Open
Conversation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughAdds a GitHub Actions workflow that runs on published releases to publish an npm package and Docker images, deriving the package version from the release tag and using repository secrets for authentication. Changes
Sequence Diagram(s)sequenceDiagram
participant GitHub as GitHub (Release Event)
participant Runner as Actions Runner
participant NPM as npm Registry
participant Docker as Docker Hub
GitHub->>Runner: trigger workflow on release.published
Runner->>Runner: checkout repo
Runner->>Runner: set VERSION from release tag
Runner->>Runner: npm-release job:
Runner->>Runner: - setup Bun\n- bun install\n- build CLI\n- npm version (strip v)\n- write .npmrc using NPM_TOKEN
Runner->>NPM: publish package (raystack/chronicle:${VERSION})
Runner->>Runner: docker-release job:
Runner->>Docker: docker login (DOCKERHUB_USERNAME/DOCKERHUB_TOKEN)
Runner->>Docker: build & push images\n(raystack/chronicle:${VERSION}, raystack/chronicle:latest)
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
.github/workflows/release.yml (1)
70-72: Consider conditionallatesttag to avoid overwriting with older releases.If you ever publish a hotfix for an older major version (e.g.,
v1.0.1afterv2.0.0), this will overwritelatestto point tov1.0.1. If that's not intended, consider conditionally applyinglatestonly to the highest version or using a separate workflow dispatch.♻️ Example: Only tag latest for non-prerelease on default branch
- name: Build and push uses: docker/build-push-action@v5 with: context: . push: true - tags: | - raystack/chronicle:${{ env.VERSION }} - raystack/chronicle:latest + tags: raystack/chronicle:${{ env.VERSION }}${{ github.event.release.prerelease == false && ',raystack/chronicle:latest' || '' }}Or manage
latesttagging via a separate manual workflow.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/release.yml around lines 70 - 72, Update the release workflow so the "raystack/chronicle:latest" tag is only applied conditionally instead of unconditionally; change the tags generation that currently uses env.VERSION and always outputs "latest" to include "latest" only when publishing from the default branch and for a stable (non-prerelease) version (e.g., check github.ref equals the default branch and that env.VERSION has no prerelease suffix), or move "latest" tagging to a separate manual workflow; modify the step that emits tags (the block referencing env.VERSION and the literal "latest") to build the tag list conditionally so older hotfixes like v1.x won't overwrite latest.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/release.yml:
- Around line 34-40: The heredoc used in the "Create .npmrc" step writes leading
spaces into $HOME/.npmrc which breaks npm parsing; update the action to produce
an exact, unindented file by removing indentation inside the heredoc or
switching to a strip-leading-tabs heredoc (e.g., use a left-aligned EOF marker
or a <<-EOF style) so the line "//registry.npmjs.org/:_authToken=$NPM_TOKEN" is
written without leading whitespace and ensure NPM_TOKEN remains provided via
env.
- Around line 55-66: Update the Docker GitHub Actions to the latest major
versions by changing the action references used in the workflow: replace
docker/login-action@v3 with docker/login-action@v4 and replace
docker/build-push-action@v5 with docker/build-push-action@v6 (these appear in
the "Login to DockerHub" and "Build and push" steps respectively); ensure no
other code changes are required and run a workflow lint/validation after
updating the action tags.
---
Nitpick comments:
In @.github/workflows/release.yml:
- Around line 70-72: Update the release workflow so the
"raystack/chronicle:latest" tag is only applied conditionally instead of
unconditionally; change the tags generation that currently uses env.VERSION and
always outputs "latest" to include "latest" only when publishing from the
default branch and for a stable (non-prerelease) version (e.g., check github.ref
equals the default branch and that env.VERSION has no prerelease suffix), or
move "latest" tagging to a separate manual workflow; modify the step that emits
tags (the block referencing env.VERSION and the literal "latest") to build the
tag list conditionally so older hotfixes like v1.x won't overwrite latest.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: df7dbdda-40b0-4f14-8b91-325e94f6389c
📒 Files selected for processing (1)
.github/workflows/release.yml
- Fix .npmrc whitespace issue by using echo instead of heredoc - Update docker/login-action v3 -> v4 - Update docker/build-push-action v5 -> v6 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
.github/workflows/release.yml (1)
17-20: Consider pinning GitHub Actions to commit SHAs in this release workflow.Using moving major tags (
@v4,@v6) is convenient, but release pipelines are safer with immutable SHA pins to reduce supply-chain drift.Also applies to: 50-53, 63-63
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/release.yml around lines 17 - 20, The workflow uses mutable Action tags (e.g., actions/checkout@v4 and oven-sh/setup-bun@v2); replace those tag references with the corresponding immutable commit SHAs (pin to the exact commit for actions/checkout and oven-sh/setup-bun) and update the other occurrences mentioned (the additional lines referencing the same actions) so every uses: entry points to a SHA instead of a moving tag; fetch the canonical commit SHA from the action repo (or GitHub UI) and substitute the tag strings with the SHA values.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/release.yml:
- Around line 29-33: The "Bump version" step uses npm version "$VERSION" which
fails if package.json already matches the target; update the command in that
step (the npm version invocation) to include the --allow-same-version flag so it
becomes npm version "$VERSION" --no-git-tag-version --allow-same-version,
ensuring re-run idempotency and skipping the bump when package.json is already
at the desired version.
- Around line 3-5: The workflow's release event triggers for both stable and
prereleases but the npm-release and docker-release jobs currently run
unconditionally and publish to stable channels; add an if guard to each job
(npm-release and docker-release) to only run when the release is not a
prerelease by adding if: github.event.release.prerelease == false to both job
definitions so prereleases won't publish to npm's latest or Docker's latest.
---
Nitpick comments:
In @.github/workflows/release.yml:
- Around line 17-20: The workflow uses mutable Action tags (e.g.,
actions/checkout@v4 and oven-sh/setup-bun@v2); replace those tag references with
the corresponding immutable commit SHAs (pin to the exact commit for
actions/checkout and oven-sh/setup-bun) and update the other occurrences
mentioned (the additional lines referencing the same actions) so every uses:
entry points to a SHA instead of a moving tag; fetch the canonical commit SHA
from the action repo (or GitHub UI) and substitute the tag strings with the SHA
values.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 015ea2e9-6572-452d-a31c-b711ebe64169
📒 Files selected for processing (1)
.github/workflows/release.yml
- Skip npm and docker publish for prerelease - Add --allow-same-version for re-run idempotency Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@raystack/chronicleto npmjsraystack/chronicleimage to Docker Hub with version + latest tagsRequired Secrets
NPM_TOKENDOCKERHUB_USERNAMEDOCKERHUB_TOKEN🤖 Generated with Claude Code