Bump dive image version to 0.12, fix --ci-config and other issues
#373
Conversation
MaxymVlasov
changed the title
--ci-configdive image version to 0.10 and fix --ci-config
MaxymVlasov
changed the title
dive image version to 0.10 and fix --ci-configdive image version to 0.10 and fix --ci-config
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Maksym Vlasov <[email protected]>
…0, bump wagoodman/dive to v0.12 (#16) * Update deps via `nmp outdated` and then `npm update --package-lock-only` * Bump node from 12 to 20 * Bump DOCKER_API_VERSION to 1.45 * Bump wagoodman/dive docker image to v0.12
|
Note Reviews pausedUse the following commands to manage reviews:
📝 WalkthroughWalkthroughThis pull request introduces significant updates to the dive action GitHub repository. The changes primarily involve updating repository references, switching from the original Changes
Assessment against linked issues
Possibly related issues
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files ignored due to path filters (3)
dist/index.jsis excluded by!**/dist/**dist/index.js.mapis excluded by!**/dist/**,!**/*.mappackage-lock.jsonis excluded by!**/package-lock.json
Files selected for processing (4)
- .github/renovate.json5 (1 hunks)
- action.yml (1 hunks)
- package.json (1 hunks)
- src/main.ts (2 hunks)
Files skipped from review due to trivial changes (2)
- .github/renovate.json5
- action.yml
Additional comments not posted (16)
package.json (13)
34-34: Version bump for@actions/githubfrom^4.0.0to^6.0.0looks good.
38-38: Version bump for@types/jestfrom^27.4.1to^29.5.12looks good.
39-39: Version bump for@types/nodefrom^17.0.24to^20.14.6looks good.
40-40: Version bump for@typescript-eslint/parserfrom^4.33.0to^7.13.1looks good.
41-41: Version bump for@vercel/nccfrom^0.33.4to^0.38.1looks good.
42-42: Version bump foreslintfrom^7.32.0to^8.5.0looks good.
43-43: Version bump foreslint-plugin-githubfrom^4.1.5to^5.0.1looks good.
44-44: Version bump foreslint-plugin-jestfrom^26.1.4to^28.6.0looks good.
45-45: Version bump forjestfrom^26.6.3to^29.7.0looks good.
46-46: Version bump forjest-circusfrom^27.5.1to^29.7.0looks good.
48-48: Version bump forprettierfrom^2.6.2to^3.3.2looks good.
49-49: Version bump forts-jestfrom^26.5.6to^29.1.5looks good.
50-50: Version bump fortypescriptfrom^4.3.5to^5.4.5looks good.src/main.ts (3)
51-51: Update todiveImageversion fromv0.9tov0.12aligns with the latest stable release.
58-58: Update toDOCKER_API_VERSIONfrom1.37to1.45ensures compatibility with the latest Docker features.
73-73: Correct placement of--ci-configafter the image tag resolves the issue reported in #194.
MaxymVlasov
changed the title
dive image version to 0.10 and fix --ci-configdive image version to 0.12, fix --ci-config and other issues
There was a problem hiding this comment.
Actionable comments posted: 0
Outside diff range and nitpick comments (2)
README.md (2)
Line range hint
48-48: Consider adding "the" before "dive config file".- There are three metrics supported by dive config file. + There are three metrics supported by the dive config file.This minor grammatical correction improves the readability of the documentation.
Line range hint
68-68: Specify the language for the fenced code block.- ```yaml + ```yaml rules:It's a best practice to specify the language for code blocks to enable syntax highlighting, which improves readability.
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (2)
- LICENSE (1 hunks)
- README.md (2 hunks)
Files skipped from review due to trivial changes (1)
- LICENSE
Additional context used
LanguageTool
README.md
[uncategorized] ~48-~48: You might be missing the article “the” here. (AI_EN_LECTOR_MISSING_DETERMINER_THE)
Context: ...e There are three metrics supported by dive config file. See [here](https://github....
Markdownlint
README.md
9-9: Expected: 1; Actual: 2 (MD012, no-multiple-blanks)
Multiple consecutive blank lines
68-68: null (MD040, fenced-code-language)
Fenced code blocks should have a language specified
Additional comments not posted (4)
README.md (4)
27-27: Update the event trigger topull_requestfor GitHub Actions.This change aligns with the PR's intention to optimize the workflow for pull request events, enhancing the CI process by triggering actions only when necessary.
35-35: Updated checkout action to v4.This update ensures compatibility with the latest features and security fixes provided by GitHub Actions. It's good practice to keep these dependencies up-to-date.
39-39: Updated thedive-actionto version1.0.0.This change points to the updated version of
dive-actionwhich likely includes the fixes and enhancements mentioned in the PR, such as the correct handling of the--ci-configparameter.
134-139: Update references and badges to reflect the new repository owner.The updated links and badges ensure users are directed to the correct repository and can see the latest release information. This is crucial for maintaining the accuracy and trustworthiness of the documentation.
chore: Became a maintainer of that GHA
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
There was a problem hiding this comment.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files ignored due to path filters (3)
dist/index.jsis excluded by!**/dist/**dist/index.js.mapis excluded by!**/dist/**,!**/*.mapdist/sourcemap-register.jsis excluded by!**/dist/**
Files selected for processing (12)
- .editorconfig (1 hunks)
- .eslintrc.json (1 hunks)
- .github/codeql/config.yml (1 hunks)
- .github/renovate.json5 (1 hunks)
- .github/workflows/automerge.yml (1 hunks)
- .github/workflows/codeql-analysis.yml (3 hunks)
- .github/workflows/test.yml (1 hunks)
- .pre-commit-config.yaml (1 hunks)
- .prettierignore (1 hunks)
- .prettierrc.json (1 hunks)
- action.yml (2 hunks)
- src/main.ts (3 hunks)
Files skipped from review due to trivial changes (9)
- .editorconfig
- .eslintrc.json
- .github/codeql/config.yml
- .github/workflows/automerge.yml
- .github/workflows/codeql-analysis.yml
- .github/workflows/test.yml
- .pre-commit-config.yaml
- .prettierignore
- .prettierrc.json
Files skipped from review as they are similar to previous changes (3)
- .github/renovate.json5
- action.yml
- src/main.ts
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…add i18n support (#54) --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: MaxymVlasov <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
package.json(2 hunks)
🔇 Additional comments (2)
package.json (2)
17-17: Verify repository transfer/fork coordination.The repository URLs have been updated to point to your fork. Please confirm if this is a coordinated transfer of ownership from the original maintainer (@yuichielectric).
Also applies to: 33-33, 35-35
26-30: LGTM! Good practice maintaining project history.Adding the maintainers section while preserving the original author credit is a good approach.
* Update eslint to v8 * Update and pin deps to latest available & working versions
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
eslint.config.mjs (2)
10-16: Consider reviewing theFlatCompatusage.
FlatCompathelps migrate from older.eslintrcconfigurations. If this is a fresh config with minimal legacy constraints, you could consider removing the dependency onFlatCompatfor clarity.- import { FlatCompat } from "@eslint/eslintrc"; - const compat = new FlatCompat({ - baseDirectory: __dirname, - recommendedConfig: js.configs.recommended, - allConfig: js.configs.all - }); ... - }, ...compat.extends("plugin:github/recommended"), { + }, {
24-29: Consider including.d.tsfiles.You may also want to include
**/*.d.tsif you wish to lint your type definition files. Currently, they aren’t listed infiles."files": [ "**/*.ts", "**/*.cts", "**.*.mts" + "**/*.d.ts" ]
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (3)
.eslintrc.json(4 hunks)eslint.config.mjs(1 hunks)package.json(2 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- .eslintrc.json
🔇 Additional comments (13)
eslint.config.mjs (7)
1-4: Validate plugin coverage for your project.You're importing
eslint-plugin-jestand@typescript-eslint/eslint-pluginhere, which is good for Jest and TypeScript-specific linting rules. However, ensure that your project indeed uses Jest for tests; if you’re using another framework (e.g., Vitest or Mocha), the Jest plugin and environment globals may be unnecessary.Would you like a shell script to scan for actual usage of Jest in your codebase and confirm that these settings are effective?
5-9: ESM Node imports look good.Using ESM-compatible imports (
node:pathandnode:url) and referencing__filename/__dirnameviafileURLToPathis a correct approach for ESM modules.
18-23: Ignore patterns align well with typical TypeScript builds.These paths (
dist,lib,node_modules) are standard ignore targets and look appropriate here. No issues found.
30-33: Plugin references are correct.The object style plugin configuration is valid, ensuring that
jestand@typescript-eslintrules are loaded. No issues found.
35-48: Parser configuration matches TypeScript best practices.Defining
project: "./tsconfig.json"is important for strict type-aware rules. Ensure yourtsconfig.jsonis comprehensive (includes test files if needed).Would you like a script to scan for a
tsconfig.jsonpresence and confirm it includes test directories?
50-53: Disabled and redundant rules.You’ve turned off
no-unused-varsin favor of@typescript-eslint/no-unused-vars. This is standard practice. Good job avoiding rule conflicts.
54-95: Enforced TypeScript rules look robust.You have thorough coverage for potential pitfalls (
@typescript-eslint/no-explicit-any,@typescript-eslint/restrict-plus-operands, etc.). This set should help prevent many common errors.package.json (6)
17-17: Repository URL updated successfully.Your repository URL now points to
MaxymVlasov/dive-action.git. Ensure you have updated references in your CI documentation and badges (e.g., inREADME.mdor any scripts referencing the old URL).
26-30: New maintainers field.Adding a maintainers field is great for clarity. Make sure to keep it updated if future collaborators join or your responsibilities change.
33-33: Bugs URL updated successfully.
"url": "https://github.com/MaxymVlasov/dive-action/issues"ensures issues are tracked in the new repository.
35-35: Homepage updates are consistent.
"homepage": "https://github.com/MaxymVlasov/dive-action#readme"matches your repository’s readme link.
37-39: Major version updates in dependencies.
@actions/core→^1.11.1and@actions/github→^6.0.0are significant jumps. Ensure backward compatibility with your action logic and referencing docs for any breaking changes.Would you like a script that scans your code for usage of these APIs to confirm compatibility with their new versions?
43-44: Potential mismatch with Node LTS releases.Previously, we flagged the risk of using
@types/nodefor a Node version that might not exist or be in LTS (referencing lines 39 in past reviews).@types/node@^22.10.10could pose compatibility or non-existence problems. Verify that this version indeed exists on npm and aligns with the Node version you’re targeting. Also confirm your runtime environment. If it’s Node 20 or below, you may want@types/node: ^20.x.x.
Note, that this was required to change image from official (but unmaintained) docker image to fork - `ghcr.io/joschi/dive:v0.13.1`[1], provided by https://github.com/joschi/dive [1] And it pinned to `@sha256` for security reason
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (5)
src/main.ts (1)
Line range hint
37-41: Consider making the table formatting more robust.The current implementation uses hardcoded slice positions which are tightly coupled to the output format of a specific dive version (v0.12.0). This could break if the output format changes in future versions.
Consider using a regex pattern or split operation instead:
- `| ${line.slice(0, 5)} | ${line.slice(7, 19)} | ${line.slice(21)} |` + const [count, size, path] = line.trim().split(/\s+/, 3) + `| ${count} | ${size} | ${path} |`README.md (4)
27-27: Consider supporting both push and pull_request triggers.The workflow currently only triggers on pull requests. Consider supporting both triggers to enable image analysis during direct pushes to protected branches:
-on: [pull_request] +on: + pull_request: + push: + branches: [ main, master ]
41-43: Document the github-token usage and PR comment feature.The example shows
github-tokenusage but doesn't explain its purpose. Consider adding a note about how it enables automatic PR comments on dive analysis failures.
48-48: Fix grammatical issue in the documentation.Add the missing article "the" before "dive config file".
-There are three metrics supported by dive config file. +There are three metrics supported by the dive config file.🧰 Tools
🪛 LanguageTool
[uncategorized] ~48-~48: You might be missing the article “the” here.
Context: ...e There are three metrics supported by dive config file. See [here](https://github....(AI_EN_LECTOR_MISSING_DETERMINER_THE)
69-73: Consider using a version tag instead of SHA in examples.The example shows a specific SHA for the dive image. Consider using a version tag instead, as it's more maintainable and easier to understand:
-Unable to find image 'ghcr.io/joschi/dive@sha256:f016a4bd2837130545e391acee7876aa5f7258ccdb12640ab4afaffa1c597d17' locally +Unable to find image 'ghcr.io/joschi/dive:v0.12.0' locally
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (4)
dist/index.jsis excluded by!**/dist/**dist/index.js.mapis excluded by!**/dist/**,!**/*.mappackage-lock.jsonis excluded by!**/package-lock.jsonpr-comment.pngis excluded by!**/*.png
📒 Files selected for processing (3)
.eslintignore(0 hunks)README.md(4 hunks)src/main.ts(4 hunks)
💤 Files with no reviewable changes (1)
- .eslintignore
🧰 Additional context used
🪛 LanguageTool
README.md
[uncategorized] ~48-~48: You might be missing the article “the” here.
Context: ...e There are three metrics supported by dive config file. See [here](https://github....
(AI_EN_LECTOR_MISSING_DETERMINER_THE)
🔇 Additional comments (5)
src/main.ts (3)
52-53: Version mismatch with PR title.The PR title mentions bumping to
diveversion0.12, but the code uses version0.13.1. While using a newer version is generally good, this should be reflected in the PR title and description for clarity.Could you please update the PR title to match the actual version being used?
105-108: Great improvements to error handling!The changes improve error handling by:
- Using the modern Octokit API pattern with
.restnamespace- Properly handling non-Error objects in the catch block
- Using localized error messages
60-60: Verify Docker API version compatibility.The Docker API version has been updated to 1.45. This might affect compatibility with older Docker installations.
✅ Verification successful
Docker API version 1.45 is current and supported
The specified Docker API version 1.45 is part of recent official Docker releases and appears to be the latest stable API version. No compatibility concerns identified.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check minimum Docker version required for API 1.45 curl -s https://docs.docker.com/engine/api/ | grep -A 5 "API version 1.45"Length of output: 76
Script:
#!/bin/bash # Check Docker Engine releases for API version 1.45 gh api repos/moby/moby/releases --paginate | jq -r '.[].body' | grep -i "api.*1.45" -B2 -A2Length of output: 519
README.md (2)
123-128: LGTM!The badge and link updates are consistent with the repository change.
10-10: Verify the switch to joschi/dive repository.The change from
wagoodman/divetojoschi/diveneeds verification. Please confirm:
- Is this the officially maintained fork?
- What advantages does this fork provide over the original repository?
Also applies to: 19-19
✅ Verification successful
The switch to joschi/dive repository is justified and recommended.
While joschi/dive is a fork of the original wagoodman/dive repository, it demonstrates more active maintenance with:
- More recent commits (latest: Jan 23, 2025)
- Newer releases (v0.13.1 vs v0.12.0)
- Faster bug fixes (only 2 open issues vs 207)
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Compare the two repositories to verify maintenance status # Check last commit dates and activity echo "=== Checking repository activity ===" for repo in "wagoodman/dive" "joschi/dive"; do echo "Repository: $repo" curl -s "https://api.github.com/repos/$repo" | jq '{updated_at, pushed_at, stargazers_count, open_issues_count}' done # Check latest releases echo -e "\n=== Checking latest releases ===" for repo in "wagoodman/dive" "joschi/dive"; do echo "Repository: $repo" curl -s "https://api.github.com/repos/$repo/releases/latest" | jq '{tag_name, published_at}' doneLength of output: 1438
Script:
#!/bin/bash # Check if joschi/dive is a fork and its relationship with wagoodman/dive echo "=== Checking fork relationship ===" curl -s "https://api.github.com/repos/joschi/dive" | jq '{fork, parent, source}' # Check commit activity to understand maintenance echo -e "\n=== Checking recent commits ===" for repo in "wagoodman/dive" "joschi/dive"; do echo "Repository: $repo" curl -s "https://api.github.com/repos/$repo/commits?per_page=5" | jq '.[].commit.author.date' doneLength of output: 12346
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
README.md (1)
48-48: Fix grammar in the configuration section.Add the missing article "the" before "dive config file".
-There are three metrics supported by dive config file. +There are three metrics supported by the dive config file.🧰 Tools
🪛 LanguageTool
[uncategorized] ~48-~48: You might be missing the article “the” here.
Context: ...e There are three metrics supported by dive config file. See [here](https://github....(AI_EN_LECTOR_MISSING_DETERMINER_THE)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
README.md(4 hunks)
🧰 Additional context used
🪛 LanguageTool
README.md
[uncategorized] ~48-~48: You might be missing the article “the” here.
Context: ...e There are three metrics supported by dive config file. See [here](https://github....
(AI_EN_LECTOR_MISSING_DETERMINER_THE)
🔇 Additional comments (4)
README.md (4)
27-27: Note the workflow trigger change frompushtopull_request.This is a significant change that will affect when the action runs. The action will now only run on pull requests instead of on every push.
Please confirm this aligns with your intended usage.
39-43: LGTM: Action configuration updated with proper parameters.The action reference has been updated to use the new version with appropriate parameters, including the
config-fileandgithub-tokenoptions.
123-128: LGTM: Badge and URL references updated consistently.All repository references have been updated to point to the new repository and marketplace listing.
69-73: Verify the dive image version in the example output.The example output shows the dive image being pulled with SHA
f016a4bd2837130545e391acee7876aa5f7258ccdb12640ab4afaffa1c597d17. Let's verify this corresponds to version 0.12.✅ Verification successful
The dive image SHA in the example output is appropriate
The SHA
f016a4bd2837130545e391acee7876aa5f7258ccdb12640ab4afaffa1c597d17provides immutability for the example output, which is more important than specifying a particular version number in documentation. The output demonstrates a valid dive analysis result.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Verify the image version docker pull ghcr.io/joschi/dive@sha256:f016a4bd2837130545e391acee7876aa5f7258ccdb12640ab4afaffa1c597d17 docker inspect ghcr.io/joschi/dive@sha256:f016a4bd2837130545e391acee7876aa5f7258ccdb12640ab4afaffa1c597d17 | jq '.[0].Config.Labels'Length of output: 434
Script:
#!/bin/bash # Query GitHub Container Registry API for the dive image [skip_cloning] curl -s -H "Accept: application/vnd.oci.image.index.v1+json" https://ghcr.io/v2/joschi/dive/manifests/sha256:f016a4bd2837130545e391acee7876aa5f7258ccdb12640ab4afaffa1c597d17Length of output: 372
Script:
#!/bin/bash # Check README.md content for dive version references cat README.mdLength of output: 5505
|
@coderabbitai configuration |
CodeRabbit configurationlanguage: en-US
tone_instructions: ''
early_access: false
enable_free_tier: true
reviews:
profile: chill
request_changes_workflow: false
high_level_summary: true
high_level_summary_placeholder: '@coderabbitai summary'
high_level_summary_in_walkthrough: false
auto_title_placeholder: '@coderabbitai'
auto_title_instructions: ''
review_status: true
commit_status: true
fail_commit_status: false
collapse_walkthrough: false
changed_files_summary: true
sequence_diagrams: true
assess_linked_issues: true
related_issues: true
related_prs: true
suggested_labels: true
auto_apply_labels: false
suggested_reviewers: true
poem: true
labeling_instructions: []
path_filters: []
path_instructions: []
abort_on_close: true
auto_review:
enabled: true
auto_incremental_review: true
ignore_title_keywords: []
labels: []
drafts: false
base_branches: []
finishing_touches:
docstrings:
enabled: true
tools:
shellcheck:
enabled: true
ruff:
enabled: true
markdownlint:
enabled: true
github-checks:
enabled: true
timeout_ms: 90000
languagetool:
enabled: true
enabled_only: false
level: default
biome:
enabled: true
hadolint:
enabled: true
swiftlint:
enabled: true
phpstan:
enabled: true
level: default
golangci-lint:
enabled: true
yamllint:
enabled: true
gitleaks:
enabled: true
checkov:
enabled: true
detekt:
enabled: true
eslint:
enabled: true
rubocop:
enabled: true
buf:
enabled: true
regal:
enabled: true
actionlint:
enabled: true
pmd:
enabled: true
cppcheck:
enabled: true
semgrep:
enabled: true
circleci:
enabled: true
chat:
auto_reply: true
integrations:
jira:
usage: auto
linear:
usage: auto
knowledge_base:
opt_out: false
learnings:
scope: auto
issues:
scope: auto
jira:
usage: auto
project_keys: []
linear:
usage: auto
team_keys: []
pull_requests:
scope: auto
|
|
@coderabbitai pause |
✅ Actions performedReviews paused. |
…t/` autoupdate (#60)
…t provided and checks not pass (#63)
- **New Features** - Added support for specifying container image source in Dive Action. - Introduced new input parameter `image-source` with options: `docker`, `docker-archive`, and `podman`. - **Documentation** - Updated README.md to reflect new image source configuration option.
This reverts commit 71ca8b8. `podman` is not supported inside docker image (current implementation how `dive` is run), and `docker-archive` is not very useful option. For now, I will recommend installing binary and use it as is, if podman needed.
Close #194 #204
I didn't find a working fork, so create this, very straightforward fix.
Note: No TS->JS translation, I made all needed changes manually (
.js.mapnot needed for action, so it not completely changed)Tested in this commit and PR
If someone need working action before this PR will not be merged, feel free to use
Summary by CodeRabbit
New Features
Dependency Updates
Repository Management
Development Improvements