Open
Conversation
📝 WalkthroughWalkthroughThree GitHub Actions workflow files had their automatic Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
.github/workflows/nightly-publish.yml (1)
47-51: Make VSIX selection deterministic before publishing.Using
ls | head -n1is order-dependent and can publish the wrong artifact if multiple files are present inbin/.Proposed refactor
+ - name: Resolve nightly VSIX artifact + id: artifact + run: | + VSIX_PATH=$(ls -1 bin/roo-code-nightly-*.vsix 2>/dev/null | head -n1) + [ -n "$VSIX_PATH" ] || { echo "No nightly VSIX artifact found"; exit 1; } + echo "path=$VSIX_PATH" >> "$GITHUB_OUTPUT" - name: Publish to VS Code Marketplace env: VSCE_PAT: ${{ secrets.VSCE_PAT }} - run: npx vsce publish --packagePath "bin/$(/bin/ls bin | head -n1)" + run: npx vsce publish --packagePath "${{ steps.artifact.outputs.path }}" - name: Publish to Open VSX Registry env: OVSX_PAT: ${{ secrets.OVSX_PAT }} - run: npx ovsx publish "bin/$(ls bin | head -n1)" + run: npx ovsx publish "${{ steps.artifact.outputs.path }}"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/nightly-publish.yml around lines 47 - 51, Replace the unstable "ls | head -n1" selection in the two publish run steps with a deterministic VSIX picker: locate VSIX files using a glob (e.g., bin/*.vsix), sort them deterministically (e.g., sort -V) and pick the desired one (first or last) so the same artifact is chosen each run; specifically update the two commands that reference "bin/$(/bin/ls bin | head -n1)" and "bin/$(ls bin | head -n1)" to something like bin/$(ls bin/*.vsix | sort -V | head -n1) (or tail -n1 to choose the highest version) so the chosen file is deterministic.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/nightly-publish.yml:
- Around line 3-5: The workflow currently uses a bare workflow_dispatch which
allows manual runs from any ref; restrict manual publishes to main by adding a
branches filter under workflow_dispatch (i.e., change the existing
workflow_dispatch to include branches: [main]) so only the main branch can
trigger the manual publish; apply the same change for the other
workflow_dispatch occurrence referenced (lines 8-9) so both manual dispatch
points are limited to main.
In @.github/workflows/website-deploy.yml:
- Around line 4-5: Add a branch guard so manual dispatches only run against
main: update the workflow_dispatch usage to still allow manual runs but add an
explicit conditional on the deployment job(s) (e.g., the job that performs the
production deploy) such as if: github.ref == 'refs/heads/main' so the job(s)
will early-skip when the workflow is dispatched against a non-main ref; keep
workflow_dispatch but add that job-level if guard to the deployment job(s).
---
Nitpick comments:
In @.github/workflows/nightly-publish.yml:
- Around line 47-51: Replace the unstable "ls | head -n1" selection in the two
publish run steps with a deterministic VSIX picker: locate VSIX files using a
glob (e.g., bin/*.vsix), sort them deterministically (e.g., sort -V) and pick
the desired one (first or last) so the same artifact is chosen each run;
specifically update the two commands that reference "bin/$(/bin/ls bin | head
-n1)" and "bin/$(ls bin | head -n1)" to something like bin/$(ls bin/*.vsix |
sort -V | head -n1) (or tail -n1 to choose the highest version) so the chosen
file is deterministic.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 822fc6fe-c07c-43e9-955b-3a6c145bc7a7
📒 Files selected for processing (3)
.github/workflows/nightly-publish.yml.github/workflows/website-deploy.yml.github/workflows/website-preview.yml
Comment on lines
+4
to
5
| # Temporarily disabled automatic production website deploys. | ||
| workflow_dispatch: |
There was a problem hiding this comment.
Add a main-branch guard for manual production deploys.
After removing automatic push constraints, this workflow can be dispatched from non-main refs unless explicitly blocked.
Proposed fix
- if: ${{ needs.check-secrets.outputs.has-vercel-token == 'true' }}
+ if: ${{ needs.check-secrets.outputs.has-vercel-token == 'true' && github.ref == 'refs/heads/main' }}Also applies to: 33-33
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/website-deploy.yml around lines 4 - 5, Add a branch guard
so manual dispatches only run against main: update the workflow_dispatch usage
to still allow manual runs but add an explicit conditional on the deployment
job(s) (e.g., the job that performs the production deploy) such as if:
github.ref == 'refs/heads/main' so the job(s) will early-skip when the workflow
is dispatched against a non-main ref; keep workflow_dispatch but add that
job-level if guard to the deployment job(s).
There was a problem hiding this comment.
Only users with a collaborator, contributor, member, or owner role can interact with CodeRabbit.
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/website-preview.yml (1)
4-12: Add explicit re-enable tracking for this temporary disable.Since this is marked “temporarily disabled,” add an issue/owner/date reference in the comment so it doesn’t get forgotten.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/website-preview.yml around lines 4 - 12, Update the existing comment that reads "Temporarily disabled automatic preview website deploys." to include explicit re-enable tracking metadata: add an issue or ticket reference number, an owner (GitHub handle), the date it was disabled, and a target review/re-enable date or cadence so it won't be forgotten; ensure this metadata sits directly above the commented-out push/pull_request block and is clear (e.g., "TEMP_DISABLE: issue `#1234`, owner `@username`, disabled YYYY-MM-DD, review YYYY-MM-DD").
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.github/workflows/website-preview.yml:
- Around line 4-12: Update the existing comment that reads "Temporarily disabled
automatic preview website deploys." to include explicit re-enable tracking
metadata: add an issue or ticket reference number, an owner (GitHub handle), the
date it was disabled, and a target review/re-enable date or cadence so it won't
be forgotten; ensure this metadata sits directly above the commented-out
push/pull_request block and is clear (e.g., "TEMP_DISABLE: issue `#1234`, owner
`@username`, disabled YYYY-MM-DD, review YYYY-MM-DD").
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: fce82916-6182-4cf0-ad69-1979ca8e3c06
📒 Files selected for processing (3)
.github/workflows/nightly-publish.yml.github/workflows/website-deploy.yml.github/workflows/website-preview.yml
✅ Files skipped from review due to trivial changes (1)
- .github/workflows/nightly-publish.yml
🚧 Files skipped from review as they are similar to previous changes (1)
- .github/workflows/website-deploy.yml
edelauna
approved these changes
Apr 25, 2026
Comment on lines
+4
to
5
| # Temporarily disabled automatic production website deploys. | ||
| workflow_dispatch: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Temporarily disables automatic publishing and website deployment workflows while keeping manual dispatch available.
Disabled automatic triggers
mainmainchanges underapps/web-roo-code/**mainbranches touchingapps/web-roo-code/**Still available
workflow_dispatchremain enabled for all three workflows.Validation
pnpm lintpnpm check-typesSummary by CodeRabbit