fix(ci): robust SHA sync in bump-self-sha + final fixes#171
Conversation
Two changes: 1. bump-self-sha.sh step 5: Replace ALL YiAgent/OpenCI@<40-char-hex> references in workflow files (not just the manifest.yml SHA). Uses regex instead of exact string matching so it works even when workflow files have a different SHA than manifest.yml — fixing the divergence caused by the earlier revert-workflow-files approach. 2. Sync all 12 workflow files to current manifest.yml SHA (119c3ea). All YiAgent/OpenCI references are now consistent.
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
|
Warning Review limit reached
More reviews will be available in 3 minutes and 45 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (14)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
![openbot-dev[bot]](https://avatars.githubusercontent.com/u/279808688?s=60&v=4){kind=small}
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| perl -pi -e "s|\Q${old_sha}\E|${new_sha}|g" "$f" | ||
| # Compare checksums to detect if perl actually changed the file. | ||
| before=$(shasum -a 256 "$f" 2>/dev/null || true) | ||
| perl -pi -e "s|(YiAgent/OpenCI/[^\s@]+)\@[a-f0-9]{40}|\1\@${new_sha}|g" "$f" |
There was a problem hiding this comment.
\1 in the replacement side of s/// is deprecated in Perl — it is documented as equivalent to $1 today, but perlop explicitly warns that the behaviour may change in future versions. The idiomatic form is $1, which carries no deprecation risk and makes the intent unambiguous to readers unfamiliar with the edge-case rule that \N in a replacement string is treated as a back-reference rather than an octal escape.
| done < <(find "$REPO_ROOT/.github/workflows" "$REPO_ROOT/actions" \ | ||
| -name "*.yml" -o -name "*.yaml" 2>/dev/null | tr '\n' '\0') |
There was a problem hiding this comment.
find -o without explicit -print0 and tr conversion
Two compounding robustness concerns: (1) find … -name "*.yml" -o -name "*.yaml" without an explicit action relies on implicit -print being appended to the whole expression — standard in GNU/BSD find but not guaranteed by POSIX; (2) piping through tr '\n' '\0' means any filename with an embedded newline would be split incorrectly. Using \( -name "*.yml" -o -name "*.yaml" \) -print0 eliminates both concerns.
| done < <(find "$REPO_ROOT/.github/workflows" "$REPO_ROOT/actions" \ | |
| -name "*.yml" -o -name "*.yaml" 2>/dev/null | tr '\n' '\0') | |
| perl -pi -e 's|(YiAgent/OpenCI/[^\s@]+)\@[a-f0-9]{40}|$1\@'"${new_sha}"'|g' "$f" | |
| after=$(shasum -a 256 "$f" 2>/dev/null || true) | |
| if [ "$before" != "$after" ]; then | |
| info "Updated $f" | |
| updated=$((updated + 1)) | |
| fi | |
| done < <(find "$REPO_ROOT/.github/workflows" "$REPO_ROOT/actions" \ | |
| \( -name "*.yml" -o -name "*.yaml" \) -print0 2>/dev/null) |
1 participant
Final fixes for auto-bump workflow
1. Robust SHA replacement (bump-self-sha.sh)
Replaced exact-string SHA matching with regex that finds ALL
YiAgent/OpenCI@<40-char-hex>references in workflow files. This fixes the case where workflow files have a different SHA than manifest.yml (due to the revert-workflow-files period).2. RELEASE_PAT for git push
github.tokencannot push.github/workflows/files. Using RELEASE_PAT via remote URL override for the git push step.3. Guard condition fix
Added
steps.guard.outputs.skipcheck to Manage PRs step condition to prevent execution when guard detects bump commits.4. Direct merge instead of --auto
gh pr merge --autorequires branch protection rules on main. Using direct--squash --delete-branchmerge.5. SHA sync
All 12 workflow files synced to current manifest.yml SHA (119c3ea).
no-issue
Need help on this PR? Tag
@codesmithwith what you need. Autofix is disabled.Greptile Summary
This PR makes
bump-self-sha.shrobust to SHA drift betweenmanifest.ymland workflow files by replacing exact-SHA grep with a regex that matches allYiAgent/OpenCI/<subpath>@<40-hex>references. It also syncs all 12 workflow files andmanifest.ymlto the current main HEAD SHA (119c3eab).scripts/bump-self-sha.sh: Step 5 now uses a Perl regex to replace any pinned OpenCI reference regardless of which SHA was previously recorded; a before/aftershasumchecksum comparison detects which files were actually modified.manifest.yml: Mechanical SHA bump from34a93579to119c3eabacross alluses:lines and thedepsmap entry.Confidence Score: 4/5
Safe to merge — all workflow-file changes are mechanical SHA bumps, and the script logic change is a straightforward improvement with no functional regression risk.
The regex replacement correctly covers all YiAgent/OpenCI subpath reference patterns present in the repo. The only findings are a deprecated \1 back-reference (works today but not idiomatic) and the find -o without explicit -print0 (portable enough for CI but less rigorous). Neither affects correctness in the current environment.
Only scripts/bump-self-sha.sh warrants a second look on the find invocation and Perl replacement style, but these are non-blocking quality notes.
Important Files Changed
Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A[Push to main] --> B[on-main-bump-sha triggers] B --> C{Guard: is this a bot bump commit?} C -- yes --> D[Skip all steps] C -- no --> E[Check if manifest SHA matches HEAD] E -- already in sync --> F[Skip nothing to do] E -- stale --> G[Run bump-self-sha.sh] G --> G1[Step 4: update manifest.yml via exact old_sha] G --> G2[Step 5: regex-replace ALL YiAgent/OpenCI@40hex refs] G1 & G2 --> H[shasum before/after to count changed files] H --> I[git checkout new bump branch] I --> J[git push via RELEASE_PAT remote URL] J --> K[gh pr create] K --> L[gh pr merge squash delete-branch] L --> M[Squash commit lands on main] M --> B M --> N{Guard catches chore-manifest message} N -- yes --> DReviews (1): Last reviewed commit: "fix(ci): robust SHA update in bump-self-..." | Re-trigger Greptile