DNM: switch shared-workflows branch to capture permissions usage patterns#2422
DNM: switch shared-workflows branch to capture permissions usage patterns#2422gforsyth wants to merge 1 commit into
shared-workflows branch to capture permissions usage patterns#2422Conversation
|
Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually. Contributors can view more details about this message here. |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (4)
✅ Files skipped from review due to trivial changes (1)
📝 WalkthroughSummary by CodeRabbit
WalkthroughReplace all reusable-workflow ChangesShared workflow ref updates
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
b5eba85 to
2738c82
Compare
|
/ok to test |
shared-workflows branch to capture credential usage patternsshared-workflows branch to capture permissions usage patterns
|
/ok to test |
2 similar comments
|
/ok to test |
|
/ok to test |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/pr.yaml:
- Around line 11-19: The current workflow defines a standalone monitor job (job
name "monitor") but does not run the GitHubSecurityLab/actions-permissions step
inside the "pr-builder" job or inside any reusable workflows it calls, so
permission usage from pr-builder isn't captured; fix by adding the
actions-permissions step (uses:
GitHubSecurityLab/actions-permissions/monitor@...) with the same config as a
step inside the pr-builder job (and inside any reusable workflows that run in
that job) so each job reports its token/API usage, then rely on the
Advisor/artifacts aggregation flow to collect results rather than depending on a
single dedicated monitor job.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 860750a3-a6e7-4a09-8aee-9b478556ebab
📒 Files selected for processing (1)
.github/workflows/pr.yaml
88d5181 to
2738c82
Compare
|
/ok to test |
|
/ok to test |
1 similar comment
|
/ok to test |
|
/ok to test |
2738c82 to
2154b3a
Compare
|
/ok to test |
|
Actionable comments posted: 0 |
2154b3a to
1b3bc52
Compare
|
/ok to test |
|
Actionable comments posted: 0 |
Running a quick test here to see if https://github.com/GitHubSecurityLab/actions-permissions work the way I think they do when using shared workflows.