Skip to content

Add CODEOWNERS and validateAnnouncements step to CI#2

Merged
rainxchzed merged 1 commit into
mainfrom
ci-and-codeowners
May 3, 2026
Merged

Add CODEOWNERS and validateAnnouncements step to CI#2
rainxchzed merged 1 commit into
mainfrom
ci-and-codeowners

Conversation

@rainxchzed
Copy link
Copy Markdown
Member

@rainxchzed rainxchzed commented May 3, 2026

Summary

  • New .github/CODEOWNERS requires my review on changes to .github/ and src/main/resources/announcements/ (only effective when the branch ruleset has "Require review from Code Owners" enabled).
  • CI workflow now runs ./gradlew validateAnnouncements before tests, so a malformed announcement JSON fails the PR check before merge.
  • Adds concurrency and explicit permissions: contents: read to CI for hygiene.

Test plan

  • CI workflow runs green on this PR.
  • After merge, set the required status check on the main ruleset to build (NOT Deploy to production).
  • Optionally enable "Require review from Code Owners" on the ruleset to make CODEOWNERS load-bearing.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 3, 2026

Warning

Rate limit exceeded

@rainxchzed has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 3 minutes and 44 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: aa26703e-506c-4bcb-a263-811c5dc6020c

📥 Commits

Reviewing files that changed from the base of the PR and between 89fcb3b and 2fecd48.

📒 Files selected for processing (2)
  • .github/CODEOWNERS
  • .github/workflows/ci.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci-and-codeowners

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 0/1 reviews remaining, refill in 3 minutes and 44 seconds.

Comment @coderabbitai help to get the list of available commands and usage tips.

@rainxchzed rainxchzed merged commit 9bfc52a into main May 3, 2026
2 checks passed
@rainxchzed rainxchzed deleted the ci-and-codeowners branch May 3, 2026 19:00
rainxchzed added a commit that referenced this pull request May 19, 2026
@rainxchzed
Architect review fixes: xact-scoped advisory lock, V17 lock + atomic …
88413fa 
…PK swap

Architect findings #1 + #2 from the architecture review on this branch.

#1 (CRITICAL) - pg_try_advisory_lock is session-scoped, and Exposed/Hikari returned the connection to the pool the moment the 'acquire' transaction committed. The lock was released between acquireAdvisoryLock() and the actual fetch + upsert, so 'skipped: another instance' never fired and the dedup was illusory. The new ForgejoFdroidSeedWorker amplified the impact by holding the (broken) lock across N upstream HTTP fetches.

Fix: switch to pg_try_advisory_xact_lock, which is automatically released at COMMIT. Restructure both workers (the pre-existing GitHub-side FdroidSeedWorker had the same bug — fixed in the same commit) so they fetch every index FIRST with no DB connection held, then open ONE newSuspendedTransaction that pairs the xact lock with the upsert via the new upsertBatchInCurrentTransaction helper on SigningFingerprintRepository. Lock and write share the same transaction; race window gone.

#2 (HIGH) - V17 migration ran ADD COLUMN, DROP PK, ADD PK as three independent statements. Between DROP and ADD, concurrent writers could insert rows that would later violate the new PK and abort the migration mid-flight, leaving the schema half-broken. Fix: LOCK TABLE signing_fingerprint IN ACCESS EXCLUSIVE MODE at the top of V17 so no writer can interleave between drop and re-add. The outer transaction DatabaseFactory.runMigrations() already opens releases the lock at COMMIT.

Deferred (architect review #4 fan-out concurrency cap, #5 HttpClient AutoCloseable lifecycle) — both only fire under real forge usage, which can't happen until client PR #631 ships and 1.9.0 propagates. Addressed in a follow-up PR before any user can trigger them.
rainxchzed added a commit that referenced this pull request May 19, 2026
@rainxchzed
Architect review fixes: xact-scoped advisory lock, V17 lock + atomic …
60a00be 
…PK swap

Architect findings #1 + #2 from the architecture review on this branch.

#1 (CRITICAL) - pg_try_advisory_lock is session-scoped, and Exposed/Hikari returned the connection to the pool the moment the 'acquire' transaction committed. The lock was released between acquireAdvisoryLock() and the actual fetch + upsert, so 'skipped: another instance' never fired and the dedup was illusory. The new ForgejoFdroidSeedWorker amplified the impact by holding the (broken) lock across N upstream HTTP fetches.

Fix: switch to pg_try_advisory_xact_lock, which is automatically released at COMMIT. Restructure both workers (the pre-existing GitHub-side FdroidSeedWorker had the same bug — fixed in the same commit) so they fetch every index FIRST with no DB connection held, then open ONE newSuspendedTransaction that pairs the xact lock with the upsert via the new upsertBatchInCurrentTransaction helper on SigningFingerprintRepository. Lock and write share the same transaction; race window gone.

#2 (HIGH) - V17 migration ran ADD COLUMN, DROP PK, ADD PK as three independent statements. Between DROP and ADD, concurrent writers could insert rows that would later violate the new PK and abort the migration mid-flight, leaving the schema half-broken. Fix: LOCK TABLE signing_fingerprint IN ACCESS EXCLUSIVE MODE at the top of V17 so no writer can interleave between drop and re-add. The outer transaction DatabaseFactory.runMigrations() already opens releases the lock at COMMIT.

Deferred (architect review #4 fan-out concurrency cap, #5 HttpClient AutoCloseable lifecycle) — both only fire under real forge usage, which can't happen until client PR #631 ships and 1.9.0 propagates. Addressed in a follow-up PR before any user can trigger them.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rainxchzed