Skip to content

Commit 1eca7d4

Browse files
committed
chore: optimize CodeRabbit configuration for Go project
- Removed irrelevant language instructions (Python, Solidity, JS/TS, HTML, CSS) - Removed unused linters (eslint, phpstan, detekt, etc.) - Added specific instructions for Go source code (error handling, concurrency, idiomatic code) - Added specific instructions for Go test files - Configured path filters to ignore Go vendor and SQLite data directories
1 parent 101b31b commit 1eca7d4

1 file changed

Lines changed: 21 additions & 179 deletions

File tree

.coderabbit.yaml

Lines changed: 21 additions & 179 deletions
Original file line numberDiff line numberDiff line change
@@ -7,20 +7,6 @@ language: en
77
# Enable experimental features (currently not using any specific early_access features)
88
early_access: true
99

10-
# Multi-repo analysis: lets CodeRabbit use other repositories as context when reviewing PRs.
11-
# Most useful when linking tightly coupled repos, e.g.:
12-
# - Frontend ↔ backend (API contract changes)
13-
# - Service ↔ shared library (ripple-effect on consumers)
14-
# - Microservices sharing a database schema
15-
# Avoid configuring this at org level — link only the repos relevant to this project.
16-
# See: https://docs.coderabbit.ai/knowledge-base/multi-repo-analysis
17-
#
18-
# To enable, uncomment the block below and replace the example values with your repos.
19-
# knowledge_base:
20-
# linked_repositories:
21-
# - repository: "AOSSIE-Org/backend-api"
22-
# instructions: "Contains REST API endpoints and database models"
23-
2410
chat:
2511
# CodeRabbit will automatically respond to @coderabbitai mentions in PR comments
2612
auto_reply: true
@@ -92,19 +78,14 @@ reviews:
9278

9379
# Exclude these paths from reviews (build artifacts and dependencies)
9480
path_filters:
95-
- "!**/node_modules/**" # npm dependencies
96-
- "!**/android/**" # Native Android build files
97-
- "!**/ios/**" # Native iOS build files
98-
- "!**/.expo/**" # Expo build cache
99-
- "!**/.expo-shared/**" # Expo shared config
81+
- "!**/vendor/**" # Go dependencies
10082
- "!**/dist/**" # Build output
83+
- "!**/data/**" # SQLite database volume
10184

10285
# Use the following tools when reviewing
10386
tools:
10487
shellcheck:
10588
enabled: true
106-
ruff:
107-
enabled: true
10889
markdownlint:
10990
enabled: true
11091
github-checks:
@@ -114,38 +95,17 @@ reviews:
11495
enabled: true
11596
enabled_only: false
11697
level: default
117-
biome:
118-
enabled: true
119-
hadolint:
120-
enabled: true
121-
swiftlint:
122-
enabled: true
123-
phpstan:
124-
enabled: true
125-
level: default
12698
golangci-lint:
12799
enabled: true
128100
yamllint:
129101
enabled: true
130102
gitleaks:
131103
enabled: true
132-
checkov:
133-
enabled: true
134-
detekt:
135-
enabled: true
136-
eslint:
137-
enabled: true
138104

139105
# Apply the following labels to PRs
140106
labeling_instructions:
141-
- label: Python Lang
142-
instructions: Apply when the PR/MR contains changes to python source-code
143-
- label: Solidity Lang
144-
instructions: Apply when the PR/MR contains changes to solidity source-code
145-
- label: Typescript Lang
146-
instructions: Apply when the PR/MR contains changes to javascript or typescript source-code
147-
- label: Ergoscript Lang
148-
instructions: Apply when the PR/MR contains changes to ergoscript source-code
107+
- label: Go Lang
108+
instructions: Apply when the PR/MR contains changes to go source-code
149109
- label: Bash Lang
150110
instructions: >-
151111
Apply when the PR/MR contains changes to shell-scripts or BASH code
@@ -172,130 +132,34 @@ reviews:
172132
- Confirm that copyright years are up-to date whenever a file is changed
173133
- Point out redundant obvious comments that do not add clarity to the code
174134
- Ensure that comments are concise and suggest more concise comment statements if possible
175-
- Discourage usage of verbose comment styles such as NatSpec
176135
- Look for code duplication
177136
- Suggest code completions when:
178137
- seeing a TODO comment
179138
- seeing a FIXME comment
180139
181140
# Custom review instructions for specific file patterns
182141
path_instructions:
183-
# TypeScript/JavaScript files
184-
- path: "**/*.{ts,tsx,js,jsx}"
185-
instructions: |
186-
NextJS:
187-
- Ensure that "use client" is being used
188-
- Ensure that only features that allow pure client-side rendering are used
189-
- NextJS best practices (including file structure, API routes, and static generation methods) are used.
190-
191-
TypeScript:
192-
- Avoid 'any', use explicit types
193-
- Prefer 'import type' for type imports
194-
- Review for significant deviations from Google JavaScript style guide. Minor style issues are not a priority
195-
- The code adheres to best practices associated with React
196-
- The code adheres to best practices associated with React PWA
197-
- The code adheres to best practices associated with SPA
198-
- The code adheres to best practices recommended by lighthouse or similar tools for performance
199-
- The code adheres to best practices associated with Node.js
200-
- The code adheres to best practices recommended for performance
201-
202-
Security:
203-
- No exposed API keys or sensitive data
204-
- Use expo-secure-store for sensitive storage
205-
- Validate deep linking configurations
206-
- Check for common security vulnerabilities such as:
207-
- SQL Injection
208-
- XSS (Cross-Site Scripting)
209-
- CSRF (Cross-Site Request Forgery)
210-
- Insecure dependencies
211-
- Sensitive data exposure
212-
213-
Internationalization:
214-
- User-visible strings should be externalized to resource files (i18n)
215-
216-
# HTML files
217-
- path: "**/*.html"
142+
# Go files
143+
- path: "**/*.go"
218144
instructions: |
219-
Review the HTML code against the google html style guide and point out any mismatches. Ensure that:
220-
- The code adheres to best practices recommended by lighthouse or similar tools for performance
221-
222-
# CSS files
223-
- path: "**/*.css"
224-
instructions: |
225-
Review the CSS code against the google css style guide and point out any mismatches. Ensure that:
226-
- The code adheres to best practices associated with CSS.
227-
- The code adheres to best practices recommended by lighthouse or similar tools for performance.
228-
- The code adheres to similar naming conventions for classes, ids.
229-
230-
# Python files
231-
- path: "**/*.{py}"
232-
instructions: |
233-
Python:
234-
- Check for major PEP 8 violations and Python best practices.
235-
236-
# Solidity Smart Contract files
237-
- path: "**/*.sol"
238-
instructions: |
239-
Solidity:
240-
- Review the Solidity contracts for security vulnerabilities and adherence to best practices.
241-
- Ensure immutability is used appropriately (e.g., `immutable` and `constant` where applicable).
242-
- Ensure there are no unbounded loops that could lead to gas exhaustion.
243-
- Verify correct and explicit visibility modifiers for all state variables and functions.
244-
- Flag variables that are declared but used only once or are unnecessary.
245-
- Identify potential gas optimization opportunities without compromising readability or security.
246-
- Verify that any modification to contract logic includes corresponding updates to automated tests.
247-
- Ensure failure paths and revert scenarios are explicitly handled and validated.
248-
- Validate proper access control enforcement (e.g., Ownable, RBAC, role checks).
249-
- Ensure consistent and correct event emission for all state-changing operations.
250-
- Confirm architectural consistency with existing contracts (no unintended storage layout changes unless clearly documented).
251-
- Flag major feature additions or architectural changes that were implemented without prior design discussion (if applicable).
252-
- Flag pull requests that mix unrelated changes or multiple concerns in a single submission.
253-
- Ensure security-sensitive logic changes are not introduced without adequate test coverage.
254-
- Review for common smart contract vulnerabilities, including but not limited to:
255-
- Reentrancy
256-
- Improper input validation
257-
- Access control bypass
258-
- Integer overflows/underflows (if using unchecked blocks)
259-
- Front-running risks where applicable
260-
261-
262-
# Javascript/Typescript test files
263-
- path: "**/*.test.{ts,tsx,js,jsx}"
145+
Go:
146+
- Check for idiomatic Go code and adherence to Effective Go principles.
147+
- Ensure proper error handling is performed (no ignored errors).
148+
- Validate concurrency safety (proper use of goroutines, channels, sync package).
149+
- Ensure data persistence queries (e.g. SQLite) use parameterized queries to prevent SQL injection.
150+
- Verify that context is propagated through function calls, especially for database operations and outgoing requests.
151+
- Check that API handlers handle edge cases and send proper HTTP status codes.
152+
153+
# Go test files
154+
- path: "**/*_test.go"
264155
instructions: |
265156
Review test files for:
266-
- Comprehensive coverage of component behavior
267-
- Proper use of @testing-library/react-native
268-
- Async behavior is properly tested
269-
- Accessibility testing is included
270-
- Test descriptions are sufficiently detailed to clarify the purpose of each test
271-
- The tests are not tautological
272-
273-
# Solidity test files
274-
- path: "**/*.test.{sol}"
275-
instructions: |
276-
Review test files for:
277-
- Comprehensive coverage of contract behavior.
278-
- Coverage of success paths, edge cases, and failure/revert scenarios.
279-
- Proper validation of access control restrictions.
280-
- Verification of event emissions where applicable.
281-
- Explicit validation of state changes after each relevant function call.
282-
- Adequate test updates whenever contract logic is modified.
283-
- Deterministic behavior (tests should not rely on implicit execution order or shared mutable state).
284-
- Clear and descriptive test names that reflect the intended behavior being validated.
285-
286-
287-
# Asset files (images, fonts, etc.)
288-
- path: "assets/**/*"
289-
instructions: |
290-
Review asset files for:
291-
- Image optimization (appropriate size and format)
292-
- Proper @2x and @3x variants for different screen densities
293-
- SVG assets are optimized
294-
- Font files are licensed and optimized
157+
- Comprehensive coverage of expected behavior and failure scenarios.
158+
- Use of table-driven tests where appropriate.
159+
- Proper mocking of external dependencies like the SQLite store.
295160
296161
# Dependency manifest and lock files (e.g. updated by Dependabot, Renovate)
297-
- path: >-
298-
**/{package.json,package-lock.json,yarn.lock,pnpm-lock.yaml,npm-shrinkwrap.json,requirements.txt,Pipfile,Pipfile.lock,pyproject.toml,poetry.lock,go.mod,go.sum,Cargo.toml,Cargo.lock,pom.xml,build.gradle,build.gradle.kts,gradle.lockfile,*.gemspec,Gemfile,Gemfile.lock}
162+
- path: "**/{go.mod,go.sum}"
299163
instructions: |
300164
This file may be modified by a dependency bot (e.g., Dependabot, Renovate).
301165
Perform a structured dependency upgrade analysis:
@@ -306,32 +170,10 @@ reviews:
306170
307171
**2. Breaking Change Detection**
308172
- Breaking changes: removed or renamed APIs, changed function signatures, altered behavior.
309-
- Deprecated APIs: warn if the codebase uses anything deprecated in the new version.
310-
- Configuration changes: new required env vars, config keys, or file structure changes.
311173
- Security fixes: highlight CVE patches and confirm they address known vulnerabilities.
312174
313175
**3. Codebase Compatibility Check**
314176
- Locate all files in the repo that import or use the upgraded dependency.
315-
- For each usage, verify:
316-
- No removed or renamed imports/functions are referenced.
317-
- Constructor/function call signatures are compatible.
318-
- Any default behavior changes do not silently break existing logic.
319-
320-
**4. Risk Analysis**
321-
- Runtime errors: type mismatches, missing attributes, changed return types.
322-
- API incompatibility: breaking interface/type changes (critical for TypeScript).
323-
- Logical bugs: subtle behavior changes that don't throw errors but alter outcomes.
324-
- Performance regressions: flag if release notes mention perf impacts.
325-
326-
**5. Edge Cases to Verify**
327-
- Backward compatibility with currently pinned peer dependencies.
328-
- Changes in default behavior or environment assumptions.
329-
- Peer requirement conflicts introduced by the new version.
330-
- For TypeScript: type/interface changes that may require type assertion updates.
331-
332-
**6. Migration Guidance**
333-
- If official docs provide migration steps, summarize the required changes and flag
334-
specific files in this repo that need updates.
335-
- If no migration is required, confirm this explicitly.
177+
- For each usage, verify that changes do not silently break existing logic.
336178
337179
Conclude with a **risk level**: Low / Medium / High, with justification.

0 commit comments

Comments
 (0)