Added Code Rabbit Approval Check to pull-request.yml Workflow

[mandeepnh5]

What kind of change does this PR introduce?
Added Code Rabbit Approval Check to pull-request.yml Workflow

Issue Number:
Fixes #3003

Did you add tests for your changes?
No

If relevant, did you update the documentation?
No

Does this PR introduce a breaking change?
No

Have you read the contributing guide?
Yes

Summary by CodeRabbit

• Chores
  • Enhanced GitHub Actions workflow by adding a validation job for pull request approvals.
  • Improved the script to handle multiple pages of pull request reviews, ensuring robust validation of approvals from a specific user.

[coderabbitai]

Walkthrough

A new GitHub Actions workflow job Validate-Coderabbit has been added to the pull-request.yml file to automate the validation of pull request approvals from CodeRabbit.ai. The workflow introduces a shell script validate-coderabbit.sh that checks for approval by the CodeRabbit bot using GitHub API calls. The job depends on several prerequisite jobs and ensures that only PRs approved by CodeRabbit.ai can proceed.

Changes

File	Change Summary
.github/workflows/pull-request.yml	Added new Validate-Coderabbit job to workflow
.github/workflows/scripts/validate-coderabbit.sh	Enhanced script to handle pagination for fetching PR reviews and check for CodeRabbit.ai approval

Assessment against linked issues

Objective	Addressed	Explanation
Automate CodeRabbit.ai PR approval check [#3003]	✅
Check approval by CodeRabbit user specifically [#3003]	✅
Depend on app start tests [#3003]	✅

Possibly related PRs

• coderabbit yaml file #1991: Modifies the .github/workflows/pull-request.yml file, indicating potential overlap in workflow configurations.
• develop branch - coderabbit yaml file #1997: Updates the .github/workflows/pull-request.yml file, suggesting related changes in workflow management.
• Added GitHub PR Workflow Check: Talawa Admin app starts (No Docker) #2452: Introduces a new job in the .github/workflows/pull-request.yml file, relevant to the new job added in the main PR.
• reverting workflow changes #2498: Adds new jobs to the .github/workflows/pull-request.yml file, indicating a connection to the changes made in the main PR.
• Add code coverage disable check to GitHub workflows #2701: Adds a new job to the .github/workflows/pull-request.yml file, aligning with the addition of the Validate-Coderabbit job in the main PR.
• Enhance ESLint Disable Check and Code Coverage Disable Check with Detailed Messages #3007: Enhances existing checks in the workflow, which may relate to the validation processes introduced in the main PR.

Suggested reviewers

• palisadoes

Poem

🐰 In GitHub's garden of code so bright,
A rabbit checks PRs with delight.
CodeRabbit stamps its seal of might,
Ensuring quality takes flight!
Workflows dance, approvals gleam ✨

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 62822f6 and 9f3896a.

📒 Files selected for processing (1)

• .github/workflows/scripts/validate-coderabbit.sh (1 hunks)

🧰 Additional context used

🪛 GitHub Check: Performs linting, formatting, type-checking, checking for different source and target branch

.github/workflows/scripts/validate-coderabbit.sh

[warning] 1-1:
File ignored by default.

🔇 Additional comments (4)

.github/workflows/scripts/validate-coderabbit.sh (4)

1-2: Add validation for required environment variables

The script requires GITHUB_TOKEN, PR_NUMBER, and GITHUB_REPOSITORY environment variables but doesn't validate their presence.

🧰 Tools

🪛 GitHub Check: Performs linting, formatting, type-checking, checking for different source and target branch

[warning] 1-1:
File ignored by default.

---

11-19: LGTM! Good error handling implementation.

The JSON processing segment includes comprehensive error handling for jq operations and validates the response data appropriately.

---

21-29: Improve approval validation implementation

1. The bot name should be parameterized (as previously suggested)
2. The numeric validation could be more robust

Apply this diff to improve the numeric validation:

-if [[ "$approval_state" =~ ^[0-9]+$ ]] && [[ $approval_state -gt 0 ]]; then
+# Ensure approval_state is a valid non-negative integer
+if [[ "$approval_state" =~ ^[0-9]+$ ]] && [ "$approval_state" -ge 0 ]; then
+  if [ "$approval_state" -gt 0 ]; then
     echo "Success: PR approved by CodeRabbit.ai."
+  else
+    echo "Error: PR is not approved by CodeRabbit.ai (no approvals found)."
+    exit 1
+  fi
 else
-  echo "Error: PR is not approved by CodeRabbit.ai."
+  echo "Error: Invalid approval state returned from API."
   exit 1
 fi

---

1-29: Verify script integration with GitHub Actions workflow

Please ensure this script is properly integrated with the workflow:

1. The script should be executable in the workflow
2. Required environment variables should be passed from the workflow
3. The exit codes should be properly handled by the workflow

Run this script to verify the integration:

✅ Verification successful

Let me gather more information about the workflow integration.

---

Script is properly integrated with GitHub Actions workflow

The validation script is correctly integrated with the workflow:

1. The script is referenced in .github/workflows/pull-request.yml in the Validate-Coderabbit job
2. Required environment variables are properly passed:
   • GITHUB_TOKEN
   • PR_NUMBER
   • GITHUB_REPOSITORY
3. Execute permission is set via chmod +x before execution
4. The job runs after required dependencies and only for non-dependabot PRs
5. Exit codes are properly handled by the workflow (implicit through GitHub Actions)

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify script integration with GitHub Actions workflow

# Check if script is referenced in workflow files
echo "Checking workflow files for script reference..."
rg -l "validate-coderabbit.sh" .github/workflows/

# Verify script permissions
echo "Checking script permissions..."
ls -l .github/workflows/scripts/validate-coderabbit.sh

# Check environment variables in workflow
echo "Checking environment variables in workflow..."
rg "env:" .github/workflows/ -A 5

Length of output: 5816

---

Script:

#!/bin/bash
# Check the workflow file that references the script
echo "Checking pull-request.yml workflow content..."
cat .github/workflows/pull-request.yml

# Check if script is called with proper permissions
echo "Checking if script has execute permission set in workflow..."
rg "chmod.*validate-coderabbit.sh" .github/workflows/

Length of output: 17047

🧰 Tools

🪛 GitHub Check: Performs linting, formatting, type-checking, checking for different source and target branch

[warning] 1-1:
File ignored by default.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Our Pull Request Approval Process

Thanks for contributing!

Testing Your Code

Remember, your PRs won't be reviewed until these criteria are met:

1. We don't merge PRs with poor code quality.
   1. Follow coding best practices such that CodeRabbit.ai approves your PR.
2. We don't merge PRs with failed tests.
   1. When tests fail, click on the Details link to learn more.
   2. Write sufficient tests for your changes (CodeCov Patch Test). Your testing level must be better than the target threshold of the repository
   3. Tests may fail if you edit sensitive files. Ask to add the ignore-sensitive-files-pr label if the edits are necessary.
3. We cannot merge PRs with conflicting files. These must be fixed.

Our policies make our code better.

Reviewers

Do not assign reviewers. Our Queue Monitors will review your PR and assign them.
When your PR has been assigned reviewers contact them to get your code reviewed and approved via:

1. comments in this PR or
2. our slack channel

Reviewing Your Code

Your reviewer(s) will have the following roles:

1. arbitrators of future discussions with other contributors about the validity of your changes
2. point of contact for evaluating the validity of your work
3. person who verifies matching issues by others that should be closed.
4. person who gives general guidance in fixing your tests

CONTRIBUTING.md

Read our CONTRIBUTING.md file. Most importantly:

1. PRs with issues not assigned to you will be closed by the reviewer
2. Fix the first comment in the PR so that each issue listed automatically closes

Other

1. 🎯 Please be considerate of our volunteers' time. Contacting the person who assigned the reviewers is not advised unless they ask for your input. Do not @ the person who did the assignment otherwise.
2. Read the CONTRIBUTING.md file make

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/pull-request.yml (1)

485-485: Add newline at end of file

Add a newline character at the end of the file to comply with POSIX standards.

   env:
     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+

🧰 Tools

🪛 yamllint (1.35.1)

[error] 485-485: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a99b146 and 02049cc.

📒 Files selected for processing (1)

• .github/workflows/pull-request.yml (1 hunks)

🧰 Additional context used

🪛 yamllint (1.35.1)

.github/workflows/pull-request.yml

[error] 485-485: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (2)

.github/workflows/pull-request.yml (2)

466-468: LGTM: Job definition and dependencies are well structured

The job is appropriately placed at the end of the workflow and depends on all necessary quality checks.

---

466-485: Verify workflow protection settings

Since this is a security-critical check, ensure that:

1. Branch protection rules require this check to pass
2. The workflow cannot be modified without proper review

🧰 Tools

🪛 yamllint (1.35.1)

[error] 485-485: no new line character at the end of file

(new-line-at-end-of-file)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/pull-request.yml (2)

473-474: Consider using a more restricted token permission

While using GITHUB_TOKEN is correct, it's recommended to explicitly specify the minimum required permissions for security best practices.

Add permissions at the job level:

  CodeRabbit-Approval:
    name: Validate CodeRabbit.ai Approval
    needs: [Code-Quality-Checks, Docker-Start-Check, Start-App-Without-Docker, Test-Application]
    runs-on: ubuntu-latest
+   permissions:
+     pull-requests: read
    steps:

Also applies to: 497-498

---

498-498: Add newline at end of file

Add a newline character at the end of the file to comply with POSIX standards.

          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+

🧰 Tools

🪛 yamllint (1.35.1)

[error] 498-498: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 02049cc and b5d8c8e.

📒 Files selected for processing (1)

• .github/workflows/pull-request.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/pull-request.yml

472-472: shellcheck reported issue in this script: SC1046:error:7:1: Couldn't find 'fi' for this 'if'

(shellcheck)

---

472-472: shellcheck reported issue in this script: SC1073:error:7:1: Couldn't parse this if expression. Fix to allow more checks

(shellcheck)

---

472-472: shellcheck reported issue in this script: SC1047:error:10:1: Expected 'fi' matching previously mentioned 'if'

(shellcheck)

---

472-472: shellcheck reported issue in this script: SC1072:error:10:2: Unexpected keyword/token. Fix any mentioned problems and try again

(shellcheck)

🪛 yamllint (1.35.1)

.github/workflows/pull-request.yml

[error] 498-498: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (2)

.github/workflows/pull-request.yml (2)

466-470: LGTM! Well-structured job definition

The job is properly configured to run after all essential quality checks, which is an efficient approach.

---

471-496: LGTM! Robust error handling implementation

The script successfully implements comprehensive error handling as suggested in the previous review:

• API call failure handling
• JSON response validation
• Approval count parsing validation

🧰 Tools

🪛 actionlint (1.7.4)

472-472: shellcheck reported issue in this script: SC1046:error:7:1: Couldn't find 'fi' for this 'if'

(shellcheck)

---

472-472: shellcheck reported issue in this script: SC1073:error:7:1: Couldn't parse this if expression. Fix to allow more checks

(shellcheck)

---

472-472: shellcheck reported issue in this script: SC1047:error:10:1: Expected 'fi' matching previously mentioned 'if'

(shellcheck)

---

472-472: shellcheck reported issue in this script: SC1072:error:10:2: Unexpected keyword/token. Fix any mentioned problems and try again

(shellcheck)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.25%. Comparing base (1bc3c5e) to head (9f3896a).
Report is 22 commits behind head on develop-postgres.

Additional details and impacted files

@@                  Coverage Diff                  @@
##           develop-postgres    #3008       +/-   ##
=====================================================
+ Coverage             26.46%   89.25%   +62.78%     
=====================================================
  Files                   300      322       +22     
  Lines                  7568     8422      +854     
  Branches               1652     1898      +246     
=====================================================
+ Hits                   2003     7517     +5514     
+ Misses                 5434      670     -4764     
- Partials                131      235      +104     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[mandeepnh5]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[mandeepnh5]

@palisadoes What should I do if rate limit exceeds for coderabbitai, is there any way to fix that by writing code?

[palisadoes]

You'll just have to wait. It's a mechanism it uses to protect its free service

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/pull-request.yml (2)

471-500: Add rate limit handling and retries

Based on the PR comments about rate limiting concerns, the script should implement retries and rate limit handling.

Add this before the curl command:

+          max_retries=3
+          retry_count=0
+          while [ $retry_count -lt $max_retries ]; do
+            rate_limit=$(curl -s -f -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+              https://api.github.com/rate_limit)
+            remaining=$(echo "$rate_limit" | jq .rate.remaining)
+            if [ "$remaining" -le 0 ]; then
+              reset_time=$(echo "$rate_limit" | jq .rate.reset)
+              current_time=$(date +%s)
+              sleep_time=$((reset_time - current_time + 1))
+              echo "Rate limit exceeded. Waiting for $sleep_time seconds..."
+              sleep $sleep_time
+            fi
+
             # Your existing curl command here
+            if [ $? -eq 0 ]; then
+              break
+            fi
+            retry_count=$((retry_count + 1))
+            if [ $retry_count -lt $max_retries ]; then
+              echo "Retrying... Attempt $((retry_count + 1)) of $max_retries"
+              sleep 5
+            fi
+          done

🧰 Tools

🪛 actionlint (1.7.4)

472-472: shellcheck reported issue in this script: SC2181:style:4:6: Check exit code directly with e.g. 'if ! mycmd;', not indirectly with $?

(shellcheck)

🪛 yamllint (1.35.1)

[error] 474-474: trailing spaces

(trailing-spaces)

---

[error] 485-485: trailing spaces

(trailing-spaces)

---

[error] 500-500: no new line character at the end of file

(new-line-at-end-of-file)

---

485-485: Fix formatting issues

There are trailing spaces and a missing newline at the end of file.

1. Remove trailing spaces on line 485
2. Add a newline at the end of file (line 500)

Also applies to: 500-500

🧰 Tools

🪛 yamllint (1.35.1)

[error] 485-485: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b5d8c8e and 6579d01.

📒 Files selected for processing (1)

• .github/workflows/pull-request.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/pull-request.yml

472-472: shellcheck reported issue in this script: SC2181:style:4:6: Check exit code directly with e.g. 'if ! mycmd;', not indirectly with $?

(shellcheck)

🪛 yamllint (1.35.1)

.github/workflows/pull-request.yml

[error] 474-474: trailing spaces

(trailing-spaces)

---

[error] 485-485: trailing spaces

(trailing-spaces)

---

[error] 500-500: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (3)

.github/workflows/pull-request.yml (3)

466-470: LGTM: Job configuration is well-structured

The job is properly integrated into the workflow with appropriate dependencies and configuration.

---

476-479: 🛠️ Refactor suggestion

Remove redundant error check

This error check becomes redundant after implementing the suggested curl improvements above.

-          if [ $? -ne 0 ]; then
-            echo "Error: Failed to fetch PR reviews"
-            exit 1
-          fi

Likely invalid or redundant comment.

---

473-474: 🛠️ Refactor suggestion

Fix trailing spaces and improve curl error handling

The curl command should handle errors directly instead of checking $? afterward.

Apply this diff:

-          reviews=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-            https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews) 
+          if ! reviews=$(curl -s -f -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+            https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews); then
+            echo "Error: Failed to fetch PR reviews"
+            exit 1
+          fi

Likely invalid or redundant comment.

🧰 Tools

🪛 yamllint (1.35.1)

[error] 474-474: trailing spaces

(trailing-spaces)

[palisadoes]

1. Also try creating a brand new repo (Not a Fork)
2. Enroll it in CodeRabbit
3. Test

With fewer files you may not have the rate limiting problem

[mandeepnh5]

Oh ok

[mandeepnh5]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/pull-request.yml (1)

476-479: Improve shell script practices and formatting.

1. Use direct command status check
2. Remove trailing spaces

Apply this diff to improve the shell script:

-          reviews=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-            https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews) 
-
-          if [ $? -ne 0 ]; then
-            echo "Error: Failed to fetch PR reviews"
-            exit 1
-          fi
+          if ! reviews=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+            https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews); then
+            echo "Error: Failed to fetch PR reviews"
+            exit 1
+          fi

Also applies to: 474-474, 485-485

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6579d01 and 47b1c9c.

📒 Files selected for processing (1)

• .github/workflows/pull-request.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/pull-request.yml

472-472: shellcheck reported issue in this script: SC2181:style:4:6: Check exit code directly with e.g. 'if ! mycmd;', not indirectly with $?

(shellcheck)

🪛 yamllint (1.35.1)

.github/workflows/pull-request.yml

[error] 474-474: trailing spaces

(trailing-spaces)

---

[error] 485-485: trailing spaces

(trailing-spaces)

🔇 Additional comments (3)

.github/workflows/pull-request.yml (3)

466-470: LGTM! Job definition and dependencies are well structured.

The job is correctly placed in the workflow and depends on all necessary quality check jobs.

---

471-498: LGTM! Comprehensive error handling implementation.

The implementation includes all recommended error handling for API calls and JSON parsing.

🧰 Tools

🪛 actionlint (1.7.4)

472-472: shellcheck reported issue in this script: SC2181:style:4:6: Check exit code directly with e.g. 'if ! mycmd;', not indirectly with $?

(shellcheck)

🪛 yamllint (1.35.1)

[error] 474-474: trailing spaces

(trailing-spaces)

---

[error] 485-485: trailing spaces

(trailing-spaces)

---

499-500: LGTM! Secure token usage.

The GitHub token is correctly configured using secrets.

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (1)

.github/workflows/scripts/validate-coderabbit.sh (1)

1-5: ⚠️ Potential issue

Add input validation and rate limit handling.

The script should validate required environment variables and handle GitHub API rate limits.

Previous review comments about adding input validation for GITHUB_TOKEN and rate limit handling are still applicable here.

🧰 Tools

🪛 Shellcheck (0.10.0)

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)

🪛 GitHub Check: Performs linting, formatting, type-checking, checking for different source and target branch

[warning] 1-1:
File ignored by default.

🧹 Nitpick comments (1)

.github/workflows/scripts/validate-coderabbit.sh (1)

20-21: Make debug output conditional.

Debug output should be controlled by an environment variable to avoid verbose logs in production.

Add conditional debug output:

+DEBUG=${DEBUG:-false}
+
-echo "Debug: Combined reviews from all pages:"
-echo "$all_reviews" | jq '.'
+if [ "$DEBUG" = "true" ]; then
+  echo "Debug: Combined reviews from all pages:"
+  echo "$all_reviews" | jq '.'
+fi

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8375a9d and e8574d2.

📒 Files selected for processing (1)

• .github/workflows/scripts/validate-coderabbit.sh (1 hunks)

🧰 Additional context used

🪛 Shellcheck (0.10.0)

.github/workflows/scripts/validate-coderabbit.sh

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)

🪛 GitHub Check: Performs linting, formatting, type-checking, checking for different source and target branch

.github/workflows/scripts/validate-coderabbit.sh

[warning] 1-1:
File ignored by default.

🔇 Additional comments (1)

.github/workflows/scripts/validate-coderabbit.sh (1)

34-44: LGTM! Robust approval validation logic.

The approval validation logic is well-implemented with proper numeric validation and clear error messages.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

.github/workflows/scripts/validate-coderabbit.sh (2)

1-6: ⚠️ Potential issue

Add validation for required environment variables.

The script requires several environment variables (GITHUB_TOKEN, PR_NUMBER, GITHUB_REPOSITORY) but doesn't validate their presence.

Apply this diff after line 1:

 #!/bin/bash

+# Validate required environment variables
+for var in GITHUB_TOKEN PR_NUMBER GITHUB_REPOSITORY; do
+  if [ -z "${!var:-}" ]; then
+    echo "Error: $var environment variable is not set"
+    exit 1
+  fi
+done
+
 echo "Step 1: Fetching all PR reviews with pagination..."

🧰 Tools

🪛 GitHub Check: Performs linting, formatting, type-checking, checking for different source and target branch

[warning] 1-1:
File ignored by default.

---

7-22: ⚠️ Potential issue

Add rate limit check before API calls.

While the pagination logic is solid, the script should check GitHub API rate limits before making requests.

Add rate limit check before the while loop:

+# Check rate limit status
+rate_limit=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
+  "https://api.github.com/rate_limit") || {
+  echo "Error: Failed to check rate limit"
+  exit 1
+}
+
+remaining=$(echo "$rate_limit" | jq '.rate.remaining')
+reset_time=$(echo "$rate_limit" | jq '.rate.reset')
+
+if [ "$remaining" -lt 1 ]; then
+  echo "Error: GitHub API rate limit exceeded. Resets at $(date -d @$reset_time)"
+  exit 1
+fi
+
 while true; do

🧹 Nitpick comments (3)

.github/workflows/scripts/validate-coderabbit.sh (3)

24-28: Add debug mode control.

Debug output should be controlled by an environment variable to avoid verbose output in production.

Apply this diff:

+# Enable debug output if DEBUG=1
+debug_log() {
+  if [ "${DEBUG:-0}" = "1" ]; then
+    echo "Debug: $1"
+    [ -n "${2:-}" ] && echo "$2" | jq '.'
+  fi
+}
+
-echo "Debug: Combined reviews from all pages:"
-echo "$all_reviews" | jq '.'
+debug_log "Combined reviews from all pages:" "$all_reviews"

---

29-44: Document complex jq transformations.

The jq commands perform complex transformations that would benefit from detailed documentation.

Add comments explaining the jq operations:

 echo "Step 2: Parsing the latest review by each user..."
+# jq transformation steps:
+# 1. '[.[]]' - Convert the input into an array
+# 2. 'group_by(.user.login)' - Group reviews by user
+# 3. 'map(max_by(.submitted_at))' - Select most recent review per user
 latest_reviews=$(echo "$reviews" | jq -c '[.[]] | group_by(.user.login) | map(max_by(.submitted_at))') || {
   echo "Error: Failed to process reviews JSON"
   exit 1
 }

---

46-56: Enhance approval validation logic.

Consider checking the review body for additional context to ensure the approval is valid and not conditional.

Apply this diff:

 echo "Step 4: Checking approval status of 'coderabbitai[bot]'..."
-approval_state=$(echo "$latest_reviews" | jq -r '[.[] | select(.user.login == "coderabbitai[bot]" and .state == "APPROVED")] | length')
+# Check for both approval state and review body
+approval_check=$(echo "$latest_reviews" | jq -r '[.[] | select(
+  .user.login == "coderabbitai[bot]" and
+  .state == "APPROVED" and
+  (.body | test("(?i)conditional|with changes") | not)
+)] | length')

-echo "Approval count for CodeRabbit.ai: $approval_state"
+echo "Valid approval count for CodeRabbit.ai: $approval_check"

-if [[ "$approval_state" =~ ^[0-9]+$ ]] && [[ $approval_state -gt 0 ]]; then
+if [[ "$approval_check" =~ ^[0-9]+$ ]] && [[ $approval_check -gt 0 ]]; then

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e8574d2 and 6868f3f.

📒 Files selected for processing (1)

• .github/workflows/scripts/validate-coderabbit.sh (1 hunks)

🧰 Additional context used

🪛 GitHub Check: Performs linting, formatting, type-checking, checking for different source and target branch

.github/workflows/scripts/validate-coderabbit.sh

[warning] 1-1:
File ignored by default.

[mandeepnh5]

I think there is a limit for how much GitHub comments are fetched, as its taking the previous comments not the latest one.
I will try to fix it

[palisadoes]

1. See comments.
2. I may have been wrong about the suitability of making this a script.

Sorry. I've been reviewing so many PRs

[palisadoes]

Please make the necessary changes. We'd like to get this merged quickly.

[mandeepnh5]

Ok I will check the comments and fix the issues by tomorrow.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

.github/workflows/scripts/validate-coderabbit.sh (2)

22-26: Improve debug output handling

The current debug output could expose sensitive information and the variable reassignment is unnecessary.

Apply these improvements:

-echo "Debug: Combined reviews from all pages:"
-echo "$all_reviews" | jq '.'
+# Only show debug output if DEBUG is enabled
+if [ "${DEBUG:-}" = "1" ]; then
+  echo "Debug: Combined reviews from all pages:"
+  echo "$all_reviews" | jq 'map({user: .user.login, state: .state, submitted_at: .submitted_at})'
+fi
 
-reviews="$all_reviews"
+# Use all_reviews directly instead of reassigning

---

38-42: Consolidate debug output handling

Similar to the earlier debug output, this should be controlled by the DEBUG environment variable.

Apply this change:

-echo "Debug: Grouped latest reviews:"
-echo "$latest_reviews" | jq '.'
+if [ "${DEBUG:-}" = "1" ]; then
+  echo "Debug: Grouped latest reviews:"
+  echo "$latest_reviews" | jq '.'
+fi
 
 echo "Step 3: Printing all latest review user logins and states:"

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6868f3f and 2504d44.

📒 Files selected for processing (1)

• .github/workflows/scripts/validate-coderabbit.sh (1 hunks)

🧰 Additional context used

🪛 GitHub Check: Performs linting, formatting, type-checking, checking for different source and target branch

.github/workflows/scripts/validate-coderabbit.sh

[warning] 1-1:
File ignored by default.

🔇 Additional comments (1)

.github/workflows/scripts/validate-coderabbit.sh (1)

1-5: ⚠️ Potential issue

Add validation for required environment variables

The script relies on environment variables (GITHUB_TOKEN, GITHUB_REPOSITORY, PR_NUMBER) but doesn't validate their presence at the start.

Add this validation block after the shebang line:

 #!/bin/bash
+
+# Validate required environment variables
+for var in GITHUB_TOKEN GITHUB_REPOSITORY PR_NUMBER; do
+  if [ -z "${!var}" ]; then
+    echo "Error: $var environment variable is not set"
+    exit 1
+  fi
+done
+
 echo "Step 1: Fetching all PR reviews with pagination..."

Likely invalid or redundant comment.

🧰 Tools

🪛 GitHub Check: Performs linting, formatting, type-checking, checking for different source and target branch

[warning] 1-1:
File ignored by default.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

.github/workflows/scripts/validate-coderabbit.sh (4)

17-18: Add conditional debug logging

Debug output should be controlled by an environment variable to prevent exposing sensitive information and impacting performance with large responses.

+# Enable debug output if DEBUG=1
+DEBUG="${DEBUG:-0}"
+
 echo "Debug: Combined reviews from all pages:"
-echo "$all_reviews" | jq '.'
+if [ "$DEBUG" = "1" ]; then
+  echo "$all_reviews" | jq '.'
+fi

---

33-34: Maintain consistency in debug output handling

Apply the same conditional debug logging pattern here for consistency.

 echo "Debug: Grouped latest reviews:"
-echo "$latest_reviews" | jq '.'
+if [ "$DEBUG" = "1" ]; then
+  echo "$latest_reviews" | jq '.'
+fi

---

44-49: Enhance numeric validation for approval state

The current numeric validation could be more robust to handle edge cases.

-if [[ "$approval_state" =~ ^[0-9]+$ ]] && [[ $approval_state -gt 0 ]]; then
+if [[ "$approval_state" =~ ^[0-9]+$ ]] && [ "$approval_state" -gt 0 ] 2>/dev/null; then
   echo "Success: PR approved by CodeRabbit.ai."
 else
-  echo "Error: PR is not approved by CodeRabbit.ai."
+  if ! [[ "$approval_state" =~ ^[0-9]+$ ]]; then
+    echo "Error: Invalid approval state format"
+  else
+    echo "Error: PR is not approved by CodeRabbit.ai."
+  fi
   exit 1
 fi

---

1-49: Consider splitting the script into functions for better maintainability

The script would benefit from being split into functions for better organization and reusability:

• validate_env_vars()
• fetch_reviews()
• process_reviews()
• check_approval()

This would make the code more maintainable and easier to test.

Would you like me to provide an example of how to restructure the script using functions?

🧰 Tools

🪛 GitHub Check: Performs linting, formatting, type-checking, checking for different source and target branch

[warning] 1-1:
File ignored by default.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2504d44 and 62822f6.

📒 Files selected for processing (1)

• .github/workflows/scripts/validate-coderabbit.sh (1 hunks)

🧰 Additional context used

🪛 GitHub Check: Performs linting, formatting, type-checking, checking for different source and target branch

.github/workflows/scripts/validate-coderabbit.sh

[warning] 1-1:
File ignored by default.

🔇 Additional comments (3)

.github/workflows/scripts/validate-coderabbit.sh (3)

1-5: Add validation for required environment variables

The script requires several environment variables (GITHUB_TOKEN, GITHUB_REPOSITORY, PR_NUMBER) but doesn't validate their presence at startup.

🧰 Tools

🪛 GitHub Check: Performs linting, formatting, type-checking, checking for different source and target branch

[warning] 1-1:
File ignored by default.

---

8-12: Fix pagination implementation issues

The current implementation has several issues:

1. per_page=1000 exceeds GitHub's maximum of 100 items per page
2. Missing proper pagination handling using Link headers

---

39-40: Parameterize the bot name

The bot name 'coderabbitai[bot]' should be configurable via environment variable.

[mandeepnh5]

@palisadoes its working now i will just make the code proper and remove debug print statements and commit

[mandeepnh5]

@palisadoes Please check now I have commited the cleaned code