Skip to content

Disambiguate process_one_submodule and pin actions/checkout by SHA#40

Merged
wpak-ai merged 4 commits into
cppalliance:masterfrom
whisper67265:fix/naming-clarity-and-SHA-action
Jun 29, 2026
Merged

Disambiguate process_one_submodule and pin actions/checkout by SHA#40
wpak-ai merged 4 commits into
cppalliance:masterfrom
whisper67265:fix/naming-clarity-and-SHA-action

Conversation

@whisper67265

@whisper67265 whisper67265 commented Jun 29, 2026

Copy link
Copy Markdown
Collaborator

Close #33, close #35.

Summary by CodeRabbit

  • New Features

    • Added automated Dependabot checks for GitHub Actions updates on a weekly schedule.
    • Added workflow automation to create and manage module-related mirror repositories.
  • Bug Fixes

    • Updated multiple workflows to use fully pinned actions/checkout versions for more consistent CI behavior.
    • Improved submodule/mirror synchronization orchestration across translation-related workflows.
  • Chores / Tests

    • Expanded linting scope for the new workflow helper script.
    • Added and extended automated tests and test helpers covering mirror setup and syncing scenarios.

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d65989a7-9861-4aec-8dfc-0011a7381401

📥 Commits

Reviewing files that changed from the base of the PR and between c9ef00c and 3967597.

📒 Files selected for processing (3)
  • .github/workflows/assets/add_submodules.sh
  • tests/helpers/mock_gh.bash
  • tests/test_add_one_submodule.bats
🚧 Files skipped from review as they are similar to previous changes (3)
  • tests/helpers/mock_gh.bash
  • .github/workflows/assets/add_submodules.sh
  • tests/test_add_one_submodule.bats

📝 Walkthrough

Walkthrough

The PR extracts add-submodule mirror creation into a new helper script, renames the translation helper to sync_one_submodule, updates workflow call sites and tests, and pins actions/checkout across workflows while adding Dependabot.

Changes

Submodule helper split and sync rename

Layer / File(s) Summary
Add mirror creation helper script
.github/workflows/assets/add_submodules.sh
Adds create_repo, set_default_branch, create_new_repo_and_push, and add_one_submodule for mirror repo creation and publication.
Rename sync helper and update workflow call sites
.github/workflows/assets/translation.sh, .github/workflows/assets/lib.sh, .github/workflows/add-submodules.yml, .github/workflows/start-translation.yml
Renames process_one_submodule to sync_one_submodule, updates shared comments, and switches both workflows to the new helper names.
Test helpers and gh fixture support
tests/helpers/common.bash, tests/helpers/git_fixtures.bash, tests/helpers/mock_gh.bash
Adds add-submodules loaders and globals, exports the fixture root, configures GitHub URL rewriting, and extends the gh mock for repo creation and PATCH calls.
Add add_one_submodule and sync_one_submodule tests
tests/test_add_one_submodule.bats, tests/test_sync_one_submodule.bats
Adds coverage for add-one-submodule success and failure paths, and updates sync tests to the new helper name plus an invalid START_PHASE case.

Checkout pinning and Dependabot

Layer / File(s) Summary
Pin checkout actions and add Dependabot
.github/dependabot.yml, .github/workflows/*.yml, .github/workflows/assets/create-tag.yml, scripts/lint.sh
Pins actions/checkout to a v4.3.1 commit SHA or matching comment across workflows, adds Dependabot for weekly grouped github-actions updates, and includes the new helper in ShellCheck.

Sequence Diagram(s)

sequenceDiagram
  participant add_one_submodule
  participant gh
  participant git
  participant GitHub_repo

  add_one_submodule->>gh: repo create
  add_one_submodule->>git: clone / prune / commit / push
  add_one_submodule->>gh: api PATCH default_branch
  gh->>GitHub_repo: create/update mirror repo
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related issues

  • #33: The PR implements the naming split between add_one_submodule and sync_one_submodule, updates shared comments, and updates Bats tests accordingly.
  • Security: pin actions/checkout by SHA in add-submodules.yml #35: The PR pins actions/checkout and adds Dependabot for github-actions updates, matching that issue’s objectives.

Possibly related PRs

Suggested reviewers

  • henry0816191
  • wpak-ai

Poem

🐇 I hop through mirrors, neat and bright,
With sync and add now named just right.
Pinned SHAs twinkle, Dependabot hums,
While bash and bats keep steady drums.

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Out of Scope Changes check ⚠️ Warning The PR also adds Dependabot config and pins multiple workflows to a checkout SHA, which are not required by linked issue #33. Split the checkout pinning and Dependabot updates into a separate PR, or add a linked issue that explicitly covers them.
Docstring Coverage ⚠️ Warning Docstring coverage is 54.17% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly covers the function rename and checkout SHA pinning, which are the main changes in the PR.
Linked Issues check ✅ Passed The changes satisfy #33 by using add_one_submodule for add-submodules, sync_one_submodule for sync paths, updating docs, and adjusting Bats tests.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

Comment thread tests/test_process_submodule.bats
Comment thread .github/workflows/add-submodules.yml Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
.github/workflows/add-submodules.yml (1)

125-131: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Preserve the fatal return-code contract for create/push failures.

This loop only treats rc == 2 as fatal, but .github/workflows/assets/add_submodules.sh:67 currently returns the raw status from create_new_repo_and_push. If that helper fails with status 1, it is handled as a skip here instead of failing the workflow.

🐛 Proposed fix in the helper
-  create_new_repo_and_push "$MODULE_ORG" "$sub_name" "$sub_clone" "$org_repo_url" "$libs_ref"
+  create_new_repo_and_push "$MODULE_ORG" "$sub_name" "$sub_clone" "$org_repo_url" "$libs_ref" || return 2
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/add-submodules.yml around lines 125 - 131, The submodule
creation flow in add_submodules is only treating rc == 2 as fatal, but
add_submodules.sh’s create_new_repo_and_push path can return a raw 1 and get
misclassified as a skip. Update the helper so create_new_repo_and_push maps
create/push failures to the agreed fatal status used by the workflow loop, and
keep the contract aligned with add_one_submodule and record_submodule_fatal so
any create/push error increments the fatal count instead of being ignored.
🧹 Nitpick comments (1)
tests/helpers/mock_gh.bash (1)

34-36: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Record PATCH calls instead of auto-succeeding them.

This makes the new set_default_branch() path effectively untestable: create_new_repo_and_push() can stop issuing the PATCH, or send the wrong repo/branch, and the suite still passes. Capture the PATCH arguments (and ideally gate the exit code behind a MOCK_GH_PATCH_EXIT variable) so the success-path test can assert the default-branch update.

Proposed change
   api)
     if [[ "${1:-}" == "--method" && "${2:-}" == "PATCH" ]]; then
-      exit 0
+      export MOCK_GH_LAST_PATCH="${*:3}"
+      exit "${MOCK_GH_PATCH_EXIT:-0}"
     fi
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/helpers/mock_gh.bash` around lines 34 - 36, The PATCH handling in
mock_gh.bash currently auto-succeeds, which hides whether set_default_branch()
is actually being called correctly from create_new_repo_and_push(). Update the
gh mock’s PATCH branch to record the incoming arguments (repo/branch details)
instead of immediately exiting 0, and optionally make the exit behavior
configurable through a MOCK_GH_PATCH_EXIT variable so tests can still force
success. Then adjust the success-path assertions to verify the default-branch
update was issued with the expected repository and branch values.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In @.github/workflows/add-submodules.yml:
- Around line 125-131: The submodule creation flow in add_submodules is only
treating rc == 2 as fatal, but add_submodules.sh’s create_new_repo_and_push path
can return a raw 1 and get misclassified as a skip. Update the helper so
create_new_repo_and_push maps create/push failures to the agreed fatal status
used by the workflow loop, and keep the contract aligned with add_one_submodule
and record_submodule_fatal so any create/push error increments the fatal count
instead of being ignored.

---

Nitpick comments:
In `@tests/helpers/mock_gh.bash`:
- Around line 34-36: The PATCH handling in mock_gh.bash currently auto-succeeds,
which hides whether set_default_branch() is actually being called correctly from
create_new_repo_and_push(). Update the gh mock’s PATCH branch to record the
incoming arguments (repo/branch details) instead of immediately exiting 0, and
optionally make the exit behavior configurable through a MOCK_GH_PATCH_EXIT
variable so tests can still force success. Then adjust the success-path
assertions to verify the default-branch update was issued with the expected
repository and branch values.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 916a448c-fad0-4010-b1e4-dc0bd510453a

📥 Commits

Reviewing files that changed from the base of the PR and between d34e471 and c9ef00c.

📒 Files selected for processing (8)
  • .github/workflows/add-submodules.yml
  • .github/workflows/assets/add_submodules.sh
  • scripts/lint.sh
  • tests/helpers/common.bash
  • tests/helpers/git_fixtures.bash
  • tests/helpers/mock_gh.bash
  • tests/test_add_one_submodule.bats
  • tests/test_sync_one_submodule.bats
💤 Files with no reviewable changes (1)
  • tests/test_sync_one_submodule.bats
✅ Files skipped from review due to trivial changes (1)
  • scripts/lint.sh

@whisper67265 whisper67265 requested a review from wpak-ai June 29, 2026 20:12
@wpak-ai wpak-ai merged commit fdcd230 into cppalliance:master Jun 29, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Security: pin actions/checkout by SHA in add-submodules.yml Naming clarity: disambiguate process_one_submodule

3 participants