ci: Add GitHub action linting workflow#774
Conversation
Co-Authored-By: AJ Steers <aj@airbyte.io>
Original prompt from AJ Steers |
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
👋 Greetings, Airbyte Team Member!Here are some helpful tips and reminders for your convenience. Testing This PyAirbyte VersionYou can test this version of PyAirbyte using the following: # Run PyAirbyte CLI from this branch:
uvx --from 'git+https://github.com/airbytehq/PyAirbyte.git@devin/1757017385-add-actionlint-workflow' pyairbyte --help
# Install PyAirbyte from this branch for development:
pip install 'git+https://github.com/airbytehq/PyAirbyte.git@devin/1757017385-add-actionlint-workflow'Helpful ResourcesPR Slash CommandsAirbyte Maintainers can execute the following slash commands on your PR:
Community SupportQuestions? Join the #pyairbyte channel in our Slack workspace. |
|
Warning Rate limit exceededdevin-ai-integration[bot] has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 4 minutes and 11 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughAdds a new GitHub Actions workflow file Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor Dev as Developer
participant GH as GitHub
participant WF as Workflow: actionlint.yml
participant RD as reviewdog/action-actionlint
participant PR as PR Review
Dev->>GH: Push to `main` or open PR affecting `.github/workflows/**`
GH-->>WF: Trigger workflow
WF->>WF: Checkout repository (actions/checkout@v4)
WF->>RD: Invoke actionlint via reviewdog (reporter=github-pr-review, level=error)
alt Workflow steps valid but action definitions invalid
RD-->>PR: Post actionlint findings as PR review comments
Note right of PR: Reviewdog flags invalid action usage (e.g., nonexistent/invalid-action@v999)
else Workflow fails to parse
WF-->>GH: Workflow parsing fails / job does not run
GH-->>Dev: Notify of workflow parse error
end
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Would you like to also enforce this on all branches or add a scheduled run to catch issues outside PRs, wdyt? ✨ Finishing Touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (4)
.github/workflows/actionlint.yml (4)
3-11: Event triggers: drop push or add conditionalGiven the reporter is github-pr-review, running on push to main won’t post annotations. Would you prefer we: (a) remove the push trigger, or (b) keep it but rely on the job-level
if: github.event_name == 'pull_request'added above, wdyt?
19-21: Pin actions to commit SHAs for supply-chain hardeningWould you be open to pinning
actions/checkout@v4andreviewdog/action-actionlint@v1.67.0to their immutable commit SHAs (and rely on Dependabot to bump), wdyt?
1-1: Nit: workflow nameMinor: consider a crisper name like “Actionlint” or “Lint GitHub Actions workflows” for readability, wdyt?
21-25: Forked PRs: do we need annotations there?If you want review comments on PRs from forks, we may need a
pull_request_targetvariant with safe checkout (and keep linting strictly to workflow files). Do we want to support that now or defer until needed, wdyt?
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (1)
.github/workflows/actionlint.yml(1 hunks)
🧰 Additional context used
🪛 GitHub Check: CodeQL
.github/workflows/actionlint.yml
[warning] 15-25: Workflow does not contain permissions
Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)
- GitHub Check: Pytest (All, Python 3.11, Ubuntu)
- GitHub Check: Pytest (All, Python 3.11, Windows)
- GitHub Check: Pytest (All, Python 3.10, Ubuntu)
- GitHub Check: Pytest (All, Python 3.10, Windows)
- GitHub Check: MyPy Check
- GitHub Check: Pytest (No Creds)
- GitHub Check: Pytest (Fast)
🔇 Additional comments (1)
.github/workflows/actionlint.yml (1)
16-16: Stick with ubuntu-latest here; only welcome-message.yml uses ubuntu-24.04 (line 27). Should we update that instead for consistency, wdyt?Likely an incorrect or invalid review comment.
Co-Authored-By: AJ Steers <aj@airbyte.io>
…testing - Add permissions block with contents:read and pull-requests:write - Replace invalid parameter with YAML syntax error to test reviewdog annotations - Addresses GitHub Advanced Security bot suggestion about missing permissions Co-Authored-By: AJ Steers <aj@airbyte.io>
- Fix YAML syntax to allow workflow parsing by GitHub Actions - Use nonexistent action reference that actionlint can detect and report - This should trigger proper reviewdog PR annotations for testing Co-Authored-By: AJ Steers <aj@airbyte.io>
Co-Authored-By: AJ Steers <aj@airbyte.io>
Co-Authored-By: AJ Steers <aj@airbyte.io>
ci: Add GitHub action linting workflow
Summary
Adds actionlint workflow to validate GitHub Actions workflow files using reviewdog for PR annotations. The workflow runs conditionally only when
.github/workflows/**files are modified, providing automated linting feedback directly on pull requests.Key features:
reviewdog/action-actionlint@v1.67.0for actionlint + PR annotationspathsfilter to run only on workflow file changesgithub-pr-reviewfor inline PR commentsReview & Testing Checklist for Human
secrets.GITHUB_TOKENhas sufficient permissions for reviewdog to post PR commentsTest Plan
Notes
Requested by: Aaron ("AJ") Steers (@aaronsteers)
Link to Devin run: https://app.devin.ai/sessions/064c9d5b289f41539aa6e5f6acfbb8cf
Summary by CodeRabbit