Skip to content

ci(bump-callers): move caller list to CURSOR_REVIEW_CALLERS variable + mask repo names#27

Open
mattmillerai wants to merge 1 commit into
mainfrom
matt/be-3046-cursor-review-callers-var
Open

ci(bump-callers): move caller list to CURSOR_REVIEW_CALLERS variable + mask repo names#27
mattmillerai wants to merge 1 commit into
mainfrom
matt/be-3046-cursor-review-callers-var

Conversation

@mattmillerai

Copy link
Copy Markdown
Contributor

ELI-5

This workflow used to keep a list of every repo that runs cursor-review written right inside the file — and this repo is public, so anyone could read the list of our private repos, both in the file and in the (also public) run logs. This PR moves that list out of the file into a private Actions variable the workflow reads at run time, and blacks out (***) every repo name in the logs. Same behavior, no more leaks. Adding a repo later is now a variable edit, not a public commit.

What changed

  • Removed the hardcoded CALLERS=( … ) array from the workflow.
  • The list now comes from the repo-level Actions variable CURSOR_REVIEW_CALLERS — a JSON array of {"repo","file","label"} objects — parsed with jq into the exact same repo|file|label tuples the existing bump_one() loop already consumes (no downstream changes). A variable, not a secret: this is config, and secrets are write-only via the API.
  • Every repo name is ::add-mask::ed immediately after parsing, before any loop that echoes it, so all per-repo output ("<repo>: PR opened", per-repo warnings, the final failure summary) shows *** in the public logs instead of the repo name.
  • Hard-fails loudly (::error:: + exit 1) if the variable is missing, empty/whitespace, not a JSON array, empty array, or has any entry lacking a non-empty repo/file — a silent no-op dispatcher is not possible.
  • Documented the update flow (gh variable set CURSOR_REVIEW_CALLERS …) in the header, and noted the canonical callers.json should live in a private infra/ops repo as a reviewed source of truth.

Verification

  • python3 yaml.safe_load — YAML valid.
  • shellcheck -S warning on the extracted run script — clean (exit 0).
  • Unit-tested the validation/parse/mask block locally across every branch: empty, whitespace-only, invalid JSON, object-not-array, empty array, entry missing repo, entry with empty repo → all hard-fail with exit 1; valid input → parses, emits an ::add-mask:: per repo, and produces correct tuples (incl. missing-label → empty label).
  • Ran the actual seeded CURSOR_REVIEW_CALLERS variable through the parser: it yields exactly the 12 tuples, byte-for-byte identical to the previous hardcoded list plus Comfy-Org/evals (the addition from ci: add Comfy-Org/evals as a cursor-review caller #25). No behavior change for bump_one().
  • Confirmed only Comfy-Org/github-workflows (this repo) appears anywhere in the file.

Judgment calls / notes for the reviewer

  • The variable is already seeded with the full 12-entry list (including evals), so acceptance-criterion 4's seed step is done. No further seeding needed.
  • AC feat: add reusable cursor-review workflow + centralized assets #1 vs. the ticket's item 5 wording: the ticket suggested naming comfy-infra in the header as the canonical-JSON home, but comfy-infra is one of the private repos this ticket protects, and AC feat: add reusable cursor-review workflow + centralized assets #1 says no repo name beyond github-workflows may appear in the file. AC feat: add reusable cursor-review workflow + centralized assets #1 wins (it's the whole point), so the header says "a private infra/ops repo" generically rather than naming it.
  • AC fix(cursor-review): correct Matt's handle in slack-notify DM map #2 (a live workflow_dispatch run with clean logs) is a post-merge human step, not verified here — deliberately. workflow_dispatch runs the workflow version from the default branch, so this logic isn't dispatchable until it's merged; and dispatching the real workflow would open live SHA-bump PRs across all 12 caller repos (a side effect I won't trigger from a test). The masking is proven by inspection: every log statement echoes ${REPO} / ${FAILED[*]} (the full Comfy-Org/<repo> string), and each such string is ::add-mask::ed before the loop. Recommend one workflow_dispatch after merge to confirm the logs render ***.
  • ci: add Comfy-Org/evals as a cursor-review caller #25 adds evals to the old hardcoded array, which this PR deletes. Since evals is already in the seeded variable, ci: add Comfy-Org/evals as a cursor-review caller #25 is effectively superseded — recommend closing it (or merge it first and rebase this, either works; the variable already reflects the intended final state).
  • Masking nuance (benign): Comfy-Org/ComfyUI is a substring of Comfy-Org/ComfyUI_frontend, so masking can render the latter as ***/***_frontend — both are public repos, and none of the 8 private repos are substrings of one another, so no private name leaks.

…+ mask repo names (BE-3046)

The caller list was hardcoded in this PUBLIC workflow, enumerating private/
internal repo names in the file (leaked via public PRs) and in the publicly
viewable run logs. Move it to the repo-level Actions variable
CURSOR_REVIEW_CALLERS (a JSON array of {repo,file,label}), parsed with jq into
the existing repo|file|label tuples, and ::add-mask:: every repo name so run
logs show *** instead. Hard-fail loudly on a missing/empty/invalid variable so
a silent no-op dispatcher is impossible. Adding a future caller now needs no
public commit — just a variable edit (documented in the header).
@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown

Warning

Review limit reached

You’ve reached a temporary PR review limit under our Fair Usage Limits Policy.

Your recent review volume is higher than typical usage, so adaptive limits are currently applied.

Next review available in: 34 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: bd8ea76c-2c1a-4ef8-9ef8-92f68da74425

📥 Commits

Reviewing files that changed from the base of the PR and between df507e6 and a422331.

📒 Files selected for processing (1)
  • .github/workflows/bump-cursor-review-callers.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch matt/be-3046-cursor-review-callers-var
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch matt/be-3046-cursor-review-callers-var

Comment @coderabbitai help to get the list of available commands.

@mattmillerai mattmillerai added cursor-review Multi-model cursor review agent-coded Authored by the agent-work loop labels Jul 14, 2026
@mattmillerai mattmillerai changed the title ci(bump-callers): move caller list to CURSOR_REVIEW_CALLERS variable + mask repo names (BE-3046) ci(bump-callers): move caller list to CURSOR_REVIEW_CALLERS variable + mask repo names Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agent-coded Authored by the agent-work loop cursor-review Multi-model cursor review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant