fix: require scoped Codex auto-resolve command#447
Conversation
|
This pull request has been ignored for the connected project Preview Branches by Supabase. |
|
Caution Review failedAn error occurred during the review process. Please try again later. 📝 WalkthroughWalkthroughThe Codex auto-resolve workflow now uses a scoped actionable-findings resolve command and prompt instead of the broad resolve-all wording. The repository also adds GitHub Actions pin enforcement and updates workflows to pinned runner and action versions. ChangesScoped Codex resolve command update
Workflow pinning checks
Estimated code review effort: 3 (Moderate) | ~25 minutes 🚥 Pre-merge checks | ✅ 11✅ Passed checks (11 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
|
Summary
Testing
|
There was a problem hiding this comment.
🧹 Nitpick comments (1)
scripts/check-codex-autofix-workflow.mjs (1)
49-54: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winVerified guard strings match the workflow's embedded prompt exactly.
Cross-checked
scopedResolveCommand/scopedResolvePromptagainst the workflow's line 41 skip-check substring and line 78 prompt text — they match verbatim, so this guard correctly enforces the scoped phrasing.Since this exact string is now duplicated in two files (the workflow's embedded script and this validator), consider extracting the shared prompt into a single source of truth (e.g., a small JSON/text fixture both files read) to prevent the kind of drift that motivated this PR.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@scripts/check-codex-autofix-workflow.mjs` around lines 49 - 54, The scoped resolve command and prompt text are duplicated between the workflow script and this validator, which risks drift. Extract the shared values used by `scopedResolveCommand` and `scopedResolvePrompt` into a single source of truth that both `scripts/check-codex-autofix-workflow.mjs` and the workflow’s embedded prompt read from. Update the validator to compare against that shared fixture/value instead of hardcoded string literals so the skip-check and prompt check stay in sync.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@scripts/check-codex-autofix-workflow.mjs`:
- Around line 49-54: The scoped resolve command and prompt text are duplicated
between the workflow script and this validator, which risks drift. Extract the
shared values used by `scopedResolveCommand` and `scopedResolvePrompt` into a
single source of truth that both `scripts/check-codex-autofix-workflow.mjs` and
the workflow’s embedded prompt read from. Update the validator to compare
against that shared fixture/value instead of hardcoded string literals so the
skip-check and prompt check stay in sync.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 3528f310-fb63-4883-b657-106dad506241
📒 Files selected for processing (2)
.github/workflows/codex-autofix-review-comments.ymlscripts/check-codex-autofix-workflow.mjs
Head branch was pushed to by a user without write access
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
scripts/check-github-action-pins.mjs (1)
25-25: 🎯 Functional Correctness | 🔵 Trivial | 💤 Low valueQuoted
uses:values silently bypass the check.
usesPatternrequires the line to end immediately after the version digits (optionally followed by a comment); a quoted reference likeuses: "actions/checkout@v6"won't match because of the trailing quote, so it would be silently skipped rather than validated.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@scripts/check-github-action-pins.mjs` at line 25, The usesPattern in check-github-action-pins.mjs is too strict and misses quoted uses values, so update the regex handling in that script to accept optional single or double quotes around the action reference while still capturing the repository and vN pin. Make sure the validation logic that reads uses: lines continues to flag unpinned actions even when the value is quoted, rather than silently skipping them.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@scripts/check-github-action-pins.mjs`:
- Around line 6-14: The supportedMajorRanges entry for actions/checkout has an
outdated v7 failure message; update the reason text in the checkGithubActionPins
logic to stop claiming v7 is unpublished and instead explain that the pin should
remain on v6 for security/documented support reasons. Keep the change localized
to the actions/checkout mapping so the emitted failure text matches the current
published major.
---
Nitpick comments:
In `@scripts/check-github-action-pins.mjs`:
- Line 25: The usesPattern in check-github-action-pins.mjs is too strict and
misses quoted uses values, so update the regex handling in that script to accept
optional single or double quotes around the action reference while still
capturing the repository and vN pin. Make sure the validation logic that reads
uses: lines continues to flag unpinned actions even when the value is quoted,
rather than silently skipping them.
🪄 Autofix (Beta)
✅ Autofix completed
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 290ff168-104f-443a-abaf-373c4ce3500f
📒 Files selected for processing (10)
.github/workflows/ci.yml.github/workflows/codex-autofix-review-comments.yml.github/workflows/docker-image.yml.github/workflows/eval-canary.yml.github/workflows/live-drift.yml.github/workflows/sast.yml.github/workflows/secret-scan.yml.github/workflows/summary.ymlpackage.jsonscripts/check-github-action-pins.mjs
✅ Files skipped from review due to trivial changes (2)
- .github/workflows/live-drift.yml
- .github/workflows/secret-scan.yml
🚧 Files skipped from review as they are similar to previous changes (1)
- .github/workflows/codex-autofix-review-comments.yml
|
Note Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it. Fixes Applied SuccessfullyFixed 1 file(s) based on 1 unresolved review comment. Files modified:
Commit: The changes have been pushed to the Time taken: |
Fixed 1 file(s) based on 1 unresolved review comment. Co-authored-by: CodeRabbit <noreply@coderabbit.ai>
Head branch was pushed to by a user without write access
Summary
@codex resolve all review commentsprompt and asserts the full scoped prompt.Why
A Codex review found that the workflow and guard still allowed the old broad resolve command, which could ask Codex to address unrelated or stale review comments.
Verification
npm run check:codex-autofix-workflowpassed.git diff --check HEAD^ HEADpassed.Notes