ci: survey org reusables + document node-ci.yml cache-dependency-path gap#58
Conversation
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 17 minutes and 35 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
329e706 to
20088fe
Compare
Surveyed resq-software/.github's 11 reusable workflows. Of the 8 not yet used by viz, one was a direct fit: **node-ci.yml** for the client job. Attempted the adoption — it failed. The reusable calls `actions/setup-node` with `cache: 'npm'` but doesn't expose a `cache-dependency-path` input, so when the lockfile lives in a subdirectory (viz's is at `src/ResQ.Viz.Web/package-lock.json` rather than the repo root), `setup-node` errors with `Dependencies lock file is not found`. Reverted the client job back to the hand-rolled inline version from PR #55 — same SHA-pinned actions, same step-security/harden-runner, same bundle-size gate. Added a header comment documenting the gap so the next contributor doesn't re-hit the same pitfall. Follow-up (separate PR): upstream `cache-dependency-path` input on resq-software/.github's node-ci.yml so polyglot repos can adopt it. Other reusables surveyed: - docker-publish.yml — N/A, viz has no Dockerfile yet - cpp/python/rust-ci.yml — wrong language - required-gate.yml — for pass-through repos (viz has real CI) - audit-required-job.yml — runs on .github itself, not consumers Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
20088fe to
b28bcc6
Compare
Summary
Survey of
resq-software/.github/.github/workflows/foundnode-ci.ymlas a candidate drop-in for the hand-rolledclientjob from PR #55. Attempted adoption; it failed. Reverting with a header comment so the next contributor doesn't re-hit the same pitfall.The gap
The reusable calls
actions/setup-nodewithcache: 'npm'but doesn't accept acache-dependency-pathinput. When a consumer'spackage.jsonlives in a subdirectory (viz's is atsrc/ResQ.Viz.Web/),setup-node's cache detection only checks the repo root and bails out.working-directoryinput on the reusable works for therun:steps but doesn't rewiresetup-node's lockfile discovery — that's controlled independently bycache-dependency-path, which the reusable doesn't forward.Resolution
clientto the hand-rolled inline version from PR ci: comprehensive pipeline — client-side + Dependabot + lockfile #55 (same SHA-pinned actions, samestep-security/harden-runner, same bundle-size gate). Added a header comment explaining the gap.cache-dependency-pathinput onresq-software/.github'snode-ci.ymlso this reusable works for polyglot repos with a subdirectory frontend.Reusables survey — full result
required.ymlci.ymlsecurity-scan.ymlsecurity.yml+ transitively viarequired.ymldotnet-ci.ymlrequired.ymldispatchnode-ci.ymlcache-dependency-pathinput (this PR documents; follow-up upstreams)docker-publish.ymlcpp-ci.yml/python-ci.yml/rust-ci.ymlrequired-gate.ymlaudit-required-job.ymlresq-software/.githubitselfVerification
ruby -ryamlparses: jobs =[gates, client, required]requiredaggregates[gates, client]→ status check green on passing PRs🤖 Generated with Claude Code