Conversation
|
Caution Review failedThe pull request is closed. 📝 WalkthroughWalkthroughAdds CI coverage configuration and ignores for profiler artifacts: a new .codecov.yml sets a 20% project coverage target; .github/workflows/rust.yml is restructured into two jobs (check — sets up Rust 1.90.0, runs formatting/lints and just check; coverage — installs cargo-tarpaulin, runs tests with tarpaulin producing XML and uploads to Codecov); .gitignore now excludes "*.profraw" and the tilekit/target and tiles/target directories. Sequence Diagram(s)sequenceDiagram
participant Dev as Developer (push/PR)
participant GH as GitHub Actions
participant Runner as Actions Runner
participant Toolchain as Rust Toolchain
participant Tarpaulin as cargo-tarpaulin
participant Codecov as Codecov
Dev->>GH: push / pull_request to main
GH->>Runner: start workflow
Runner->>Toolchain: setup Rust 1.90.0 (rustfmt, clippy)
Runner->>Runner: run just check (format + lint + tests)
GH->>Runner: start coverage job (depends on check)
Runner->>Toolchain: setup Rust 1.90.0
Runner->>Tarpaulin: run cargo-tarpaulin --out Xml -- --test-threads 1
Tarpaulin-->>Runner: produce XML coverage report
Runner->>Codecov: upload coverage report
Codecov-->>GH: report coverage status (target: 20%)
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes 🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In @.github/workflows/rust.yml:
- Around line 37-40: The coverage job condition is too strict and uses
github.ref_name which is the PR head on pull_request events, so coverage never
runs for PRs targeting main; update the coverage job's if expression in the
"coverage" job to check the PR base ref when the event is pull_request (for
example use a combined condition that tests github.event.pull_request.base.ref
== 'main' OR github.ref_name == 'main'), or remove the if entirely so the
"coverage" job always runs after "check"; adjust the condition where the job is
defined (the "coverage" job block) accordingly.
- Around line 4-5: The workflow's push trigger currently lacks a branch filter
because the commented-out setting branches: ["main"] was left disabled, causing
CI to run on every branch; restore the original behavior by uncommenting or
re-adding the branches: ["main"] filter under the push: trigger in the workflow
file so pushes only to main run the job (look for the push: block and the
commented line branches: ["main"] and re-enable it).
🧹 Nitpick comments (3)
.codecov.yml (1)
1-5: Consider addingpatchcoverage and making status informational initially.The 20% project target is reasonable as a starting point. Consider these enhancements:
- Add
patchcoverage to enforce coverage on new/changed code- Make the check informational initially to avoid blocking PRs while coverage ramps up
♻️ Suggested enhanced configuration
coverage: status: project: default: target: 20% + informational: true # Remove once coverage is stable + patch: + default: + target: 50% + informational: true.github/workflows/rust.yml (2)
57-58: Consider caching tarpaulin to speed up CI.Installing
cargo-tarpaulinon every run adds significant time. Use a conditional install similar to thejustinstallation pattern.♻️ Proposed fix
- name: Install tarpaulin - run: cargo install cargo-tarpaulin + run: command -v cargo-tarpaulin || cargo install cargo-tarpaulin
63-66: Consider specifying the coverage file path for Codecov.The action will auto-detect XML files, but explicitly specifying the file improves reliability and clarity.
♻️ Suggested improvement
- name: Upload to Codecov uses: codecov/codecov-action@v4 with: token: ${{ secrets.CODECOV_TOKEN }} + files: cobertura.xml + fail_ci_if_error: true
fix: codecov target + main branch condition fix: removed main branch check for coverage
madclaws
force-pushed
the
fix/coverage-setup
branch
from
985d8b3 to
2033208
Compare
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In @.github/workflows/rust.yml:
- Around line 56-57: Update the CI step that installs tarpaulin so the cargo
install invocation is reproducible: modify the "Install tarpaulin" step's run
command that currently executes `cargo install cargo-tarpaulin` to include the
`--locked` flag (i.e., `cargo install --locked cargo-tarpaulin`) so the
installation uses the crate's Cargo.lock for deterministic installs.
- Around line 18-22: Replace the mutable action reference
dtolnay/rust-toolchain@master with a pinned stable tag or commit (e.g.,
dtolnay/rust-toolchain@v1 or a specific commit hash) in both job blocks that
currently use dtolnay/rust-toolchain@master, and update the toolchain field
(currently toolchain: 1.90.0) to a recent stable version such as 1.93.0; ensure
both occurrences (the two jobs referenced) are changed so the workflow uses a
fixed action ref and an up-to-date Rust toolchain.
🧹 Nitpick comments (3)
.github/workflows/rust.yml (3)
23-31: Include toolchain in the Cargo cache key to avoid stale binaries.Right now the key only varies on OS and Cargo.lock; if the toolchain changes, cached
~/.cargo/binartifacts can be incompatible.♻️ Suggested tweak (apply to both jobs)
- key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-toolchain-1.90.0Also applies to: 47-55
32-33: Pinjustversion to prevent breaking changes and use--lockedfor reproducible installs.
cargo install justwithout a version specifier pulls the latest release at runtime and can introduce breaking changes. The--lockedflag ensures reproducible dependency resolution by using theCargo.lockfile from thejustcrate.🔧 Suggested change
- - name: Install just - run: command -v just || cargo install just + - name: Install just + run: command -v just || cargo install just --locked --version 1.46.0
62-65: Use conditional token passing instead of skipping fork PRs entirely.
CODECOV_TOKENis indeed unavailable on forked PRs due to GitHub's secret restrictions. However,codecov/codecov-action@v4supports tokenless uploads for fork PRs to public repositories—the action automatically rewrites fork PR branch names with a:prefix to treat them as "unprotected branches." Rather than skipping the upload step, pass the token only when available:🔧 Recommended approach
- name: Upload to Codecov uses: codecov/codecov-action@v4 with: - token: ${{ secrets.CODECOV_TOKEN }} + token: ${{ github.event.pull_request.head.repo.fork == false && secrets.CODECOV_TOKEN || '' }}Or run the step for all PRs and let v4 handle the tokenless case (it detects missing token automatically).
This preserves coverage reports for fork PRs while avoiding the empty token issue.
| - uses: dtolnay/rust-toolchain@master | ||
| with: | ||
| toolchain: 1.90.0 | ||
| components: rustfmt, clippy | ||
|
|
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# Read the rust.yml workflow file
cat -n .github/workflows/rust.ymlRepository: tilesprivacy/tiles
Length of output: 1960
🌐 Web query:
Rust 1.90.0 release date and availability
💡 Result:
Rust 1.90.0 was released on September 18, 2025. [1][2]
Availability: it’s available on the stable channel via rustup:
rustup update stableand via Rust’s official distribution/installers for that release. [1]
🌐 Web query:
Rust toolchain versions 2025 2026 latest stable
💡 Result:
Latest Rust stable (as of Jan 31, 2026)
- Rust 1.93.0 — released Jan 22, 2026 (current stable) [1][2]
- Next scheduled: 1.94.0 (will be stable Mar 5, 2026) [3]
Rust stable releases in 2025 → early 2026 (version → release date)
- 1.84.0 → Jan 9, 2025 [4]
- 1.85.0 → Feb 20, 2025 (stabilizes Rust 2024 Edition) [5]
- 1.86.0 → Apr 3, 2025 [2]
- 1.87.0 → May 15, 2025 [6]
- 1.88.0 → Jun 26, 2025 [2]
- 1.89.0 → Aug 7, 2025 [2]
- 1.90.0 → Sep 18, 2025 [2]
- 1.91.0 → Oct 30, 2025 [7]
- 1.92.0 → Dec 11, 2025 [8]
- 1.93.0 → Jan 22, 2026 [1][2]
Update command: rustup update stable [2]
Sources
[1] https://doc.rust-lang.org/stable/releases.html
[2] https://endoflife.date/rust
[3] https://releases.rs/
[4] https://blog.rust-lang.org/2025/01/09/Rust-1.84.0/
[5] https://blog.rust-lang.org/2025/02/20/Rust-1.85.0/
[6] https://blog.rust-lang.org/2025/05/15/Rust-1.87.0/
[7] https://blog.rust-lang.org/2025/10/30/Rust-1.91.0/
[8] https://releases.rs/docs/1.92.0/
🌐 Web query:
dtolnay/rust-toolchain github action recent commits pinned version
💡 Result:
-
Most recent commits on
master- 2025-12-16: Merge PR
#177“Permit cross-device copy” (latestmastercommitf7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561) [3] - 2025-11-20: “Update actions/checkout@v5 -> v6” [2]
- 2025-11-10: “Add 1.91.1 patch release” [2]
- 2025-12-16: Merge PR
-
Pinned version (recommended stable pin for the Action code)
- Use the major tag:
dtolnay/rust-toolchain@v1— currently points to commite97e2d8(dated 2025-08-23) [4]. - If you want a fully immutable pin, use a full commit SHA (must be in
masterhistory) as noted in the README [1].
- Use the major tag:
-
Toolchain selection (separate from pinning the Action code)
- The README documents that the
@revyou use (e.g.,@stable,@nightly,@1.89.0) determines which Rust toolchain is installed [1].
- The README documents that the
Pin the rust-toolchain action to improve supply-chain security.
@master is mutable and weakens supply-chain guarantees. Pin the action to a stable reference such as @v1 or a specific commit (e.g., f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561).
Additionally, Rust 1.90.0 is now outdated (released Sep 2025; current stable is 1.93.0 as of Jan 2026). Consider updating to a more recent toolchain version when pinning.
🔒 Suggested fix (apply to both jobs)
- - uses: dtolnay/rust-toolchain@master
+ - uses: dtolnay/rust-toolchain@v1
with:
- toolchain: 1.90.0
+ toolchain: 1.93.0Also applies to: 43-46
🤖 Prompt for AI Agents
In @.github/workflows/rust.yml around lines 18 - 22, Replace the mutable action
reference dtolnay/rust-toolchain@master with a pinned stable tag or commit
(e.g., dtolnay/rust-toolchain@v1 or a specific commit hash) in both job blocks
that currently use dtolnay/rust-toolchain@master, and update the toolchain field
(currently toolchain: 1.90.0) to a recent stable version such as 1.93.0; ensure
both occurrences (the two jobs referenced) are changed so the workflow uses a
fixed action ref and an up-to-date Rust toolchain.
| - name: Install tarpaulin | ||
| run: cargo install cargo-tarpaulin |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
latest stable release cargo-tarpaulin recommended install flags
💡 Result:
- Latest stable release (cargo-tarpaulin): 0.35.1 (released 2026-01-16). [1]
- Recommended install (reproducible):
cargo install cargo-tarpaulin --locked
--lockedforces Cargo to use the crate’s packagedCargo.lock(if present) for more reproducible installs. [2] - Recommended upgrade/reinstall (if already installed):
(
cargo install cargo-tarpaulin --locked --force
--forceoverwrites the existing install.) [3] - Fast alternative (prebuilt binaries, when available):
[4]
cargo binstall cargo-tarpaulin
Sources: [1] (docs.rs), [2] (cargo-book.irust.net), [3] (dev-doc.rust-lang.org), [4] (docs.rs)
Citations:
- 1: https://docs.rs/crate/cargo-tarpaulin/latest/source/CHANGELOG.md?utm_source=openai
- 2: https://cargo-book.irust.net/en-us/commands/cargo-install.html?utm_source=openai
- 3: https://dev-doc.rust-lang.org/beta/cargo/commands/cargo-install.html?utm_source=openai
- 4: https://docs.rs/crate/cargo-tarpaulin/latest?utm_source=openai
Use --locked for reproducible installs.
Unpinned installs can change behavior across CI runs. The --locked flag ensures reproducible builds by using the crate's packaged Cargo.lock file.
🔧 Suggested change
- name: Install tarpaulin
- run: cargo install cargo-tarpaulin
+ run: cargo install cargo-tarpaulin --locked📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Install tarpaulin | |
| run: cargo install cargo-tarpaulin | |
| - name: Install tarpaulin | |
| run: cargo install cargo-tarpaulin --locked |
🤖 Prompt for AI Agents
In @.github/workflows/rust.yml around lines 56 - 57, Update the CI step that
installs tarpaulin so the cargo install invocation is reproducible: modify the
"Install tarpaulin" step's run command that currently executes `cargo install
cargo-tarpaulin` to include the `--locked` flag (i.e., `cargo install --locked
cargo-tarpaulin`) so the installation uses the crate's Cargo.lock for
deterministic installs.
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. ℹ️ You can also turn on project coverage checks and project coverage reporting on Pull Request comment Thanks for integrating Codecov - We've got you covered ☂️ |
1 participant
No description provided.