Add dependency review job to all CI workflows#43
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (9)
✅ Files skipped from review due to trivial changes (4)
🚧 Files skipped from review as they are similar to previous changes (5)
📝 WalkthroughWalkthroughAdded dependency-review jobs to four CI workflows, updated their READMEs, and moved pull-request write access to job-level permissions in the reusable test workflow. ChangesDependency review workflow rollout
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
b45a64f to
8355f71
Compare
8355f71 to
6088b36
Compare
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/ci-node.yml (1)
258-258: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value
fail-on-severity: lowis aggressive for a shared workflow.Failing on any
low-severity advisory (including transitive deps) can block unrelated PRs and generate noise across all consumers. Considermoderate/highas the shared default, or expose it as an input so projects can tune their policy.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/ci-node.yml at line 258, The shared CI workflow is using an overly strict dependency-audit threshold, which can cause unrelated PRs to fail on low-severity advisories. Update the workflow entry in ci-node.yml to make the severity policy less aggressive by default, such as using a higher threshold like moderate or high, or better yet make the value configurable as an input so consumers can tune it. Keep the change localized to the audit configuration near the fail-on-severity setting.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In @.github/workflows/ci-node.yml:
- Line 258: The shared CI workflow is using an overly strict dependency-audit
threshold, which can cause unrelated PRs to fail on low-severity advisories.
Update the workflow entry in ci-node.yml to make the severity policy less
aggressive by default, such as using a higher threshold like moderate or high,
or better yet make the value configurable as an input so consumers can tune it.
Keep the change localized to the audit configuration near the fail-on-severity
setting.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: c73772cc-08c8-43ec-9034-2ba6bf154292
📒 Files selected for processing (9)
.github/workflows/ci-django-api-README.md.github/workflows/ci-django-api.yml.github/workflows/ci-node-README.md.github/workflows/ci-node.yml.github/workflows/ci-pnpm-node-README.md.github/workflows/ci-pnpm-node.yml.github/workflows/ci-uv-django-api-README.md.github/workflows/ci-uv-django-api.yml.github/workflows/test-reusable-workflows.yml
aa2919c to
ea0de87
Compare
Refs: KEH-351 Co-authored-by: Tuomas Haapala <tuomas.haapala@anders.com>
ea0de87 to
d1f5b20
Compare
Refs: KEH-351
Summary by CodeRabbit