Conversation
- Change file extension for GitHub Actions workflows from .yml to .yaml in .gitignore - Create a new GitHub Actions workflow file 'flaky.yml' for running tests and uploading results to Trunk.io
Learn moreAll Green is an AI agent that automatically: ✅ Addresses code review comments ✅ Fixes failing CI checks ✅ Resolves merge conflicts |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
|
🤖 Hi @ssdeanx, I've received your request, and I'm working on it now! You can track my progress in the logs for more details. |
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings. WalkthroughAdds a new GitHub Actions workflow for flaky test detection and reporting that triggers on pushes and pull requests to main or develop branches. The workflow runs tests and uploads results to Trunk.io using the trunk-io/analytics-uploader action. Also updates Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom Pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Reviewer's GuideAdds a new GitHub Actions workflow to detect flaky tests and adjusts .gitignore to ignore .yaml workflow files instead of .yml. Sequence diagram for flaky test GitHub Actions workflow executionsequenceDiagram
actor Developer
participant GitHubRepo
participant GitHubActions
participant TestJob
participant TrunkAnalytics
Developer->>GitHubRepo: Push commit or open PR (main/develop)
GitHubRepo-->>GitHubActions: Trigger flaky.yml workflow
GitHubActions->>TestJob: Start test job on ubuntu-latest
TestJob->>TestJob: Run tests and produce JUnit XML
TestJob-->>GitHubActions: Job completion (success/failure)
GitHubActions->>TrunkAnalytics: Upload JUnit results via trunk-io analytics-uploader
TrunkAnalytics-->>GitHubActions: Acknowledge upload
GitHubActions-->>Developer: Report workflow status in GitHub UI
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
Summary of ChangesHello @ssdeanx, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request primarily adjusts the Highlights
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
🤖 I'm sorry @ssdeanx, but I was unable to process your request. Please see the logs for more details. |
…tain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates .gitignore to allow tracking .yml workflow files, which is necessary for adding the new flaky.yml workflow. The change is functionally correct. My review includes one suggestion to improve the formatting of the .gitignore file by removing an unnecessary blank line.
I have a few additional points for your consideration:
- The PR description is slightly misleading, as the change removes the ignore rule for
.ymlfiles rather than changing an extension. - The new
flaky.ymlfile mentioned in the description was not included in the provided changes, so I was unable to review it. - The
.gitignorefile continues to ignore.yamlworkflow files. This is uncommon and may cause confusion for future contributors, as workflow files are typically version-controlled regardless of their extension.
|
|
||
| # GitHub Actions | ||
| .github/workflows/**.yml | ||
|
|
There was a problem hiding this comment.
This change introduces an unnecessary blank line. To keep the .gitignore file clean and concise, it's better to remove this line entirely rather than replacing it with a blank one.
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey - I've found 3 issues, and left some high level feedback:
- The new workflow is added as
flaky.ymlwhile the description mentions standardizing on.yamlextensions in.gitignore; consider aligning the workflow filename and ignore patterns to avoid confusion or accidental exclusion. - The
trunk-io/analytics-uploaderaction is referenced using@main; pinning to a specific version or commit hash would improve reproducibility and supply-chain safety. - The workflow triggers on both
pushandpull_requestformainanddevelop, which can cause duplicate runs for the same change; consider narrowing triggers (e.g., onlypull_requestfor branches) if that better matches the intended behavior.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The new workflow is added as `flaky.yml` while the description mentions standardizing on `.yaml` extensions in `.gitignore`; consider aligning the workflow filename and ignore patterns to avoid confusion or accidental exclusion.
- The `trunk-io/analytics-uploader` action is referenced using `@main`; pinning to a specific version or commit hash would improve reproducibility and supply-chain safety.
- The workflow triggers on both `push` and `pull_request` for `main` and `develop`, which can cause duplicate runs for the same change; consider narrowing triggers (e.g., only `pull_request` for branches) if that better matches the intended behavior.
## Individual Comments
### Comment 1
<location> `.github/workflows/flaky.yml:15-19` </location>
<code_context>
+ contents: read
+
+jobs:
+ test:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Run Tests
+ run: ...
+
</code_context>
<issue_to_address>
**issue (bug_risk):** Consider adding an explicit checkout step before running tests and uploading results.
This job runs on `ubuntu-latest` without checking out the repo, so it won’t see your test code or JUnit XML files. Add a `- uses: actions/checkout@v4` step before `Run Tests` so the workflow has access to the repository contents.
</issue_to_address>
### Comment 2
<location> `.github/workflows/flaky.yml:25` </location>
<code_context>
+ - name: Upload Test Results to Trunk.io
+ if: ${{ !cancelled() }} # Upload the results even if the tests fail
+ continue-on-error: true # don't fail this job if the upload fails
+ uses: trunk-io/analytics-uploader@main
+ with:
+ junit-paths: "**/*.xml"
</code_context>
<issue_to_address>
**🚨 suggestion (security):** Pin the analytics-uploader action to a specific version or commit for supply-chain safety.
Using `@main` will automatically pull in any future changes to `trunk-io/analytics-uploader`, including potentially breaking or malicious ones. Please pin this to a tagged release (e.g. `@vX`) or, ideally, a specific commit SHA to keep the workflow deterministic and auditable.
Suggested implementation:
```
- name: Upload Test Results to Trunk.io
if: ${{ !cancelled() }} # Upload the results even if the tests fail
continue-on-error: true # don't fail this job if the upload fails
# Pin to a specific version or commit for supply-chain safety.
# Replace `vX.Y.Z` with the desired tagged release or a specific commit SHA.
uses: trunk-io/analytics-uploader@vX.Y.Z
with:
junit-paths: "**/*.xml"
org-slug: deanmachines
token: ${{ secrets.TRUNK_API_TOKEN }}
```
1. Decide on the exact ref to pin to:
- Prefer a tagged release, e.g. `trunk-io/analytics-uploader@v1`, `@v1.2.3`.
- For maximum determinism, use a full commit SHA, e.g. `@0123456789abcdef0123456789abcdef01234567`.
2. Update `vX.Y.Z` in the `uses:` line to that chosen tag or SHA.
3. Optionally, document the chosen version/commit in a comment (e.g., link to the release or commit on GitHub) to aid future audits and upgrades.
</issue_to_address>
### Comment 3
<location> `.github/workflows/flaky.yml:27` </location>
<code_context>
+ continue-on-error: true # don't fail this job if the upload fails
+ uses: trunk-io/analytics-uploader@main
+ with:
+ junit-paths: "**/*.xml"
+ org-slug: deanmachines
+ token: ${{ secrets.TRUNK_API_TOKEN }}
</code_context>
<issue_to_address>
**suggestion (bug_risk):** Narrow the JUnit glob pattern to avoid picking up unrelated XML files.
`**/*.xml` will include non-test XML files (configs, reports from other tools, etc.), which can lead to noisy or misclassified results in Trunk. If you know the directory structure, consider a more specific glob (e.g. `reports/**/junit-*.xml` or `**/test-results/**/*.xml`) to target only JUnit outputs.
Suggested implementation:
```
- name: Upload Test Results to Trunk.io
if: ${{ !cancelled() }} # Upload the results even if the tests fail
continue-on-error: true # don't fail this job if the upload fails
uses: trunk-io/analytics-uploader@main
with:
# Restrict to typical test result locations to avoid unrelated XML files
junit-paths: |
**/test-results/**/*.xml
**/junit/**/*.xml
org-slug: deanmachines
token: ${{ secrets.TRUNK_API_TOKEN }}
```
If your project uses a different directory layout for JUnit outputs (e.g. `reports/junit/*.xml`, `build/test-results/test/*.xml`, or `target/surefire-reports/*.xml`), update the `junit-paths` entries accordingly to match those actual paths. The key is to:
1. Point only at directories where JUnit reports are written.
2. Avoid root-level or generic `**/*.xml` patterns that include config or tool output XML.
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
| test: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Run Tests |
There was a problem hiding this comment.
issue (bug_risk): Consider adding an explicit checkout step before running tests and uploading results.
This job runs on ubuntu-latest without checking out the repo, so it won’t see your test code or JUnit XML files. Add a - uses: actions/checkout@v4 step before Run Tests so the workflow has access to the repository contents.
| - name: Upload Test Results to Trunk.io | ||
| if: ${{ !cancelled() }} # Upload the results even if the tests fail | ||
| continue-on-error: true # don't fail this job if the upload fails | ||
| uses: trunk-io/analytics-uploader@main |
There was a problem hiding this comment.
🚨 suggestion (security): Pin the analytics-uploader action to a specific version or commit for supply-chain safety.
Using @main will automatically pull in any future changes to trunk-io/analytics-uploader, including potentially breaking or malicious ones. Please pin this to a tagged release (e.g. @vX) or, ideally, a specific commit SHA to keep the workflow deterministic and auditable.
Suggested implementation:
- name: Upload Test Results to Trunk.io
if: ${{ !cancelled() }} # Upload the results even if the tests fail
continue-on-error: true # don't fail this job if the upload fails
# Pin to a specific version or commit for supply-chain safety.
# Replace `vX.Y.Z` with the desired tagged release or a specific commit SHA.
uses: trunk-io/analytics-uploader@vX.Y.Z
with:
junit-paths: "**/*.xml"
org-slug: deanmachines
token: ${{ secrets.TRUNK_API_TOKEN }}
- Decide on the exact ref to pin to:
- Prefer a tagged release, e.g.
trunk-io/analytics-uploader@v1,@v1.2.3. - For maximum determinism, use a full commit SHA, e.g.
@0123456789abcdef0123456789abcdef01234567.
- Prefer a tagged release, e.g.
- Update
vX.Y.Zin theuses:line to that chosen tag or SHA. - Optionally, document the chosen version/commit in a comment (e.g., link to the release or commit on GitHub) to aid future audits and upgrades.
| continue-on-error: true # don't fail this job if the upload fails | ||
| uses: trunk-io/analytics-uploader@main | ||
| with: | ||
| junit-paths: "**/*.xml" |
There was a problem hiding this comment.
suggestion (bug_risk): Narrow the JUnit glob pattern to avoid picking up unrelated XML files.
**/*.xml will include non-test XML files (configs, reports from other tools, etc.), which can lead to noisy or misclassified results in Trunk. If you know the directory structure, consider a more specific glob (e.g. reports/**/junit-*.xml or **/test-results/**/*.xml) to target only JUnit outputs.
Suggested implementation:
- name: Upload Test Results to Trunk.io
if: ${{ !cancelled() }} # Upload the results even if the tests fail
continue-on-error: true # don't fail this job if the upload fails
uses: trunk-io/analytics-uploader@main
with:
# Restrict to typical test result locations to avoid unrelated XML files
junit-paths: |
**/test-results/**/*.xml
**/junit/**/*.xml
org-slug: deanmachines
token: ${{ secrets.TRUNK_API_TOKEN }}
If your project uses a different directory layout for JUnit outputs (e.g. reports/junit/*.xml, build/test-results/test/*.xml, or target/surefire-reports/*.xml), update the junit-paths entries accordingly to match those actual paths. The key is to:
- Point only at directories where JUnit reports are written.
- Avoid root-level or generic
**/*.xmlpatterns that include config or tool output XML.
There was a problem hiding this comment.
Pull request overview
This PR updates the repository's GitHub Actions workflow handling by standardizing on .yaml file extensions and adds a new workflow for flaky test detection. The changes remove .yml from .gitignore while keeping .yaml, and introduce a workflow that runs tests and uploads results to Trunk.io for analysis.
- Updated
.gitignoreto exclude.yamlworkflow files instead of.yml - Added new
flaky.ymlworkflow for test execution and result uploading to Trunk.io
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| .gitignore | Changed ignored workflow file extension from .yml to .yaml |
| .github/workflows/flaky.yml | Created new workflow for running tests and uploading results to Trunk.io |
| @@ -0,0 +1,29 @@ | |||
| on: | |||
There was a problem hiding this comment.
The workflow is missing a 'name' field at the top level. Adding a descriptive name like 'name: Flaky Test Detection' would make the workflow easier to identify in the GitHub Actions UI.
|
|
||
| steps: | ||
| - name: Run Tests | ||
| run: ... |
There was a problem hiding this comment.
The 'run' command contains placeholder text '...' which will cause the workflow to fail. This needs to be replaced with the actual test command (e.g., 'npm test', 'pytest', or whatever test runner is used in this repository).
| run: ... | |
| run: echo "No tests are configured for this workflow yet." |
| test: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: |
There was a problem hiding this comment.
The 'Run Tests' step is missing a checkout action before it. Without checking out the repository code first using 'actions/checkout@v4', the tests will have no code to run against.
| steps: | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Fix all issues with AI agents
In @.github/workflows/flaky.yml:
- Around line 1-9: Add a top-level name field to the GitHub Actions workflow so
it displays a descriptive title in the Actions UI; update the YAML in the
workflow (the document that currently starts with "on:") by inserting a "name:
<Descriptive Workflow Name>" line at the very top (e.g., "name: Flaky Test
Suite" or similar), keeping it above the existing "on:" block.
- Around line 22-29: The "Upload Test Results to Trunk.io" workflow step is
insecure and too broad: replace the uses reference
trunk-io/analytics-uploader@main with a pinned tag or commit SHA (do not use
@main), narrow the junit-paths pattern to the actual test output directory(s)
instead of "**/*.xml" (e.g., your CI test-report folder), and ensure a prior
checkout action (actions/checkout@vX or pinned SHA) runs so the uploader can
find files; update the step name or inputs accordingly to reflect these changes.
- Around line 15-16: The GitHub Actions job keyed as "test" currently only has
"runs-on: ubuntu-latest"; add a descriptive "name" field to the job mapping
(e.g., name: "Run Tests" or similar) so the job displays a meaningful title in
the Actions UI; update the job block that contains the "test" key and "runs-on"
to include the new "name" property at the same indentation level.
In @.gitignore:
- Line 131: The .gitignore pattern ".github/workflows/**.yaml" doesn’t match the
new workflow file "flaky.yml", so Git will still track it; update the ignore to
cover the actual file or rename the file: either rename "flaky.yml" to
"flaky.yaml", or change the .gitignore entry to ".github/workflows/**.yml", or
better replace it with a pattern that matches both extensions like
".github/workflows/**/*.{yml,yaml}" so both ".yml" and ".yaml" workflow files
are ignored.
📜 Review details
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (2)
.github/workflows/flaky.yml.gitignore
🧰 Additional context used
📓 Path-based instructions (1)
**/.github/workflows/*.{yml,yaml}
📄 CodeRabbit inference engine (.github/instructions/github-actions-ci-cd-best-practices.instructions.md)
**/.github/workflows/*.{yml,yaml}: Use consistent, descriptive names for workflow files (e.g.,build-and-test.yml,deploy-prod.yml)
Definepermissionsat the workflow level for a secure default, overriding at the job level if needed, following the principle of least privilege
Always start with a descriptivenameand appropriateontrigger. Suggest granular triggers for specific use cases (e.g.,on: push: branches: [main]vs.on: pull_request)
Recommend usingworkflow_dispatchfor manual triggers, allowing input parameters for flexibility and controlled deployments
Useconcurrencyto prevent simultaneous runs for specific branches or groups, avoiding race conditions or wasted resources
Definejobswith clearnameand appropriateruns-on(e.g.,ubuntu-latest,windows-latest,self-hosted)
Useneedsto define dependencies between jobs, ensuring sequential execution and logical flow
Employoutputsto pass data between jobs efficiently, promoting modularity
Utilizeifconditions for conditional job execution (e.g., deploy only onmainbranch pushes, run E2E tests only for certain PRs, skip jobs based on file changes)
Useusesto reference marketplace or custom actions, always specifying a secure version (tag or SHA), never pinning tomainorlatest
Usenamefor each step for readability in logs and easier debugging
Userunfor shell commands, combining commands with&&for efficiency and using|for multi-line scripts
Always instruct users to use GitHub Secrets for sensitive information (e.g., API keys, passwords, cloud credentials, tokens), accessed viasecrets.<SECRET_NAME>
Recommend using environment-specific secrets for deployment environments to enforce stricter access controls and approvals
Strongly recommend OIDC for authenticating with AWS, Azure, GCP, and other cloud providers instead of storing long-lived access keys as secrets
Configurepermissionsat the workflow or job level to restrictGITHUB_TOKEN...
Files:
.github/workflows/flaky.yml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
- GitHub Check: Sourcery review
- GitHub Check: Sourcery review
- GitHub Check: Codacy Security Scan
- GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (1)
.github/workflows/flaky.yml (1)
11-12: Permissions block properly configured.Good job adding the
permissionsblock withcontents: readto address the security alert. This follows the principle of least privilege.
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| - develop | ||
| pull_request: | ||
| branches: | ||
| - main | ||
| - develop |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
Add a descriptive workflow name.
The workflow is missing a top-level name field. Add one for better visibility in the GitHub Actions UI.
🔎 Proposed addition
+name: Flaky Test Detection and Reporting
+
on:
push:As per coding guidelines, always start with a descriptive name for the workflow.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| pull_request: | |
| branches: | |
| - main | |
| - develop | |
| name: Flaky Test Detection and Reporting | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| pull_request: | |
| branches: | |
| - main | |
| - develop |
🤖 Prompt for AI Agents
In @.github/workflows/flaky.yml around lines 1 - 9, Add a top-level name field
to the GitHub Actions workflow so it displays a descriptive title in the Actions
UI; update the YAML in the workflow (the document that currently starts with
"on:") by inserting a "name: <Descriptive Workflow Name>" line at the very top
(e.g., "name: Flaky Test Suite" or similar), keeping it above the existing "on:"
block.
| test: | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Add a descriptive job name.
The job is missing a name field. While not strictly required, it improves readability in the Actions UI.
🔎 Proposed addition
jobs:
test:
+ name: Run Tests and Upload Results
runs-on: ubuntu-latestCommittable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In @.github/workflows/flaky.yml around lines 15 - 16, The GitHub Actions job
keyed as "test" currently only has "runs-on: ubuntu-latest"; add a descriptive
"name" field to the job mapping (e.g., name: "Run Tests" or similar) so the job
displays a meaningful title in the Actions UI; update the job block that
contains the "test" key and "runs-on" to include the new "name" property at the
same indentation level.
| - name: Upload Test Results to Trunk.io | ||
| if: ${{ !cancelled() }} # Upload the results even if the tests fail | ||
| continue-on-error: true # don't fail this job if the upload fails | ||
| uses: trunk-io/analytics-uploader@main | ||
| with: | ||
| junit-paths: "**/*.xml" | ||
| org-slug: deanmachines | ||
| token: ${{ secrets.TRUNK_API_TOKEN }} No newline at end of file |
There was a problem hiding this comment.
Security and reliability concerns with the upload step.
This step has multiple issues already flagged by previous reviewers:
- Security risk: Using
@mainfor the action reference means any changes pushed to the main branch will automatically be pulled into your workflow, including potentially malicious code - Overly broad pattern: The
**/*.xmlpattern will match any XML file in the repository, not just JUnit test results, potentially uploading configuration files or other unrelated XML
Additionally, without the checkout step (see previous comment), this step will find no files to upload.
🔎 Recommended fixes
1. Pin the action to a specific version:
- uses: trunk-io/analytics-uploader@main
+ uses: trunk-io/analytics-uploader@v1 # or a specific commit SHA2. Narrow the JUnit paths pattern:
with:
- junit-paths: "**/*.xml"
+ junit-paths: |
+ **/test-results/**/*.xml
+ **/junit/**/*.xml
org-slug: deanmachinesAdjust the paths to match your actual test output directories.
As per coding guidelines, always specify a secure version (tag or SHA) for actions and use specific paths for file patterns.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Upload Test Results to Trunk.io | |
| if: ${{ !cancelled() }} # Upload the results even if the tests fail | |
| continue-on-error: true # don't fail this job if the upload fails | |
| uses: trunk-io/analytics-uploader@main | |
| with: | |
| junit-paths: "**/*.xml" | |
| org-slug: deanmachines | |
| token: ${{ secrets.TRUNK_API_TOKEN }} | |
| - name: Upload Test Results to Trunk.io | |
| if: ${{ !cancelled() }} # Upload the results even if the tests fail | |
| continue-on-error: true # don't fail this job if the upload fails | |
| uses: trunk-io/analytics-uploader@v1 # or a specific commit SHA | |
| with: | |
| junit-paths: | | |
| **/test-results/**/*.xml | |
| **/junit/**/*.xml | |
| org-slug: deanmachines | |
| token: ${{ secrets.TRUNK_API_TOKEN }} |
🤖 Prompt for AI Agents
In @.github/workflows/flaky.yml around lines 22 - 29, The "Upload Test Results
to Trunk.io" workflow step is insecure and too broad: replace the uses reference
trunk-io/analytics-uploader@main with a pinned tag or commit SHA (do not use
@main), narrow the junit-paths pattern to the actual test output directory(s)
instead of "**/*.xml" (e.g., your CI test-report folder), and ensure a prior
checkout action (actions/checkout@vX or pinned SHA) runs so the uploader can
find files; update the step name or inputs accordingly to reflect these changes.
| # GitHub Actions | ||
| .github/workflows/**.yml | ||
|
|
||
| .github/workflows/**.yaml |
There was a problem hiding this comment.
Critical: Extension mismatch between ignore pattern and workflow file.
The ignore pattern targets .yaml files, but the workflow file being added in this PR is named flaky.yml (with .yml extension). This mismatch means:
- If the intent is to ignore workflow files, this pattern won't work for
flaky.yml - The workflow file will be tracked by Git despite this ignore rule
Consider one of these solutions:
- Rename the workflow file to
flaky.yamlto match this pattern - Change the pattern back to
.github/workflows/**.ymlto match the workflow file - Use a pattern that covers both extensions:
.github/workflows/**/*.{yml,yaml}
🔎 Recommended fix to ignore both extensions
-.github/workflows/**.yaml
+.github/workflows/**/*.{yml,yaml}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| .github/workflows/**.yaml | |
| .github/workflows/**/*.yml | |
| .github/workflows/**/*.yaml |
| .github/workflows/**.yaml | |
| .github/workflows/*.yml | |
| .github/workflows/*.yaml |
🤖 Prompt for AI Agents
In @.gitignore at line 131, The .gitignore pattern ".github/workflows/**.yaml"
doesn’t match the new workflow file "flaky.yml", so Git will still track it;
update the ignore to cover the actual file or rename the file: either rename
"flaky.yml" to "flaky.yaml", or change the .gitignore entry to
".github/workflows/**.yml", or better replace it with a pattern that matches
both extensions like ".github/workflows/**/*.{yml,yaml}" so both ".yml" and
".yaml" workflow files are ignored.
Summary by Sourcery
CI: