Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP Convert CircleCI config to Github Actions #8147

Open
wants to merge 23 commits into
base: master
Choose a base branch
from
Open

WIP Convert CircleCI config to Github Actions #8147

wants to merge 23 commits into from

Conversation

hotzenklotz
Copy link
Member

@hotzenklotz hotzenklotz commented Oct 24, 2024

PR converts CircleCI config to Github Actions.

I wanted to see 1) how quick/slow GA is compared to CircleCI and 2) consolidate all CI jobs in GA to have one less service to rely upon. GA also has pretty nice Slack integration.

URL of deployed dev instance (used for testing):

  • https://___.webknossos.xyz

Steps to test:

  • CI should be enough

Issues:

  • fixes #

(Please delete unneeded items, merge only when none are left open)

Summary by CodeRabbit

Summary by CodeRabbit

  • New Features

    • Introduced a new script to manage CI/CD behavior on the master branch.
    • Enhanced CI pipeline with triggers for all branches on push and pull requests.
    • Added a new job for comprehensive build, test, and deployment processes.
    • Implemented a health check action for URL monitoring with retries.
  • Improvements

    • Renamed job for better clarity and organization.
    • Implemented robust steps for frontend code checks and Docker operations.
    • Updated Dockerfile to include copying of compiled Scala output.
    • Adjusted environment variable checks to reflect the transition to GitHub Actions.
  • Environment Variables

    • Defined multiple environment variables to streamline CI processes.
    • Updated environment variables to reflect the shift from CircleCI to GitHub Actions.

@hotzenklotz hotzenklotz self-assigned this Oct 24, 2024
Copy link

coderabbitai bot commented Oct 24, 2024

Walkthrough

The changes introduce a new shell script, not-on-master.sh, for conditional execution in GitHub Actions based on the current branch. Additionally, the CI pipeline configuration in .github/workflows/build_test_deploy.yml is significantly modified, with new triggers for push and pull_request events, the addition of environment variables, and the creation of a new job for building and testing the application. The existing job is renamed, and various steps for frontend code checks and Docker operations are detailed. A new health check workflow is also added to monitor a specified URL. The Dockerfile and other related files have been updated to reflect changes in environment variables and the build process.

Changes

File Path Change Summary
.github/not-on-master.sh New script added for conditional execution based on the Git branch.
.github/workflows/build_test_deploy.yml - Added triggers for push on master and pull_request on all branches.
- Introduced environment variables: USER_NAME, USER_UID, USER_GID, DOCKER_USER, DOCKER_PASS.
- Renamed job from foo to static_frontend_code_checks.
- Added new job build_test_deploy with steps for building and testing the application.
.github/actions/health_check_action.yml New action added for URL health checking with retries.
docker-compose.yml Updated environment variables from CircleCI to GitHub Actions (CIRCLE_TAG to CI_TAG, etc.).
project/BuildInfoSettings.scala Updated environment variable checks from CircleCI to GitHub Actions.
Dockerfile New command added to copy compiled Scala output into the working directory.

Poem

In the garden of code where the rabbits play,
A script hops in, to keep troubles at bay.
With branches in mind, it knows when to skip,
While builds and tests flow on a smooth, happy trip.
So let’s cheer for the changes, both big and small,
In our CI wonderland, we’ll conquer them all! 🐇✨


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@hotzenklotz hotzenklotz added the CI label Oct 24, 2024
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Outside diff range and nitpick comments (2)
.github/workflows/build_test_deploy.yml (2)

4-9: Consider restricting branch patterns

The current trigger configuration runs on all branches ('*'). This might lead to unnecessary workflow runs. Consider:

  • Limiting to specific branch patterns (e.g., main, develop, feature/*)
  • Using path filters to run only when relevant files change
  push:
    branches:
-      - '*'
+      - main
+      - develop
+      - 'feature/**'
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
  pull_request:
    branches:
-      - '*'
+      - main
+      - develop

12-18: Enhance security of Docker credentials

The Docker credentials are exposed as environment variables. While they are using secrets, consider:

  1. Limiting the scope of these credentials to only the job that needs them
  2. Using GITHUB_TOKEN where possible for container registry authentication
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 6a0dcc0 and 4a9811e.

📒 Files selected for processing (2)
  • .github/not-on-master.sh (1 hunks)
  • .github/workflows/build_test_deploy.yml (1 hunks)
🧰 Additional context used
🪛 actionlint
.github/workflows/build_test_deploy.yml

57-57: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)


57-57: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)


57-57: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)


57-57: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)


72-72: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)


117-117: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)


137-137: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)


137-137: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)


153-153: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)


153-153: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)


161-161: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)


161-161: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)


169-169: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)


169-169: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🔇 Additional comments (4)
.github/not-on-master.sh (3)

1-2: LGTM: Robust shell script configuration.

The script follows shell scripting best practices:

  • Uses proper shebang line for portability
  • Sets appropriate safety flags:
    • -E: ERR trap inheritance
    • -e: Exit on error
    • -u: Error on unbound variables
    • -o pipefail: Propagate pipe failures

7-7: Consider adding command validation.

The exec "$@" executes arbitrary commands passed as arguments without validation.

Consider:

  1. Adding command whitelisting
  2. Implementing logging for audit purposes
  3. Adding error handling for failed commands

4-8: ⚠️ Potential issue

Fix branch reference comparison.

The current branch comparison has potential issues:

  1. GITHUB_REF typically includes the full ref path (e.g., "refs/heads/master")
  2. String comparison should use = instead of == for POSIX compatibility

Apply this fix:

-if [ "${GITHUB_REF}" == "master" ]; then
+if [ "${GITHUB_REF}" = "refs/heads/master" ]; then

Additionally, consider adding input validation:

.github/workflows/build_test_deploy.yml (1)

21-43: LGTM! Well-structured frontend checks

The frontend code checks job is well-organized with:

  • Proper Node.js setup
  • Comprehensive checks (lint, types, cyclic deps)
  • Clear step names

Comment on lines 152 to 174
run: |
for i in {1..20}; do # retry
curl --fail -v http://localhost:9000/api/health && s=0 && break || s=$?
sleep 5
done
(exit $s)

- name: Run webknossos-datastore smoke test
run: |
for i in {1..20}; do # retry
curl --fail -v http://localhost:9090/data/health && s=0 && break || s=$?
sleep 5
done
(exit $s)

- name: Run webknossos-tracingstore smoke test
run: |
for i in {1..20}; do # retry
curl --fail -v http://localhost:9050/tracings/health && s=0 && break || s=$?
sleep 5
done
(exit $s)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Refactor duplicated health check logic

The health check implementation is duplicated across three services. Consider extracting this into a reusable composite action:

  1. Create .github/actions/health-check/action.yml:
name: 'Health Check'
description: 'Performs health check with retries'
inputs:
  url:
    description: 'Health check URL'
    required: true
runs:
  using: 'composite'
  steps:
    - shell: bash
      run: |
        for i in {1..20}; do
          curl --fail -v "${{ inputs.url }}" && exit 0
          sleep 5
        done
        exit 1
  1. Use it in the workflow:
- uses: ./.github/actions/health-check
  with:
    url: http://localhost:9000/api/health
🧰 Tools
🪛 actionlint

153-153: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)


153-153: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)


161-161: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)


161-161: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)


169-169: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)


169-169: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)

Comment on lines +179 to +203
- name: Push docker images
run: |
function retry() {
for i in {1..5}; do
"$@" && s=0 && break || s=$?
sleep 10
done
return $s
}
retry docker login -u $DOCKER_USER -p $DOCKER_PASS
retry docker compose push webknossos
retry docker compose push webknossos-datastore
retry docker compose push webknossos-tracingstore
if [[ ${{ github.ref_type }} == "branch" ]]; then
docker tag scalableminds/webknossos:${DOCKER_TAG} scalableminds/webknossos:${NORMALIZED_BRANCH}
retry docker push scalableminds/webknossos:${NORMALIZED_BRANCH}
docker tag scalableminds/webknossos-datastore:${DOCKER_TAG} scalableminds/webknossos-datastore:${NORMALIZED_BRANCH}
retry docker push scalableminds/webknossos-datastore:${NORMALIZED_BRANCH}
docker tag scalableminds/webknossos-tracingstore:${DOCKER_TAG} scalableminds/webknossos-tracingstore:${NORMALIZED_BRANCH}
retry docker push scalableminds/webknossos-tracingstore:${NORMALIZED_BRANCH}
docker tag scalableminds/webknossos-dev scalableminds/webknossos-dev:${NORMALIZED_BRANCH}
retry docker push scalableminds/webknossos-dev:${NORMALIZED_BRANCH}
fi
docker logout

Copy link

@coderabbitai coderabbitai bot Oct 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Consolidate Docker push retry logic

The Docker push steps have complex retry logic. Consider:

  1. Using GitHub's built-in retry functionality
  2. Creating a reusable function for Docker operations
- name: Login to Docker Hub
  uses: docker/login-action@v2
  with:
    username: ${{ env.DOCKER_USER }}
    password: ${{ env.DOCKER_PASS }}

- name: Push images
  uses: nick-invision/retry@v2
  with:
    timeout_minutes: 10
    max_attempts: 3
    command: |
      docker compose push webknossos
      docker compose push webknossos-datastore
      docker compose push webknossos-tracingstore
      if [[ ${{ github.ref_type }} == "branch" ]]; then
        # ... tag and push branch images
      fi
🧰 Tools
🪛 actionlint

180-180: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)


180-180: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That sound great. Please do it!

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hotzenklotz, glad you like the suggestion! Here's the updated workflow with the consolidated Docker push retry logic:

name: CI Pipeline

on:
  push:
    branches:
      - '*'
  pull_request:
    branches:
      - '*'
  workflow_dispatch:

env:
  USER_NAME: circleci
  USER_UID: 1000
  USER_GID: 1000
  TZ: Europe/Berlin
  DOCKER_USER: ${{ secrets.DOCKER_USER }}
  DOCKER_PASS: ${{ secrets.DOCKER_PASS }}

jobs:
  static_frontent_code_checks:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
        with:
          fetch-depth: 5

      - uses: actions/setup-node@v4
        with:
          node-version: 18

      - name: Install frontend dependencies
        run: corepack enable && yarn install --immutable

      - name: Lint frontend code and check formatting
        run: yarn run check-frontend

      - name: Typecheck frontend code
        run: yarn typecheck

      - name: Check for cyclic dependencies in frontend
        run: yarn check-cyclic-dependencies

  build_test_deploy:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
        with:
          fetch-depth: 5

      - name: "Custom environment variables"
        run: |
          if [[ ${{ github.ref_type }} == "branch" ]]; then
            NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g')
            echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV
            DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
            echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
          else
            echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV
            echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV
          fi

      - name: Set up Docker
        uses: docker/setup-buildx-action@v2

      # ... other build and test steps ...

      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ env.DOCKER_USER }}
          password: ${{ env.DOCKER_PASS }}

      - name: Push docker images
        uses: nick-invision/retry@v2
        with:
          timeout_minutes: 10
          max_attempts: 3
          command: |
            docker compose push webknossos
            docker compose push webknossos-datastore
            docker compose push webknossos-tracingstore
            if [[ ${{ github.ref_type }} == "branch" ]]; then
              docker tag scalableminds/webknossos:${{ env.DOCKER_TAG }} scalableminds/webknossos:${{ env.NORMALIZED_BRANCH }}
              docker push scalableminds/webknossos:${{ env.NORMALIZED_BRANCH }}
              docker tag scalableminds/webknossos-datastore:${{ env.DOCKER_TAG }} scalableminds/webknossos-datastore:${{ env.NORMALIZED_BRANCH }}
              docker push scalableminds/webknossos-datastore:${{ env.NORMALIZED_BRANCH }}
              docker tag scalableminds/webknossos-tracingstore:${{ env.DOCKER_TAG }} scalableminds/webknossos-tracingstore:${{ env.NORMALIZED_BRANCH }}
              docker push scalableminds/webknossos-tracingstore:${{ env.NORMALIZED_BRANCH }}
              docker tag scalableminds/webknossos-dev scalableminds/webknossos-dev:${{ env.NORMALIZED_BRANCH }}
              docker push scalableminds/webknossos-dev:${{ env.NORMALIZED_BRANCH }}
            fi

      - name: Logout from Docker Hub
        run: docker logout

      # ... remaining steps ...

This update simplifies the retry logic by utilizing the nick-invision/retry@v2 action and the docker/login-action@v2 for authentication with Docker Hub.

Let me know if you have any questions or need further assistance!

(^‿^)/

Comment on lines +207 to +208
# - name: Send Slack notification (master only)
# run: .circleci/slack-notification.sh
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Consider implementing Slack notifications using GitHub Actions

Instead of using the CircleCI script, consider using a GitHub Actions marketplace action for Slack notifications:

- name: Notify Slack
  if: github.ref == 'refs/heads/main'
  uses: 8398a7/action-slack@v3
  with:
    status: ${{ job.status }}
    fields: repo,message,commit,author,action,eventName,ref,workflow,job,took
  env:
    SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

Comment on lines +56 to +66
- name: "Custom environment variables"
run: |
if [[ ${{ github.ref_type }} == "branch" ]]; then
NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g')
echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV
DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
else
echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV
echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV
fi
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix shell script quoting issues

The branch normalization script has potential issues with word splitting. Apply proper quoting:

  if [[ ${{ github.ref_type }} == "branch" ]]; then
-   NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g')
+   NORMALIZED_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[\/-]/_/g')
-   echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV
+   echo "NORMALIZED_BRANCH=${NORMALIZED_BRANCH}" >> "${GITHUB_ENV}"
-   DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
+   DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
-   echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
+   echo "DOCKER_TAG=${DOCKER_TAG}" >> "${GITHUB_ENV}"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: "Custom environment variables"
run: |
if [[ ${{ github.ref_type }} == "branch" ]]; then
NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g')
echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV
DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
else
echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV
echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV
fi
- name: "Custom environment variables"
run: |
if [[ ${{ github.ref_type }} == "branch" ]]; then
NORMALIZED_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[\/-]/_/g')
echo "NORMALIZED_BRANCH=${NORMALIZED_BRANCH}" >> "${GITHUB_ENV}"
DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
echo "DOCKER_TAG=${DOCKER_TAG}" >> "${GITHUB_ENV}"
else
echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV
echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV
fi
🧰 Tools
🪛 actionlint

57-57: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)


57-57: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)


57-57: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)


57-57: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 6

🧹 Outside diff range and nitpick comments (4)
.github/actions/health_check_action.yml (1)

16-16: Add newline at end of file.

Following YAML best practices, ensure there's a newline character at the end of the file.

🧰 Tools
🪛 yamllint

[error] 16-16: no new line character at the end of file

(new-line-at-end-of-file)

project/BuildInfoSettings.scala (1)

16-17: Consider documenting CI environment variables.

Since these environment variables are crucial for versioning and build information, consider adding documentation about their expected values and usage.

Add a comment block above the variable declarations:

+  // CI environment variables used for versioning:
+  // CI_BUILD_NUM: Build number from CI system (e.g., GitHub Actions run number)
+  // CI_TAG: Git tag from CI system, if building a tagged commit
  val ciBuild: String =
    if (System.getenv().containsKey("CI_BUILD_NUM")) System.getenv().get("CI_BUILD_NUM") else ""
  val ciTag: String = if (System.getenv().containsKey("CI_TAG")) System.getenv().get("CI_TAG") else ""
.github/workflows/build_test_deploy.yml (1)

28-30: Fix YAML indentation

The indentation is inconsistent with the rest of the file.

    - uses: actions/setup-node@v4
      with:
-          node-version: 18
+        node-version: 18
🧰 Tools
🪛 yamllint

[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)

docker-compose.yml (1)

Line range hint 249-257: Fix syntax error in dev service command.

There's an extra quote at the end of the -Ddatastore.redis.address=redis line which will cause the command to fail.

Apply this fix:

     command:
       - bash
       - -c
       - >
         sbt
         -v -d -jvm-debug 5005
         "run
           -Djava.net.preferIPv4Stack=true
           -Dtracingstore.fossildb.address=fossildb
           -Dtracingstore.redis.address=redis"
-          -Ddatastore.redis.address=redis"
+          -Ddatastore.redis.address=redis
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 4a9811e and 53e35c4.

📒 Files selected for processing (4)
  • .github/actions/health_check_action.yml (1 hunks)
  • .github/workflows/build_test_deploy.yml (1 hunks)
  • docker-compose.yml (1 hunks)
  • project/BuildInfoSettings.scala (1 hunks)
🧰 Additional context used
🪛 yamllint
.github/actions/health_check_action.yml

[error] 16-16: no new line character at the end of file

(new-line-at-end-of-file)

.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)


[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)


[warning] 46-46: too many blank lines

(4 > 2) (empty-lines)


[error] 153-153: trailing spaces

(trailing-spaces)


[error] 155-155: trailing spaces

(trailing-spaces)


[error] 159-159: trailing spaces

(trailing-spaces)


[error] 164-164: trailing spaces

(trailing-spaces)

🪛 actionlint
.github/workflows/build_test_deploy.yml

56-56: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)


56-56: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)


56-56: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)


56-56: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)


71-71: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)


116-116: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)


136-136: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)


136-136: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🔇 Additional comments (2)
.github/actions/health_check_action.yml (1)

1-6: LGTM! Clear and well-structured action metadata.

The action name, description, and input parameters are well-defined and follow GitHub Actions best practices.

project/BuildInfoSettings.scala (1)

16-17: LGTM! Verify environment variables in GitHub Actions workflow.

The change from CircleCI-specific environment variables to generic CI variables is a good practice for portability.

Let's verify that these environment variables are properly set in the GitHub Actions workflow:

Comment on lines +12 to +16
for i in {1..20}; do
curl --fail -v "${{ inputs.url }}" && exit 0
sleep 5
done
exit 1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Enhance security and reliability of the health check implementation.

Consider the following improvements:

  1. Add timeout to prevent hanging requests
  2. Validate the URL input
  3. Remove verbose flag to prevent potential sensitive information exposure
  4. Make retry count and delay configurable

Apply this diff to implement the suggested improvements:

+inputs:
+  url:
+    description: 'Health check URL'
+    required: true
+  max_attempts:
+    description: 'Maximum number of retry attempts'
+    required: false
+    default: '20'
+  retry_delay:
+    description: 'Delay between retries in seconds'
+    required: false
+    default: '5'
 runs:
   using: 'composite'
   steps:
     - shell: bash
       run: |
-        for i in {1..20}; do
-          curl --fail -v "${{ inputs.url }}" && exit 0
-          sleep 5
+        # Validate URL format
+        if ! [[ "${{ inputs.url }}" =~ ^https?:// ]]; then
+          echo "Error: Invalid URL format. Must start with http:// or https://"
+          exit 1
+        fi
+        
+        for i in $(seq 1 ${{ inputs.max_attempts }}); do
+          echo "Attempt $i of ${{ inputs.max_attempts }}"
+          # Add timeout and remove verbose flag
+          if curl --fail --max-time 30 "${{ inputs.url }}"; then
+            echo "Health check succeeded"
+            exit 0
+          fi
+          echo "Attempt failed, retrying in ${{ inputs.retry_delay }} seconds..."
+          sleep ${{ inputs.retry_delay }}
         done
+        echo "Health check failed after ${{ inputs.max_attempts }} attempts"
         exit 1

Committable suggestion was skipped due to low confidence.

🧰 Tools
🪛 yamllint

[error] 16-16: no new line character at the end of file

(new-line-at-end-of-file)

Comment on lines 142 to 143
run: .github/not-on-master.sh docker compose run base yarn typecheck
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Remove duplicate type checking

The frontend type checking is already performed in the static_frontend_code_checks job (line 38-39).

Consider removing this duplicate step to improve pipeline performance.

Comment on lines +195 to +196
- name: Report coverage
run: .github/not-on-master.sh docker compose run base yarn coverage || true
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Don't silently ignore coverage failures

The coverage command ignores failures with || true, which could hide important coverage regressions.

Consider:

  1. Setting a minimum coverage threshold
  2. Making the job fail if coverage drops below the threshold
  3. Using a coverage reporting action to track trends
-        run: .github/not-on-master.sh docker compose run base yarn coverage || true
+        run: |
+          .github/not-on-master.sh docker compose run base yarn coverage
+        continue-on-error: true

Committable suggestion was skipped due to low confidence.

Comment on lines +13 to +17
USER_NAME: root
USER_UID: 1000
USER_GID: 1000
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASS: ${{ secrets.DOCKER_PASS }}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security: Avoid running containers as root user

Running containers as root user (USER_NAME: root) is a security anti-pattern. Consider:

  1. Using a non-root user for better security
  2. Following the principle of least privilege
-  USER_NAME: root
+  USER_NAME: webknossos

Committable suggestion was skipped due to low confidence.

Comment on lines 84 to 89
- name: Assert schema.sql and evolutions are equal
run: |
docker compose up -d postgres
sleep 3
docker compose run compile tools/postgres/dbtool.js check-evolutions-schema

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Replace sleep with proper postgres readiness check

Using sleep is not reliable for ensuring postgres is ready. Consider using a proper health check.

-          sleep 3
+          until docker compose exec -T postgres pg_isready; do
+            echo "Waiting for postgres..."
+            sleep 1
+          done
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Assert schema.sql and evolutions are equal
run: |
docker compose up -d postgres
sleep 3
docker compose run compile tools/postgres/dbtool.js check-evolutions-schema
- name: Assert schema.sql and evolutions are equal
run: |
docker compose up -d postgres
until docker compose exec -T postgres pg_isready; do
echo "Waiting for postgres..."
sleep 1
done
docker compose run compile tools/postgres/dbtool.js check-evolutions-schema

Comment on lines +108 to +109
- CI_TAG=${GITHUB_REF}
- CI_BUILD_NUM=${GITHUB_JOB}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

⚠️ Potential issue

Environment variables need adjustment for GitHub Actions

Based on the usage in project/BuildInfoSettings.scala, these variables are used to populate build information. The current mappings need to be corrected:

  1. CI_TAG=${GITHUB_REF} - This will include the full ref path, making ciTag contain unwanted prefixes like "refs/tags/" or "refs/heads/"
  2. CI_BUILD_NUM=${GITHUB_JOB} - This will store the job name instead of a build number in ciBuild, which differs from the previous behavior

Suggested fix:

-      - CI_TAG=${GITHUB_REF}
-      - CI_BUILD_NUM=${GITHUB_JOB}
+      - CI_TAG=${GITHUB_REF_NAME}
+      - CI_BUILD_NUM=${GITHUB_RUN_NUMBER}
  • GITHUB_REF_NAME provides just the branch/tag name without the "refs/*/" prefix
  • GITHUB_RUN_NUMBER provides a sequential number for the workflow runs, similar to the previous CI build number
🔗 Analysis chain

Review environment variable mappings for GitHub Actions.

The current mappings might not provide equivalent values:

  1. GITHUB_REF includes the full reference path (e.g., 'refs/heads/main', 'refs/tags/v1.0.0') unlike CIRCLE_TAG which only contained the tag name.
  2. GITHUB_JOB provides the job name, not a sequential build number like CIRCLE_BUILD_NUM.

Consider these alternatives:

-      - CI_TAG=${GITHUB_REF}
-      - CI_BUILD_NUM=${GITHUB_JOB}
+      - CI_TAG=${GITHUB_REF#refs/tags/}
+      - CI_BUILD_NUM=${GITHUB_RUN_NUMBER}

Let's verify the usage of these variables:


Let me gather more context about how these variables might be used in the application code.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for CI_TAG and CI_BUILD_NUM usage in the codebase
rg "CI_(TAG|BUILD_NUM)" --type-add 'config:*.{yml,yaml,json,conf,properties}' -t config

Length of output: 191


Script:

#!/bin/bash
# Search for CI_TAG and CI_BUILD_NUM usage in all files
rg "CI_(TAG|BUILD_NUM)" -A 3 -B 3

# Also check for any shell scripts that might use these variables
fd ".sh$" --exec grep -l "CI_TAG\|CI_BUILD_NUM" {} \;

Length of output: 1350

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (3)
.github/workflows/build_test_deploy.yml (3)

23-23: Fix YAML indentation issues

There are inconsistent indentation levels in the workflow file:

  • Line 23: Should be 6 spaces instead of 4
  • Line 30: Should be 8 spaces instead of 10
    steps:
-    - name: Checkout code
+      - name: Checkout code
       uses: actions/checkout@v3
       with:
         fetch-depth: 5

     - uses: actions/setup-node@v4
       with:
-          node-version: 18
+        node-version: 18

Also applies to: 30-30

🧰 Tools
🪛 yamllint

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)


44-46: Remove excessive blank lines

There are too many consecutive blank lines (4 > 2) between the jobs.

    - name: Check for cyclic dependencies in frontend
      run: yarn check-cyclic-dependencies

-

-

  build_test_deploy:
🧰 Tools
🪛 yamllint

[warning] 46-46: too many blank lines

(4 > 2) (empty-lines)


153-165: Fix trailing spaces in YAML

Remove trailing spaces from the following lines:

  • Line 153: with:
  • Line 155: Empty line with spaces
  • Line 159: with:
  • Line 164: with:
      - name: Run webknossos smoke test
        uses: ./.github/actions/health_check_action
-        with: 
+        with:
          url: http://localhost:9000/api/health

      - name: Run webknossos-datastore smoke test
        uses: ./.github/actions/health_check_action
-        with: 
+        with:
          url: http://localhost:9090/data/health

      - name: Run webknossos-tracingstore smoke test
        uses: ./.github/actions/health_check_action
-        with: 
+        with:
          url: http://localhost:9050/tracings/health
🧰 Tools
🪛 yamllint

[error] 153-153: trailing spaces

(trailing-spaces)


[error] 155-155: trailing spaces

(trailing-spaces)


[error] 159-159: trailing spaces

(trailing-spaces)


[error] 164-164: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 53e35c4 and eb8af0b.

⛔ Files ignored due to path filters (1)
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (2)
  • .github/workflows/build_test_deploy.yml (1 hunks)
  • docker-compose.yml (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • docker-compose.yml
🧰 Additional context used
🪛 actionlint
.github/workflows/build_test_deploy.yml

56-56: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)


56-56: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)


56-56: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)


56-56: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)


71-71: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)


116-116: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)


136-136: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)


136-136: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint
.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)


[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)


[warning] 46-46: too many blank lines

(4 > 2) (empty-lines)


[error] 153-153: trailing spaces

(trailing-spaces)


[error] 155-155: trailing spaces

(trailing-spaces)


[error] 159-159: trailing spaces

(trailing-spaces)


[error] 164-164: trailing spaces

(trailing-spaces)

Comment on lines 95 to 111
run: docker compose run base yarn build

- name: Build webknossos (sbt)
run: |
if [ "${{ github.ref }}" == "refs/heads/master" ]; then
docker compose run compile sbt -no-colors clean compile stage
else
docker compose run compile sbt -no-colors -DfailOnWarning compile stage
fi

- name: Build webknossos-datastore (sbt)
run: docker compose run base sbt -no-colors -DfailOnWarning "project webknossosDatastore" copyMessages compile stage

- name: Build webknossos-tracingstore (sbt)
run: docker compose run base sbt -no-colors -DfailOnWarning "project webknossosTracingstore" copyMessages compile stage

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Consider parallelizing build steps

The build steps for webknossos, datastore, and tracingstore are running sequentially. Consider using GitHub Actions' job parallelization to speed up the pipeline:

  1. Split the builds into separate jobs
  2. Use job outputs to share build artifacts
  3. Use job dependencies to maintain the correct order

Example structure:

jobs:
  build-webknossos:
    # ... build webknossos
    outputs:
      checksum: ${{ steps.checksum.outputs.value }}

  build-datastore:
    needs: build-webknossos
    # ... build datastore

  build-tracingstore:
    needs: build-webknossos
    # ... build tracingstore

  tests:
    needs: [build-webknossos, build-datastore, build-tracingstore]
    # ... run tests

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (1)
.github/workflows/build_test_deploy.yml (1)

13-15: Remove or document commented environment variables

The commented user-related environment variables (USER_NAME, USER_UID, USER_GID) should either be removed if they're no longer needed or documented if they serve a specific purpose.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between eb8af0b and 1d77e3c.

📒 Files selected for processing (1)
  • .github/workflows/build_test_deploy.yml (1 hunks)
🧰 Additional context used
🪛 actionlint
.github/workflows/build_test_deploy.yml

56-56: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)


56-56: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)


56-56: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)


56-56: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)


71-71: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)


116-116: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)


136-136: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)


136-136: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint
.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)


[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)


[warning] 46-46: too many blank lines

(4 > 2) (empty-lines)


[error] 153-153: trailing spaces

(trailing-spaces)


[error] 155-155: trailing spaces

(trailing-spaces)


[error] 159-159: trailing spaces

(trailing-spaces)


[error] 164-164: trailing spaces

(trailing-spaces)

🔇 Additional comments (1)
.github/workflows/build_test_deploy.yml (1)

20-42: LGTM: Frontend checks are well-structured

The frontend checks job is well-organized with appropriate steps for dependency installation, linting, type checking, and cyclic dependency validation.

🧰 Tools
🪛 yamllint

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)


[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)

Comment on lines +172 to +178
for i in {1..5}; do
"$@" && s=0 && break || s=$?
sleep 10
done
return $s
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Consider using GitHub Actions' built-in retry functionality

Instead of implementing a custom retry function, consider using GitHub Actions' built-in retry functionality with the nick-invision/retry@v2 action:

- uses: nick-invision/retry@v2
  with:
    timeout_minutes: 10
    max_attempts: 5
    command: docker login -u "${DOCKER_USER}" -p "${DOCKER_PASS}"

This approach provides better logging and integration with GitHub Actions.

Comment on lines +171 to +193
run: |
function retry() {
for i in {1..5}; do
"$@" && s=0 && break || s=$?
sleep 10
done
return $s
}
retry docker login -u $DOCKER_USER -p $DOCKER_PASS
retry docker compose push webknossos
retry docker compose push webknossos-datastore
retry docker compose push webknossos-tracingstore
if [[ ${{ github.ref_type }} == "branch" ]]; then
docker tag scalableminds/webknossos:${DOCKER_TAG} scalableminds/webknossos:${NORMALIZED_BRANCH}
retry docker push scalableminds/webknossos:${NORMALIZED_BRANCH}
docker tag scalableminds/webknossos-datastore:${DOCKER_TAG} scalableminds/webknossos-datastore:${NORMALIZED_BRANCH}
retry docker push scalableminds/webknossos-datastore:${NORMALIZED_BRANCH}
docker tag scalableminds/webknossos-tracingstore:${DOCKER_TAG} scalableminds/webknossos-tracingstore:${NORMALIZED_BRANCH}
retry docker push scalableminds/webknossos-tracingstore:${NORMALIZED_BRANCH}
docker tag scalableminds/webknossos-dev scalableminds/webknossos-dev:${NORMALIZED_BRANCH}
retry docker push scalableminds/webknossos-dev:${NORMALIZED_BRANCH}
fi
docker logout
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix shell script quoting in Docker operations

The Docker operations contain several shell script issues that should be addressed:

  1. Use proper quoting for variables to prevent word splitting
  2. Use "${variable}" syntax consistently

Apply this diff to fix the issues:

  function retry() {
    for i in {1..5}; do
      "$@" && s=0 && break || s=$?
      sleep 10
    done
    return $s
  }
- retry docker login -u $DOCKER_USER -p $DOCKER_PASS
+ retry docker login -u "${DOCKER_USER}" -p "${DOCKER_PASS}"
  retry docker compose push webknossos
  retry docker compose push webknossos-datastore
  retry docker compose push webknossos-tracingstore
  if [[ ${{ github.ref_type }} == "branch" ]]; then
-   docker tag scalableminds/webknossos:${DOCKER_TAG} scalableminds/webknossos:${NORMALIZED_BRANCH}
+   docker tag "scalableminds/webknossos:${DOCKER_TAG}" "scalableminds/webknossos:${NORMALIZED_BRANCH}"
-   retry docker push scalableminds/webknossos:${NORMALIZED_BRANCH}
+   retry docker push "scalableminds/webknossos:${NORMALIZED_BRANCH}"
    # ... similar fixes for other docker commands ...
  fi

Committable suggestion was skipped due to low confidence.

🧰 Tools
🪛 actionlint

171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)


171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 1d77e3c and 7acf3a9.

📒 Files selected for processing (2)
  • .github/workflows/build_test_deploy.yml (1 hunks)
  • Dockerfile (1 hunks)
🧰 Additional context used
🪛 actionlint
.github/workflows/build_test_deploy.yml

54-54: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)


54-54: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)


54-54: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)


54-54: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)


131-131: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)


151-151: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)


151-151: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)


183-183: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint
.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)


[error] 70-70: trailing spaces

(trailing-spaces)


[error] 80-80: trailing spaces

(trailing-spaces)


[error] 165-165: trailing spaces

(trailing-spaces)


[error] 167-167: trailing spaces

(trailing-spaces)


[error] 171-171: trailing spaces

(trailing-spaces)


[error] 176-176: trailing spaces

(trailing-spaces)

🔇 Additional comments (2)
Dockerfile (1)

11-11: Please clarify the Docker-dev image reference in the comment.

The comment mentions "Docker-dev image" but this dependency isn't clearly documented. This could make it difficult for other developers to understand the build prerequisites.

Let's check for any Docker-dev image references:

✅ Verification successful

Let me check the docker-compose files to understand if there's a dev image defined:


Let me check the Dockerfile.dev since I found a reference to webknossos-dev image in docker-compose.yml:


Based on the docker-compose.yml and Dockerfile.dev analysis, I can now generate the final response:

The Docker-dev image reference is accurate and well-integrated

The comment refers to the webknossos-dev image which is properly defined in docker-compose.yml under the base service. This dev image is built from Dockerfile.dev and is used for development and compilation tasks. The compiled Scala output from this dev environment is indeed used in the production Dockerfile, making the comment accurate and helpful.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for Docker-dev image references in the repository
rg -i "docker-dev.*image"

# Check docker-compose files for related services
fd -e yml -e yaml | xargs rg -l "docker"

Length of output: 329


Script:

#!/bin/bash
# Check contents of docker-compose files for dev image definitions
echo "=== Main docker-compose.yml ==="
cat docker-compose.yml

echo -e "\n=== tools/hosting/docker-compose.yml ==="
cat tools/hosting/docker-compose.yml

echo -e "\n=== webknossos-tracingstore/deployment/docker-compose.yml ==="
cat webknossos-tracingstore/deployment/docker-compose.yml

echo -e "\n=== webknossos-datastore/deployment/docker-compose.yml ==="
cat webknossos-datastore/deployment/docker-compose.yml

Length of output: 14631


Script:

#!/bin/bash
# Check Dockerfile.dev contents
cat Dockerfile.dev

Length of output: 1079

.github/workflows/build_test_deploy.yml (1)

4-6: Consider including additional protected branches in push triggers

The push trigger is currently limited to the master branch. Consider including other protected branches (e.g., main, develop, release/*) to ensure the pipeline runs on all important branches.

@@ -8,6 +8,7 @@ RUN curl -sL "https://deb.nodesource.com/setup_${VERSION_NODE}" | bash - \
RUN mkdir -p /webknossos
WORKDIR /webknossos

# Copy compiled Scala output from a previous build step, e.g. output of the Docker-dev image
COPY target/universal/stage .
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Consider validating the copied Scala artifacts.

While the COPY command is correct, consider adding validation to ensure the required Scala artifacts are present and complete.

Consider adding a validation step:

 # Copy compiled Scala output from a previous build step, e.g. output of the Docker-dev image
 COPY target/universal/stage .
+RUN test -f bin/webknossos && \
+    test -d lib || \
+    (echo "Error: Required Scala artifacts are missing" && exit 1)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
COPY target/universal/stage .
# Copy compiled Scala output from a previous build step, e.g. output of the Docker-dev image
COPY target/universal/stage .
RUN test -f bin/webknossos && \
test -d lib || \
(echo "Error: Required Scala artifacts are missing" && exit 1)

Comment on lines +207 to +211
run: |
WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
yarn run docs --project-version $WK_VERSION

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add error handling to documentation build

The documentation build step should fail the workflow if there are any errors.

      - name: Build frontend documentation
        run: |
+         set -eo pipefail
          WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
-         yarn run docs --project-version $WK_VERSION
+         yarn run docs --project-version "${WK_VERSION}"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Build frontend documentation
run: |
WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
yarn run docs --project-version $WK_VERSION
- name: Build frontend documentation
run: |
set -eo pipefail
WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
yarn run docs --project-version "${WK_VERSION}"

Comment on lines 81 to 86
- name: Install dependencies
run: apt-get update \
&& apt-get install -y \
findutils \
libdraco-dev \
libblosc1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Optimize apt-get commands

The apt-get installation can be optimized to reduce the image size and improve build time.

-      - name: Install dependencies
-        run: apt-get update \
-          && apt-get install -y \
-          findutils \
-          libdraco-dev \
-          libblosc1
+      - name: Install dependencies
+        run: |
+          apt-get update && apt-get install -y --no-install-recommends \
+            findutils \
+            libdraco-dev \
+            libblosc1 \
+          && rm -rf /var/lib/apt/lists/*
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Install dependencies
run: apt-get update \
&& apt-get install -y \
findutils \
libdraco-dev \
libblosc1
- name: Install dependencies
run: |
apt-get update && apt-get install -y --no-install-recommends \
findutils \
libdraco-dev \
libblosc1 \
&& rm -rf /var/lib/apt/lists/*

Comment on lines +32 to +33
- name: Install frontend dependencies
run: corepack enable && yarn install --immutable
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add yarn cache to improve CI performance

Consider using GitHub's cache action for yarn dependencies to speed up the CI pipeline.

    - uses: actions/setup-node@v4
      with:
        node-version: 18
+       cache: 'yarn'
+
+   - name: Get yarn cache directory path
+     id: yarn-cache-dir-path
+     run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
+
+   - uses: actions/cache@v3
+     id: yarn-cache
+     with:
+       path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
+       key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+       restore-keys: |
+         ${{ runner.os }}-yarn-

    - name: Install frontend dependencies
      run: corepack enable && yarn install --immutable
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Install frontend dependencies
run: corepack enable && yarn install --immutable
- uses: actions/setup-node@v4
with:
node-version: 18
cache: 'yarn'
- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
- uses: actions/cache@v3
id: yarn-cache
with:
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Install frontend dependencies
run: corepack enable && yarn install --immutable

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🧹 Outside diff range and nitpick comments (1)
.github/workflows/build_test_deploy.yml (1)

12-17: Add timezone environment variable

Consider adding TZ: UTC (or your preferred timezone) to ensure consistent timestamps across the pipeline execution.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 7acf3a9 and da87a2a.

📒 Files selected for processing (1)
  • .github/workflows/build_test_deploy.yml (1 hunks)
🧰 Additional context used
🪛 actionlint
.github/workflows/build_test_deploy.yml

73-73: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)


73-73: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)


73-73: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)


73-73: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)


141-141: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)


158-158: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)


158-158: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)


189-189: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint
.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)


[warning] 52-52: wrong indentation: expected 6 but found 8

(indentation)


[error] 89-89: trailing spaces

(trailing-spaces)


[error] 99-99: trailing spaces

(trailing-spaces)


[error] 172-172: trailing spaces

(trailing-spaces)


[error] 174-174: trailing spaces

(trailing-spaces)


[error] 177-177: trailing spaces

(trailing-spaces)


[error] 182-182: trailing spaces

(trailing-spaces)

foo:
runs-on: ubuntu-20.04
static_frontend_code_checks:
runs-on: ubuntu-24.04
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Align Ubuntu versions across jobs

The static_frontend_code_checks job uses ubuntu-24.04 while build_test_deploy uses ubuntu-20.04. This inconsistency could lead to environment differences. Consider using the same Ubuntu version for both jobs.

Also applies to: 46-46

Comment on lines 55 to 57
POSTGRES_DB: webknossos
POSTGRES_USER: webknossos_user
POSTGRES_PASSWORD: secret_password
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Use secrets for database credentials

Database credentials are currently hardcoded in the workflow file. Consider using GitHub secrets:

-            POSTGRES_DB: webknossos
-            POSTGRES_USER: webknossos_user
-            POSTGRES_PASSWORD: secret_password
+            POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
+            POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
+            POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
POSTGRES_DB: webknossos
POSTGRES_USER: webknossos_user
POSTGRES_PASSWORD: secret_password
POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}

Comment on lines +213 to +216
- name: Build frontend documentation
run: |
WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
yarn run docs --project-version $WK_VERSION
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Improve documentation version handling

The current version fallback chain could be more explicit:

-          WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
+          WK_VERSION=$(
+            if [ -n "${{ github.event.release.tag_name }}" ]; then
+              echo "${{ github.event.release.tag_name }}"
+            elif [ "${{ github.ref }}" = "refs/heads/master" ]; then
+              echo "${{ github.run_number }}"
+            else
+              echo "dev"
+            fi
+          )
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Build frontend documentation
run: |
WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
yarn run docs --project-version $WK_VERSION
- name: Build frontend documentation
run: |
WK_VERSION=$(
if [ -n "${{ github.event.release.tag_name }}" ]; then
echo "${{ github.event.release.tag_name }}"
elif [ "${{ github.ref }}" = "refs/heads/master" ]; then
echo "${{ github.run_number }}"
else
echo "dev"
fi
)
yarn run docs --project-version $WK_VERSION

Comment on lines +140 to +149
- name: Build webknossos docker image
run: |
docker pull scalableminds/webknossos:$NORMALIZED_BRANCH || true
DEV_CACHE=$NORMALIZED_BRANCH docker compose build --pull webknossos

- name: Build webknossos-datastore docker image
run: docker compose build --pull webknossos-datastore

- name: Build webknossos-tracingstore docker image
run: docker compose build --pull webknossos-tracingstore
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Optimize Docker builds with layer caching

Consider using BuildKit's cache features to speed up builds:

-        run: docker compose build --pull webknossos-datastore
+        run: |
+          DOCKER_BUILDKIT=1 docker compose build \
+            --pull \
+            --build-arg BUILDKIT_INLINE_CACHE=1 \
+            webknossos-datastore
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Build webknossos docker image
run: |
docker pull scalableminds/webknossos:$NORMALIZED_BRANCH || true
DEV_CACHE=$NORMALIZED_BRANCH docker compose build --pull webknossos
- name: Build webknossos-datastore docker image
run: docker compose build --pull webknossos-datastore
- name: Build webknossos-tracingstore docker image
run: docker compose build --pull webknossos-tracingstore
- name: Build webknossos docker image
run: |
docker pull scalableminds/webknossos:$NORMALIZED_BRANCH || true
DEV_CACHE=$NORMALIZED_BRANCH docker compose build --pull webknossos
- name: Build webknossos-datastore docker image
run: |
DOCKER_BUILDKIT=1 docker compose build \
--pull \
--build-arg BUILDKIT_INLINE_CACHE=1 \
webknossos-datastore
- name: Build webknossos-tracingstore docker image
run: docker compose build --pull webknossos-tracingstore
🧰 Tools
🪛 actionlint

141-141: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

Comment on lines +108 to +119
# - name: Prepare dependency folders
# run: mkdir -p project/target target ~/.ivy2 ~/.cache/coursier

# - name: Assert unique evolution numbers
# run: docker compose run base tools/postgres/dbtool.js assert-unique-evolution-numbers

# - name: Assert schema.sql and evolutions are equal
# run: |
# docker compose up -d postgres
# sleep 3
# docker compose run compile tools/postgres/dbtool.js check-evolutions-schema

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

These database validation steps should be uncommented and fixed

The commented-out steps are critical database schema validation checks that:

  1. Ensure evolution numbers are unique (assert-unique-evolution-numbers)
  2. Verify schema.sql matches the evolutions (check-evolutions-schema)

These checks are important as evidenced by:

  • The dbtool.js script contains active implementations of these commands
  • The script is actively used in other parts of the codebase for database validation
  • No alternative validation steps exist in the workflow file
🔗 Analysis chain

Clean up commented code blocks

Several steps are commented out but seem important for database schema validation. Either:

  1. Remove these comments if they're no longer needed
  2. Uncomment and fix them if they're still required

Let me check how these database tools are actually used to determine if the commented steps are still needed.


Let me check if these database validation steps are replaced by other mechanisms in the workflow.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if these database tools are used elsewhere
rg -l "dbtool.js"

Length of output: 217


Script:

#!/bin/bash
# Check the content of files that use dbtool.js
rg "dbtool\.js" -C 3

# Also check if there are any other similar database schema validation tasks
rg "schema" .github/workflows/ -C 3

Length of output: 6445


Script:

#!/bin/bash
# Check the entire workflow file for other database validation steps
cat .github/workflows/build_test_deploy.yml

# Also check if dbtool.js exists and what commands it supports
cat tools/postgres/dbtool.js 2>/dev/null || echo "File not found"

Length of output: 21423

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between da87a2a and d12c110.

📒 Files selected for processing (1)
  • .github/workflows/build_test_deploy.yml (1 hunks)
🧰 Additional context used
🪛 actionlint
.github/workflows/build_test_deploy.yml

84-84: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)


84-84: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)


84-84: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)


84-84: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)


152-152: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)


169-169: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)


169-169: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)


200-200: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint
.github/workflows/build_test_deploy.yml

[warning] 29-29: wrong indentation: expected 6 but found 4

(indentation)


[warning] 59-59: wrong indentation: expected 6 but found 8

(indentation)


[error] 100-100: trailing spaces

(trailing-spaces)


[error] 183-183: trailing spaces

(trailing-spaces)


[error] 185-185: trailing spaces

(trailing-spaces)


[error] 188-188: trailing spaces

(trailing-spaces)


[error] 193-193: trailing spaces

(trailing-spaces)

🔇 Additional comments (1)
.github/workflows/build_test_deploy.yml (1)

4-9: Consider expanding push trigger branches

The current configuration only triggers on master push events. Consider including other important branches (e.g., development, staging) if they exist in your branching strategy.

Comment on lines +71 to +72
- 5432:5432
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Restrict PostgreSQL port exposure

The PostgreSQL port is exposed on all interfaces. For better security, restrict it to localhost:

    ports:
-     - 5432:5432
+     - 127.0.0.1:5432:5432
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
ports:
- 5432:5432
ports:
- 127.0.0.1:5432:5432

Comment on lines +131 to +137
- name: Build webknossos (sbt)
run: |
if [ "${{ github.ref }}" == "refs/heads/master" ]; then
sbt -no-colors clean compile stage
else
sbt -no-colors -DfailOnWarning compile stage
fi
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Optimize SBT build configuration

The SBT build could be optimized:

  1. Use .sbtopts file for common options
  2. Enable parallel execution
  3. Configure memory settings
    - name: Build webknossos (sbt)
      run: |
+       echo "-J-Xmx4G" > .sbtopts
+       echo "-J-Xms2G" >> .sbtopts
+       echo "-Dsbt.parallel=true" >> .sbtopts
        if [ "${{ github.ref }}" == "refs/heads/master" ]; then
-         sbt -no-colors clean compile stage
+         sbt clean compile stage
        else
-         sbt -no-colors -DfailOnWarning compile stage
+         sbt -DfailOnWarning compile stage
        fi
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Build webknossos (sbt)
run: |
if [ "${{ github.ref }}" == "refs/heads/master" ]; then
sbt -no-colors clean compile stage
else
sbt -no-colors -DfailOnWarning compile stage
fi
- name: Build webknossos (sbt)
run: |
echo "-J-Xmx4G" > .sbtopts
echo "-J-Xms2G" >> .sbtopts
echo "-Dsbt.parallel=true" >> .sbtopts
if [ "${{ github.ref }}" == "refs/heads/master" ]; then
sbt clean compile stage
else
sbt -DfailOnWarning compile stage
fi

Comment on lines +41 to +48
- name: Lint frontend code and check formatting
run: yarn run check-frontend

- name: Typecheck frontend code
run: yarn typecheck

- name: Check for cyclic dependencies in frontend
run: yarn check-cyclic-dependencies
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Add error handling to frontend checks

The frontend check commands should fail fast if any check fails. Add set -e to ensure the job fails immediately on any error:

    - name: Lint frontend code and check formatting
      run: |
+       set -e
        yarn run check-frontend

    - name: Typecheck frontend code
      run: |
+       set -e
        yarn typecheck

    - name: Check for cyclic dependencies in frontend
      run: |
+       set -e
        yarn check-cyclic-dependencies

Committable suggestion was skipped due to low confidence.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant