-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP Convert CircleCI config to Github Actions #8147
base: master
Are you sure you want to change the base?
Conversation
WalkthroughThe changes introduce a new shell script, Changes
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 4
🧹 Outside diff range and nitpick comments (2)
.github/workflows/build_test_deploy.yml (2)
4-9
: Consider restricting branch patternsThe current trigger configuration runs on all branches (
'*'
). This might lead to unnecessary workflow runs. Consider:
- Limiting to specific branch patterns (e.g.,
main
,develop
,feature/*
)- Using path filters to run only when relevant files change
push: branches: - - '*' + - main + - develop + - 'feature/**' + paths-ignore: + - '**.md' + - 'docs/**' pull_request: branches: - - '*' + - main + - develop
12-18
: Enhance security of Docker credentialsThe Docker credentials are exposed as environment variables. While they are using secrets, consider:
- Limiting the scope of these credentials to only the job that needs them
- Using GITHUB_TOKEN where possible for container registry authentication
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (2)
- .github/not-on-master.sh (1 hunks)
- .github/workflows/build_test_deploy.yml (1 hunks)
🧰 Additional context used
🪛 actionlint
.github/workflows/build_test_deploy.yml
57-57: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting
(shellcheck)
57-57: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting
(shellcheck)
57-57: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting
(shellcheck)
57-57: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting
(shellcheck)
72-72: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting
(shellcheck)
117-117: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting
(shellcheck)
137-137: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)
(shellcheck)
137-137: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting
(shellcheck)
153-153: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)
(shellcheck)
153-153: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting
(shellcheck)
161-161: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)
(shellcheck)
161-161: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting
(shellcheck)
169-169: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)
(shellcheck)
169-169: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting
(shellcheck)
🔇 Additional comments (4)
.github/not-on-master.sh (3)
1-2
: LGTM: Robust shell script configuration.The script follows shell scripting best practices:
- Uses proper shebang line for portability
- Sets appropriate safety flags:
-E
: ERR trap inheritance-e
: Exit on error-u
: Error on unbound variables-o pipefail
: Propagate pipe failures
7-7
: Consider adding command validation.The
exec "$@"
executes arbitrary commands passed as arguments without validation.Consider:
- Adding command whitelisting
- Implementing logging for audit purposes
- Adding error handling for failed commands
4-8
:⚠️ Potential issueFix branch reference comparison.
The current branch comparison has potential issues:
GITHUB_REF
typically includes the full ref path (e.g., "refs/heads/master")- String comparison should use
=
instead of==
for POSIX compatibilityApply this fix:
-if [ "${GITHUB_REF}" == "master" ]; then +if [ "${GITHUB_REF}" = "refs/heads/master" ]; thenAdditionally, consider adding input validation:
.github/workflows/build_test_deploy.yml (1)
21-43
: LGTM! Well-structured frontend checksThe frontend code checks job is well-organized with:
- Proper Node.js setup
- Comprehensive checks (lint, types, cyclic deps)
- Clear step names
run: | | ||
for i in {1..20}; do # retry | ||
curl --fail -v http://localhost:9000/api/health && s=0 && break || s=$? | ||
sleep 5 | ||
done | ||
(exit $s) | ||
|
||
- name: Run webknossos-datastore smoke test | ||
run: | | ||
for i in {1..20}; do # retry | ||
curl --fail -v http://localhost:9090/data/health && s=0 && break || s=$? | ||
sleep 5 | ||
done | ||
(exit $s) | ||
|
||
- name: Run webknossos-tracingstore smoke test | ||
run: | | ||
for i in {1..20}; do # retry | ||
curl --fail -v http://localhost:9050/tracings/health && s=0 && break || s=$? | ||
sleep 5 | ||
done | ||
(exit $s) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Refactor duplicated health check logic
The health check implementation is duplicated across three services. Consider extracting this into a reusable composite action:
- Create
.github/actions/health-check/action.yml
:
name: 'Health Check'
description: 'Performs health check with retries'
inputs:
url:
description: 'Health check URL'
required: true
runs:
using: 'composite'
steps:
- shell: bash
run: |
for i in {1..20}; do
curl --fail -v "${{ inputs.url }}" && exit 0
sleep 5
done
exit 1
- Use it in the workflow:
- uses: ./.github/actions/health-check
with:
url: http://localhost:9000/api/health
🧰 Tools
🪛 actionlint
153-153: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)
(shellcheck)
153-153: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting
(shellcheck)
161-161: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)
(shellcheck)
161-161: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting
(shellcheck)
169-169: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)
(shellcheck)
169-169: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting
(shellcheck)
- name: Push docker images | ||
run: | | ||
function retry() { | ||
for i in {1..5}; do | ||
"$@" && s=0 && break || s=$? | ||
sleep 10 | ||
done | ||
return $s | ||
} | ||
retry docker login -u $DOCKER_USER -p $DOCKER_PASS | ||
retry docker compose push webknossos | ||
retry docker compose push webknossos-datastore | ||
retry docker compose push webknossos-tracingstore | ||
if [[ ${{ github.ref_type }} == "branch" ]]; then | ||
docker tag scalableminds/webknossos:${DOCKER_TAG} scalableminds/webknossos:${NORMALIZED_BRANCH} | ||
retry docker push scalableminds/webknossos:${NORMALIZED_BRANCH} | ||
docker tag scalableminds/webknossos-datastore:${DOCKER_TAG} scalableminds/webknossos-datastore:${NORMALIZED_BRANCH} | ||
retry docker push scalableminds/webknossos-datastore:${NORMALIZED_BRANCH} | ||
docker tag scalableminds/webknossos-tracingstore:${DOCKER_TAG} scalableminds/webknossos-tracingstore:${NORMALIZED_BRANCH} | ||
retry docker push scalableminds/webknossos-tracingstore:${NORMALIZED_BRANCH} | ||
docker tag scalableminds/webknossos-dev scalableminds/webknossos-dev:${NORMALIZED_BRANCH} | ||
retry docker push scalableminds/webknossos-dev:${NORMALIZED_BRANCH} | ||
fi | ||
docker logout | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Consolidate Docker push retry logic
The Docker push steps have complex retry logic. Consider:
- Using GitHub's built-in retry functionality
- Creating a reusable function for Docker operations
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USER }}
password: ${{ env.DOCKER_PASS }}
- name: Push images
uses: nick-invision/retry@v2
with:
timeout_minutes: 10
max_attempts: 3
command: |
docker compose push webknossos
docker compose push webknossos-datastore
docker compose push webknossos-tracingstore
if [[ ${{ github.ref_type }} == "branch" ]]; then
# ... tag and push branch images
fi
🧰 Tools
🪛 actionlint
180-180: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting
(shellcheck)
180-180: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting
(shellcheck)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That sound great. Please do it!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hotzenklotz, glad you like the suggestion! Here's the updated workflow with the consolidated Docker push retry logic:
name: CI Pipeline
on:
push:
branches:
- '*'
pull_request:
branches:
- '*'
workflow_dispatch:
env:
USER_NAME: circleci
USER_UID: 1000
USER_GID: 1000
TZ: Europe/Berlin
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASS: ${{ secrets.DOCKER_PASS }}
jobs:
static_frontent_code_checks:
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 5
- uses: actions/setup-node@v4
with:
node-version: 18
- name: Install frontend dependencies
run: corepack enable && yarn install --immutable
- name: Lint frontend code and check formatting
run: yarn run check-frontend
- name: Typecheck frontend code
run: yarn typecheck
- name: Check for cyclic dependencies in frontend
run: yarn check-cyclic-dependencies
build_test_deploy:
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 5
- name: "Custom environment variables"
run: |
if [[ ${{ github.ref_type }} == "branch" ]]; then
NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g')
echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV
DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
else
echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV
echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV
fi
- name: Set up Docker
uses: docker/setup-buildx-action@v2
# ... other build and test steps ...
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ env.DOCKER_USER }}
password: ${{ env.DOCKER_PASS }}
- name: Push docker images
uses: nick-invision/retry@v2
with:
timeout_minutes: 10
max_attempts: 3
command: |
docker compose push webknossos
docker compose push webknossos-datastore
docker compose push webknossos-tracingstore
if [[ ${{ github.ref_type }} == "branch" ]]; then
docker tag scalableminds/webknossos:${{ env.DOCKER_TAG }} scalableminds/webknossos:${{ env.NORMALIZED_BRANCH }}
docker push scalableminds/webknossos:${{ env.NORMALIZED_BRANCH }}
docker tag scalableminds/webknossos-datastore:${{ env.DOCKER_TAG }} scalableminds/webknossos-datastore:${{ env.NORMALIZED_BRANCH }}
docker push scalableminds/webknossos-datastore:${{ env.NORMALIZED_BRANCH }}
docker tag scalableminds/webknossos-tracingstore:${{ env.DOCKER_TAG }} scalableminds/webknossos-tracingstore:${{ env.NORMALIZED_BRANCH }}
docker push scalableminds/webknossos-tracingstore:${{ env.NORMALIZED_BRANCH }}
docker tag scalableminds/webknossos-dev scalableminds/webknossos-dev:${{ env.NORMALIZED_BRANCH }}
docker push scalableminds/webknossos-dev:${{ env.NORMALIZED_BRANCH }}
fi
- name: Logout from Docker Hub
run: docker logout
# ... remaining steps ...
This update simplifies the retry logic by utilizing the nick-invision/retry@v2
action and the docker/login-action@v2
for authentication with Docker Hub.
Let me know if you have any questions or need further assistance!
(^‿^)/
# - name: Send Slack notification (master only) | ||
# run: .circleci/slack-notification.sh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Consider implementing Slack notifications using GitHub Actions
Instead of using the CircleCI script, consider using a GitHub Actions marketplace action for Slack notifications:
- name: Notify Slack
if: github.ref == 'refs/heads/main'
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
fields: repo,message,commit,author,action,eventName,ref,workflow,job,took
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
- name: "Custom environment variables" | ||
run: | | ||
if [[ ${{ github.ref_type }} == "branch" ]]; then | ||
NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g') | ||
echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV | ||
DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}" | ||
echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV | ||
else | ||
echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV | ||
echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV | ||
fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix shell script quoting issues
The branch normalization script has potential issues with word splitting. Apply proper quoting:
if [[ ${{ github.ref_type }} == "branch" ]]; then
- NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g')
+ NORMALIZED_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[\/-]/_/g')
- echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV
+ echo "NORMALIZED_BRANCH=${NORMALIZED_BRANCH}" >> "${GITHUB_ENV}"
- DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
+ DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
- echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
+ echo "DOCKER_TAG=${DOCKER_TAG}" >> "${GITHUB_ENV}"
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
- name: "Custom environment variables" | |
run: | | |
if [[ ${{ github.ref_type }} == "branch" ]]; then | |
NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g') | |
echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV | |
DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}" | |
echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV | |
else | |
echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV | |
echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV | |
fi | |
- name: "Custom environment variables" | |
run: | | |
if [[ ${{ github.ref_type }} == "branch" ]]; then | |
NORMALIZED_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[\/-]/_/g') | |
echo "NORMALIZED_BRANCH=${NORMALIZED_BRANCH}" >> "${GITHUB_ENV}" | |
DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}" | |
echo "DOCKER_TAG=${DOCKER_TAG}" >> "${GITHUB_ENV}" | |
else | |
echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV | |
echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV | |
fi |
🧰 Tools
🪛 actionlint
57-57: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting
(shellcheck)
57-57: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting
(shellcheck)
57-57: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting
(shellcheck)
57-57: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting
(shellcheck)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 6
🧹 Outside diff range and nitpick comments (4)
.github/actions/health_check_action.yml (1)
16-16
: Add newline at end of file.Following YAML best practices, ensure there's a newline character at the end of the file.
🧰 Tools
🪛 yamllint
[error] 16-16: no new line character at the end of file
(new-line-at-end-of-file)
project/BuildInfoSettings.scala (1)
16-17
: Consider documenting CI environment variables.Since these environment variables are crucial for versioning and build information, consider adding documentation about their expected values and usage.
Add a comment block above the variable declarations:
+ // CI environment variables used for versioning: + // CI_BUILD_NUM: Build number from CI system (e.g., GitHub Actions run number) + // CI_TAG: Git tag from CI system, if building a tagged commit val ciBuild: String = if (System.getenv().containsKey("CI_BUILD_NUM")) System.getenv().get("CI_BUILD_NUM") else "" val ciTag: String = if (System.getenv().containsKey("CI_TAG")) System.getenv().get("CI_TAG") else "".github/workflows/build_test_deploy.yml (1)
28-30
: Fix YAML indentationThe indentation is inconsistent with the rest of the file.
- uses: actions/setup-node@v4 with: - node-version: 18 + node-version: 18🧰 Tools
🪛 yamllint
[warning] 30-30: wrong indentation: expected 8 but found 10
(indentation)
docker-compose.yml (1)
Line range hint
249-257
: Fix syntax error in dev service command.There's an extra quote at the end of the
-Ddatastore.redis.address=redis
line which will cause the command to fail.Apply this fix:
command: - bash - -c - > sbt -v -d -jvm-debug 5005 "run -Djava.net.preferIPv4Stack=true -Dtracingstore.fossildb.address=fossildb -Dtracingstore.redis.address=redis" - -Ddatastore.redis.address=redis" + -Ddatastore.redis.address=redis
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (4)
- .github/actions/health_check_action.yml (1 hunks)
- .github/workflows/build_test_deploy.yml (1 hunks)
- docker-compose.yml (1 hunks)
- project/BuildInfoSettings.scala (1 hunks)
🧰 Additional context used
🪛 yamllint
.github/actions/health_check_action.yml
[error] 16-16: no new line character at the end of file
(new-line-at-end-of-file)
.github/workflows/build_test_deploy.yml
[warning] 23-23: wrong indentation: expected 6 but found 4
(indentation)
[warning] 30-30: wrong indentation: expected 8 but found 10
(indentation)
[warning] 46-46: too many blank lines
(4 > 2) (empty-lines)
[error] 153-153: trailing spaces
(trailing-spaces)
[error] 155-155: trailing spaces
(trailing-spaces)
[error] 159-159: trailing spaces
(trailing-spaces)
[error] 164-164: trailing spaces
(trailing-spaces)
🪛 actionlint
.github/workflows/build_test_deploy.yml
56-56: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting
(shellcheck)
56-56: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting
(shellcheck)
56-56: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting
(shellcheck)
56-56: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting
(shellcheck)
71-71: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting
(shellcheck)
116-116: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting
(shellcheck)
136-136: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)
(shellcheck)
136-136: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting
(shellcheck)
🔇 Additional comments (2)
.github/actions/health_check_action.yml (1)
1-6
: LGTM! Clear and well-structured action metadata.The action name, description, and input parameters are well-defined and follow GitHub Actions best practices.
project/BuildInfoSettings.scala (1)
16-17
: LGTM! Verify environment variables in GitHub Actions workflow.The change from CircleCI-specific environment variables to generic CI variables is a good practice for portability.
Let's verify that these environment variables are properly set in the GitHub Actions workflow:
for i in {1..20}; do | ||
curl --fail -v "${{ inputs.url }}" && exit 0 | ||
sleep 5 | ||
done | ||
exit 1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Enhance security and reliability of the health check implementation.
Consider the following improvements:
- Add timeout to prevent hanging requests
- Validate the URL input
- Remove verbose flag to prevent potential sensitive information exposure
- Make retry count and delay configurable
Apply this diff to implement the suggested improvements:
+inputs:
+ url:
+ description: 'Health check URL'
+ required: true
+ max_attempts:
+ description: 'Maximum number of retry attempts'
+ required: false
+ default: '20'
+ retry_delay:
+ description: 'Delay between retries in seconds'
+ required: false
+ default: '5'
runs:
using: 'composite'
steps:
- shell: bash
run: |
- for i in {1..20}; do
- curl --fail -v "${{ inputs.url }}" && exit 0
- sleep 5
+ # Validate URL format
+ if ! [[ "${{ inputs.url }}" =~ ^https?:// ]]; then
+ echo "Error: Invalid URL format. Must start with http:// or https://"
+ exit 1
+ fi
+
+ for i in $(seq 1 ${{ inputs.max_attempts }}); do
+ echo "Attempt $i of ${{ inputs.max_attempts }}"
+ # Add timeout and remove verbose flag
+ if curl --fail --max-time 30 "${{ inputs.url }}"; then
+ echo "Health check succeeded"
+ exit 0
+ fi
+ echo "Attempt failed, retrying in ${{ inputs.retry_delay }} seconds..."
+ sleep ${{ inputs.retry_delay }}
done
+ echo "Health check failed after ${{ inputs.max_attempts }} attempts"
exit 1
Committable suggestion was skipped due to low confidence.
🧰 Tools
🪛 yamllint
[error] 16-16: no new line character at the end of file
(new-line-at-end-of-file)
run: .github/not-on-master.sh docker compose run base yarn typecheck |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove duplicate type checking
The frontend type checking is already performed in the static_frontend_code_checks
job (line 38-39).
Consider removing this duplicate step to improve pipeline performance.
- name: Report coverage | ||
run: .github/not-on-master.sh docker compose run base yarn coverage || true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't silently ignore coverage failures
The coverage command ignores failures with || true
, which could hide important coverage regressions.
Consider:
- Setting a minimum coverage threshold
- Making the job fail if coverage drops below the threshold
- Using a coverage reporting action to track trends
- run: .github/not-on-master.sh docker compose run base yarn coverage || true
+ run: |
+ .github/not-on-master.sh docker compose run base yarn coverage
+ continue-on-error: true
Committable suggestion was skipped due to low confidence.
USER_NAME: root | ||
USER_UID: 1000 | ||
USER_GID: 1000 | ||
DOCKER_USER: ${{ secrets.DOCKER_USER }} | ||
DOCKER_PASS: ${{ secrets.DOCKER_PASS }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security: Avoid running containers as root user
Running containers as root user (USER_NAME: root
) is a security anti-pattern. Consider:
- Using a non-root user for better security
- Following the principle of least privilege
- USER_NAME: root
+ USER_NAME: webknossos
Committable suggestion was skipped due to low confidence.
- name: Assert schema.sql and evolutions are equal | ||
run: | | ||
docker compose up -d postgres | ||
sleep 3 | ||
docker compose run compile tools/postgres/dbtool.js check-evolutions-schema | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Replace sleep with proper postgres readiness check
Using sleep
is not reliable for ensuring postgres is ready. Consider using a proper health check.
- sleep 3
+ until docker compose exec -T postgres pg_isready; do
+ echo "Waiting for postgres..."
+ sleep 1
+ done
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
- name: Assert schema.sql and evolutions are equal | |
run: | | |
docker compose up -d postgres | |
sleep 3 | |
docker compose run compile tools/postgres/dbtool.js check-evolutions-schema | |
- name: Assert schema.sql and evolutions are equal | |
run: | | |
docker compose up -d postgres | |
until docker compose exec -T postgres pg_isready; do | |
echo "Waiting for postgres..." | |
sleep 1 | |
done | |
docker compose run compile tools/postgres/dbtool.js check-evolutions-schema |
- CI_TAG=${GITHUB_REF} | ||
- CI_BUILD_NUM=${GITHUB_JOB} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Codebase verification
Environment variables need adjustment for GitHub Actions
Based on the usage in project/BuildInfoSettings.scala
, these variables are used to populate build information. The current mappings need to be corrected:
CI_TAG=${GITHUB_REF}
- This will include the full ref path, makingciTag
contain unwanted prefixes like "refs/tags/" or "refs/heads/"CI_BUILD_NUM=${GITHUB_JOB}
- This will store the job name instead of a build number inciBuild
, which differs from the previous behavior
Suggested fix:
- - CI_TAG=${GITHUB_REF}
- - CI_BUILD_NUM=${GITHUB_JOB}
+ - CI_TAG=${GITHUB_REF_NAME}
+ - CI_BUILD_NUM=${GITHUB_RUN_NUMBER}
GITHUB_REF_NAME
provides just the branch/tag name without the "refs/*/" prefixGITHUB_RUN_NUMBER
provides a sequential number for the workflow runs, similar to the previous CI build number
🔗 Analysis chain
Review environment variable mappings for GitHub Actions.
The current mappings might not provide equivalent values:
GITHUB_REF
includes the full reference path (e.g., 'refs/heads/main', 'refs/tags/v1.0.0') unlikeCIRCLE_TAG
which only contained the tag name.GITHUB_JOB
provides the job name, not a sequential build number likeCIRCLE_BUILD_NUM
.
Consider these alternatives:
- - CI_TAG=${GITHUB_REF}
- - CI_BUILD_NUM=${GITHUB_JOB}
+ - CI_TAG=${GITHUB_REF#refs/tags/}
+ - CI_BUILD_NUM=${GITHUB_RUN_NUMBER}
Let's verify the usage of these variables:
Let me gather more context about how these variables might be used in the application code.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Search for CI_TAG and CI_BUILD_NUM usage in the codebase
rg "CI_(TAG|BUILD_NUM)" --type-add 'config:*.{yml,yaml,json,conf,properties}' -t config
Length of output: 191
Script:
#!/bin/bash
# Search for CI_TAG and CI_BUILD_NUM usage in all files
rg "CI_(TAG|BUILD_NUM)" -A 3 -B 3
# Also check for any shell scripts that might use these variables
fd ".sh$" --exec grep -l "CI_TAG\|CI_BUILD_NUM" {} \;
Length of output: 1350
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Outside diff range and nitpick comments (3)
.github/workflows/build_test_deploy.yml (3)
23-23
: Fix YAML indentation issuesThere are inconsistent indentation levels in the workflow file:
- Line 23: Should be 6 spaces instead of 4
- Line 30: Should be 8 spaces instead of 10
steps: - - name: Checkout code + - name: Checkout code uses: actions/checkout@v3 with: fetch-depth: 5 - uses: actions/setup-node@v4 with: - node-version: 18 + node-version: 18Also applies to: 30-30
🧰 Tools
🪛 yamllint
[warning] 23-23: wrong indentation: expected 6 but found 4
(indentation)
44-46
: Remove excessive blank linesThere are too many consecutive blank lines (4 > 2) between the jobs.
- name: Check for cyclic dependencies in frontend run: yarn check-cyclic-dependencies - - build_test_deploy:🧰 Tools
🪛 yamllint
[warning] 46-46: too many blank lines
(4 > 2) (empty-lines)
153-165
: Fix trailing spaces in YAMLRemove trailing spaces from the following lines:
- Line 153:
with:
- Line 155: Empty line with spaces
- Line 159:
with:
- Line 164:
with:
- name: Run webknossos smoke test uses: ./.github/actions/health_check_action - with: + with: url: http://localhost:9000/api/health - name: Run webknossos-datastore smoke test uses: ./.github/actions/health_check_action - with: + with: url: http://localhost:9090/data/health - name: Run webknossos-tracingstore smoke test uses: ./.github/actions/health_check_action - with: + with: url: http://localhost:9050/tracings/health🧰 Tools
🪛 yamllint
[error] 153-153: trailing spaces
(trailing-spaces)
[error] 155-155: trailing spaces
(trailing-spaces)
[error] 159-159: trailing spaces
(trailing-spaces)
[error] 164-164: trailing spaces
(trailing-spaces)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
⛔ Files ignored due to path filters (1)
yarn.lock
is excluded by!**/yarn.lock
,!**/*.lock
📒 Files selected for processing (2)
- .github/workflows/build_test_deploy.yml (1 hunks)
- docker-compose.yml (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- docker-compose.yml
🧰 Additional context used
🪛 actionlint
.github/workflows/build_test_deploy.yml
56-56: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting
(shellcheck)
56-56: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting
(shellcheck)
56-56: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting
(shellcheck)
56-56: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting
(shellcheck)
71-71: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting
(shellcheck)
116-116: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting
(shellcheck)
136-136: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)
(shellcheck)
136-136: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting
(shellcheck)
🪛 yamllint
.github/workflows/build_test_deploy.yml
[warning] 23-23: wrong indentation: expected 6 but found 4
(indentation)
[warning] 30-30: wrong indentation: expected 8 but found 10
(indentation)
[warning] 46-46: too many blank lines
(4 > 2) (empty-lines)
[error] 153-153: trailing spaces
(trailing-spaces)
[error] 155-155: trailing spaces
(trailing-spaces)
[error] 159-159: trailing spaces
(trailing-spaces)
[error] 164-164: trailing spaces
(trailing-spaces)
run: docker compose run base yarn build | ||
|
||
- name: Build webknossos (sbt) | ||
run: | | ||
if [ "${{ github.ref }}" == "refs/heads/master" ]; then | ||
docker compose run compile sbt -no-colors clean compile stage | ||
else | ||
docker compose run compile sbt -no-colors -DfailOnWarning compile stage | ||
fi | ||
|
||
- name: Build webknossos-datastore (sbt) | ||
run: docker compose run base sbt -no-colors -DfailOnWarning "project webknossosDatastore" copyMessages compile stage | ||
|
||
- name: Build webknossos-tracingstore (sbt) | ||
run: docker compose run base sbt -no-colors -DfailOnWarning "project webknossosTracingstore" copyMessages compile stage | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Consider parallelizing build steps
The build steps for webknossos, datastore, and tracingstore are running sequentially. Consider using GitHub Actions' job parallelization to speed up the pipeline:
- Split the builds into separate jobs
- Use job outputs to share build artifacts
- Use job dependencies to maintain the correct order
Example structure:
jobs:
build-webknossos:
# ... build webknossos
outputs:
checksum: ${{ steps.checksum.outputs.value }}
build-datastore:
needs: build-webknossos
# ... build datastore
build-tracingstore:
needs: build-webknossos
# ... build tracingstore
tests:
needs: [build-webknossos, build-datastore, build-tracingstore]
# ... run tests
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
🧹 Outside diff range and nitpick comments (1)
.github/workflows/build_test_deploy.yml (1)
13-15
: Remove or document commented environment variablesThe commented user-related environment variables (
USER_NAME
,USER_UID
,USER_GID
) should either be removed if they're no longer needed or documented if they serve a specific purpose.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (1)
- .github/workflows/build_test_deploy.yml (1 hunks)
🧰 Additional context used
🪛 actionlint
.github/workflows/build_test_deploy.yml
56-56: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting
(shellcheck)
56-56: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting
(shellcheck)
56-56: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting
(shellcheck)
56-56: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting
(shellcheck)
71-71: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting
(shellcheck)
116-116: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting
(shellcheck)
136-136: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)
(shellcheck)
136-136: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting
(shellcheck)
🪛 yamllint
.github/workflows/build_test_deploy.yml
[warning] 23-23: wrong indentation: expected 6 but found 4
(indentation)
[warning] 30-30: wrong indentation: expected 8 but found 10
(indentation)
[warning] 46-46: too many blank lines
(4 > 2) (empty-lines)
[error] 153-153: trailing spaces
(trailing-spaces)
[error] 155-155: trailing spaces
(trailing-spaces)
[error] 159-159: trailing spaces
(trailing-spaces)
[error] 164-164: trailing spaces
(trailing-spaces)
🔇 Additional comments (1)
.github/workflows/build_test_deploy.yml (1)
20-42
: LGTM: Frontend checks are well-structuredThe frontend checks job is well-organized with appropriate steps for dependency installation, linting, type checking, and cyclic dependency validation.
🧰 Tools
🪛 yamllint
[warning] 23-23: wrong indentation: expected 6 but found 4
(indentation)
[warning] 30-30: wrong indentation: expected 8 but found 10
(indentation)
for i in {1..5}; do | ||
"$@" && s=0 && break || s=$? | ||
sleep 10 | ||
done | ||
return $s | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Consider using GitHub Actions' built-in retry functionality
Instead of implementing a custom retry function, consider using GitHub Actions' built-in retry functionality with the nick-invision/retry@v2
action:
- uses: nick-invision/retry@v2
with:
timeout_minutes: 10
max_attempts: 5
command: docker login -u "${DOCKER_USER}" -p "${DOCKER_PASS}"
This approach provides better logging and integration with GitHub Actions.
run: | | ||
function retry() { | ||
for i in {1..5}; do | ||
"$@" && s=0 && break || s=$? | ||
sleep 10 | ||
done | ||
return $s | ||
} | ||
retry docker login -u $DOCKER_USER -p $DOCKER_PASS | ||
retry docker compose push webknossos | ||
retry docker compose push webknossos-datastore | ||
retry docker compose push webknossos-tracingstore | ||
if [[ ${{ github.ref_type }} == "branch" ]]; then | ||
docker tag scalableminds/webknossos:${DOCKER_TAG} scalableminds/webknossos:${NORMALIZED_BRANCH} | ||
retry docker push scalableminds/webknossos:${NORMALIZED_BRANCH} | ||
docker tag scalableminds/webknossos-datastore:${DOCKER_TAG} scalableminds/webknossos-datastore:${NORMALIZED_BRANCH} | ||
retry docker push scalableminds/webknossos-datastore:${NORMALIZED_BRANCH} | ||
docker tag scalableminds/webknossos-tracingstore:${DOCKER_TAG} scalableminds/webknossos-tracingstore:${NORMALIZED_BRANCH} | ||
retry docker push scalableminds/webknossos-tracingstore:${NORMALIZED_BRANCH} | ||
docker tag scalableminds/webknossos-dev scalableminds/webknossos-dev:${NORMALIZED_BRANCH} | ||
retry docker push scalableminds/webknossos-dev:${NORMALIZED_BRANCH} | ||
fi | ||
docker logout |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix shell script quoting in Docker operations
The Docker operations contain several shell script issues that should be addressed:
- Use proper quoting for variables to prevent word splitting
- Use
"${variable}"
syntax consistently
Apply this diff to fix the issues:
function retry() {
for i in {1..5}; do
"$@" && s=0 && break || s=$?
sleep 10
done
return $s
}
- retry docker login -u $DOCKER_USER -p $DOCKER_PASS
+ retry docker login -u "${DOCKER_USER}" -p "${DOCKER_PASS}"
retry docker compose push webknossos
retry docker compose push webknossos-datastore
retry docker compose push webknossos-tracingstore
if [[ ${{ github.ref_type }} == "branch" ]]; then
- docker tag scalableminds/webknossos:${DOCKER_TAG} scalableminds/webknossos:${NORMALIZED_BRANCH}
+ docker tag "scalableminds/webknossos:${DOCKER_TAG}" "scalableminds/webknossos:${NORMALIZED_BRANCH}"
- retry docker push scalableminds/webknossos:${NORMALIZED_BRANCH}
+ retry docker push "scalableminds/webknossos:${NORMALIZED_BRANCH}"
# ... similar fixes for other docker commands ...
fi
Committable suggestion was skipped due to low confidence.
🧰 Tools
🪛 actionlint
171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting
(shellcheck)
171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting
(shellcheck)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 4
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (2)
- .github/workflows/build_test_deploy.yml (1 hunks)
- Dockerfile (1 hunks)
🧰 Additional context used
🪛 actionlint
.github/workflows/build_test_deploy.yml
54-54: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting
(shellcheck)
54-54: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting
(shellcheck)
54-54: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting
(shellcheck)
54-54: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting
(shellcheck)
131-131: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting
(shellcheck)
151-151: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)
(shellcheck)
151-151: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting
(shellcheck)
183-183: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting
(shellcheck)
🪛 yamllint
.github/workflows/build_test_deploy.yml
[warning] 23-23: wrong indentation: expected 6 but found 4
(indentation)
[error] 70-70: trailing spaces
(trailing-spaces)
[error] 80-80: trailing spaces
(trailing-spaces)
[error] 165-165: trailing spaces
(trailing-spaces)
[error] 167-167: trailing spaces
(trailing-spaces)
[error] 171-171: trailing spaces
(trailing-spaces)
[error] 176-176: trailing spaces
(trailing-spaces)
🔇 Additional comments (2)
Dockerfile (1)
11-11
: Please clarify the Docker-dev image reference in the comment.The comment mentions "Docker-dev image" but this dependency isn't clearly documented. This could make it difficult for other developers to understand the build prerequisites.
Let's check for any Docker-dev image references:
✅ Verification successful
Let me check the docker-compose files to understand if there's a dev image defined:
Let me check the Dockerfile.dev since I found a reference to webknossos-dev image in docker-compose.yml:
Based on the docker-compose.yml and Dockerfile.dev analysis, I can now generate the final response:
The Docker-dev image reference is accurate and well-integrated
The comment refers to the
webknossos-dev
image which is properly defined in docker-compose.yml under thebase
service. This dev image is built from Dockerfile.dev and is used for development and compilation tasks. The compiled Scala output from this dev environment is indeed used in the production Dockerfile, making the comment accurate and helpful.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Search for Docker-dev image references in the repository rg -i "docker-dev.*image" # Check docker-compose files for related services fd -e yml -e yaml | xargs rg -l "docker"Length of output: 329
Script:
#!/bin/bash # Check contents of docker-compose files for dev image definitions echo "=== Main docker-compose.yml ===" cat docker-compose.yml echo -e "\n=== tools/hosting/docker-compose.yml ===" cat tools/hosting/docker-compose.yml echo -e "\n=== webknossos-tracingstore/deployment/docker-compose.yml ===" cat webknossos-tracingstore/deployment/docker-compose.yml echo -e "\n=== webknossos-datastore/deployment/docker-compose.yml ===" cat webknossos-datastore/deployment/docker-compose.ymlLength of output: 14631
Script:
#!/bin/bash # Check Dockerfile.dev contents cat Dockerfile.devLength of output: 1079
.github/workflows/build_test_deploy.yml (1)
4-6
: Consider including additional protected branches in push triggersThe push trigger is currently limited to the
master
branch. Consider including other protected branches (e.g.,main
,develop
,release/*
) to ensure the pipeline runs on all important branches.
@@ -8,6 +8,7 @@ RUN curl -sL "https://deb.nodesource.com/setup_${VERSION_NODE}" | bash - \ | |||
RUN mkdir -p /webknossos | |||
WORKDIR /webknossos | |||
|
|||
# Copy compiled Scala output from a previous build step, e.g. output of the Docker-dev image | |||
COPY target/universal/stage . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Consider validating the copied Scala artifacts.
While the COPY command is correct, consider adding validation to ensure the required Scala artifacts are present and complete.
Consider adding a validation step:
# Copy compiled Scala output from a previous build step, e.g. output of the Docker-dev image
COPY target/universal/stage .
+RUN test -f bin/webknossos && \
+ test -d lib || \
+ (echo "Error: Required Scala artifacts are missing" && exit 1)
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
COPY target/universal/stage . | |
# Copy compiled Scala output from a previous build step, e.g. output of the Docker-dev image | |
COPY target/universal/stage . | |
RUN test -f bin/webknossos && \ | |
test -d lib || \ | |
(echo "Error: Required Scala artifacts are missing" && exit 1) |
run: | | ||
WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }} | ||
yarn run docs --project-version $WK_VERSION | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Add error handling to documentation build
The documentation build step should fail the workflow if there are any errors.
- name: Build frontend documentation
run: |
+ set -eo pipefail
WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
- yarn run docs --project-version $WK_VERSION
+ yarn run docs --project-version "${WK_VERSION}"
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
- name: Build frontend documentation | |
run: | | |
WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }} | |
yarn run docs --project-version $WK_VERSION | |
- name: Build frontend documentation | |
run: | | |
set -eo pipefail | |
WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }} | |
yarn run docs --project-version "${WK_VERSION}" | |
- name: Install dependencies | ||
run: apt-get update \ | ||
&& apt-get install -y \ | ||
findutils \ | ||
libdraco-dev \ | ||
libblosc1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Optimize apt-get commands
The apt-get installation can be optimized to reduce the image size and improve build time.
- - name: Install dependencies
- run: apt-get update \
- && apt-get install -y \
- findutils \
- libdraco-dev \
- libblosc1
+ - name: Install dependencies
+ run: |
+ apt-get update && apt-get install -y --no-install-recommends \
+ findutils \
+ libdraco-dev \
+ libblosc1 \
+ && rm -rf /var/lib/apt/lists/*
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
- name: Install dependencies | |
run: apt-get update \ | |
&& apt-get install -y \ | |
findutils \ | |
libdraco-dev \ | |
libblosc1 | |
- name: Install dependencies | |
run: | | |
apt-get update && apt-get install -y --no-install-recommends \ | |
findutils \ | |
libdraco-dev \ | |
libblosc1 \ | |
&& rm -rf /var/lib/apt/lists/* |
- name: Install frontend dependencies | ||
run: corepack enable && yarn install --immutable |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Add yarn cache to improve CI performance
Consider using GitHub's cache action for yarn dependencies to speed up the CI pipeline.
- uses: actions/setup-node@v4
with:
node-version: 18
+ cache: 'yarn'
+
+ - name: Get yarn cache directory path
+ id: yarn-cache-dir-path
+ run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
+
+ - uses: actions/cache@v3
+ id: yarn-cache
+ with:
+ path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
+ key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+ restore-keys: |
+ ${{ runner.os }}-yarn-
- name: Install frontend dependencies
run: corepack enable && yarn install --immutable
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
- name: Install frontend dependencies | |
run: corepack enable && yarn install --immutable | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
cache: 'yarn' | |
- name: Get yarn cache directory path | |
id: yarn-cache-dir-path | |
run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v3 | |
id: yarn-cache | |
with: | |
path: ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-yarn- | |
- name: Install frontend dependencies | |
run: corepack enable && yarn install --immutable |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 5
🧹 Outside diff range and nitpick comments (1)
.github/workflows/build_test_deploy.yml (1)
12-17
: Add timezone environment variableConsider adding
TZ: UTC
(or your preferred timezone) to ensure consistent timestamps across the pipeline execution.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (1)
- .github/workflows/build_test_deploy.yml (1 hunks)
🧰 Additional context used
🪛 actionlint
.github/workflows/build_test_deploy.yml
73-73: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting
(shellcheck)
73-73: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting
(shellcheck)
73-73: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting
(shellcheck)
73-73: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting
(shellcheck)
141-141: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting
(shellcheck)
158-158: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)
(shellcheck)
158-158: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting
(shellcheck)
189-189: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting
(shellcheck)
🪛 yamllint
.github/workflows/build_test_deploy.yml
[warning] 23-23: wrong indentation: expected 6 but found 4
(indentation)
[warning] 52-52: wrong indentation: expected 6 but found 8
(indentation)
[error] 89-89: trailing spaces
(trailing-spaces)
[error] 99-99: trailing spaces
(trailing-spaces)
[error] 172-172: trailing spaces
(trailing-spaces)
[error] 174-174: trailing spaces
(trailing-spaces)
[error] 177-177: trailing spaces
(trailing-spaces)
[error] 182-182: trailing spaces
(trailing-spaces)
foo: | ||
runs-on: ubuntu-20.04 | ||
static_frontend_code_checks: | ||
runs-on: ubuntu-24.04 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Align Ubuntu versions across jobs
The static_frontend_code_checks
job uses ubuntu-24.04
while build_test_deploy
uses ubuntu-20.04
. This inconsistency could lead to environment differences. Consider using the same Ubuntu version for both jobs.
Also applies to: 46-46
POSTGRES_DB: webknossos | ||
POSTGRES_USER: webknossos_user | ||
POSTGRES_PASSWORD: secret_password |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use secrets for database credentials
Database credentials are currently hardcoded in the workflow file. Consider using GitHub secrets:
- POSTGRES_DB: webknossos
- POSTGRES_USER: webknossos_user
- POSTGRES_PASSWORD: secret_password
+ POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
+ POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
+ POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
POSTGRES_DB: webknossos | |
POSTGRES_USER: webknossos_user | |
POSTGRES_PASSWORD: secret_password | |
POSTGRES_DB: ${{ secrets.POSTGRES_DB }} | |
POSTGRES_USER: ${{ secrets.POSTGRES_USER }} | |
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }} |
- name: Build frontend documentation | ||
run: | | ||
WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }} | ||
yarn run docs --project-version $WK_VERSION |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Improve documentation version handling
The current version fallback chain could be more explicit:
- WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
+ WK_VERSION=$(
+ if [ -n "${{ github.event.release.tag_name }}" ]; then
+ echo "${{ github.event.release.tag_name }}"
+ elif [ "${{ github.ref }}" = "refs/heads/master" ]; then
+ echo "${{ github.run_number }}"
+ else
+ echo "dev"
+ fi
+ )
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
- name: Build frontend documentation | |
run: | | |
WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }} | |
yarn run docs --project-version $WK_VERSION | |
- name: Build frontend documentation | |
run: | | |
WK_VERSION=$( | |
if [ -n "${{ github.event.release.tag_name }}" ]; then | |
echo "${{ github.event.release.tag_name }}" | |
elif [ "${{ github.ref }}" = "refs/heads/master" ]; then | |
echo "${{ github.run_number }}" | |
else | |
echo "dev" | |
fi | |
) | |
yarn run docs --project-version $WK_VERSION |
- name: Build webknossos docker image | ||
run: | | ||
docker pull scalableminds/webknossos:$NORMALIZED_BRANCH || true | ||
DEV_CACHE=$NORMALIZED_BRANCH docker compose build --pull webknossos | ||
|
||
- name: Build webknossos-datastore docker image | ||
run: docker compose build --pull webknossos-datastore | ||
|
||
- name: Build webknossos-tracingstore docker image | ||
run: docker compose build --pull webknossos-tracingstore |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Optimize Docker builds with layer caching
Consider using BuildKit's cache features to speed up builds:
- run: docker compose build --pull webknossos-datastore
+ run: |
+ DOCKER_BUILDKIT=1 docker compose build \
+ --pull \
+ --build-arg BUILDKIT_INLINE_CACHE=1 \
+ webknossos-datastore
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
- name: Build webknossos docker image | |
run: | | |
docker pull scalableminds/webknossos:$NORMALIZED_BRANCH || true | |
DEV_CACHE=$NORMALIZED_BRANCH docker compose build --pull webknossos | |
- name: Build webknossos-datastore docker image | |
run: docker compose build --pull webknossos-datastore | |
- name: Build webknossos-tracingstore docker image | |
run: docker compose build --pull webknossos-tracingstore | |
- name: Build webknossos docker image | |
run: | | |
docker pull scalableminds/webknossos:$NORMALIZED_BRANCH || true | |
DEV_CACHE=$NORMALIZED_BRANCH docker compose build --pull webknossos | |
- name: Build webknossos-datastore docker image | |
run: | | |
DOCKER_BUILDKIT=1 docker compose build \ | |
--pull \ | |
--build-arg BUILDKIT_INLINE_CACHE=1 \ | |
webknossos-datastore | |
- name: Build webknossos-tracingstore docker image | |
run: docker compose build --pull webknossos-tracingstore |
🧰 Tools
🪛 actionlint
141-141: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting
(shellcheck)
# - name: Prepare dependency folders | ||
# run: mkdir -p project/target target ~/.ivy2 ~/.cache/coursier | ||
|
||
# - name: Assert unique evolution numbers | ||
# run: docker compose run base tools/postgres/dbtool.js assert-unique-evolution-numbers | ||
|
||
# - name: Assert schema.sql and evolutions are equal | ||
# run: | | ||
# docker compose up -d postgres | ||
# sleep 3 | ||
# docker compose run compile tools/postgres/dbtool.js check-evolutions-schema | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Codebase verification
These database validation steps should be uncommented and fixed
The commented-out steps are critical database schema validation checks that:
- Ensure evolution numbers are unique (
assert-unique-evolution-numbers
) - Verify schema.sql matches the evolutions (
check-evolutions-schema
)
These checks are important as evidenced by:
- The
dbtool.js
script contains active implementations of these commands - The script is actively used in other parts of the codebase for database validation
- No alternative validation steps exist in the workflow file
🔗 Analysis chain
Clean up commented code blocks
Several steps are commented out but seem important for database schema validation. Either:
- Remove these comments if they're no longer needed
- Uncomment and fix them if they're still required
Let me check how these database tools are actually used to determine if the commented steps are still needed.
Let me check if these database validation steps are replaced by other mechanisms in the workflow.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check if these database tools are used elsewhere
rg -l "dbtool.js"
Length of output: 217
Script:
#!/bin/bash
# Check the content of files that use dbtool.js
rg "dbtool\.js" -C 3
# Also check if there are any other similar database schema validation tasks
rg "schema" .github/workflows/ -C 3
Length of output: 6445
Script:
#!/bin/bash
# Check the entire workflow file for other database validation steps
cat .github/workflows/build_test_deploy.yml
# Also check if dbtool.js exists and what commands it supports
cat tools/postgres/dbtool.js 2>/dev/null || echo "File not found"
Length of output: 21423
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 3
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (1)
- .github/workflows/build_test_deploy.yml (1 hunks)
🧰 Additional context used
🪛 actionlint
.github/workflows/build_test_deploy.yml
84-84: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting
(shellcheck)
84-84: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting
(shellcheck)
84-84: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting
(shellcheck)
84-84: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting
(shellcheck)
152-152: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting
(shellcheck)
169-169: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)
(shellcheck)
169-169: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting
(shellcheck)
200-200: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting
(shellcheck)
🪛 yamllint
.github/workflows/build_test_deploy.yml
[warning] 29-29: wrong indentation: expected 6 but found 4
(indentation)
[warning] 59-59: wrong indentation: expected 6 but found 8
(indentation)
[error] 100-100: trailing spaces
(trailing-spaces)
[error] 183-183: trailing spaces
(trailing-spaces)
[error] 185-185: trailing spaces
(trailing-spaces)
[error] 188-188: trailing spaces
(trailing-spaces)
[error] 193-193: trailing spaces
(trailing-spaces)
🔇 Additional comments (1)
.github/workflows/build_test_deploy.yml (1)
4-9
: Consider expanding push trigger branchesThe current configuration only triggers on
master
push events. Consider including other important branches (e.g., development, staging) if they exist in your branching strategy.
- 5432:5432 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Restrict PostgreSQL port exposure
The PostgreSQL port is exposed on all interfaces. For better security, restrict it to localhost:
ports:
- - 5432:5432
+ - 127.0.0.1:5432:5432
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
ports: | |
- 5432:5432 | |
ports: | |
- 127.0.0.1:5432:5432 |
- name: Build webknossos (sbt) | ||
run: | | ||
if [ "${{ github.ref }}" == "refs/heads/master" ]; then | ||
sbt -no-colors clean compile stage | ||
else | ||
sbt -no-colors -DfailOnWarning compile stage | ||
fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Optimize SBT build configuration
The SBT build could be optimized:
- Use
.sbtopts
file for common options - Enable parallel execution
- Configure memory settings
- name: Build webknossos (sbt)
run: |
+ echo "-J-Xmx4G" > .sbtopts
+ echo "-J-Xms2G" >> .sbtopts
+ echo "-Dsbt.parallel=true" >> .sbtopts
if [ "${{ github.ref }}" == "refs/heads/master" ]; then
- sbt -no-colors clean compile stage
+ sbt clean compile stage
else
- sbt -no-colors -DfailOnWarning compile stage
+ sbt -DfailOnWarning compile stage
fi
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
- name: Build webknossos (sbt) | |
run: | | |
if [ "${{ github.ref }}" == "refs/heads/master" ]; then | |
sbt -no-colors clean compile stage | |
else | |
sbt -no-colors -DfailOnWarning compile stage | |
fi | |
- name: Build webknossos (sbt) | |
run: | | |
echo "-J-Xmx4G" > .sbtopts | |
echo "-J-Xms2G" >> .sbtopts | |
echo "-Dsbt.parallel=true" >> .sbtopts | |
if [ "${{ github.ref }}" == "refs/heads/master" ]; then | |
sbt clean compile stage | |
else | |
sbt -DfailOnWarning compile stage | |
fi |
- name: Lint frontend code and check formatting | ||
run: yarn run check-frontend | ||
|
||
- name: Typecheck frontend code | ||
run: yarn typecheck | ||
|
||
- name: Check for cyclic dependencies in frontend | ||
run: yarn check-cyclic-dependencies |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add error handling to frontend checks
The frontend check commands should fail fast if any check fails. Add set -e
to ensure the job fails immediately on any error:
- name: Lint frontend code and check formatting
run: |
+ set -e
yarn run check-frontend
- name: Typecheck frontend code
run: |
+ set -e
yarn typecheck
- name: Check for cyclic dependencies in frontend
run: |
+ set -e
yarn check-cyclic-dependencies
Committable suggestion was skipped due to low confidence.
PR converts CircleCI config to Github Actions.
I wanted to see 1) how quick/slow GA is compared to CircleCI and 2) consolidate all CI jobs in GA to have one less service to rely upon. GA also has pretty nice Slack integration.
URL of deployed dev instance (used for testing):
Steps to test:
Issues:
(Please delete unneeded items, merge only when none are left open)
Summary by CodeRabbit
Summary by CodeRabbit
New Features
Improvements
Environment Variables