fix(ci): make PR policy checkout deterministic#884
Conversation
|
This pull request has been ignored for the connected project Preview Branches by Supabase. |
📝 WalkthroughWalkthroughThe PR policy workflow now checks out the pull request’s base commit SHA. Its self-test verifies this behavior and rejects use of the moving base branch reference. ChangesPR policy checkout
Estimated code review effort: 1 (Trivial) | ~5 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 43c378d2f4
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex resolve actionable Codex review findings for this pull request and current head using the repository instructions. This is the pull request's single automatic repair pass: do not perform a fresh review, create new standalone findings, or request another review. Work only the existing unresolved Codex threads on the current head. Always fix P0 and P1 findings. For P2 and lower findings, fix only clear, scoped, low-risk issues; otherwise disposition them with a concise reason. After fixing or dispositioning a thread, reply in that thread with as the first line, followed by a concise summary; that marker authorizes the workflow to close that exact thread. If human input or new authorization is required, do not use the marker and leave the thread open with the blocker. Finish only after every actionable thread is fixed or dispositioned and closed, or explicitly left open for a human decision. Do not update the branch from main, address unrelated reviews, broaden scope, or create more than one scoped fix commit. Do not use external APIs, paid services, credentials, dependency changes, or broad refactors unless explicitly authorized. Add targeted tests where behavior changes and run the narrowest relevant validation. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 43c378d2f4
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Motivation
Description
.github/workflows/pr-policy.ymltoref: ${{ github.event.pull_request.base.sha }}for deterministic runs.scripts/pr-policy.mjsthat verify the workflow now contains the event base SHA and does not containgithub.base_ref, preventing regression.Testing
npm run check:pr-policyand it passed (self-test coverage added).npm run check:github-actionsand it passed (action pin check passed).git diff --checkand it reported no problems.npm ciin a Node 24/npm 11 environment and install completed successfully.npm run verify:cheapwhich executed the heavy offline gate and Vitest suite; the repo-wide checks and the vast majority of tests passed buttests/pdf-extraction-budget.test.tsfailed withENOENTopening/tmp/.../child.pid, which matches a known/pre-existing main-side/container issue and is not caused by this PR change.Codex Task
Summary by CodeRabbit
Bug Fixes
Tests