chore(ci): add weekly commit summary action with Claude#40213
Conversation
Adds a GitHub Action that runs every Friday at 09:00 UTC to generate a weekly summary of merged commits on develop. Uses Claude to analyze commit messages and PR descriptions, producing a structured report covering user-facing changes, developer/API changes, documentation needs, and performance impact. Posts the summary to Rocket.Chat via incoming webhook. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Looks like this PR is not ready to merge, because of the following issues:
Please fix the issues and try again If you have any trouble, please check the PR guidelines |
|
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughAdds a new GitHub Actions workflow that weekly (and manually) collects non-merge commits from Changes
Sequence Diagram(s)sequenceDiagram
participant Workflow as "GitHub Actions\n(weekly-summary.yml)"
participant Git as "git / origin/develop"
participant GH as "gh CLI"
participant Claude as "Anthropic Claude\n(action)"
participant Webhook as "Rocket.Chat\nWebhook"
Workflow->>Git: checkout develop (full history)
Workflow->>Git: list non-merge commits (last 7 days)
alt commits found
Workflow->>GH: extract PR numbers from commit subjects
loop per PR
GH->>GH: fetch PR number/title/body
GH-->>Workflow: append PR details
end
Workflow->>Claude: send prompt + PR details
Claude-->>Workflow: return structured Markdown (includes NEEDS_DOCS marker)
Workflow->>Webhook: POST summary to WEEKLY_SUMMARY_WEBHOOK_URL
Workflow->>GH: label referenced PRs with `docs`
else no commits
Workflow-->>Workflow: set has_commits=false and skip downstream steps
end
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Claude now outputs a machine-readable NEEDS_DOCS comment at the end of the summary. A new step parses those PR numbers and adds the "docs" label to each one via gh pr edit. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/weekly-summary.yml:
- Around line 31-40: COMMIT_COUNT is computed from the already-capped
COMMIT_LOG, underreporting when there are >500 commits; change the flow to first
capture an uncapped full commit list (e.g., FULL_COMMIT_LOG generated by git log
without piping to head), compute COMMIT_COUNT from that (use wc -l on
FULL_COMMIT_LOG), then create a capped version (pipe FULL_COMMIT_LOG through
head -500) and write that capped output to /tmp/weekly_commits.txt for Claude
input; apply the same change for the duplicate logic referenced around the
second occurrence (lines ~117-118) so stats use the uncapped count while only
the file fed to the model is limited.
- Around line 144-158: The jq extraction currently returns the Portuguese
fallback string "Erro ao extrair resumo." for unsupported .content shapes,
causing SUMMARY to be non-empty and the script to continue; update the jq
expression used to compute SUMMARY so the else branch yields an empty string (or
null) instead of the fallback text (i.e., change the else branch in the jq block
to "" or null) so that the subsequent check if [ -z "$SUMMARY" ] || [ "$SUMMARY"
= "null" ] will detect failure and the step will exit with an error.
- Around line 162-165: The curl webhook call lacks timeouts and doesn't handle
transport failures; update the curl invocation (the line that sets HTTP_CODE
using curl and variables WEBHOOK_URL and PAYLOAD) to include timeouts and
retries (e.g. --connect-timeout and --max-time, plus --retry/--retry-delay and
--silent --show-error), then capture curl's exit status and set a safe fallback
HTTP_CODE on transport failure (e.g. run HTTP_CODE=$(curl ... -w "%{http_code}"
...) ; CURL_EXIT=$? ; if [ "$CURL_EXIT" -ne 0 ]; then HTTP_CODE="000"; fi) so
stalled requests are bounded and network errors are detected instead of leaving
the job hanging.
- Around line 42-50: The workflow currently writes PR bodies to
/tmp/weekly_pr_details.txt and later grants the model broad Bash(cat:*) and View
access; to fix, stop giving the runtime Bash file-read capability and instead
inline the PR body content into the prompt or use a safe sandboxed storage
mechanism: modify the loop around PR_NUMBERS/ BODY to directly pass the captured
BODY string into the model prompt (avoid writing to /tmp) and remove any
allowed_tools entry that includes Bash(cat:*) or file read patterns;
alternatively replace Bash access with a restricted sandboxed tool that only
exposes the explicit BODY variable (or deny patterns) so the model cannot read
arbitrary workspace files.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: f9a3a8e0-34cd-401b-935a-c7d82e4d1f83
📒 Files selected for processing (1)
.github/workflows/weekly-summary.yml
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)
- GitHub Check: 🔎 Code Check / Code Lint
- GitHub Check: 🔎 Code Check / TypeScript
- GitHub Check: 🔨 Test Storybook / Test Storybook
- GitHub Check: 🔨 Test Unit / Unit Tests
- GitHub Check: 📦 Meteor Build (coverage)
- GitHub Check: CodeQL-Build
- GitHub Check: CodeQL-Build
| COMMIT_LOG=$(git log --since="${SINCE_DATE}" --oneline --no-merges --format="%h %s (%an)" origin/develop | head -500) | ||
|
|
||
| if [ -z "$COMMIT_LOG" ]; then | ||
| echo "has_commits=false" >> "$GITHUB_OUTPUT" | ||
| echo "No commits found in the last 7 days." | ||
| else | ||
| COMMIT_COUNT=$(echo "$COMMIT_LOG" | wc -l | tr -d ' ') | ||
| echo "has_commits=true" >> "$GITHUB_OUTPUT" | ||
| echo "commit_count=${COMMIT_COUNT}" >> "$GITHUB_OUTPUT" | ||
| echo "$COMMIT_LOG" > /tmp/weekly_commits.txt |
There was a problem hiding this comment.
Avoid silently underreporting stats when the commit list is capped.
COMMIT_COUNT is computed after head -500, so a busy week with more than 500 non-merge commits will report 500 and skew the Stats section/top contributors. Keep an uncapped count for stats and only cap the file used as Claude input.
Proposed fix
- COMMIT_LOG=$(git log --since="${SINCE_DATE}" --oneline --no-merges --format="%h %s (%an)" origin/develop | head -500)
+ COMMIT_LIMIT=500
+ TOTAL_COMMIT_COUNT=$(git rev-list --count --no-merges --since="${SINCE_DATE}" origin/develop)
+ COMMIT_LOG=$(git log --since="${SINCE_DATE}" --oneline --no-merges --format="%h %s (%an)" origin/develop | head -"${COMMIT_LIMIT}")
if [ -z "$COMMIT_LOG" ]; then
echo "has_commits=false" >> "$GITHUB_OUTPUT"
echo "No commits found in the last 7 days."
else
- COMMIT_COUNT=$(echo "$COMMIT_LOG" | wc -l | tr -d ' ')
+ COMMIT_COUNT="${TOTAL_COMMIT_COUNT}"
echo "has_commits=true" >> "$GITHUB_OUTPUT"
echo "commit_count=${COMMIT_COUNT}" >> "$GITHUB_OUTPUT"
echo "$COMMIT_LOG" > /tmp/weekly_commits.txt
+ if [ "$TOTAL_COMMIT_COUNT" -gt "$COMMIT_LIMIT" ]; then
+ {
+ echo ""
+ echo "_Note: commit list truncated to first ${COMMIT_LIMIT} of ${TOTAL_COMMIT_COUNT} commits._"
+ } >> /tmp/weekly_commits.txt
+ fiAlso applies to: 117-118
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/weekly-summary.yml around lines 31 - 40, COMMIT_COUNT is
computed from the already-capped COMMIT_LOG, underreporting when there are >500
commits; change the flow to first capture an uncapped full commit list (e.g.,
FULL_COMMIT_LOG generated by git log without piping to head), compute
COMMIT_COUNT from that (use wc -l on FULL_COMMIT_LOG), then create a capped
version (pipe FULL_COMMIT_LOG through head -500) and write that capped output to
/tmp/weekly_commits.txt for Claude input; apply the same change for the
duplicate logic referenced around the second occurrence (lines ~117-118) so
stats use the uncapped count while only the file fed to the model is limited.
| # Extract PR numbers and fetch their bodies for context on actions/behavior changes | ||
| PR_NUMBERS=$(echo "$COMMIT_LOG" | grep -oP '#\K[0-9]+' | sort -u) | ||
| echo "" > /tmp/weekly_pr_details.txt | ||
| for PR in $PR_NUMBERS; do | ||
| BODY=$(gh pr view "$PR" --json number,title,body --jq '"### PR #\(.number): \(.title)\n\(.body // "")\n---"' 2>/dev/null || true) | ||
| if [ -n "$BODY" ]; then | ||
| echo "$BODY" >> /tmp/weekly_pr_details.txt | ||
| fi | ||
| done |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
anthropics/claude-code-base-action allowed_tools syntax restrict Bash cat to specific file paths
💡 Result:
In Anthropic's Claude Code (repository anthropics/claude-code), there is no direct syntax in allowed_tools to restrict Bash's cat command to specific file paths. Permission rules like "Read(./allowed/)" in settings.json permissions.deny/allow only apply to built-in Read/Glob/Grep tools, not Bash subprocesses. Bash("cat ./allowed/file") bypasses these, as confirmed by open GitHub issues #39987, #45992 (as of 2026-04-10). allowed_tools syntax (comma-separated in SKILL.md frontmatter or settings.json permissions.allow) grants auto-approval for tools like "Bash(gh:*)", "Read", but does not parse/enforce file paths within Bash commands {#1,14,19}. To restrict Bash cat to paths: - Enable sandboxing (/sandbox or "sandbox":{"enabled":true}) for OS-level enforcement (bubblewrap/Seatbelt). Use "sandbox.filesystem.denyRead":["~/.ssh/","./secrets/"],"allowWrite":["./allowed/"] to block reads/writes outside paths at runtime for all Bash subprocesses {#12,19,59,61}. - deny Bash patterns: "permissions.deny":["Bash(cat ~)","Bash(grep .env)"] prevents specific commands but requires exhaustive patterns {#10,18}. - PreToolUse hooks or external wrappers (e.g., bubblewrap) for custom path scanning {#6}. Sandbox provides strongest restriction; permissions alone insufficient for Bash cat.
Citations:
- 1: [DOCS] Syntax for allowed-tools in skills anthropics/claude-code#17499
- 2: [BUG] Bash tool bypasses settings.json path deny rules — shell commands not subject to file tool access controls anthropics/claude-code#39987
- 3: deniedPaths bypassed by Bash tool — security policy not enforced uniformly across tools anthropics/claude-code#45992
- 4: https://code.claude.com/docs/en/permissions
- 5: https://code.claude.com/docs/en/sandboxing
- 6: allowed-tools in SKILL.md frontmatter does not restrict tool access anthropics/claude-code#37683
- 7: http://code.claude.com/docs/en/permissions
- 8: https://codingnomads.com/claude-permission-rule-syntax
- 9: https://claudelab.net/en/articles/claude-code/claude-code-settings-json-complete-guide
- 10: https://claudefa.st/blog/guide/settings-reference
🏁 Script executed:
cat -n .github/workflows/weekly-summary.yml | head -150Repository: RocketChat/Rocket.Chat
Length of output: 9844
Restrict Claude's file-read access before processing untrusted PR bodies.
PR descriptions are contributor-controlled input, but line 132 grants broad Bash(cat:*) and View access. A malicious PR description could prompt the model to read unrelated runner or workspace files. The allowed_tools syntax in this action does not support file-path restrictions for Bash subprocesses—only sandboxing or pattern denials can enforce limits. Scope access via sandbox filesystem controls, deny Bash patterns entirely, or inline PR content directly in the prompt and remove Bash(cat:*).
Also applies to: 42–50, 63–69
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/weekly-summary.yml around lines 42 - 50, The workflow
currently writes PR bodies to /tmp/weekly_pr_details.txt and later grants the
model broad Bash(cat:*) and View access; to fix, stop giving the runtime Bash
file-read capability and instead inline the PR body content into the prompt or
use a safe sandboxed storage mechanism: modify the loop around PR_NUMBERS/ BODY
to directly pass the captured BODY string into the model prompt (avoid writing
to /tmp) and remove any allowed_tools entry that includes Bash(cat:*) or file
read patterns; alternatively replace Bash access with a restricted sandboxed
tool that only exposes the explicit BODY variable (or deny patterns) so the
model cannot read arbitrary workspace files.
| HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \ | ||
| -X POST "$WEBHOOK_URL" \ | ||
| -H "Content-Type: application/json" \ | ||
| -d "$PAYLOAD") |
There was a problem hiding this comment.
Bound the webhook call and handle network failures explicitly.
Without curl timeouts, a stalled webhook can hold the job until the 15-minute workflow timeout. Also, curl transport failures can exit before the HTTP-code handler runs.
Proposed fix
- HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
+ if ! HTTP_CODE=$(curl --silent --show-error \
+ --connect-timeout 10 \
+ --max-time 30 \
+ -o /tmp/weekly-summary-webhook-response.txt \
+ -w "%{http_code}" \
-X POST "$WEBHOOK_URL" \
-H "Content-Type: application/json" \
- -d "$PAYLOAD")
+ -d "$PAYLOAD"); then
+ echo "::error::Failed to reach Rocket.Chat webhook"
+ exit 1
+ fi📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \ | |
| -X POST "$WEBHOOK_URL" \ | |
| -H "Content-Type: application/json" \ | |
| -d "$PAYLOAD") | |
| if ! HTTP_CODE=$(curl --silent --show-error \ | |
| --connect-timeout 10 \ | |
| --max-time 30 \ | |
| -o /tmp/weekly-summary-webhook-response.txt \ | |
| -w "%{http_code}" \ | |
| -X POST "$WEBHOOK_URL" \ | |
| -H "Content-Type: application/json" \ | |
| -d "$PAYLOAD"); then | |
| echo "::error::Failed to reach Rocket.Chat webhook" | |
| exit 1 | |
| fi |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/weekly-summary.yml around lines 162 - 165, The curl
webhook call lacks timeouts and doesn't handle transport failures; update the
curl invocation (the line that sets HTTP_CODE using curl and variables
WEBHOOK_URL and PAYLOAD) to include timeouts and retries (e.g. --connect-timeout
and --max-time, plus --retry/--retry-delay and --silent --show-error), then
capture curl's exit status and set a safe fallback HTTP_CODE on transport
failure (e.g. run HTTP_CODE=$(curl ... -w "%{http_code}" ...) ; CURL_EXIT=$? ;
if [ "$CURL_EXIT" -ne 0 ]; then HTTP_CODE="000"; fi) so stalled requests are
bounded and network errors are detected instead of leaving the job hanging.
Instructs Claude to place chores/refactors that affect APIs, OpenAPI specs, or public interfaces in Developer & API Changes rather than Internal, since their impact is developer-facing regardless of the conventional commit type. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
♻️ Duplicate comments (4)
.github/workflows/weekly-summary.yml (4)
31-40:⚠️ Potential issue | 🟡 MinorKeep Stats uncapped when limiting Claude input.
COMMIT_COUNTis derived afterhead -500, so busy weeks report500even when more commits exist. Count the full range separately, and only cap/tmp/weekly_commits.txt.Proposed fix
- COMMIT_LOG=$(git log --since="${SINCE_DATE}" --oneline --no-merges --format="%h %s (%an)" origin/develop | head -500) + COMMIT_LIMIT=500 + TOTAL_COMMIT_COUNT=$(git rev-list --count --no-merges --since="${SINCE_DATE}" origin/develop) + COMMIT_LOG=$(git log --since="${SINCE_DATE}" --oneline --no-merges --format="%h %s (%an)" origin/develop | head -"${COMMIT_LIMIT}") if [ -z "$COMMIT_LOG" ]; then echo "has_commits=false" >> "$GITHUB_OUTPUT" echo "No commits found in the last 7 days." else - COMMIT_COUNT=$(echo "$COMMIT_LOG" | wc -l | tr -d ' ') + COMMIT_COUNT="${TOTAL_COMMIT_COUNT}" echo "has_commits=true" >> "$GITHUB_OUTPUT" echo "commit_count=${COMMIT_COUNT}" >> "$GITHUB_OUTPUT" echo "$COMMIT_LOG" > /tmp/weekly_commits.txt + if [ "$TOTAL_COMMIT_COUNT" -gt "$COMMIT_LIMIT" ]; then + { + echo "" + echo "_Note: commit list truncated to first ${COMMIT_LIMIT} of ${TOTAL_COMMIT_COUNT} commits._" + } >> /tmp/weekly_commits.txt + fi🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/weekly-summary.yml around lines 31 - 40, COMMIT_COUNT is being computed from the already-capped COMMIT_LOG (which uses head -500) so busy weeks incorrectly show 500; run git log --since="${SINCE_DATE}" --oneline --no-merges --format="%h %s (%an)" origin/develop once into a full variable (e.g., FULL_COMMIT_LOG) to derive COMMIT_COUNT from the full results, then create a capped version (pipe FULL_COMMIT_LOG | head -500) and write that capped output to /tmp/weekly_commits.txt while still exporting the true commit_count derived from FULL_COMMIT_LOG; keep the existing output variables has_commits and commit_count logic but switch their inputs to FULL_COMMIT_LOG and the capped file respectively.
167-170:⚠️ Potential issue | 🟡 MinorBound the webhook request and handle transport failures.
Without curl timeouts, a stalled webhook can hold the job until the workflow timeout; transport failures can also bypass clean HTTP-code handling.
Proposed fix
- HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \ + if ! HTTP_CODE=$(curl --silent --show-error \ + --connect-timeout 10 \ + --max-time 30 \ + --retry 2 \ + --retry-delay 5 \ + -o /tmp/weekly-summary-webhook-response.txt \ + -w "%{http_code}" \ -X POST "$WEBHOOK_URL" \ -H "Content-Type: application/json" \ - -d "$PAYLOAD") + -d "$PAYLOAD"); then + echo "::error::Failed to reach Rocket.Chat webhook" + exit 1 + fi🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/weekly-summary.yml around lines 167 - 170, Add network timeouts and explicit transport-failure handling to the curl call that sets HTTP_CODE: include options like --connect-timeout and --max-time (and --fail/--show-error if desired) when invoking curl with WEBHOOK_URL and PAYLOAD, then capture curl's exit status ($?) after the request and translate non-zero exits into a sentinel HTTP_CODE (e.g., "000" or log-and-fail) so that transport failures don't slip past HTTP-code handling; update references around the HTTP_CODE assignment and any downstream checks so they treat non-2xx/000 as failures.
149-158:⚠️ Potential issue | 🟠 MajorFail extraction instead of posting fallback error text.
The
elsebranch returns non-empty"Erro ao extrair resumo.", so the next check treats extraction failure as a valid Rocket.Chat message.Proposed fix
- SUMMARY=$(jq -r ' - [.[] | select(.role == "assistant")] | last | - if .content | type == "array" then - [.content[] | select(.type == "text") | .text] | join("\n") - elif .content | type == "string" then - .content - else - "Erro ao extrair resumo." - end - ' "$EXECUTION_FILE") + if ! SUMMARY=$(jq -r ' + ([.[] | select(.role == "assistant")] | last) as $message | + if $message == null then + "" + elif ($message.content | type) == "array" then + [$message.content[] | select(.type == "text") | .text] | join("\n") + elif ($message.content | type) == "string" then + $message.content + else + "" + end + ' "$EXECUTION_FILE"); then + echo "::error::Failed to parse Claude execution log" + exit 1 + fi🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/weekly-summary.yml around lines 149 - 158, The jq extraction currently returns the literal "Erro ao extrair resumo." on the else branch which makes SUMMARY non-empty and treated as a valid message; update the else branch in the jq block that builds SUMMARY so it emits an empty string (e.g., replace "Erro ao extrair resumo." with "") or jq empty output, ensuring SUMMARY is empty on failure and the downstream check will treat extraction as failed; look for the SUMMARY assignment and the conditional branches inspecting .content | type inside that jq script to apply this change.
42-50:⚠️ Potential issue | 🟠 MajorDo not grant broad file-read tools while processing PR bodies.
PR bodies are contributor-controlled prompt input, but Claude gets
Bash(cat:*)andView, so prompt injection can steer it toward reading unrelated runner/workspace files. Inline the prepared commit/PR text into the prompt, or run the model in a sandbox that exposes only those files.For anthropics/claude-code-base-action / Claude Code, does allowed_tools support path-restricting Bash(cat:*), and what sandbox or permission configuration prevents Bash subprocesses from reading arbitrary workspace files?Also applies to: 60-133
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In @.github/workflows/weekly-summary.yml:
- Around line 31-40: COMMIT_COUNT is being computed from the already-capped
COMMIT_LOG (which uses head -500) so busy weeks incorrectly show 500; run git
log --since="${SINCE_DATE}" --oneline --no-merges --format="%h %s (%an)"
origin/develop once into a full variable (e.g., FULL_COMMIT_LOG) to derive
COMMIT_COUNT from the full results, then create a capped version (pipe
FULL_COMMIT_LOG | head -500) and write that capped output to
/tmp/weekly_commits.txt while still exporting the true commit_count derived from
FULL_COMMIT_LOG; keep the existing output variables has_commits and commit_count
logic but switch their inputs to FULL_COMMIT_LOG and the capped file
respectively.
- Around line 167-170: Add network timeouts and explicit transport-failure
handling to the curl call that sets HTTP_CODE: include options like
--connect-timeout and --max-time (and --fail/--show-error if desired) when
invoking curl with WEBHOOK_URL and PAYLOAD, then capture curl's exit status ($?)
after the request and translate non-zero exits into a sentinel HTTP_CODE (e.g.,
"000" or log-and-fail) so that transport failures don't slip past HTTP-code
handling; update references around the HTTP_CODE assignment and any downstream
checks so they treat non-2xx/000 as failures.
- Around line 149-158: The jq extraction currently returns the literal "Erro ao
extrair resumo." on the else branch which makes SUMMARY non-empty and treated as
a valid message; update the else branch in the jq block that builds SUMMARY so
it emits an empty string (e.g., replace "Erro ao extrair resumo." with "") or jq
empty output, ensuring SUMMARY is empty on failure and the downstream check will
treat extraction as failed; look for the SUMMARY assignment and the conditional
branches inspecting .content | type inside that jq script to apply this change.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: bc1f3f26-53ac-4798-ae6e-88415a640d98
📒 Files selected for processing (1)
.github/workflows/weekly-summary.yml
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)
- GitHub Check: 🔨 Test Storybook / Test Storybook
- GitHub Check: 🔨 Test Unit / Unit Tests
- GitHub Check: 🔎 Code Check / TypeScript
- GitHub Check: 🔎 Code Check / Code Lint
- GitHub Check: 📦 Meteor Build (coverage)
- GitHub Check: CodeQL-Build
- GitHub Check: CodeQL-Build
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2026-04-14T23:26:19.461Z
Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 40159
File: .github/actions/setup-node/action.yml:44-59
Timestamp: 2026-04-14T23:26:19.461Z
Learning: In RocketChat/Rocket.Chat's CI composite actions (e.g. `.github/actions/setup-node/action.yml`), writing resolved tool versions directly to `$GITHUB_ENV` via `echo "VAR=value" >> $GITHUB_ENV` (without multiline heredoc form or explicit empty-value guards) is an accepted, intentional pattern. The source files (`package.json` engines field and `.tool-versions`) are considered stable and trusted, so flagging the absence of newline/empty validation or the use of the heredoc form is not warranted.
Applied to files:
.github/workflows/weekly-summary.yml
🔇 Additional comments (1)
.github/workflows/weekly-summary.yml (1)
196-207: Remove or defer this change—the bash -e concern does not apply to this workflow.The workflow uses
run: |(standard bash without-eflag), so the grep no-match scenario does not cause an early exit. When grep finds no matches without-e, the pipeline simply returns an empty result, and the subsequentif [ -z "$DOCS_PRS" ]check correctly handles it. The proposed bash -e test case does not reflect the actual execution environment.Regarding allowlisting: While extracting PRs only from the actual commit log adds defensive filtering, it assumes PR numbers are consistently present and extractable from commit messages (e.g., "Merge pull request
#123"), which is not guaranteed. This adds complexity without clear verification that the pattern will reliably match your commits. If you want to add this validation, first confirm your commit message format consistently includes extractable PR numbers.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## develop #40213 +/- ##
===========================================
+ Coverage 69.81% 69.85% +0.03%
===========================================
Files 3291 3295 +4
Lines 119089 119166 +77
Branches 21484 21464 -20
===========================================
+ Hits 83138 83238 +100
+ Misses 32657 32634 -23
Partials 3294 3294
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
Rocket.Chat does not render markdown tables. Instructs Claude to use bullet lists or code blocks instead. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Instructs Claude to use [#40123](url) format so PR references are clickable in Rocket.Chat. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Rocket.Chat incoming webhooks have a per-message size limit (default ~5000 chars). Large summaries (e.g., release summaries covering many commits) failed with error-message-size-exceeded. Uses Python to split the summary at "### " section boundaries, producing chunks under the limit, and posts each chunk sequentially. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 participant
Summary
.github/workflows/weekly-summary.yml) that runs every Friday at 09:00 UTCclaude-code-base-action) to analyze the week's commits and PR descriptions ondevelopReport Sections
Secrets Required
CLAUDE_CODE_OAUTH_TOKENWEEKLY_SUMMARY_WEBHOOK_URLTest plan
WEEKLY_SUMMARY_WEBHOOK_URLsecret in repo settingsworkflow_dispatchand verify summary appears in Rocket.Chat channel🤖 Generated with Claude Code
Summary by CodeRabbit