ci: add checks on PR

[feloy]

No description provided.

[coderabbitai]

Warning

Rate limit exceeded

@feloy has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 17 minutes and 55 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 877d9c3 and c79c337.

📒 Files selected for processing (2)

• .github/workflows/pr-checks.yml
• AGENTS.md

📝 Walkthrough

Walkthrough

Adds a new GitHub Actions workflow at .github/workflows/pr-checks.yml that runs on pull_request to checkout code (pinned commits), set up Go (reads version from go.mod), run make ci-checks, build the binary, and verify ./kortex-cli version. Updates AGENTS.md to require pinning actions by commit SHA256.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow .github/workflows/pr-checks.yml	New PR-triggered workflow on ubuntu-24.04: checks out repo with a specific commit SHA, sets up Go via actions/setup-go pinned to a commit SHA (reads version from go.mod), runs make ci-checks, runs make build, and executes ./kortex-cli version. Includes license header.
Documentation AGENTS.md	Added guidance requiring GitHub Actions workflows to pin action references by commit SHA256 (instead of tags) with an example showing pinned actions/checkout and a note to comment the readable version for clarity.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer (PR)
    participant GH as GitHub Actions
    participant Runner as Actions Runner
    participant Make as make (ci-checks / build)
    participant CLI as Built Binary (kortex-cli)

    Dev->>GH: Open/Update pull request
    GH->>Runner: Trigger `.github/workflows/pr-checks.yml`
    Runner->>Runner: actions/checkout@<sha> (checkout pinned commit)
    Runner->>Runner: actions/setup-go@<sha> (read version from go.mod)
    Runner->>Make: make ci-checks
    Make-->>Runner: CI results
    Runner->>Make: make build
    Make-->>CLI: produce binary
    Runner->>CLI: ./kortex-cli version
    CLI-->>Runner: version output
    Runner-->>GH: Report workflow status

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• chore(agent): add AGENTS.md and CLAUDE.md (symlink) #6: Adds AGENTS.md; likely related because this PR updates that file with workflow pinning guidance.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to assess relevance to the changeset.	Add a description explaining the purpose of the CI checks workflow, what it validates, and why these checks are needed.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'ci: add checks on PR' accurately describes the main change: adding a GitHub Actions workflow for PR checks.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[benoitf]

it needs to be a defined version ( like Ubuntu 24.04)

Latest is a rolling tag

[benoitf]

Can't it get the tool chain/go version from go.mod ?

To avoid to duplicate the version

[benoitf]

Missing copyright headers

[benoitf]

left some comments

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@AGENTS.md`:
- Line 116: The doc text incorrectly calls workflow commit pins "commit SHA256
hashes"; change the wording to "full commit SHA-1 hashes (40‑character hex)"
where the phrase appears (e.g., the sentence that mentions ".github/workflows/"
and "commit SHA256 hashes") so the example and explanation consistently state
SHA-1 and the 40-character format rather than SHA-256.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d9a072d and 6248c4f.

📒 Files selected for processing (2)

• .github/workflows/pr-checks.yml
• AGENTS.md

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/pr-checks.yml

[coderabbitai]

♻️ Duplicate comments (1)

AGENTS.md (1)

116-116: ⚠️ Potential issue | 🟡 Minor

Correct the hash algorithm terminology.

The documentation states "commit SHA256 hashes," but Git and GitHub use SHA-1 commit hashes (40 hexadecimal characters). The example correctly shows a 40-character SHA-1 hash, not a 64-character SHA-256 hash.

📝 Suggested fix

-GitHub Actions workflows are stored in `.github/workflows/`. All workflows must use commit SHA256 hashes instead of version tags for security reasons (to prevent supply chain attacks from tag manipulation).
+GitHub Actions workflows are stored in `.github/workflows/`. All workflows must use full commit SHA-1 hashes instead of version tags for security reasons (to prevent supply chain attacks from tag manipulation).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@AGENTS.md` at line 116, Replace the incorrect terminology "commit SHA256
hashes" in the GitHub Actions workflows guidance with "commit SHA-1 hashes" (or
"SHA-1 commit hashes") and ensure the surrounding text and examples consistently
state SHA-1 (40‑character hex) rather than SHA-256 to match the example and
Git/GitHub semantics; update the sentence that begins "GitHub Actions workflows
are stored in `.github/workflows/`" to reference SHA-1 commit hashes.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@AGENTS.md`:
- Line 116: Replace the incorrect terminology "commit SHA256 hashes" in the
GitHub Actions workflows guidance with "commit SHA-1 hashes" (or "SHA-1 commit
hashes") and ensure the surrounding text and examples consistently state SHA-1
(40‑character hex) rather than SHA-256 to match the example and Git/GitHub
semantics; update the sentence that begins "GitHub Actions workflows are stored
in `.github/workflows/`" to reference SHA-1 commit hashes.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6248c4f and 877d9c3.

📒 Files selected for processing (2)

• .github/workflows/pr-checks.yml
• AGENTS.md

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/pr-checks.yml