Feat/clarify or expand GitHub ci default ecosystem support

[oneslash]

Summary by CodeRabbit

• New Features

  • GitHub CI integration now supports generic dependency reviews for pip and cargo ecosystems (in addition to npm).
  • Default presets available for npm, pip, and cargo without requiring custom fixtures or scenarios.

• Bug Fixes

  • Fixed conditional behavior that blocked non-npm ecosystems from using default presets.

• Documentation

  • Updated guides to reflect multi-ecosystem preset support and optional fixture/scenario requirements.

• Chores

  • Reduced verbosity in dependency resolution commands; updated runtime environment configuration.

[coderabbitai]

Warning

Rate limit exceeded

@oneslash has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 46 minutes and 41 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 46 minutes and 41 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b50526d4-9f2a-4c5c-a24b-aea52cfc185a

📥 Commits

Reviewing files that changed from the base of the PR and between 4723890 and d6b6dc7.

📒 Files selected for processing (2)

• internal/preset/preset.go
• internal/preset/preset_test.go

📝 Walkthrough

Walkthrough

This PR extends Limier's GitHub CI integration to support generic dependency review presets for pip and cargo ecosystems. It adds scenario and fixture generation logic, updates docker shell invocation, and documents the expanded preset coverage alongside existing npm support.

Changes

Cohort / File(s)	Summary
CI Logic cmd/ci.go, cmd/ci_test.go	Removed conditional skip status for missing fixture/scenario paths in non-npm ecosystems; new test verifies default preset behavior for pip and cargo with "unsupported rules preset" message.
Preset Resolution cmd/run.go, internal/preset/preset.go, internal/preset/preset_test.go	Extended ResolveFixture API to accept packageName parameter; introduced cargo-require and pip-require fixture presets with validation and temp directory generation; ResolveScenario now includes cargo-ci and pip-ci presets; comprehensive test suite for new scenario/fixture resolution.
Scenario Configuration Files internal/preset/assets/scenarios/cargo-ci.yml, internal/preset/assets/scenarios/pip-ci.yml	New CI scenario files: cargo runs install twice with generic verification; pip runs install then exercises import validation via dynamic module name normalization.
Cargo Adapter internal/adapters/cargo/cargo.go, internal/adapters/cargo/cargo_test.go	Added --quiet flag to both cargo check and cargo metadata commands in default install command; test assertions updated to reflect flag addition.
Docker Environment internal/env/docker/manager.go, internal/env/docker/manager_linux_test.go, internal/env/docker/manager_test.go	Changed shell invocation from sh -lc <command> to sh -c <command> in container startup and step execution; test fake docker assertions updated to validate -c flag.
Documentation docs/guide/ci-and-deploy.md, docs/guide/review-your-own-project.md, docs/reference/cli.md	Updated to describe generic default presets for npm, pip, and cargo; clarified when custom --fixture and --scenario are required vs. optional; renamed section to "Custom Fixture Requirements By Ecosystem".

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: Add Limier GitHub Actions integration #13: Modifies preset resolution and GitHub CI flow with changes to internal/preset/preset.go and CI command logic.
• fix: ci classifier dependency files #14: Updates cmd/ci.go's resolveDependencyUpgrade decision logic for skipped vs. needs_review status handling.

Poem

🐰 Hop, skip, and a jump through pip and cargo
From npm-only days to ecosystems fair,
Presets now sprouting like clover with care,
Generic reviews dancing light as air! 🌱✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main objective: expanding GitHub CI default ecosystem support from npm-only to include pip and cargo with generic presets.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/clarify-or-expand-github-ci-default-ecosystem-support

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

internal/preset/assets/scenarios/pip-ci.yml (1)

31-41: Catch Exception (or ImportError) instead of BaseException.

BaseException also captures SystemExit and KeyboardInterrupt, which an import probe shouldn't silently swallow. ImportError/ModuleNotFoundError is the targeted failure mode here; Exception is a safer broad fallback if you want to also catch e.g. side‑effect errors during import.

♻️ Proposed tightening

       for candidate in candidates:
           try:
               importlib.import_module(candidate)
-          except BaseException as exc:
+          except Exception as exc:
               print(f"limier fixture: import {candidate!r} failed: {exc}")
               continue
           print(f"limier fixture: imported {candidate!r}")
           break
       else:
           print("limier fixture: package installed; no generic import succeeded")

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/preset/assets/scenarios/pip-ci.yml` around lines 31 - 41, The import
probe currently catches BaseException (in the loop using
importlib.import_module(candidate)), which incorrectly swallows
SystemExit/KeyboardInterrupt; change the except clause to catch narrower
exceptions such as Exception (or specifically ImportError/ModuleNotFoundError) —
e.g. replace "except BaseException as exc" with "except Exception as exc" or
"except (ImportError, ModuleNotFoundError) as exc" so import failures and
runtime import errors are handled but system interrupts are not suppressed.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@internal/preset/preset.go`:
- Line 19: The pip package regex pipPackagePattern must be tightened to require
the first and last characters be alphanumeric (e.g. change to something like
^[A-Za-z0-9](?:[A-Za-z0-9._-]*[A-Za-z0-9])?$) so names cannot start with '-' '.'
or '_'; likewise update the Cargo name validation to require the first character
be a letter (adjust the per-character allowlist/validation used for Cargo names
to enforce leading [A-Za-z] and then allow [A-Za-z0-9_-]* for the rest). Update
the tests in TestResolveFixtureRejectsUnsafeGeneratedPackageNames to add
negative cases such as "-rfoo" for pip and "-serde" for cargo to ensure the new
validators reject these inputs.

---

Nitpick comments:
In `@internal/preset/assets/scenarios/pip-ci.yml`:
- Around line 31-41: The import probe currently catches BaseException (in the
loop using importlib.import_module(candidate)), which incorrectly swallows
SystemExit/KeyboardInterrupt; change the except clause to catch narrower
exceptions such as Exception (or specifically ImportError/ModuleNotFoundError) —
e.g. replace "except BaseException as exc" with "except Exception as exc" or
"except (ImportError, ModuleNotFoundError) as exc" so import failures and
runtime import errors are handled but system interrupts are not suppressed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e8f05a6a-cca3-42fe-97cb-20212630ee3a

📥 Commits

Reviewing files that changed from the base of the PR and between 78b85db and 4723890.

📒 Files selected for processing (15)

• cmd/ci.go
• cmd/ci_test.go
• cmd/run.go
• docs/guide/ci-and-deploy.md
• docs/guide/review-your-own-project.md
• docs/reference/cli.md
• internal/adapters/cargo/cargo.go
• internal/adapters/cargo/cargo_test.go
• internal/env/docker/manager.go
• internal/env/docker/manager_linux_test.go
• internal/env/docker/manager_test.go
• internal/preset/assets/scenarios/cargo-ci.yml
• internal/preset/assets/scenarios/pip-ci.yml
• internal/preset/preset.go
• internal/preset/preset_test.go

💤 Files with no reviewable changes (1)

• cmd/ci.go