paginate over results until limit is reached

[dhth]

Add paginated GitHub event fetching support

• treat --limit as the number of supported events shown
• validate event limits within the GitHub-backed range of 1 to 300
• fetch GitHub public events page-by-page inside GithubService
• stop when enough supported events are collected or GitHub has no next page
• detect pagination through the Link response header

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds GitHub event pagination support, constrains event limits to a valid range, and establishes automated testing in CI/CD. The core change implements paginated retrieval of GitHub public events by parsing link headers and looping until reaching the requested event count or exhausting available pages. The EventLimit domain type now accepts values from 1 to 300. Two CI/CD workflows gain conditional test jobs that execute the Rust test suite across Ubuntu and macOS platforms when code changes are present.

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to evaluate whether the description relates to the changeset.	Add a description explaining the pagination implementation, why it was needed, and how it works with the GitHub API Link header.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title directly matches the main objective of the changeset, which adds pagination support to GitHub API event fetching until a limit is reached.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/main.yml:
- Around line 76-90: The "test" GitHub Actions job currently lacks an explicit
permissions block and thus inherits broad token scopes; add a permissions
section inside the "test" job (the job named "test") and set the GITHUB_TOKEN
scope to least-privilege required for running cargo tests by specifying
contents: read so the job only has read access to repository contents. Ensure
the permissions block is placed at the same indentation as "strategy" and
"runs-on" within the "test" job definition.
- Around line 84-86: Update the workflow to pin the actions to immutable commit
SHAs and disable checkout credential persistence: replace the tag refs for
actions/checkout and actions-rust-lang/setup-rust-toolchain with specific commit
SHAs (instead of `@v6` and `@v1`) and add persist-credentials: false to the
actions/checkout step so credentials are not persisted; ensure you update the
checkout step (actions/checkout) and the toolchain step
(actions-rust-lang/setup-rust-toolchain) references accordingly.

In @.github/workflows/pr.yml:
- Around line 73-87: The GitHub Actions job named "test" currently relies on
default permissions; update the job definition for the "test" job to include an
explicit minimal permissions block (set permissions: contents: read) so the
workflow grants least privilege during test execution; add the permissions
stanza under the "test" job alongside needs/strategy/runs-on so it applies to
the existing steps that run cargo test.
- Around line 81-83: Pin the workflow actions to immutable SHAs and disable
checkout credential persistence: update the step that uses actions/checkout (the
checkout step) to include persist-credentials: false and reference the checkout
action by its full git SHA rather than `@v6`, and replace uses:
actions-rust-lang/setup-rust-toolchain@v1 (the "Install toolchain" step) with
the corresponding pinned SHA version; ensure both steps use the action SHAs to
prevent unexpected updates and that the checkout step explicitly sets
persist-credentials: false.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 694894ff-34ad-4d16-a846-408d3e752c4e

📥 Commits

Reviewing files that changed from the base of the PR and between 9851672 and 025149e.

📒 Files selected for processing (4)

• .github/workflows/main.yml
• .github/workflows/pr.yml
• src/domain/events.rs
• src/service/github.rs