ci: add daily auto-PR cron to refresh CQL catalogs#518
Conversation
|
Warning Review limit reachedYou’ve reached a temporary PR review limit under our Fair Usage Limits Policy. Next review available in: 14 seconds Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
There was a problem hiding this comment.
🔍 Cursor Review — Consolidated panel
Triggered by @mattmillerai.
Found 9 finding(s).
| Severity | Count |
|---|---|
| 🟠 High | 2 |
| 🟡 Medium | 4 |
| 🟢 Low | 3 |
Panel: 6/8 reviewers contributed findings.
Reviewers that did not contribute: kimi-k2.5:adversarial (empty), kimi-k2.5:edge-case (empty)
- Push/checkout with the app token (not GITHUB_TOKEN) so the auto-PR push fires the synchronize event and CI actually runs (requires Contents: write on the app; documented in the header). - Detect drift against origin/main, not the checked-out HEAD, so a workflow_dispatch from a stale branch can't mask real drift. - Assert no_gpu_nodes is a list (not just count >= 1) before committing, so a str/dict schema regression can't slip past the guard. - Pin the Contents API read to @main and pyyaml to 6.0.2 (supply-chain). - git checkout -f so the branch reset can't abort on local changes. - Route the delta summary through an env var (script-injection sink) and select only OPEN, same-repo PRs (isCrossRepository == false). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
ELI-5
The CQL engine ships three little data files (
supported_nodes.yaml,cloud_disable_config.yaml,no_gpu_nodes.json) that it reads at runtime. They were hand-committed once and have been drifting — andno_gpu_nodes.jsonis still an empty placeholder ({"no_gpu_nodes": []}, count 0), which quietly makes the CLI's "no-GPU" CQL predicates dead. This adds a nightly GitHub Actions cron that re-fetches all three from their canonical sources and opens a single auto-PR whenever any of them changes, so a human just reviews and merges instead of hand-editing.What this does
Adds
.github/workflows/refresh-cql-catalogs.yml— structurally the sibling of the MCP repo'srefresh-object-infoworkflow, but it writes raw files intocomfy_cli/cql/data/(no gzip step; the files are loaded viaimportlib.resources.files("comfy_cli.cql.data")and packaged automatically, so committing the raw files is the whole refresh).schedulecron (06:30 UTC) +workflow_dispatch.supported_nodes.yaml,cloud_disable_config.yaml←Comfy-Org/comfy-complete@mainraw URLs (public, tokenless).no_gpu_nodes.json←Comfy-Org/cloud@main(private; fetched viagh apiblobs with a read token).no_gpu_nodescount is > 0 before anything is committed, so the current empty-placeholder state can never be silently re-committed;git diffper file; if anything changed, force-push a single bot branchauto/refresh-cql-catalogs(reset ontoorigin/main) and open/update one PR, filtered to--state open, with a per-file delta summary (e.g.no_gpu node count 0 → ~1203).This repo has no GitHub-App or cross-repo token wiring today, yet it runs
detect-unreviewed-merge.yml(SOC 2), so the auto-PR must be authored by a non-human app. A human must provision, onComfy-Org/comfy-cli:CLOUD_CODE_BOTGitHub App installed with Pull-requests: write, exposing theAPP_IDvariable and theCLOUD_CODE_BOT_PRIVATE_KEYsecret (mirror the MCP repo).Comfy-Org/cloudas theCLOUD_REPO_READ_TOKENsecret (used only to fetchno_gpu_nodes.json).The workflow is built to fail loudly (not skip) when either is missing. Fallback: if provisioning the private-cloud token is blocked, the two tokenless comfy-complete files can be shipped alone and
no_gpuleft as a follow-up — but that would mean explicitly deferring the 0→~1203 fix, not shipping a cron that silently never updatesno_gpu.Verification done
+N/-Nlines,no_gpu count 0 → N, unchanged files skipped, multiline$GITHUB_OUTPUTheredoc well-formed).count > 0guard fires on the current empty placeholder (count 0 →exit 1), and both public comfy-complete raw URLs fetch + parse.git checkout -B <branch> origin/mainwith locally-modified staged files carries the changes over (plus acp-restore backstop), so the branch-reset step is safe.importlib.resources.files("comfy_cli.cql.data")still resolves all three files — no path/packaging change.Judgment calls
@v6/@v3tags foractions/*to match this repo's existing workflows (they all use bare tags), rather than the MCP repo's SHA-pinned style.Comfy-Org/cloudsource path forno_gpu_nodes.json. This is inherent to the ticket's design and low-sensitivity (a file path guarded by a private-repo token), so it's referenced factually and minimally.refresh-object-infosibling, the branch is pushed with the default token and the PR is authored by the app token; CI fires on the app-authored PR creation. Matches the proven reference.