[codex] Trigger release builds from GitHub Releases#65
Conversation
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe release workflow is restructured to handle GitHub Release publication events directly instead of relying on tag pushes. Trigger conditions, permissions, concurrency configuration, and release metadata extraction are updated. Documentation clarifies two release paths for users: standard GitHub Release publishing or manual workflow dispatch. ChangesRelease workflow event handling and documentation
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/release.yml:
- Around line 23-27: The workflow-level permissions block currently grants broad
write scopes; change it to least-privilege (e.g., set contents: read and only
keep id-token: write if OIDC is used globally) and remove other write
permissions from the global permissions block. Then grant the specific write
permissions (artifact-metadata: write, attestations: write, contents: write,
etc.) only on the jobs that actually need them by adding a permissions:
subsection to those job definitions (for example add the required write rights
to the publish/release job), and ensure the prepare job does not receive
unnecessary write permissions (leave prepare with read-only permissions or
none). Locate the global permissions block (permissions:) and the job named
prepare to apply these changes.
- Line 30: Normalize the concurrency group by computing a single normalized
version value and using it in the concurrency/group expression instead of mixing
raw sources; update the workflow to derive a normalized variable (e.g., strip a
leading "v" from github.event.release.tag_name, inputs.version, or
github.ref_name) and replace the existing group: release-${{
github.event.release.tag_name || inputs.version || github.ref_name }} with
group: release-${{ env.NORMALIZED_VERSION }} (or equivalent using
set-output/expression) so both release and manual runs resolve to the same key;
refer to the group line and the sources github.event.release.tag_name,
inputs.version, and github.ref_name to implement the normalization.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 5496066f-f5d4-4be7-88bf-50d8498edc8f
📒 Files selected for processing (2)
.github/workflows/release.ymlREADME.md
|
|
||
| concurrency: | ||
| group: release-${{ github.event_name == 'workflow_dispatch' && inputs.version || github.ref_name }} | ||
| group: release-${{ github.event.release.tag_name || inputs.version || github.ref_name }} |
There was a problem hiding this comment.
Normalize concurrency key across release and manual paths.
Line 30 uses inputs.version directly for manual runs, while release runs use tag_name (typically vX.Y.Z). This can create different groups for the same release and allow concurrent runs to race while uploading assets.
Suggested fix
-concurrency:
- group: release-${{ github.event.release.tag_name || inputs.version || github.ref_name }}
+concurrency:
+ group: release-${{ github.event.release.tag_name || (startsWith(inputs.version, 'v') && inputs.version || format('v{0}', inputs.version)) || github.ref_name }}
cancel-in-progress: false📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| group: release-${{ github.event.release.tag_name || inputs.version || github.ref_name }} | |
| concurrency: | |
| group: release-${{ github.event.release.tag_name || (startsWith(inputs.version, 'v') && inputs.version || format('v{0}', inputs.version)) || github.ref_name }} |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/release.yml at line 30, Normalize the concurrency group by
computing a single normalized version value and using it in the
concurrency/group expression instead of mixing raw sources; update the workflow
to derive a normalized variable (e.g., strip a leading "v" from
github.event.release.tag_name, inputs.version, or github.ref_name) and replace
the existing group: release-${{ github.event.release.tag_name || inputs.version
|| github.ref_name }} with group: release-${{ env.NORMALIZED_VERSION }} (or
equivalent using set-output/expression) so both release and manual runs resolve
to the same key; refer to the group line and the sources
github.event.release.tag_name, inputs.version, and github.ref_name to implement
the normalization.
Summary by CodeRabbit
Documentation
Chores