Conversation
Add a `runner man` subcommand that renders roff straight from the clap command tree via `clap_mangen` (default-on dep, so prebuilt-binary and `cargo install` builds can self-generate): `runner.1`, `run.1`, and one page per subcommand. `--output <dir>` writes the full set; bare `runner man` emits the top-level page to stdout. Bare invocation yields to a project task named `man` when one exists, matching how the other built-ins shadow. Wire the pages into every channel that supports them: - both AUR PKGBUILDs install to `/usr/share/man/man1/` (makepkg zipman gzips them); - the npm facade ships them via package.json `man`, rendered once in CI from the host gnu x86_64 tarball (roff is platform-independent); - `install.sh` renders into the XDG user man path, best-effort. `cargo install` users generate on demand. README + CHANGELOG document it.
The `runner man` subcommand forced `clap_mangen` into every shipped binary (default-on dep) just so each channel could self-generate pages at install time. That's runtime weight and per-build rendering for an artifact that never changes between builds. Render once instead: a `gen-man` example (behind the off-by-default `man-gen` feature) calls `runner::man_pages()` and writes `man/*.1`, which are committed as the single source of truth. CI re-runs it and asserts `git diff --exit-code man/` to keep them in sync. - `clap_mangen` is now optional (`dep:clap_mangen`), out of the release binary like `schemars`/`schema-gen`. - drop the `Man` CLI variant, `cmd::man`, and `dispatch_man`; move rendering to `src/man.rs` gated on `man-gen`. - npm facade reads the committed `man/` dir directly; the per-build `--man-dir` flag is gone. - `man/` added to the crate `include` so `cargo install` ships pages.
22ac483 committed `man/*.1` as the single source of truth, but a generated artifact in the tree is just drift waiting to happen — every CLI help tweak needs a matching `just gen-man` or CI diff-checks fail. Render once at release instead. A new `man` job runs the `gen-man` example, archives the pages as `runner-<tag>-man.tar.gz`, and uploads it to the GitHub release; every channel pulls from there: - npm facade downloads the `man-pages` artifact, ships via `man` field; - `install.sh` and `runner-run-bin` fetch the release tarball; - `runner-run` renders in `build()`; - crates.io renders pre-publish (`cargo publish --allow-dirty`). `/man/` is now gitignored and the committed pages dropped. Drop the `--man-dir`-from-host-render path in build-npm-packages.sh for the artifact download. Trim the over-long doc comments added with the original feature down to one-liners. Side sweep: pin third-party action `# vN` comments to exact tags (`v6.0.3`, `v2.9.1`, …) so the floating-tag intent is unambiguous.
`gen-man` ran in debug after the release build, compiling the dep tree twice. Run it `--release` first so `cargo build --release` reuses the warmed artifacts — single compile.
The `gen-man` example was a second crate target wrapping the same `man::man_pages()` the CLI could expose itself. Fold it back into a `man` subcommand gated behind `man-gen` (still off by default, still never in the shipped binary) so rendering lives with the command tree it documents and callers invoke the real binary. - `runner man` writes the top-level page to stdout; `--output <dir>` writes every `<stem>.1`. The `man` subcommand hides itself from the generated set. - every channel switches to `cargo run --features man-gen -- man --output man`: crates-release, release.yml, AUR `build()`. - AUR builds the release binaries first, then renders into a separate `target/man-gen` so the feature's `clap_mangen` dep tree can't pollute the release cache. - drop the `man_pages()` lib export and the `[[example]]` entry. Side sweep: regroup `.cargo/config.toml` aliases into labelled blocks and add a `man` alias.
`man` rendering lived at the crate root (`src/man.rs`) while the subcommand it backs lives under `cmd`. Move it to `src/cmd/man.rs` and re-export `write_man_pages`/`write_runner_page_to_stdout` through `cmd` so the `man-gen` code sits with the command tree it documents. `dispatch_man` now calls `cmd::write_*`; gating and behaviour unchanged.
The `gen-schema` example was a second crate target wrapping the same `config_schema()` the CLI could expose itself. Fold it back into a `schema` subcommand gated behind `schema-gen` (still off by default, still never in the shipped binary) so rendering lives with the command tree it documents and callers invoke the real binary. - `runner schema` writes the JSON Schema to stdout; `--output <file>` writes to disk with a trailing newline. - `just gen-schema` and the `schema` cargo alias switch to `cargo schema --output ...`. - drop the `[[example]]` entry, the `/examples` crate include, and the now-stale doc comments on the `schemars` dep + `schema-gen` feature. Mirrors c1681c3's man-subcommand refactor.
The `man-gen`/`schema-gen` names dated to the example-crate era; now that both render through real subcommands (`runner man`, `runner schema`) the `-gen` suffix is vestigial. Rename to `man`/`schema` across every gate: Cargo.toml, cli.rs `#[cfg]`s, cmd/ module wiring, config.rs schemars derives, dispatch in lib.rs, plus the .zed, .gitignore, README, CHANGELOG, PKGBUILD, and release.yml references. Side sweeps: - `.cargo/config.toml`: add `f`/`format` (dprint via bin-run) and a real `lint` alias; point `man`/`schema` at the renamed features. - crates-release.yml: hoist `RELEASE_TAG`/`INPUT_DRY_RUN` to top-level env, flow-style the verbose blocks, emit a `version` output and feed it into the environment URL, add a `::error` annotation on tag mismatch, and call the new `cargo man` alias. - justfile: drop the unused `default-member` var.
Move the working-tree-build and checks notes out of the README into a dedicated .github/CONTRIBUTING.md, and document the generated-artifact workflow (schema drift guard, on-demand man pages). README `run`/`run <TAB>` samples regenerated against 0.12.0: bun + cargo PMs, Node/monorepo lines, the renamed cargo aliases (f/format, man, rq), and the new flags (--schema-version, --sequential/--parallel, --keep-going/--kill-on-fail). Install/CI snippets bumped to 0.12.0 and the chained `runner install --frozen test build` form. AUR links added. Drop bacon.toml: bacon is no longer an aggregated task source, so its jobs no longer show up in listings.
Fold the nine per-group `[lints.clippy.*]` tables into one inline map under `[lints.clippy]`, keeping each level and `priority = -1`. While collapsing, promote `complexity` warn → deny and drop the `cargo_common_metadata`/`multiple_crate_versions` allows so the cargo group denies fully; `redundant_pub_crate` stays the lone allow. Also drop the binstall `pkg-url` explanatory comment block.
Show `runner install test build deploy` as a single invocation instead of separate `run` lines, matching real multi-task usage.
The man pages downloaded from the release without integrity checks while the binaries above them verified theirs. Fetch the matching `runner-<version>-man.sha256` and `sha256sum -c` before extracting. Still best-effort: a checksum mismatch joins a read-only `$HOME` or a missing asset as a skip-not-fail condition, so the install never breaks on the optional man pages.
Windows has no `man`, so the subcommand is dead weight there even when built with `--features man`. Gate every `man` cfg on `not(windows)` so it compiles on Unix only; a Windows binary never carries it.
|
Warning Review limit reached
More reviews will be available in 73 minutes and 4 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (9)
✨ Finishing Touches✨ Simplify code
Comment |
coderabbitai
Bot
added
documentation
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/release.yml:
- Line 19: The workflow leaves the checkout token persisted and allows PRs to
save rust caches; update the `actions/checkout` step (the uses:
actions/checkout@...) to include persist-credentials: false so the GITHUB_TOKEN
is not stored in git, and modify the `Swatinem/rust-cache` step to set its
save-if input to only save when the event is not a pull_request (e.g., save-if:
${{ github.event_name != 'pull_request' }}), ensuring PR runs cannot persist
caches.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 8563c184-f3f4-4229-8bc6-765ac3a3336c
⛔ Files ignored due to path filters (1)
Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (27)
.cargo/config.toml.github/CONTRIBUTING.md.github/scripts/build/build-npm-packages.sh.github/scripts/publish/aur-prepare.sh.github/workflows/aur-release.yml.github/workflows/crates-release.yml.github/workflows/npm-release.yml.github/workflows/release.yml.gitignore.zed/settings.jsonCHANGELOG.mdCargo.tomlREADME.mdaur/runner-run-bin/PKGBUILDaur/runner-run/PKGBUILDbacon.tomlexamples/gen-schema.rsinstall.shjustfilenpm/scripts/build-packages.tsschemas/runner.toml.schema.jsonsrc/cli.rssrc/cmd/man.rssrc/cmd/mod.rssrc/cmd/schema.rssrc/config.rssrc/lib.rs
💤 Files with no reviewable changes (2)
- examples/gen-schema.rs
- bacon.toml
📜 Review details
🧰 Additional context used
📓 Path-based instructions (3)
.github/**/*.{yml,yaml}
⚙️ CodeRabbit configuration file
Do not ever warn about stylistic yamllint shit. Do warn about security related shit. Insecure shell handling of user supplied / defined strings: think of branch names, inputs, pr content, anything needs to be string interpolation and permission safe.
Files:
.github/workflows/aur-release.yml.github/workflows/crates-release.yml.github/workflows/npm-release.yml.github/workflows/release.yml
**/CHANGELOG.md
📄 CodeRabbit inference engine (Custom checks)
**/CHANGELOG.md: If any source code files (excluding tests, docs, CI, markdown, or comments-only changes) are modified, CHANGELOG.md MUST also be modified in the same PR.
If a version bump is detected, CHANGELOG.md MUST contain a new section header matching the exact new version number in the format: '## [X.Y.Z] - YYYY-MM-DD'.
If NO version bump is detected, the changes in the PR MUST be added under the existing '## [Unreleased]' section in CHANGELOG.md. The entry MUST describe the changes (e.g., Added, Changed, Fixed, Removed).
Files:
CHANGELOG.md
@(package.json|pyproject.toml|setup.py|Cargo.toml|go.mod|pom.xml|build.gradle|VERSION)
📄 CodeRabbit inference engine (Custom checks)
@(package.json|pyproject.toml|setup.py|Cargo.toml|go.mod|pom.xml|build.gradle|VERSION): If any source code files (excluding tests, docs, CI, markdown, or comments-only changes) are modified, then a version field MUST be updated in one of the following files if present in the repo: package.json, pyproject.toml, setup.py, Cargo.toml, go.mod, pom.xml, build.gradle, or a VERSION file.
The new version MUST follow SemVer (MAJOR.MINOR.PATCH). If the PR introduces breaking changes (removal or renaming of public APIs, changes to function signatures, deleted exported symbols, or incompatible config changes), MAJOR must increment. If it adds backward-compatible functionality, MINOR must increment. If it only fixes bugs without changing public APIs, PATCH must increment.
Files:
Cargo.toml
🧠 Learnings (16)
📚 Learning: 2026-03-26T20:08:23.153Z
Learnt from: kjanat
Repo: kjanat/runner PR: 1
File: src/detect.rs:22-22
Timestamp: 2026-03-26T20:08:23.153Z
Learning: In `src/detect.rs` within the `kjanat/runner` codebase, `detect()` is intentionally infallible and should return `ProjectContext` directly. Parsing/I/O failures from task extractors (which return `anyhow::Result<Vec<String>>`) must be recorded by `push_extracted_tasks` into `ProjectContext.warnings` as `DetectionWarning` entries and then emitted to stderr via `cmd::print_warnings`. When reviewing, do not flag `detect()` for “swallowing errors” as long as failures are routed into the warnings-list design (i.e., they’re preserved in `ProjectContext.warnings`, not dropped silently).
Applied to files:
.gitignore
📚 Learning: 2026-05-04T22:42:28.879Z
Learnt from: kjanat
Repo: kjanat/runner PR: 5
File: CHANGELOG.md:8-27
Timestamp: 2026-05-04T22:42:28.879Z
Learning: In `CHANGELOG.md`, do not treat a `## [Unreleased]` section as an error/mismatch during development PRs even if `Cargo.toml` includes an in-progress version bump. The versioned header format `## [X.Y.Z] - YYYY-MM-DD` should only be added at release/tag time; this repo’s `CHANGELOG.md` includes a “Post-release checklist” confirming that behavior. Only flag changelog/version mismatches if they contradict the intended workflow described in `CHANGELOG.md`.
Applied to files:
.gitignore
📚 Learning: 2026-05-14T15:04:39.496Z
Learnt from: kjanat
Repo: kjanat/runner PR: 27
File: src/cli.rs:780-788
Timestamp: 2026-05-14T15:04:39.496Z
Learning: In `src/cli.rs`, do not recommend removing `trailing_var_arg = true` or `allow_hyphen_values = true` from `Command::Run.args` and `RunAliasCli.args`. They are intentionally required for the documented pass-through contract: hyphen-prefixed args (e.g., `--watch`) that appear after a task name must be forwarded to the underlying task. As a result, in chain mode, chain-failure flags like `-k`/`--kill-on-fail` that are placed after task names will be silently consumed as task args rather than parsed as flags; when proposing fixes or usage changes, use the documented workaround of placing all chain flags before task names (e.g., `runner run -s -k build test`). This behavior is verified in `src/lib.rs` (`run_alias_forwards_trailing_args`) and described in the README, so keep this design trade-off intact.
Applied to files:
.gitignore
📚 Learning: 2026-05-02T17:50:01.271Z
Learnt from: kjanat
Repo: kjanat/runner PR: 5
File: .gitignore:4-4
Timestamp: 2026-05-02T17:50:01.271Z
Learning: In this repository, `package-lock.json` is intentionally added to `.gitignore` and should not be committed. In future reviews, do not flag the absence/presence of `package-lock.json` as an issue as long as `.gitignore` continues to exclude it intentionally.
Applied to files:
.gitignore
📚 Learning: 2026-06-04T04:42:48.221Z
Learnt from: CR
Repo: kjanat/greentv PR: 0
File: coderabbit-custom-pre-merge-checks-unique-id-file-non-traceable-F7F2B60C-1728-4C9A-8889-4F2235E186CA.txt:0-0
Timestamp: 2026-06-04T04:42:48.221Z
Learning: Applies to AGENTS.md : If any AGENTS.md file exists in the repository and the PR modifies architecture, workflows, responsibilities, automation behavior, CLI interfaces, or agent-related logic, the corresponding AGENTS.md file in the affected directory MUST be updated in the same PR. Issue a warning if relevant code changes occur without updates to AGENTS.md.
Applied to files:
.github/CONTRIBUTING.md
📚 Learning: 2026-05-04T15:23:38.296Z
Learnt from: kjanat
Repo: kjanat/runner PR: 5
File: .github/workflows/release.yml:73-73
Timestamp: 2026-05-04T15:23:38.296Z
Learning: For GitHub Actions workflows in this repository (kjanat/runner), maintain the maintainer’s preference for “floating” action tags (e.g., `v6`, `v7`) instead of pinned full commit SHAs. During code review, do not flag action usages in `.github/workflows/**/*.yml` for not being pinned to full commit SHAs or suggest switching to SHA pinning.
Applied to files:
.github/workflows/aur-release.yml.github/workflows/crates-release.yml.github/workflows/npm-release.yml.github/workflows/release.yml
📚 Learning: 2026-03-26T20:05:44.851Z
Learnt from: kjanat
Repo: kjanat/runner PR: 1
File: src/cmd/mod.rs:67-75
Timestamp: 2026-03-26T20:05:44.851Z
Learning: In Rust, `std::process::Command` does not provide getters for stdio configuration, so whether `Stdio::inherit()` (or other `Stdio::*` settings) was applied cannot be asserted via pure unit tests without spawning a process and inspecting OS-level fds. When reviewing Rust code, do not flag “missing unit test coverage” for stdio configuration on `std::process::Command` as a code issue—treat the explicit `Command::stdin/stdout/stderr` setter calls in the source as the meaningful guarantee.
Applied to files:
src/cmd/schema.rssrc/cli.rssrc/lib.rssrc/cmd/man.rssrc/cmd/mod.rssrc/config.rs
📚 Learning: 2026-04-21T15:16:40.277Z
Learnt from: kjanat
Repo: kjanat/runner PR: 4
File: src/tool/just.rs:132-133
Timestamp: 2026-04-21T15:16:40.277Z
Learning: In Rust, if a method like `ExtractedTask::name() -> &str` returns a borrowed `&str` tied to `&self`, then using `sort_unstable_by_key(|t| t.name())` should be avoided because `by_key` requires the key to not borrow from the element being sorted (it will fail to compile due to the key’s lifetime). Do not recommend `sort_unstable_by_key` as a simplification in this situation. If you need an allocation-free and idiomatic comparison, use `sort_unstable_by(|a, b| a.name().cmp(b.name()))` instead. Using `.to_owned()` inside `by_key` is an alternative but allocates a `String` per element.
Applied to files:
src/cmd/schema.rssrc/cli.rssrc/lib.rssrc/cmd/man.rssrc/cmd/mod.rssrc/config.rs
📚 Learning: 2026-05-04T23:28:17.947Z
Learnt from: kjanat
Repo: kjanat/runner PR: 5
File: src/lib.rs:222-223
Timestamp: 2026-05-04T23:28:17.947Z
Learning: When reviewing Rust `rustdoc` comments (`/// ...`), treat a trailing backslash (`\`) at the end of a comment line as valid CommonMark syntax for a hard line break (rendered as `<br>`). Do not flag such trailing backslashes as papercuts or recommend removing them unless there is clear evidence they are unintended (e.g., they are not in the `rustdoc` comment context or the surrounding formatting contradicts the intended CommonMark hard-break usage).
Applied to files:
src/cmd/schema.rssrc/cli.rssrc/lib.rssrc/cmd/man.rssrc/cmd/mod.rssrc/config.rs
📚 Learning: 2026-06-01T17:42:48.461Z
Learnt from: kjanat
Repo: kjanat/runner PR: 34
File: Cargo.toml:61-61
Timestamp: 2026-06-01T17:42:48.461Z
Learning: In this repo, do not flag `actions_rs::log::GroupGuard` or `actions_rs::log::group_guard` as missing/non-existent when they are referenced in Rust code, because the `actions-rs` crate (dependency `actions-rs = "0.1"` / published v0.1.x) exports `pub struct GroupGuard` and `pub fn group_guard` from `actions_rs::log` (and also exports `actions_rs::env::is_github_actions`). This avoids false positives from outdated/incorrect web search results. If the repo does not depend on `actions-rs = "0.1"` in `Cargo.toml`, then normal missing-import/item checks can apply.
Applied to files:
src/cmd/schema.rssrc/cli.rssrc/lib.rssrc/cmd/man.rssrc/cmd/mod.rssrc/config.rs
📚 Learning: 2026-05-14T15:35:39.922Z
Learnt from: kjanat
Repo: kjanat/runner PR: 27
File: src/cmd/run.rs:206-212
Timestamp: 2026-05-14T15:35:39.922Z
Learning: For Go projects using the canonical `cmd/` layout, when `runner` dispatches a local Go tool by its bare name (e.g., `some-cli`) under `PackageManager::Go`, resolve it relative to `ctx.root` by probing `ctx.root/cmd/<task_name>/`. If it exists, run the tool with the filesystem-path form: `go run ./cmd/<task_name>` (note the leading `./`). Do NOT generate `go run <task_name>` because bare names are treated as Go import paths, not local directories. While `go run <module>/cmd/<task_name>` can work, it’s unnecessary for local development—prefer `./cmd/<task_name>`.
Applied to files:
src/cmd/schema.rssrc/cmd/man.rssrc/cmd/mod.rs
📚 Learning: 2026-05-15T01:31:48.037Z
Learnt from: kjanat
Repo: kjanat/runner PR: 27
File: src/types.rs:584-585
Timestamp: 2026-05-15T01:31:48.037Z
Learning: In the `kjanat/runner` Rust codebase, remember that `just` treats its `justfile` name as officially case-insensitive and allows the hidden variant: `justfile`, `Justfile`, `JUSTFILE`, etc., and `.justfile`. `TaskSource::Justfile` detection should recognize these filename variants. Also note that `from_label` in `src/types.rs` is for parsing user-supplied qualifier prefixes (e.g. `justfile:build`), not for detecting the on-disk justfile. If you add/adjust qualifier label emission for `TaskSource::Justfile`, it’s not strictly required for backward compatibility because `TaskSource::label()` previously only emitted lowercase `"justfile"`, but adding additional casing/hidden variants as a defensive UX improvement is consistent with `just`’s official support.
Applied to files:
src/cmd/schema.rssrc/cli.rssrc/lib.rssrc/cmd/man.rssrc/cmd/mod.rssrc/config.rs
📚 Learning: 2026-06-04T04:42:48.221Z
Learnt from: CR
Repo: kjanat/greentv PR: 0
File: coderabbit-custom-pre-merge-checks-unique-id-file-non-traceable-F7F2B60C-1728-4C9A-8889-4F2235E186CA.txt:0-0
Timestamp: 2026-06-04T04:42:48.221Z
Learning: Applies to CHANGELOG.md : If a version bump is detected in source code modifications, CHANGELOG.md MUST contain a new section header matching the exact new version number in the format: '## [X.Y.Z] - YYYY-MM-DD'. If NO version bump is detected, changes MUST be added under the existing '## [Unreleased]' section with entry descriptions (e.g., Added, Changed, Fixed, Removed).
Applied to files:
CHANGELOG.mdREADME.md
📚 Learning: 2026-06-04T01:16:28.162Z
Learnt from: CR
Repo: kjanat/mosaic PR: 0
File: crates/mos-bib/AGENTS.md:0-0
Timestamp: 2026-06-04T01:16:28.162Z
Learning: Applies to crates/mos-bib/**/Cargo.toml : Do not add external dependencies for parsing; use hand-rolled parser approach
Applied to files:
Cargo.toml
📚 Learning: 2026-06-04T01:16:28.162Z
Learnt from: CR
Repo: kjanat/mosaic PR: 0
File: crates/mos-bib/AGENTS.md:0-0
Timestamp: 2026-06-04T01:16:28.162Z
Learning: Applies to crates/mos-bib/**/Cargo.toml : Do not depend on `mos-parse` or `mos-eval`; keep this crate close to `mos-core`
Applied to files:
Cargo.toml
📚 Learning: 2026-03-26T16:14:15.754Z
Learnt from: kjanat
Repo: kjanat/runner PR: 1
File: src/tool/go_task.rs:64-81
Timestamp: 2026-03-26T16:14:15.754Z
Learning: If code uses let-chains (e.g., `if let Some(x) = foo && ... && let Some(y) = bar`), ensure the crate’s `Cargo.toml` sets `package.edition = "2024"`. Rust 2021/earlier should not be used with let-chains; require 2024 specifically for compilation.
Applied to files:
Cargo.toml
🪛 LanguageTool
README.md
[locale-violation] ~369-~369: License must be spelled with a “c” when used as a noun in British English. Use “licence”.
Context: ...unner-run-bin`][aur:runner-run-bin] ## License [MIT][LICENSE] © 2026 Kaj Kowalski [L...
(LICENCE_LICENSE_NOUN_SINGULAR)
[locale-violation] ~371-~371: LICENSE must be spelled with a “c” when used as a noun in British English. Use “licence”.
Context: ...`][aur:runner-run-bin] ## License [MIT][LICENSE] © 2026 Kaj Kowalski [LICENSE]: https:...
(LICENCE_LICENSE_NOUN_SINGULAR)
🪛 zizmor (1.25.2)
.github/workflows/crates-release.yml
[warning] 20-20: permissions without explanatory comments (undocumented-permissions): needs an explanatory comment
(undocumented-permissions)
[error] 26-26: runtime artifacts potentially vulnerable to a cache poisoning attack (cache-poisoning): enables caching by default
(cache-poisoning)
[warning] 4-9: insufficient job-level concurrency limits (concurrency-limits): workflow is missing concurrency setting
(concurrency-limits)
[info] 25-25: action functionality is already included by the runner (superfluous-actions): use rustup and/or cargo in a script step
(superfluous-actions)
.github/workflows/npm-release.yml
[error] 70-70: runtime artifacts potentially vulnerable to a cache poisoning attack (cache-poisoning): enables caching by default
(cache-poisoning)
.github/workflows/release.yml
[warning] 19-19: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
[error] 21-21: runtime artifacts potentially vulnerable to a cache poisoning attack (cache-poisoning): enables caching by default
(cache-poisoning)
[info] 20-20: action functionality is already included by the runner (superfluous-actions): use rustup and/or cargo in a script step
(superfluous-actions)
[warning] 66-66: permissions without explanatory comments (undocumented-permissions): needs an explanatory comment
(undocumented-permissions)
[error] 72-72: runtime artifacts potentially vulnerable to a cache poisoning attack (cache-poisoning): enables caching by default
(cache-poisoning)
[info] 71-71: action functionality is already included by the runner (superfluous-actions): use rustup and/or cargo in a script step
(superfluous-actions)
[warning] 185-185: permissions without explanatory comments (undocumented-permissions): needs an explanatory comment
(undocumented-permissions)
[error] 191-191: runtime artifacts potentially vulnerable to a cache poisoning attack (cache-poisoning): enables caching by default
(cache-poisoning)
🔇 Additional comments (37)
.cargo/config.toml (1)
4-32: LGTM!justfile (1)
11-11: LGTM!Also applies to: 34-34, 37-38
.gitignore (1)
4-5: LGTM!schemas/runner.toml.schema.json (1)
81-81: LGTM!CHANGELOG.md (1)
44-50: LGTM!README.md (1)
32-32: LGTM!Also applies to: 34-71, 77-113, 126-127, 166-167, 180-185, 270-275, 310-316, 367-368, 373-375, 377-377
.github/CONTRIBUTING.md (1)
1-43: LGTM!.github/workflows/crates-release.yml (1)
2-2: LGTM!Also applies to: 5-5, 8-9, 12-13, 20-21, 23-26, 28-28, 35-35, 40-40, 42-43, 46-46, 53-53
.github/workflows/npm-release.yml (1)
61-61: LGTM!Also applies to: 70-70, 108-108
.github/workflows/aur-release.yml (1)
35-35: LGTM!npm/scripts/build-packages.ts (1)
19-19: LGTM!Also applies to: 349-350, 425-425, 434-435, 497-522, 537-552, 964-967
.github/scripts/build/build-npm-packages.sh (1)
9-12: LGTM!Also applies to: 19-19
.github/workflows/release.yml (1)
21-21: ⚡ Quick winArrr—stop
Swatinem/rust-cachefrom writing caches onpull_requestto avoid cache poisoning.
.github/workflows/release.ymlusesSwatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4without anysave-ifguard (seen at the referenced step, and again later in the workflow). If that step runs on PRs, untrusted code can poison shared caches—add an explicitsave-ifguard.Suggested patch
- - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 + - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 + with: + save-if: ${{ github.event_name != 'pull_request' }}aur/runner-run-bin/PKGBUILD (1)
23-24: LGTM!Also applies to: 28-28, 75-76
aur/runner-run/PKGBUILD (1)
30-31: LGTM!Also applies to: 85-86
.github/scripts/publish/aur-prepare.sh (1)
60-68: LGTM!install.sh (1)
148-161: LGTM!Cargo.toml (4)
15-15: LGTM!
94-98: LGTM!
100-112: LGTM!
68-70: ⚡ Quick winCargo.toml
clap_mangendependency version is already up to date (0.3.x)
clap_mangen’s latest crates.io release is 0.3.0, and your Cargo specversion = "0.3"(caret^0.3) already covers all 0.3.x, so you’re not missing anything by using0.3..zed/settings.json (1)
19-19: LGTM!src/cli.rs (3)
877-880: LGTM!
979-991: LGTM!
993-1005: LGTM!src/cmd/man.rs (5)
12-28: LGTM!
30-60: Kyaa~! Such clean code, senpai! (◕‿◕)The enumeration logic be properly excludin' hidden subcommands and the
mancommand itself. Very kawaii desu ne~ ✨
62-73: LGTM!
75-118: Arrr! This ANSI-strippin' code be shipshape! ⚓The implementation correctly handles CSI sequences (
ESC [) and OSC sequences (ESC ]) with proper terminators. For the clap help output, this be all ye need, matey!
120-174: LGTM!src/cmd/schema.rs (1)
10-20: Uwu~ such a simple and elegant function! (。♥‿♥。)The schema writin' logic be clean and correct, with proper error context for both stdout and file output paths. Trailing newlines be handled in both cases~
src/cmd/mod.rs (2)
17-21: LGTM!
30-34: LGTM!src/config.rs (1)
51-51: Yarr! The feature migration be complete and consistent across all configuration structs! 🏴☠️Every
schema-genreference has been properly swapped ferschema, includin' both struct-level derives and field-level schemars metadata. Smooth sailin'!Also applies to: 82-84, 115-115, 159-159, 173-173, 179-179, 186-186, 194-194, 212-212, 218-218, 225-225
src/lib.rs (3)
78-84: LGTM!
730-737: LGTM!
713-716: Kyaa~! The dispatch logic be perfectly integrated! (≧◡≦)Both
ManandSchemasubcommands be properly wired into the main dispatch with matchin' cfg gates. The helper functions keep the dispatch function from becomin' too bloated~! ✨Also applies to: 739-743
Restore the Clippy duplicate-version allow and hide the feature-only `runner man` generator from shipped man-page docs. Bump release metadata to 0.12.1, harden PR verification cache writes, and add the root `fmt` package script.
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
runner | d271b11 | Commit Preview URL Branch Preview URL |
Jun 04 2026, 09:45 AM |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
1 participant
What
man runner/man run(plus per-subcommand pages), rendered from the clap command tree and shipped by every channel that supports them.How
mansubcommand insrc/cmd/man.rsbehind themanfeature (off by default, Unix-only). Strips the help-text color escapes so the output is clean roff that passesmanwith zero warnings.gen-schemaexample becomes aschemasubcommand behind theschemafeature. Both generators stay off the shipped binary; features renamed fromman-gen/schema-gen.man/rendered before publish, carried in the crate.manfield (raw.1files, no archive inside)./usr/share/man/man1/.runner-<tag>-man.tar.gz(+.sha256);install.shdownloads and checksum-verifies it.Also
bacon.toml; add.github/CONTRIBUTING.md; regenerate the README demo blocks from the live binary; CI and clippy cleanups.