Install Pulumi in devcontainer (when needed)#141
Merged
Conversation
📝 WalkthroughWalkthroughRefines Claude Bash GitHub CLI permissions, adds a skip flag to control Pulumi CLI installation across scripts/actions/workflows, updates the devcontainer context hash, and expands AGENTS.md testing guidance. Changes
Sequence Diagram(s)sequenceDiagram
participant Dev as Developer/CI
participant Action as install_deps Action
participant Script as manual-setup-deps.py
participant Installer as install-pulumi-cli.sh
Note over Dev,Action: Workflow run or local setup triggers
Dev->>Action: invoke `./.github/actions/install_deps` (input: skip-installing-pulumi-cli=true/false)
Action->>Script: run `manual-setup-deps.py` (appends `--skip-installing-pulumi-cli` when true)
Script->>Script: run uv sync, check platform & lockfile for "pulumi"
alt skip flag true OR conditions not met
Script->>Action: skip Pulumi installer
else conditions met and skip false
Script->>Installer: execute `.devcontainer/install-pulumi-cli.sh`
Installer->>Script: return install result
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.claude/settings/permissions/bash.jsonc:
- Around line 94-95: The blanket deny entry "Bash(gh pr *)" breaks read-only PR
workflows used by the polish command; remove that blanket deny and replace it
with explicit allow entries for read-only commands (e.g., "Bash(gh pr view)" and
"Bash(gh pr diff)") and explicit deny entries for mutating PR commands (e.g.,
"Bash(gh pr create)", "Bash(gh pr close)", "Bash(gh pr merge)", "Bash(gh pr
checkout)", "Bash(gh pr comment)", "Bash(gh pr edit)", "Bash(gh pr reopen)").
Update the permissions JSON where "Bash(gh pr *)" appears so the polish workflow
referenced in .claude/commands/polish.md can use gh pr view/diff while still
preventing any mutating PR operations.
In @.devcontainer/manual-setup-deps.py:
- Around line 136-145: The Pulumi install block runs even when lock-only mode is
active; update the conditional that gates the subprocess.run call so it also
checks the lock-only flag (e.g., add "and not generate_lock_file_only" or "and
not args.only_create_lock") so the block (which checks
args.skip_installing_pulumi_cli, platform.system(), env.lock_file.exists(),
'"pulumi"' in env.lock_file.read_text() and then calls subprocess.run to run
install-pulumi-cli.sh) is skipped when
generate_lock_file_only/--only-create-lock is set.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 4c8c6789-5a07-4549-a1af-202df0bb77b1
📒 Files selected for processing (7)
.claude/settings/permissions/bash.jsonc.devcontainer/devcontainer.json.devcontainer/manual-setup-deps.pyAGENTS.mdtemplate/.github/actions/install_deps/action.yml.jinja-basetemplate/.github/workflows/pre-commit.yaml.jinja-basetemplate/template/.github/workflows/{% if template_uses_pulumi %}pulumi-aws.yml{% endif %}.jinja-base
There was a problem hiding this comment.
♻️ Duplicate comments (1)
.claude/settings/permissions/bash.jsonc (1)
96-103:⚠️ Potential issue | 🟠 MajorThe PR hard-block list is still incomplete.
Blocking
gh pr reviewis not enough here: GitHub CLI still exposes separate PR-mutating commands such asgh pr comment,gh pr lock,gh pr reopen,gh pr revert,gh pr unlock, andgh pr update-branch, and none of them are denied in this block. That leaves Line 97’s “should not ever interfere with the PR process” policy only partially enforced. (cli.github.com)Suggested deny expansion
"Bash(gh pr create *)", + "Bash(gh pr comment *)", "Bash(gh pr edit *)", + "Bash(gh pr lock *)", "Bash(gh pr ready *)", + "Bash(gh pr reopen *)", "Bash(gh pr review *)", "Bash(gh pr merge *)", "Bash(gh pr close *)", + "Bash(gh pr revert *)", + "Bash(gh pr unlock *)", + "Bash(gh pr update-branch *)",🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.claude/settings/permissions/bash.jsonc around lines 96 - 103, The PR hard-block list is incomplete: extend the deny entries alongside the existing "Bash(gh pr create *)", "Bash(gh pr edit *)", "Bash(gh pr ready *)", "Bash(gh pr review *)", "Bash(gh pr merge *)", "Bash(gh pr close *)" to also include other PR-mutating GitHub CLI commands such as "Bash(gh pr comment *)", "Bash(gh pr lock *)", "Bash(gh pr reopen *)", "Bash(gh pr revert *)", "Bash(gh pr unlock *)", and "Bash(gh pr update-branch *)" so the intent from the comment (“should not ever interfere with the PR process”) is fully enforced.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In @.claude/settings/permissions/bash.jsonc:
- Around line 96-103: The PR hard-block list is incomplete: extend the deny
entries alongside the existing "Bash(gh pr create *)", "Bash(gh pr edit *)",
"Bash(gh pr ready *)", "Bash(gh pr review *)", "Bash(gh pr merge *)", "Bash(gh
pr close *)" to also include other PR-mutating GitHub CLI commands such as
"Bash(gh pr comment *)", "Bash(gh pr lock *)", "Bash(gh pr reopen *)", "Bash(gh
pr revert *)", "Bash(gh pr unlock *)", and "Bash(gh pr update-branch *)" so the
intent from the comment (“should not ever interfere with the PR process”) is
fully enforced.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 12618970-1509-4a40-a106-e5e81d1528d1
📒 Files selected for processing (3)
.claude/settings/permissions/bash.jsonc.devcontainer/devcontainer.json.devcontainer/manual-setup-deps.py
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@AGENTS.md`:
- Line 55: Update the contradictory guidance so there's one rule: prohibit using
`pnpm --prefix <path>`, `uv --directory <path>`, or `cd &&` chains and require
using absolute paths (or commands that include absolute paths) when running
terminal commands; remove the allowance that permits a separate `cd <path>` call
and instead state that the working directory should be set outside agent
commands or ensured by the caller, and that the cwd persistence between Bash
tool calls may not be relied on—always prefer absolute paths to avoid breaking
the permission allow-list matcher.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: b516dc51-5bcb-410e-82cf-362de18ec4a6
📒 Files selected for processing (1)
AGENTS.md
| - For linting and type-checking, prefer `pre-commit run <hook-id>` over invoking tools directly — this matches the permission allow-list and mirrors what CI runs. Key hook IDs: `typescript-check`, `eslint`, `pyright`, `ruff`, `ruff-format`. | ||
| - Never rely on IDE diagnostics for ruff warnings — the IDE may not respect the project's ruff.toml config. Run `pre-commit run ruff -a` to get accurate results. | ||
| - When running terminal commands, execute exactly one command per tool call. Do not chain commands with &&, ||, ;, or & — this prohibition has no exceptions, even for `cd && ...` patterns. Use absolute paths instead of `cd` to avoid needing to chain. Pipes (|) are allowed for output transformation (e.g., head, tail, grep). If two sequential commands are needed, run them in separate tool calls. Chained commands break the permission allow-list matcher and cause unnecessary permission prompts | ||
| - Never use `pnpm --prefix <path>` or `uv --directory <path>` to target a different directory — these flags break the permission allow-list matcher the same way chained `cd &&` commands do. Instead, rely on the working directory already being correct (the cwd persists between Bash tool calls), or issue a plain `cd <path>` as a separate prior tool call to reposition before running the command. |
There was a problem hiding this comment.
Resolve contradiction with Line 54 about cd usage.
Line 55 allows a separate cd <path> call, but Line 54 says to use absolute paths instead of cd. Please reconcile into one consistent rule so agents don’t get conflicting directives.
Based on learnings: "When running terminal commands... Use absolute paths instead of cd to avoid needing to chain."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@AGENTS.md` at line 55, Update the contradictory guidance so there's one rule:
prohibit using `pnpm --prefix <path>`, `uv --directory <path>`, or `cd &&`
chains and require using absolute paths (or commands that include absolute
paths) when running terminal commands; remove the allowance that permits a
separate `cd <path>` call and instead state that the working directory should be
set outside agent commands or ensured by the caller, and that the cwd
persistence between Bash tool calls may not be relied on—always prefer absolute
paths to avoid breaking the permission allow-list matcher.
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
AGENTS.md (1)
54-55:⚠️ Potential issue | 🟠 MajorResolve conflicting directory-execution guidance (
cdvs absolute paths).These lines now instruct using separate
cdcalls and relying on cwd persistence, which conflicts with the established rule to use absolute paths and avoidcd-dependent flows. Please keep one consistent rule to prevent allow-list mismatches and brittle command behavior.Based on learnings: "When running terminal commands, execute exactly one command per tool call. Do not chain commands with &&, ||, ;, or &. Use absolute paths instead of
cdto avoid needing to chain. Pipes (|) are allowed for output transformation."🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@AGENTS.md` around lines 54 - 55, The two bullets conflict over whether to use cd/cwd persistence or absolute paths; choose the absolute-path rule and remove/replace the cd/cwd guidance: update the first bullet ("When running terminal commands, execute exactly one command per tool call. Do not chain... Use `cd` to change to the directory you want before running the command...") to instead require absolute paths (e.g., "Use absolute paths rather than changing directories or chaining commands") and remove the sentence about cwd persistence, and update the second bullet ("Never use `pnpm --prefix <path>` or `uv --directory <path>`... Instead, rely on the working directory... or issue a plain `cd <path>`") to explicitly forbid `pnpm --prefix` and `uv --directory` and instruct contributors to use absolute paths for targets or run a single prior tool call that uses an absolute path; ensure both bullets consistently reference and prohibit chaining (&&, ||, ;, &) and allow pipes (|).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.claude/settings/permissions/bash.jsonc:
- Around line 96-106: The deny list for GitHub PR commands omits the mutating
action to reopen PRs; add the entry "Bash(gh pr reopen *)" alongside the other
denied commands (e.g., "Bash(gh pr create *)", "Bash(gh pr edit *)") so that
reopen operations are blocked as intended; update the permissions array to
include this exact string to ensure "gh pr reopen" is treated as a denied Bash
action.
---
Duplicate comments:
In `@AGENTS.md`:
- Around line 54-55: The two bullets conflict over whether to use cd/cwd
persistence or absolute paths; choose the absolute-path rule and remove/replace
the cd/cwd guidance: update the first bullet ("When running terminal commands,
execute exactly one command per tool call. Do not chain... Use `cd` to change to
the directory you want before running the command...") to instead require
absolute paths (e.g., "Use absolute paths rather than changing directories or
chaining commands") and remove the sentence about cwd persistence, and update
the second bullet ("Never use `pnpm --prefix <path>` or `uv --directory
<path>`... Instead, rely on the working directory... or issue a plain `cd
<path>`") to explicitly forbid `pnpm --prefix` and `uv --directory` and instruct
contributors to use absolute paths for targets or run a single prior tool call
that uses an absolute path; ensure both bullets consistently reference and
prohibit chaining (&&, ||, ;, &) and allow pipes (|).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: cb85ee48-4e44-46a2-80bc-3171287d2cdd
📒 Files selected for processing (3)
.claude/settings/permissions/bash.jsoncAGENTS.mdtemplate/template/.github/workflows/{% if template_uses_pulumi %}pulumi-aws.yml{% endif %}.jinja-base
Comment on lines
+96
to
+106
| // Github | ||
| // Claude should not ever interfere with the PR process, that is how we gate AI's work | ||
| "Bash(gh pr create *)", | ||
| "Bash(gh pr edit *)", | ||
| "Bash(gh pr ready *)", | ||
| "Bash(gh pr review *)", | ||
| "Bash(gh pr merge *)", | ||
| "Bash(gh pr close *)", | ||
| "Bash(gh pr comment *)", | ||
| "Bash(gh pr update-branch *)", | ||
|
|
There was a problem hiding this comment.
Consider adding gh pr reopen * to the deny list.
The deny list comprehensively blocks PR mutation commands, but gh pr reopen * is missing. Reopening a closed PR is a mutating operation that could interfere with the PR process, which contradicts the stated intent in the comment on lines 97-98.
Suggested fix
"Bash(gh pr close *)",
"Bash(gh pr comment *)",
"Bash(gh pr update-branch *)",
+ "Bash(gh pr reopen *)",📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| // Github | |
| // Claude should not ever interfere with the PR process, that is how we gate AI's work | |
| "Bash(gh pr create *)", | |
| "Bash(gh pr edit *)", | |
| "Bash(gh pr ready *)", | |
| "Bash(gh pr review *)", | |
| "Bash(gh pr merge *)", | |
| "Bash(gh pr close *)", | |
| "Bash(gh pr comment *)", | |
| "Bash(gh pr update-branch *)", | |
| // Github | |
| // Claude should not ever interfere with the PR process, that is how we gate AI's work | |
| "Bash(gh pr create *)", | |
| "Bash(gh pr edit *)", | |
| "Bash(gh pr ready *)", | |
| "Bash(gh pr review *)", | |
| "Bash(gh pr merge *)", | |
| "Bash(gh pr close *)", | |
| "Bash(gh pr comment *)", | |
| "Bash(gh pr update-branch *)", | |
| "Bash(gh pr reopen *)", |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.claude/settings/permissions/bash.jsonc around lines 96 - 106, The deny list
for GitHub PR commands omits the mutating action to reopen PRs; add the entry
"Bash(gh pr reopen *)" alongside the other denied commands (e.g., "Bash(gh pr
create *)", "Bash(gh pr edit *)") so that reopen operations are blocked as
intended; update the permissions array to include this exact string to ensure
"gh pr reopen" is treated as a denied Bash action.
idonaldson
approved these changes
Mar 30, 2026
This was referenced Mar 30, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why is this change necessary?
It was annoying not having it available by default.
How does this change address the issue?
If the lock file has been generated, then when manual-setup-deps.py is run, the Pulumi CLI will be installed
What side effects does this change have?
CI actions needed to be tweaked to not install the Pulumi CLI when not needed (e.g. for running pre-commit hooks)
How is this change tested?
Downstream repos
Other
Updated some agent instructions and claude permissions
Summary by CodeRabbit
New Features
Documentation
Chores