Conversation
Uses dAppCore/build actions for test, auto-fix on CodeRabbit changes, and auto-merge on CodeRabbit approval. Co-Authored-By: Virgil <[email protected]>
Co-Authored-By: Virgil <[email protected]>
Co-Authored-By: Virgil <[email protected]>
Update module path from forge.lthn.ai/core/go-html to dappco.re/go/core/html. Migrate all .go import paths, update dependency versions (core v0.5.0, log v0.1.0, io v0.2.0), and add replace directives for local development. Co-Authored-By: Virgil <[email protected]>
…orge.lthn.ai to dappco.re ...' (#3) from agent/update-go-mod-require-lines-from-forge-l into main
📝 WalkthroughWalkthroughThis pull request migrates package dependencies from the Changes
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 golangci-lint (2.11.3)Error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (1)
CLAUDE.md (1)
43-46: Consider updating clone instructions for migrated repositories.Line 46 states both
go-i18nandgo-inferencemust be cloned alongside this repo. Sincego-i18nhas been migrated todappco.re/go/core/i18n, the clone instructions may need to reflect the new repository location (if it has moved), or clarify which repo URL to use.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@CLAUDE.md` around lines 43 - 46, The CLAUDE.md clone instructions are out of date: the doc still tells contributors to clone `go-i18n` and `go-inference` alongside this repo and references `go-i18n` as an external repo, while the package now appears as `dappco.re/go/core/i18n`; update the instructions to list the correct repository locations and names (e.g., replace or clarify `go-i18n` with `dappco.re/go/core/i18n` and confirm whether `go-inference` remains at `forge.lthn.ai/core/go-inference`), and explicitly state which repo URLs to clone or whether a replace directive in go.mod removes the need to clone locally (mention `dappco.re/go/core/i18n`, `go-inference`, and any replace directives) so readers know the exact repositories or steps required to build.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/ci.yml:
- Around line 23-26: The CI workflow's conditional for auto-fix/auto-merge is
missing a base-branch guard; update the 'if' expressions used (the blocks
checking github.event_name, github.event.review.user.login,
github.event.review.state) to also require github.event.pull_request.base.ref ==
'main' so the actions only run for PRs targeting main; apply this same addition
to both occurrences of that 'if' condition (the first block around the
auto-fix/auto-merge steps and the second similar block later in the file).
- Line 17: The workflow is using mutable action refs (`@dev`) which must be
pinned; update both occurrences of the reusable action reference (the step that
uses dAppCore/build/actions/build/core in the normal build job and the one in
the auto-fix job) to use full immutable commit SHAs instead of `@dev` — locate the
two steps referencing "dAppCore/build/actions/build/core@dev" and replace `@dev`
with the corresponding full commit SHA for each reference so the workflow uses
pinned action versions.
In `@go.mod`:
- Around line 22-27: The CI fails because the replace directives block (replace
(...) containing dappco.re/go/core => ../../../../core/go and the related
dappco.re/go/core/i18n, /io, /log entries) points to local relative paths that
don't exist in the runner; either remove these replace directives before merging
so the published dappco.re/go/core modules are used, or update CI to checkout
the sibling repos into the same relative paths before running go mod download,
or move these local replaces into a separate local-only file (e.g.,
go.mod.local) and ensure CI uses the canonical go.mod with no local replaces.
---
Nitpick comments:
In `@CLAUDE.md`:
- Around line 43-46: The CLAUDE.md clone instructions are out of date: the doc
still tells contributors to clone `go-i18n` and `go-inference` alongside this
repo and references `go-i18n` as an external repo, while the package now appears
as `dappco.re/go/core/i18n`; update the instructions to list the correct
repository locations and names (e.g., replace or clarify `go-i18n` with
`dappco.re/go/core/i18n` and confirm whether `go-inference` remains at
`forge.lthn.ai/core/go-inference`), and explicitly state which repo URLs to
clone or whether a replace directive in go.mod removes the need to clone locally
(mention `dappco.re/go/core/i18n`, `go-inference`, and any replace directives)
so readers know the exact repositories or steps required to build.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: d969c740-385b-49fd-98aa-b2a4eac455b7
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (18)
.github/workflows/ci.yml.gitignoreCLAUDE.mdbench_test.gocmd/codegen/main.gocmd/wasm/main.gocmd/wasm/register.gocmd/wasm/size_test.gocodegen/codegen.gocontext.goedge_test.gogo.modintegration_test.gonode.gonode_test.gopipeline.gopipeline_test.gorender_test.go
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: dAppCore/build/actions/build/core@dev |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify non-SHA action refs across workflows.
rg -nP '^\s*-\s*uses:\s*[^@]+@(?![0-9a-fA-F]{40}$).+$' .github/workflowsRepository: dAppCore/go-html
Length of output: 398
🏁 Script executed:
cat -n .github/workflows/ci.ymlRepository: dAppCore/go-html
Length of output: 1829
Pin action refs to immutable commit SHAs.
Using @dev for reusable actions makes workflow behaviour mutable and increases supply-chain risk. This is particularly critical for line 36 in the auto-fix job, which has explicit write permissions and can modify repository state. Pin both references to full commit SHAs.
Suggested patch
- uses: dAppCore/build/actions/build/core@dev
+ - uses: dAppCore/build/actions/build/core@<full_commit_sha>
- uses: dAppCore/build/actions/fix@dev
+ - uses: dAppCore/build/actions/fix@<full_commit_sha>Also applies to: 36-36
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/ci.yml at line 17, The workflow is using mutable action
refs (`@dev`) which must be pinned; update both occurrences of the reusable action
reference (the step that uses dAppCore/build/actions/build/core in the normal
build job and the one in the auto-fix job) to use full immutable commit SHAs
instead of `@dev` — locate the two steps referencing
"dAppCore/build/actions/build/core@dev" and replace `@dev` with the corresponding
full commit SHA for each reference so the workflow uses pinned action versions.
Comment on lines
+23
to
+26
| if: > | ||
| github.event_name == 'pull_request_review' && | ||
| github.event.review.user.login == 'coderabbitai' && | ||
| github.event.review.state == 'changes_requested' |
There was a problem hiding this comment.
Scope auto-fix and auto-merge to PRs targeting main.
Current conditions only check event/reviewer/state. Add a base-branch guard to avoid write actions on PRs targeting other branches.
Suggested patch
auto-fix:
if: >
github.event_name == 'pull_request_review' &&
+ github.event.pull_request.base.ref == 'main' &&
github.event.review.user.login == 'coderabbitai' &&
github.event.review.state == 'changes_requested'
@@
auto-merge:
if: >
github.event_name == 'pull_request_review' &&
+ github.event.pull_request.base.ref == 'main' &&
github.event.review.user.login == 'coderabbitai' &&
github.event.review.state == 'approved'Also applies to: 41-44
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/ci.yml around lines 23 - 26, The CI workflow's conditional
for auto-fix/auto-merge is missing a base-branch guard; update the 'if'
expressions used (the blocks checking github.event_name,
github.event.review.user.login, github.event.review.state) to also require
github.event.pull_request.base.ref == 'main' so the actions only run for PRs
targeting main; apply this same addition to both occurrences of that 'if'
condition (the first block around the auto-fix/auto-merge steps and the second
similar block later in the file).
Comment on lines
+22
to
+27
| replace ( | ||
| dappco.re/go/core => ../../../../core/go | ||
| dappco.re/go/core/i18n => ../../../../core/go-i18n | ||
| dappco.re/go/core/io => ../../../../core/go-io | ||
| dappco.re/go/core/log => ../../../../core/go-log | ||
| ) |
There was a problem hiding this comment.
Replace directives break CI builds.
The pipeline failure indicates that the local paths in these replace directives (e.g., ../../../../core/go) do not exist in the CI environment. This causes go mod download to fail.
Consider one of the following approaches:
- Remove replace directives before merging to main and ensure the
dappco.re/go/core/*modules are published/accessible. - Update the CI workflow to clone the sibling repositories to the expected relative paths before running
go mod download. - Use a
go.mod.localpattern where replace directives are kept in a separate file for local development only.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@go.mod` around lines 22 - 27, The CI fails because the replace directives
block (replace (...) containing dappco.re/go/core => ../../../../core/go and the
related dappco.re/go/core/i18n, /io, /log entries) points to local relative
paths that don't exist in the runner; either remove these replace directives
before merging so the published dappco.re/go/core modules are used, or update CI
to checkout the sibling repos into the same relative paths before running go mod
download, or move these local replaces into a separate local-only file (e.g.,
go.mod.local) and ensure CI uses the canonical go.mod with no local replaces.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Migrate module path and dependencies to dappco.re/go/core/*.
Summary by CodeRabbit
Release Notes