[do not merge] test trigger

[raptorsun]

do not merge

Summary by CodeRabbit

• Chores

  • Updated the autogenerated stack configuration name in CI from “foo bar baz” to “foo bar baz 1” to align with current naming.
  • No changes to workflow steps, environments, or control flow; only the generated content label is different.
  • No impact on application behavior or user-facing features.

• Tests

  • End-to-end test workflow remains functionally unchanged; execution and results are unaffected by this naming update.

[coderabbitai]

Walkthrough

Updates the .github/workflows/e2e_tests.yaml so that the file-action generates lightspeed-stack.yaml with name: "foo bar baz 1" instead of "foo bar baz". No other fields, workflow steps, environment, or control flow are changed.

Changes

Cohort / File(s)	Summary of changes
Workflow: e2e tests generation .github/workflows/e2e_tests.yaml	Adjusts the generated lightspeed-stack.yaml content to use name "foo bar baz 1"; all other generation logic and workflow steps remain unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• LCORE-306: setup e2e test env #306 — Also modifies the generated lightspeed-stack.yaml content from the file-action, overlapping with this change to the "name" field.

Suggested reviewers

• tisnik

Poem

I twitch my nose at YAML’s tune,
A single digit changed so soon—
“baz” becomes “baz 1,” neat and clear,
Hop, hop! The pipelines persevere.
Carrots counted, tests still run,
Tiny tweak, configuration fun. 🥕

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)

.github/workflows/e2e_tests.yaml (4)

4-4: High risk: pull_request_target runs untrusted PR code with repo secrets.

This workflow checks out and executes the PR head under pull_request_target while exposing secrets (see OPENAI_API_KEY below). This is a known exfiltration vector. Use pull_request for untrusted PRs.

Apply this diff:

-on: [push, pull_request_target]
+on: [push, pull_request]

---

9-11: Don’t expose OPENAI_API_KEY at job scope or to third‑party actions.

• Job-level env exposes the secret to every step (including debug and list/cat).
• Passing secrets to 1arp/create-a-file-action is unnecessary and increases supply-chain risk.

Restrict the secret to only the step that actually needs it, and gate that step to trusted contexts.

Apply this diff:

 jobs:
   e2e_tests:
     runs-on: ubuntu-latest
-    env:
-      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
@@
-      - uses: 1arp/create-a-file-action@0.4.5
-        env: 
-            OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+      - uses: 1arp/create-a-file-action@0.4.5
         with:
@@
-      - uses: 1arp/create-a-file-action@0.4.5
-        env: 
-            OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+      - uses: 1arp/create-a-file-action@0.4.5
         with:
@@
-      - name: Run service manually
-        env: 
-            OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+      - name: Run service manually
+        if: ${{ github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false) }}
+        env:
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}

Also applies to: 61-63, 95-97

---

6-8: Tighten default token permissions.

Minimize the GITHUB_TOKEN scope to reduce blast radius.

Apply this diff:

 jobs:
   e2e_tests:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read

---

234-244: Gate heavy/secret-dependent steps for forks.

Avoid running docker/compose and tests on forked PRs that won’t have secrets anyway.

Apply this diff:

-      - name: Run service manually
+      - name: Run service manually
+        if: ${{ github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false) }}
@@
-      - name: Run e2e tests
+      - name: Run e2e tests
+        if: ${{ github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false) }}

Also applies to: 259-267

🧹 Nitpick comments (2)

.github/workflows/e2e_tests.yaml (2)

26-46: Debug-only step looks repo/branch-specific; gate or remove.

Prevents noisy logs in unrelated PRs.

Apply this diff:

-      - name: Debug checkout for umago/lightspeed-stack setup-metrics branch
-        run: |
+      - name: Debug checkout (internal only)
+        if: ${{ github.repository == 'umago/lightspeed-stack' }}
+        run: |
           echo "=== GitHub Event Information ==="
           ...

---

245-249: Stabilize readiness and connectivity checks.

Replace fixed sleep and add curl retries/timeouts to reduce flakes.

Apply this diff:

-      - name: Wait for services
-        run: |
-          echo "Waiting for services to be healthy..."
-          sleep 20  # adjust depending on boot time
+      - name: Wait for services
+        run: |
+          echo "Waiting for services to be healthy..."
+          for i in {1..30}; do
+            if curl -sf http://localhost:8080/v1/models >/dev/null; then
+              echo "Service is up"; exit 0
+            fi
+            sleep 2
+          done
+          echo "Service did not become ready in time"; exit 1
@@
-      - name: Quick connectivity test
+      - name: Quick connectivity test
         run: |
           echo "Testing basic connectivity before full test suite..."
-          curl -f http://localhost:8080/v1/models || {
+          curl -f --retry 5 --retry-connrefused --max-time 10 http://localhost:8080/v1/models || {
             echo "❌ Basic connectivity failed - showing logs before running full tests"
             docker compose logs --tail=30
             exit 1
           }

Also applies to: 251-257

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f8da8e0 and e32c04d.

📒 Files selected for processing (1)

• .github/workflows/e2e_tests.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-pr
• GitHub Check: e2e_tests

🔇 Additional comments (1)

.github/workflows/e2e_tests.yaml (1)

68-68: Change to generated config name is fine.

No functional impact beyond the literal content. Safe.