package-js-tests.yml (if it tests Pro packages)

Related

• GitHub Docs: Dependabot Secrets
• PR #2170 - Example failing Dependabot PR

Questions

1. Should we add the Pro license as a Dependabot secret for full CI coverage?
2. Is there a security concern with Dependabot having access to the Pro license?
3. Should we create a separate "verify Pro compatibility" workflow that maintainers trigger manually?

[coderabbitai]

📝 CodeRabbit Plan Mode

Generate an implementation plan and agent prompts for this issue.

• Create Plan

Examples

• Example 1
• Example 2

🔗 Similar & Duplicate Issues

Related Issues

• shakacode/react_on_rails_pro#543
• shakacode/react_on_rails#2031
• shakacode/react_on_rails#1782
• shakacode/react_on_rails#1692
• shakacode/react_on_rails#1866
• shakacode/react_on_rails#2003
• shakacode/react_on_rails#1765
• shakacode/react_on_rails#1871
• shakacode/react_on_rails#1999
• shakacode/react_on_rails#2090

🔗 Related PRs

#1735 - Fix yarn/bundle install in CI [merged] | .github/workflows/examples.yml:
"""

AI-generated summary of changes

The environment variable SKIP_YARN_COREPACK_CHECK was moved from outside the strategy matrix to inside the job's env block. A new environment variable BUNDLE_FROZEN was added, conditionally set to 'false' when the matrix version is 'oldest' and 'true' otherwise. The Node setup step was updated to enable Yarn caching with cache: yarn and specify cache-dependency-path as '**/yarn.lock'. The caching of root node_modules was removed entirely. The Ruby gems cache key was changed from hashing react_on_rails.gemspec and Gemfile.development_dependencies plus the matrix version to hashing Gemfile.lock plus the matrix version. The Yarn install command was modified to conditionally add the --frozen-lockfile flag only when the matrix version is 'newest'. These changes adjust environment variables, caching strategies, and dependency installation commands based on the matrix version.

Alterations to the declarations of exported or public entities

• No changes to exported or public entities' declarations were made in this workflow configuration file.
  """

---

.github/workflows/lint-js-and-ruby.yml:
"""

AI-generated summary of changes

The CI workflow now sets the environment variable BUNDLE_FROZEN=true globally for the build job. The Node setup step is enhanced to enable Yarn caching with the cache dependency path set to all yarn.lock files. Caching of root and dummy app node_modules directories has been removed. Ruby gem cache keys for both the main package and dummy app are updated to rely solely on their respective Gemfile.lock files instead of previous gemspec and development dependencies files. All Yarn install commands for the renderer package and dummy app add the --frozen-lockfile flag to enforce strict lockfile adherence. The dummy app's second Yarn install step removes the --ignore-scripts flag and adds --frozen-lockfile. These changes tighten dependency installation consistency and update caching strategies in the workflow.

Alterations to the declarations of exported or public entities

• No changes to exported or public entities' declarations; all modifications are within the GitHub Actions workflow YAML configuration.
  """

---

.github/workflows/main.yml:
"""

AI-generated summary of changes

The workflow updates the Node setup steps in both the build-dummy-app-webpack-test-bundles and dummy-app-integration-tests jobs to enable Yarn caching by adding cache: yarn and specifying cache-dependency-path: '**/yarn.lock'. Yarn install commands for the renderer package and dummy app are modified to conditionally include the --frozen-lockfile flag only when the matrix version is 'newest'. Several caching steps for Node modules directories (node_modules in root and spec/dummy/node_modules) are removed. Cache keys for Ruby gems are changed to use the Gemfile.lock files instead of the gemspec and Gemfile.development_dependencies files, both for the dummy app and the package app. No other control flow or logic changes are introduced.

Alterations to the declarations of exported or public entities

• No changes to exported or public entity declarations; all changes are within the GitHub Actions workflow YAML configuration.
  """

---

.github/workflows/package-js-tests.yml:
"""

AI-generated summary of changes

The workflow now enables Yarn caching by adding cache: yarn and specifying cache-dependency-path: '**/yarn.lock' in the Node setup step, replacing the previous explicit caching of node_modules via a separate actions/cache step which has been removed. The Node version selection logic remains unchanged. The Yarn install command for the renderer package is modified to conditionally include the --frozen-lockfile flag only when the matrix version is 'newest', whereas previously it was always run without this flag. The rest of the workflow steps, including running a conversion script for the 'oldest' version and running tests, remain unchanged.

Alterations to the declarations of exported or public entities

None.
"""

---

.github/workflows/rspec-package-specs.yml:
"""

AI-generated summary of changes

The workflow matrix job now sets an environment variable BUNDLE_FROZEN dynamically based on the matrix version: it is set to 'false' when the version is 'oldest' and 'true' otherwise. The cache key for the Ruby gems cache step was changed from using the hash of react_on_rails.gemspec to the hash of Gemfile.lock, combined with the matrix version. This modifies the cache invalidation logic to rely on the lockfile instead of the gemspec file.

Alterations to the declarations of exported or public entities

• No changes to exported or public entities; only workflow configuration was modified.
  """
  Fix CI #1741 - Fix CI [merged] | docs/react-on-rails-pro/react-on-rails-pro.md:
  """

AI-generated summary of changes

The changes add blank lines after the "### Pro: Docs" and "### Pro: React Server Components" headings in the markdown file. No other content or logic is modified.

Alterations to the declarations of exported or public entities

None
"""

---

docs/react-on-rails-pro/react-server-components.md:
"""

AI-generated summary of changes

The diff shows only whitespace changes, specifically the removal of trailing blank lines before bullet lists and minor spacing adjustments in the markdown file. No textual content, bullet points, or factual information was altered. The bullet lists under the sections "What This Means for Your Applications," "React Server Components," "SSR Streaming," and "Core Web Vitals & TTI Improvements" remain identical in wording and order. There are no changes to links, references, or formatting beyond minor whitespace cleanup.

Alterations to the declarations of exported or public entities

None.
"""
#1783 - Fix integration tests for immediate_hydration Pro license changes [merged] | spec/dummy/spec/system/integration_spec.rb:
"""

AI-generated summary of changes

• Introduced around blocks for two test describe blocks to temporarily enable ReactOnRails immediate hydration during each test example, then reset to the previous setting after the example runs.
  • Applies to the "Turbolinks across pages" tests.
  • Applies to the "TurboStream send react component" tests.
• Replaced two skipped tests with runtime execution by stubbing license validation:
  • In "changes name in message according to input" test: skip removed, test now stubs ReactOnRails::Utils.react_on_rails_pro_licence_valid? to return true.
  • In "force load hello-world component immediately" test: skip removed, test now stubs the same license check to return true.
• Overall effect: hydration timing becomes deterministic during the tests, and license gating is bypassed to allow execution of the previously skipped tests.

Estimated code review effort: Medium

Alterations to the declarations of exported or public entities

• No changes to exported or public API signatures.

Estimated code review effort: Medium
"""
#1823 - Fix licensing vulnerabilities and strengthen freemium model legal protections [merged] | LICENSE.md:
"""

AI-generated summary of changes

• Replaces the minimal Core/Pro header with a structured License Scope section, differentiating MIT-licensed and Pro-licensed code.
• Adds MIT Licensed Code and Pro Licensed Code subsections detailing applicable directories.
• Introduces an explicit SPDX license marker for Pro-licensed code and lists Pro directories.
• Adds a dedicated Pro license reference and directs to REACT-ON-RAILS-PRO-LICENSE.md for full terms.
• Adds a MIT License section with standard copyright and conditions.
• Adds a React on Rails Pro License section with key points, license validation mechanisms, and examples of prohibited modifications.
• Reorganizes document into License Scope, MIT Licensed Code, Pro Licensed Code, and license text blocks.
• No runtime code changes or control-flow logic; changes affect textual licensing terms and section organization only.

Alterations to the declarations of exported or public entities

• none

Estimated code review effort: High
"""

---

REACT-ON-RAILS-PRO-LICENSE.md:
"""

AI-generated summary of changes

• Version bump from 2.0 to 2.1.
• Expanded Restrictions: added seven new prohibitions (4–7) under the "Restrictions" section, significantly broadening prohibited capabilities related to license validation circumvention, reverse engineering for license circumvention, tools/patches enabling unauthorized use of Pro features, and accessing Pro features without a valid subscription.
• Added audit capability: introduced a new 9.1 Detailed Audits subsection under verification/audit, detailing audit scope, methods, and cost responsibility.
• Reorganized and expanded governance sections: replaced the original "Governing Law; Venue" with a sequence of new public sections:
  • 15. Indemnification (replaces the prior 15 title and content)
  • 16. Export Compliance
  • 17. Attorneys’ Fees and Costs
  • 18. Governing Law; Venue (State of Hawaii)
  • 19. Miscellaneous (with subsections 19.1 Severability and 19.2 Waiver)
  • 19.3 Assignment (new)
  • 20. Entire Agreement; Order of Precedence (renumbered from previous 16)
• Minor accompanying formatting changes to section dividers and numbering to reflect the new top-level sections.

Alterations to the declarations of exported or public entities

• Section added: ## 9.1 Detailed Audits in file REACT-ON-RAILS-PRO-LICENSE.md
• Section header changed: ## 15. Governing Law; Venue → ## 15. Indemnification in REACT-ON-RAILS-PRO-LICENSE.md
• Section header added: ## 16. Export Compliance in REACT-ON-RAILS-PRO-LICENSE.md
• Section header added: ## 17. Attorneys’ Fees and Costs in REACT-ON-RAILS-PRO-LICENSE.md
• Section header added: ## 18. Governing Law; Venue in REACT-ON-RAILS-PRO-LICENSE.md
• Section header added: ## 19. Miscellaneous with subsections 19.1 Severability and 19.2 Waiver in REACT-ON-RAILS-PRO-LICENSE.md
• Section header added: 19.3 Assignment in REACT-ON-RAILS-PRO-LICENSE.md
• Section header added: ## 20. Entire Agreement; Order of Precedence in REACT-ON-RAILS-PRO-LICENSE.md

Estimated code review effort: High
"""

---

docs/DIRECTORY_LICENSING.md:
"""

AI-generated summary of changes

• Replaces the Pro directory comment from “Pro features placeholder (MIT but references pro)” to “Pro features with license validation (Pro licensed).”
• Reworks the exception text to state that Pro implementation is licensed and included in the package, requiring a valid Pro license to use.
• Adds an “Important Distinction” section delineating MIT-licensed interface files versus Pro-licensed files and license usage rules.
• Introduces a “react_on_rails_pro Repository - Pro Licensed” heading and content to reflect Pro licensing status within the doc.

Alterations to the declarations of exported or public entities

None

Estimated code review effort: Medium
"""

---

docs/LICENSING_FAQ.md:
"""

AI-generated summary of changes

• Updates the licensing FAQ to change the react_on_rails entry from MIT to MIT + Pro, clarifying that core functionality is MIT-licensed and free while Pro features (in pro/ directories) are Pro-licensed and require a subscription for production use.

• Adds a new Q&A: "Can I modify the MIT-licensed interface files?" with details on permissible modifications under MIT, restrictions regarding Pro features, and distinction between MIT rights and Pro restrictions.

• Adds a note under Pro usage: "Production use requires a valid subscription."

• Extends the Current Licensing (Pre-Merger) section to reflect the MIT + Pro framing and to include the new modification rights explanation and production-use subscription note.

• None

Estimated code review effort: Medium
"""

---

package.json:
"""

AI-generated summary of changes

• Updated public package metadata: license changed from "MIT" to "SEE LICENSE IN LICENSE.md" in package.json. No other observable changes to exports or public API.

Alterations to the declarations of exported or public entities

• License field updated: package.json (root) "license" changed from "MIT" to "SEE LICENSE IN LICENSE.md".

Estimated code review effort: Minor

Estimated code review effort: Medium
"""
#1855 - Move Pro Ruby code to MIT license [merged] | LICENSE.md:
"""

AI-generated summary of changes

• Expanded MIT license scope: prior exclusion of lib/react_on_rails/pro/ from MIT licensing is removed, resulting in the entire lib/react_on_rails/ directory being MIT-licensed.
• Pro license scope reduced: explicit inclusion of lib/react_on_rails/pro/ under the Pro license is removed; the Pro license now applies to packages/react-on-rails-pro/ and react_on_rails_pro/ (and not to lib/react_on_rails/pro/).

Estimated code review effort: Medium
"""

---

docs/MONOREPO_MERGER_PLAN.md:
"""

AI-generated summary of changes

• License section tightening: MIT license applicability updated from excluding a subdirectory to covering the entire lib/react_on_rails/ directory (including its pro subdirectory).
• Pro license designation: the explicit line listing lib/react_on_rails/pro/ under the Pro License applies to section has been removed, effectively removing the explicit Pro-directory entry from that section and relying on the broader license classification elsewhere.

Estimated code review effort: High
"""

---

lib/react_on_rails/helper.rb:
"""

AI-generated summary of changes

• Replaces the inclusion of the Pro helper module from a nested namespace with a flat one. Specifically, ReactOnRails::Helper now includes ReactOnRails::ProHelper instead of ReactOnRails::Pro::Helper.
• Replaces the require path for the Pro helper from react_on_rails/pro/helper to react_on_rails/pro_helper, aligning with the new module namespace.

Alterations to the declarations of exported or public entities

• Public signature updated: In module ReactOnRails::Helper (lib/react_on_rails/helper.rb), include changed from ReactOnRails::Pro::Helper to ReactOnRails::ProHelper.

Estimated code review effort: Medium
"""

---

lib/react_on_rails/pro/NOTICE:
"""

AI-generated summary of changes

Deleted the React on Rails Pro license notice file at lib/react_on_rails/pro/NOTICE. Removed all Pro license terms, distribution notes, license reference, informational sections, and contact information. No code or public API changes; only removal of license/documentation content.

Alterations to the declarations of exported or public entities

• No exported/public entity declarations were added, removed, or changed.

Estimated code review effort: Low
"""

---

lib/react_on_rails/pro/helper.rb:
"""

AI-generated summary of changes

Removed the ReactOnRails::Pro::Helper module and all of its public methods used for Pro-specific functionality. Specifically, the file deletion eliminates:

• generate_component_script(render_options): builds a component-level script tag with JSON props, optionally appends an immediate hydration script when Pro is licensed, and prefixes with a Pro warning badge as needed.
• generate_store_script(redux_store_data): builds a store hydration script tag with props, optionally appends an immediate hydration script for Pro, and prefixes with a Pro warning badge as needed.
• pro_warning_badge_if_needed(explicitly_disabled_pro_options): emits a Pro license warning, logs via puts and Rails.logger, and returns an HTML badge/tooltip snippet.
• disabled_pro_features_message(explicitly_disabled_pro_options): formats a message listing required Pro features/licenses.

The removal eliminates licensing checks, Pro-response warning output, and the immediate-hydration script integrations tied to Pro licensing, as well as all helper HTML/script generation logic within this module. The observable behavior related to Pro-enabled rendering and warning display is no longer present in this file.

Alterations to the declarations of exported or public entities

• Method removed: def generate_component_script(render_options) in lib/react_on_rails/pro/helper.rb
• Method removed: def generate_store_script(redux_store_data) in lib/react_on_rails/pro/helper.rb
• Method removed: def pro_warning_badge_if_needed(explicitly_disabled_pro_options) in lib/react_on_rails/pro/helper.rb
• Method removed: def disabled_pro_features_message(explicitly_disabled_pro_options) in lib/react_on_rails/pro/helper.rb
• Module removal: ReactOnRails::Pro::Helper in lib/react_on_rails/pro/helper.rb

Estimated code review effort: High
"""

---

lib/react_on_rails/pro/utils.rb:
"""

AI-generated summary of changes

Removed the ReactOnRails Pro utilities module ReactOnRails::Pro::Utils along with its public API. Declared constant PRO_ONLY_OPTIONS = [:immediate_hydration].freeze and two singleton methods:

• self.support_pro_features?: returns true if ReactOnRails::Utils.react_on_rails_pro_licence_valid? is truthy.
• self.disable_pro_render_options_if_not_licensed(raw_options): if pro features are licensed, returns { raw_options: raw_options, explicitly_disabled_pro_options: [] }; otherwise, duplicates raw_options to raw_options_after_disable, builds explicitly_disabled_pro_options by selecting options from PRO_ONLY_OPTIONS based on either the option value in raw_options or the global configuration default, sets those options to false in raw_options_after_disable, and returns { raw_options: raw_options_after_disable, explicitly_disabled_pro_options: explicitly_disabled_pro_options }.

This removal eliminates the licensing check and automatic disabling of pro-specific render options when not licensed.

Alterations to the declarations of exported or public entities

• Removed public constant: PRO_ONLY_OPTIONS in module ReactOnRails::Pro::Utils (formerly PRO_ONLY_OPTIONS = %i[immediate_hydration].freeze)
• Removed public singleton method: ReactOnRails::Pro::Utils.support_pro_features? (formerly def self.support_pro_features?)
• Removed public singleton method: ReactOnRails::Pro::Utils.disable_pro_render_options_if_not_licensed(raw_options) (formerly def self.disable_pro_render_options_if_not_licensed(raw_options))

Estimated code review effort: Medium
"""

---

lib/react_on_rails/pro_helper.rb:
"""

AI-generated summary of changes

Adds Pro feature support helpers under ReactOnRails::ProHelper to render complete JSON-script tags for component props and store hydration, with optional immediate hydration invocation. Introduces several new public and internal methods:

• generate_component_script(render_options): builds a script tag containing client_props as JSON, with data attributes for component name, dom id, trace, store dependencies, and immediate hydration flag. If immediate_hydration is enabled, appends an additional script that triggers ReactOnRails.reactOnRailsComponentLoaded for the given dom_id, ensuring proper JavaScript context escaping. Prepends a Pro license warning badge when Pro options are explicitly disabled.

• generate_store_script(redux_store_data): builds a script tag containing store props as JSON, with data attributes for the store name and immediate hydration flag. If immediate_hydration is enabled, appends an additional script that triggers ReactOnRails.reactOnRailsStoreLoaded for the given store name, with proper escaping. Delegates to Pro options validation to possibly modify raw options before hydration tag creation, and prepends Pro warning badge when needed.

• pro_warning_badge_if_needed(explicitly_disabled_pro_options): returns a Pro warning badge HTML block and logs a warning if any Pro options are explicitly disabled; otherwise returns an empty string.

• disabled_pro_features_message(explicitly_disabled_pro_options): builds a human-readable message listing disabled features and their Pro license requirement.

Constants: IMMEDIATE_HYDRATION_PRO_WARNING remains as a guidance string when Pro features are used without license.

No public interface changes beyond adding these new helpers; new methods are defined in ReactOnRails::ProHelper. Error handling includes warning logging and HTML safe handling for embedded content.

Alterations to the declarations of exported or public entities

• Method added: def generate_component_script(render_options) in class/module ReactOnRails::ProHelper in lib/react_on_rails/pro_helper.rb
• Method added: def generate_store_script(redux_store_data) in class/module ReactOnRails::ProHelper in lib/react_on_rails/pro_helper.rb

Estimated code review effort: Medium
"""

---

lib/react_on_rails/pro_utils.rb:
"""

AI-generated summary of changes

Introduces ReactOnRails::ProUtils with licensing-aware pro feature handling. Adds a PRO_ONLY_OPTIONS constant listing pro-only options (immediate_hydration). Adds two public class methods:

• support_pro_features? to check pro license validity via ReactOnRails::Utils.react_on_rails_pro_licence_valid?.
• disable_pro_render_options_if_not_licensed(raw_options) to conditionally disable pro options when not licensed. If licensed, returns raw_options unchanged with an empty explicitly_disabled_pro_options list. If not licensed, duplicates raw_options, determines which PRO options to disable by either using the raw option value or falling back to a global configuration value, marks those options as false in the returned raw_options, and returns the list of explicitly_disabled_pro_options. The method returns a structure with raw_options and explicitly_disabled_pro_options in both cases.

The change provides a clear branching flow: license check, no-change path vs. disabled-pro-options path, and construction of a result containing both the updated options and which pro options were disabled.

Alterations to the declarations of exported or public entities

• Constant added: PRO_ONLY_OPTIONS in module ReactOnRails::ProUtils
• Method added: self.support_pro_features? in module ReactOnRails::ProUtils
• Method added: self.disable_pro_render_options_if_not_licensed(raw_options) in module ReactOnRails::ProUtils

Estimated code review effort: Medium
"""

---

lib/react_on_rails/react_component/render_options.rb:
"""

AI-generated summary of changes

• Replaced the required file from react_on_rails/pro/utils to react_on_rails/pro_utils.
• Changed the call site of disable_pro_render_options_if_not_licensed from ReactOnRails::Pro::Utils to ReactOnRails::ProUtils, leaving the surrounding logic and result handling intact.

• Method signature updated: ReactOnRails::Pro::Utils.disable_pro_render_options_if_not_licensed(options) → ReactOnRails::ProUtils.disable_pro_render_options_if_not_licensed(options) in lib/react_on_rails/react_component/render_options.rb

Estimated code review effort: Medium
"""
#1872 - Migrate React on Rails Pro CI from CircleCI to GitHub Actions [merged] | .github/workflows/pro-integration-tests.yml:
"""

AI-generated summary of changes

Adds a GitHub Actions workflow at .github/workflows/pro-integration-tests.yml to orchestrate React on Rails Pro integration tests across three main pipelines, with an additional Redis-backed Playwright E2E path. The workflow defines:

• build-dummy-app-webpack-test-bundles: installs Ruby and Node tooling, caches dependencies, generates filesystem-based entrypoints for the dummy app, builds test bundles, and caches bundles keyed by the current SHA.
• rspec-dummy-app-node-renderer: restores caches, installs dependencies, enforces minimum Chrome version, generates entrypoints, runs the Node renderer and Rails server in background, waits for server readiness, executes RSpec tests, and stores artifacts (RSpec results, screenshots, Capybara data, logs). Uploads yarn error logs on failure.
• dummy-app-node-renderer-e2e-tests: Playwright-based E2E tests with a Redis service. Enforces minimum Chrome version, prepares entrypoints, starts background processes, installs Playwright dependencies, runs Playwright E2E tests, and stores results and reports.

Additional changes:

• Introduces a Redis service container for Playwright-based E2E tests.
• Enforces a minimum Chrome version and installs Chrome if needed.
• Splits tests into shards and collects artifacts across RSpec and Playwright flows.
• Runs background processes for Node renderer and Rails server, plus a Playwright E2E flow with Redis.
• Stores a comprehensive set of artifacts (test results, screenshots, Capybara data, logs) and logs on failure.

Alterations to the declarations of exported or public entities

• None
  """

---

.github/workflows/pro-lint.yml:
"""

AI-generated summary of changes

Adds a new GitHub Actions workflow at .github/workflows/pro-lint.yml named “React on Rails Pro - Lint”. The workflow triggers on pushes to master and pull requests, runs in the react_on_rails_pro working-directory, and defines a single job lint-js-and-ruby on ubuntu-22.04. The job:

• Checks out the repository (without persisting credentials)
• Sets up Ruby (3.3.7) with Bundler 2.5.4 and sets local bundle path
• Sets up Node (version 22) with Yarn cache tied to react_on_rails_pro/yarn.lock
• Prints system information (OS, user, directories, versions)
• Caches: Pro package node_modules, Pro package Ruby gems, Pro dummy app node_modules, Pro dummy app Ruby gems (using respective lockfiles)
• Installs Ruby gems for the Pro package (bundler 2.5.4, local path, checksum disabled, and bundle install)
• Installs Node modules with Yarn for the Pro package (yalc globally, then yarn install)
• Installs Ruby gems for the Pro dummy app (bundle with platform, then bundle install)
• Installs Node modules with Yarn for the Pro dummy app and ExecJS dummy app
• Generates filesystem-based entrypoints via a rake task
• Lints Ruby (Rubocop)
• Lints JS (nps ESLint)
• Checks formatting (nps format.listDifferent)
• Checks TypeScript (nps check-typescript)

The workflow uses cache keys based on yarn.lock and Gemfile.lock to optimize subsequent runs.

Alterations to the declarations of exported or public entities

None

Estimated code review effort: Medium
"""

---

.github/workflows/pro-package-tests.yml:
"""

AI-generated summary of changes

Introduces a GitHub Actions workflow named "React on Rails Pro - Package Tests" with three jobs:

• build-dummy-app-webpack-test-bundles: sets up Ruby 3.3.7 and Node 22, caches Ruby gems and Node modules, installs dependencies with Yarn, generates dummy app packs, builds test bundles, and caches generated bundles.
• package-js-tests: depends on the first job; prints system info, caches node modules, removes old bundles, restores bundles from cache, installs Node modules, runs JS unit tests (nps test.ci), and uploads Jest results as artifacts named pro-jest-results.
• rspec-package-specs: matrix on Ruby 3.3.7, prints system info, caches Ruby gems, installs Ruby gems with Bundler, runs RSpec tests, and uploads test results and logs named pro-rspec-package-results-ruby3.3.7 and pro-rspec-package-log-ruby3.3.7.

Common elements:

• Environment variable REACT_ON_RAILS_PRO_LICENSE sourced from secrets.
• Working directory set to react_on_rails_pro.
• Use of actions/checkout, ruby/setup-ruby, and actions/setup-node, with caching strategies for dependencies.
• Artifact storage for test results (Jest and RSpec) and logs, with conditional always() handling for uploads.
• Explicit steps to generate and reuse test bundles, including removing old bundles prior to restoration.

Alterations to the declarations of exported or public entities

none

"""

---

knip.ts:
"""

AI-generated summary of changes

• Added two third-party binaries to the root workspace ignoreBinaries list: "playwright" and "e2e-test", accompanied by a comment explaining their use in Pro workflows. No changes to logic or control flow aside from expanding the ignored binaries set.

Estimated code review effort: Medium
"""

---

react_on_rails_pro/spec/dummy/playwright.config.ts:
"""

AI-generated summary of changes

The projects configuration in the Playwright config is now determined by a CI flag. On CI (process.env.CI truthy), the config includes only the chromium project. On non-CI, it includes chromium, firefox, and webkit. The static, always-included three-project block is replaced with a conditional that selects between a single-project array (chromium) and a multi-project array (chromium, firefox, webkit). Inline comments for mobile and branded browsers remain, but are nested within the appropriate branch. Overall control flow switches from a static array to a CI-aware conditional array, preserving per-project device usage while limiting the set of projects on CI.

Alterations to the declarations of exported or public entities

• Property updated: projects in the module export of react_on_rails_pro/spec/dummy/playwright.config.ts
  • Before: a static array of three project configurations (chromium, firefox, webkit).
  • After: a conditional assignment using a ternary based on process.env.CI:
    • If CI: a single-element array containing chromium.
    • Else: an array containing chromium, firefox, and webkit.
  • The overall export signature of the configuration remains the same, but the value assigned to the public projects property changes from static to CI-driven.

Estimated code review effort: Medium
"""

---

react_on_rails_pro/packages/node-renderer/tests/htmlStreaming.test.js:
"""

AI-generated summary of changes

• Replaces the host extraction from app.server.address() with a fixed localhost host. Previously the code connected to http://${address}:${port}; now it connects to http://localhost:${port}. The port remains the same, but address is no longer used, simplifying the URL construction. Control flow and error handling remain unchanged aside from the host used in the HTTP/2 connection.

Alterations to the declarations of exported or public entities

Estimated code review effort: Medium
"""

---

.circleci/config.yml:
"""

AI-generated summary of changes

Removed the entire CircleCI configuration (the file previously containing a monorepo CircleCI setup for the React on Rails Pro package). All defined aliases, jobs, steps, caches, and workflows have been deleted, including: system-info printing, JS and Ruby lint checks, formatting and TypeScript checks, Node module installs for pro and dummy app, gem installs and caching, webpack bundle restoration, Chrome setup, multiple CI jobs (lint, install, test suites, rspec, dummy app node-renderer tests, Playwright/e2e tests), and the overall build-and-test workflow with job dependencies and sequencing.

Alterations to the declarations of exported or public entities

• none

Estimated code review effort: High
"""

---

.github/workflows/lint-js-and-ruby.yml:
"""

AI-generated summary of changes

A new conditional guard was added to the "Lint GitHub Actions" step, effectively disabling that step by setting if: false and including explanatory comments. The rest of the workflow remains unchanged; only the gesture of conditionally skipping the GitHub Actions lint is modified.

Alterations to the declarations of exported or public entities

none

Estimated code review effort: Medium
"""
#1873 - Update preinstall script to enable use as a Git dependency [merged] | CHANGELOG.md:
"""

AI-generated summary of changes

• Added a new Bug Fixes subsection under Unreleased, introducing a bullet: "Use as Git dependency: All packages can now be installed as Git dependencies. This is useful for development and testing purposes. See CONTRIBUTING.md for documentation." (PR Update preinstall script to enable use as a Git dependency #1873)
• Renamed [Unreleased] anchor to [unreleased] in two places, affecting the linking references.

Alterations to the declarations of exported or public entities

• None
  """

---

CONTRIBUTING.md:
"""

AI-generated summary of changes

• Replaces header "Configuring your test app to use your local fork" with "Example apps" and shifts the content to a broader external-app testing orientation.
• Converts references from a local ASCII directory tree to linked URLs for spec/dummy variants and adds Pro variants with links.
• Adds guidance to include example demonstrations for new features in example apps.
• Introduces a broader external testing section: three main approaches for testing changes (local dependencies, Git dependencies, tarballs).
• Reorganizes into distinct subsections: Ruby, JS, Git dependencies, Tarball, and Git-based workflows, with explicit commands and examples.
• Updates Node/JS testing guidance: adjusts yalc usage, publishing/pushing steps, and server port examples (5000 -> 3000) in several commands.
• Adds explicit instructions for testing NPM changes with the dummy app, including environment adjustments and cross-references to pro variants.
• Enhances troubleshooting, best practices, and development setup sections with detailed command blocks and port caveats.
• Introduces explicit examples and port-related workflow refinements, and improves consistency and formatting across Ruby and JS testing workflows.

Alterations to the declarations of exported or public entities

• No exported/public entity declarations were added, removed, or modified.

Manifest File Analyzer

NONE

Update severity tag

"""

---

react_on_rails_pro/package.json:
"""

AI-generated summary of changes

• Updated package.json in react_on_rails_pro:
  • Added "script/preinstall.js" to the "files" array.
  • Replaced the "preinstall" script from "yarn run link-source && yalc add --link react-on-rails" to "node ./script/preinstall.js".

Estimated code review effort: Minor
"""

---

react_on_rails_pro/script/preinstall.js:
"""

AI-generated summary of changes

Adds a new preinstall.js script at react_on_rails_pro/script/preinstall.js that performs optional linkage steps during npm/yarn install. Behavior:

• If running inside node_modules, logs a skip message and exits successfully.
• Defines runCommand to execute a command synchronously, inheriting stdio, throwing on errors or non-zero exit codes.
• Attempts to execute two commands in sequence: yarn run link-source, then yalc add --link react-on-rails.
• If any step fails or is unavailable, logs an error message and exits with code 0 to avoid failing the install.

Alterations to the declarations of exported or public entities

• No public/exported entities were modified or added in terms of function/class/module signatures.

Manifest File Analyzer

"""
#1923 - Fix generator validation by using environment variable [merged] | lib/generators/react_on_rails/install_generator.rb:
"""

AI-generated summary of changes

• In InstallGenerator#run_generators, sets ENV["REACT_ON_RAILS_SKIP_VALIDATION"] = "true" to skip validation during generator execution; the variable is inherited by invoked generators and persists through Rails initialization. In ensure, deletes ENV["REACT_ON_RAILS_SKIP_VALIDATION"] to cleanup.

Alterations to the declarations of exported or public entities

• No changes to exported or public entity signatures detected.

Estimated code review effort: Medium
"""

---

lib/react_on_rails/engine.rb:
"""

AI-generated summary of changes

• The skip_version_validation? method now:
  • Adds an early return path that skips validation when the environment variable REACT_ON_RAILS_SKIP_VALIDATION is set to "true", logging a debug message.
  • Keeps existing early returns for missing package.json and for generator runtime, and preserves the final false return otherwise.
• The new early-exit via env var occurs before the existing package.json check.

Alterations to the declarations of exported or public entities

• None

Estimated code review effort: Medium
"""

---

spec/react_on_rails/engine_spec.rb:
"""

AI-generated summary of changes

Introduces a new test context for when the environment variable REACT_ON_RAILS_SKIP_VALIDATION is set. It adds setup/teardown to set and unset the env var, and adds two tests:

• skip_version_validation? returns true when the var is set.
• logs a debug message indicating skipping validation due to the environment variable.

No other behavior changes to existing contexts.

• Method added: None
• Method signature updated: None
• Variable renamed: None

Estimated code review effort: Medium
"""
#1978 - Update licence public key [merged] | .github/workflows/pro-integration-tests.yml:
"""

AI-generated summary of changes

• Replaced environment variable source for REACT_ON_RAILS_PRO_LICENSE with REACT_ON_RAILS_PRO_LICENSE_V2 in multiple GitHub Actions jobs (build-dummy-app-webpack-test-bundles, rspec-dummy-app-node-renderer, dummy-app-node-renderer-e2e-tests).
• Replaced the same secret in the corresponding repeated block, ensuring all references pull from the _VER2 variant.
• Increased the Rails server startup wait timeout from 60 seconds to 300 seconds in the dummy app Playwright/E2E workflow path.
• No changes to control flow beyond the updated secret references and extended timeout in the specified sections.

Alterations to the declarations of exported or public entities

Manifest File Analyzer

Estimated code review effort: Medium
"""

---

.github/workflows/pro-lint.yml:
"""

AI-generated summary of changes

Updated the pro-lint workflow to use a different secret for the REACT_ON_RAILS_PRO_LICENSE environment variable in the lint-js-and-ruby job. The value changes from secrets.REACT_ON_RAILS_PRO_LICENSE to secrets.REACT_ON_RAILS_PRO_LICENSE_V2. No other behavioral or structural changes.

• None

Estimated code review effort: Medium
"""

---

.github/workflows/pro-package-tests.yml:
"""

AI-generated summary of changes

• Changed secret reference in three workflow jobs from REACT_ON_RAILS_PRO_LICENSE to REACT_ON_RAILS_PRO_LICENSE_V2; impacts build-dummy-app-webpack-test-bundles, package-js-tests, and rspec-package-specs. Control flow remains the same; environment now uses the _V2 secret. No other functional changes.

Alterations to the declarations of exported or public entities

• None

Manifest File Analyzer

Estimated code review effort: Medium
"""

---

react_on_rails_pro/lib/react_on_rails_pro/license_public_key.rb:
"""

AI-generated summary of changes

• Updated the constant KEY in ReactOnRailsPro::LicensePublicKey to a different RSA public key PEM block. The old PEM content has been replaced with a new PEM block; the surrounding structure and constant declaration remain unchanged.

• Constant updated: KEY in module ReactOnRailsPro::LicensePublicKey → value changed from the previous PEM block to a new PEM block. The public key data is replaced; the signature and surrounding code are unchanged.

Estimated code review effort: Medium
"""

---

react_on_rails_pro/packages/node-renderer/src/shared/licensePublicKey.ts:
"""

AI-generated summary of changes

• Updated the PUBLIC_KEY constant content to rotate the RSA public key. The wrapper/structure of the multi-line string remains unchanged; only the base64-encoded key block between BEGIN/END PUBLIC KEY is replaced with a new key. No changes to control flow or error handling.

Alterations to the declarations of exported or public entities

• Value updated: export const PUBLIC_KEY in react_on_rails_pro/packages/node-renderer/src/shared/licensePublicKey.ts — from the previous multi-line key block to the new multi-line key block. (Signature remains unchanged.)

Manifest File Analyzer

Estimated code review effort: Medium
"""
#2020 - Enhance change detection & workflow triggers [merged] | .github/workflows/examples.yml:
"""

AI-generated summary of changes

• Updated the workflow name line by appending a comment " # TODO needs to be duplicated for RoR Pro" to the existing name: Generator tests. No functional or behavioral changes to the workflow execution; only a descriptive comment added to the name line.

Alterations to the declarations of exported or public entities

• No exported/public entity signatures were modified.

Manifest File Analyzer

Estimated code review effort: Low
"""

---

.github/workflows/lint-js-and-ruby.yml:
"""

AI-generated summary of changes

• Adds path-ignore entry for react_on_rails_pro/** under both push and pull_request triggers.
• Introduces a workflow_dispatch input named force_run (boolean, default false) to allow forcing a full CI run.
• Changes Node.js setup cache from an empty string to yarn (cache: yarn).
• Modifies Detect relevant changes logic to run all steps when either force_run is true or the full-ci label is present.
• Removes a block of steps related to checking GitHub Action workflow changes, setting up Actionlint, downloading Actionlint, and linting GitHub Actions.

Alterations to the declarations of exported or public entities

• None

Manifest File Analyzer

Estimated code review effort: Medium
"""

---

.github/workflows/package-js-tests.yml:
"""

AI-generated summary of changes

• Adds react_on_rails_pro/** to the push and pull_request paths-ignore lists, excluding the new directory from change-detection triggers.
• Adds workflow_dispatch input named force_run (boolean, default false) to allow forcing all jobs to run.
• Updates detection logic: detect step now runs all jobs when force_run is true OR when the full-ci label is present, instead of only when the label is present.

Alterations to the declarations of exported or public entities

None

Estimated code review effort: Medium
"""

---

.github/workflows/playwright.yml:
"""

AI-generated summary of changes

• Adds paths-ignore to the push trigger for master to ignore changes to Markdown files and the docs directory.
• No changes to runtime logic or error handling; only CI workflow trigger filtering is updated.

Alterations to the declarations of exported or public entities

• None
  """

---

.github/workflows/pro-integration-tests.yml:
"""

AI-generated summary of changes

• Added path-based filters to GitHub Actions workflow triggers:
  • push: ignore changes in Markdown files, docs, lib, spec, and packages/react_on_rails/**
  • pull_request: ignore changes in Markdown files, docs, lib, spec, and packages/react_on_rails/**
• Swapped cache configuration from an empty value to yarn cache in three Node setup steps:
  • build-dummy-app-webpack-test-bundles
  • rspec-dummy-app-node-renderer
  • dummy-app-node-renderer-e2e-tests

Alterations to the declarations of exported or public entities

• None

Estimated code review effort: Medium

Estimated code review effort: Medium
"""

---

.github/workflows/pro-lint.yml:
"""

AI-generated summary of changes

• Adds paths-ignore filters to the GitHub Actions workflow for both push and pull_request events, excluding Markdown, docs, lib, spec, and packages/react_on_rails.
• Changes the Node setup in the lint job to use a Yarn cache (cache: yarn) instead of an empty cache configuration, aligning with a cached dependency setup. No other logic or steps in the workflow are modified.

Alterations to the declarations of exported or public entities

• No exported/public declarations were changed.

Manifest File Analyzer

"""

---

script/ci-changes-detector:
"""

AI-generated summary of changes

• Introduced granular Pro-specific change tracking by adding PRO_LINT_CONFIG_CHANGED, PRO_RUBY_CHANGED, PRO_RSPEC_CHANGED, PRO_JS_CHANGED, PRO_DUMMY_CHANGED, and related adjustments; replaced or de-emphasized prior PRO_CHANGED and WORKFLOWS_CHANGED usage.
• Expanded file matching and categorization to differentiate React on Rails Pro components (Ruby source, JS/TS source, Pro specs, Pro dummy apps) and adjusted resulting flags accordingly.
• Added Pro-specific analysis paths for Ruby, JS/TS, and Pro specs/dummy; updated gating logic to set PRO_* flags based on Pro-related file changes.
• Updated user-facing messaging to include React on Rails Pro categories (Pro Ruby source, Pro JS/TS, Pro Dummy, Pro RSPEC) and added Pro lint/format messaging.
• Reworked CI decision logic to gate Pro-related jobs separately: RUN_PRO_LINT, RUN_PRO_TESTS, and RUN_PRO_DUMMY_TESTS.
• Extended CI outputs (GitHub Actions and JSON) to include run_pro_dummy_tests and related Pro keys.
• Replaced or reorganized default gating so Pro-related changes influence linting, tests, and dummy/test runs alongside non-Pro changes.

Alterations to the declarations of exported or public entities

• Added exported/public boolean flag: PRO_LINT_CONFIG_CHANGED in script/ci-changes-detector
• Added exported/public boolean flag: PRO_RUBY_CHANGED in script/ci-changes-detector
• Added exported/public boolean flag: PRO_RSPEC_CHANGED in script/ci-changes-detector
• Added exported/public boolean flag: PRO_JS_CHANGED in script/ci-changes-detector
• Added exported/public boolean flag: PRO_DUMMY_CHANGED in script/ci-changes-detector
• Removed exported/public boolean flag: PRO_CHANGED (replaced by the PRO_* flags)
• Removed exported/public boolean flag: WORKFLOWS_CHANGED
• Retained and used existing exported/public flags: RUBY_CHANGED, RSPEC_CHANGED, SPEC_DUMMY_CHANGED, GENERATORS_CHANGED, JS_CHANGED, LINT_CONFIG_CHANGED

Manifest File Analyzer

"""

---

.github/workflows/actionlint.yml:
"""

AI-generated summary of changes

• Added a new file .github/workflows/actionlint.yml implementing a GitHub Actions workflow named "Lint JS and Ruby".
• Triggers: on push to master with changes under .github/workflows/**, on pull_request with changes under the same path, and on workflow_dispatch.
• Job actionlint runs on ubuntu-22.04 with BUNDLE_FROZEN=true.
• Steps:
  • Checkout with fetch-depth: 1 and persist-credentials: false.
  • Check GitHub Action changes: determine base SHA, diff against base or previous commit, set changed output to true if .github/workflows changes exist, fetch latest actionlint release, parse tag_name as actionlint_version, set actionlint_version output.
  • Setup Actionlint: conditional on changed, uses cache keyed by actionlint_version, caches ./actionlint.
  • Download Actionlint: conditional on changed and cache-miss, downloads tool.
  • Lint GitHub Actions: conditional on changed, registers matcher and runs actionlint with color output.
• Maintains error handling for API parsing and conditional execution based on detected diffs.
• No exported or public declarations were modified.

Alterations to the declarations of exported or public entities

• No exported or public declarations modified.

Manifest File Analyzer

NONE

Estimated code review effort: Medium

<update_tag>

</update_tag>
"""

---

.github/workflows/gem-tests.yml:
"""

AI-generated summary of changes

• Broadened path exclusion rules in on.pull_request.paths-ignore and on.onglobs from excluding only packages/react-on-rails/src/** and node_package/src/** to excluding the broader patterns: packages/** and react_on_rails_pro/**.
• Introduced a new workflow_dispatch input force_run with description "Force run all jobs (bypass detect-changes)", optional boolean, default false.
• Updated detection logic to treat force_run as a prerequisite for running all checks: the condition now runs full CI when force_run is true or when the existing full-ci label condition is met.

Alterations to the declarations of exported or public entities

• None

Estimated code review effort: Medium
"""

---

.github/workflows/pro-test-package-and-gem.yml:
"""

AI-generated summary of changes

• Adds path-ignore filters to push and pull_request triggers to exclude Markdown, docs, lib, spec, and packages/react_on_rails paths.
• Replaces explicit empty cache setting with cache: yarn in two Node setup steps, removing the prior V8 bug-related comment block and unblocking Yarn caching for Node 22 workflows.

Alterations to the declarations of exported or public entities

• None

Manifest File Analyzer

"""

---

.github/workflows/integration-tests.yml:
"""

AI-generated summary of changes

• Workflow name changed from "Main test" to "Integration Tests".
• Added path ignore for react_on_rails_pro/** under both push and pull_request triggers.
• Conditional flow adjusted: removed an early exit path and moved BASE_REF assignment into an else branch; retains calling script/ci-changes-detector with BASE_REF.
• Build matrix changes: introduced three new axes (ruby-version, node-version, dependency-level) and removed the previous explicit include block; replaced with axis-based definitions.
• Removed the explicit exclusion block and replaced with a single matrix-conditional expression to govern which combinations run, based on PR context, master workflow_dispatch, force_run, or has_full_ci_label.
• Minor formatting/indentation adjustments around the modified blocks.

Alterations to the declarations of exported or public entities

• None

Manifest File Analyzer

"""

👤 Suggested Assignees

• AbanoubGhadban
• justin808
• alexeyr-ci2
• Judahmeek
• ihabadham

---

🧪 Issue enrichment is currently in early access.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false