Update CI auto-formate#6237
Conversation
Sorry, something went wrong.
Signed-off-by: Yash Suthar <yashsuthar983@gmail.com>
WalkthroughCI workflows updated: rustfmt removed from the lint job; a new PR-targeted auto-format workflow runs Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant PR as Pull Request
participant GH as GitHub Actions
participant Core as Core Jobs (tests, clippy)
participant AF as Auto-format Job
participant Git as Git (commit/push)
participant Comment as PR Commenter
PR->>GH: open/update (pull_request_target)
GH->>Core: run tests & clippy (rustfmt removed)
Core-->>GH: status results
GH->>AF: start auto-format (if head commit != "[skip ci]" and required checks passed)
AF->>AF: setup toolchain (rustfmt), run `cargo fmt --all`
alt formatting changes detected
AF->>Git: commit with "[skip ci]" and push to PR branch
Git-->>AF: push success
AF->>Comment: post PR comment with auto-format details
else no changes
AF-->>GH: exit (already formatted)
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes
Possibly related PRs
Suggested reviewers
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Sorry, something went wrong.
|
I don't know why this failing but I tested on my fork with the help of different account too and its working. |
Sorry, something went wrong.
Co-authored-by: fanninpm <luxverdans@sbcglobal.net>
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
.github/workflows/ci.yaml (2)
452-462: Job dependency chain creates significant delay before formatting feedback.The job depends on 7 prior jobs, which means formatting comments won't appear until all of those jobs finish. Consider whether this is intentional (to avoid conflicts) or whether an earlier checkpoint would be preferable.
481-493: Usegit add -Ato capture all changes (including untracked files).Line 487 uses
git add -u, which only stages modifications to already-tracked files. Whilecargo fmttypically doesn't create new files, usinggit add -Aorgit add .is more defensive:- git add -u + git add -AAdditionally, consider checking the git push exit code to ensure the push succeeded before setting
formatted=true.
📜 Review details
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/ci.yaml(2 hunks)
🧰 Additional context used
🧠 Learnings (4)
📓 Common learnings
Learnt from: ShaharNaveh
Repo: RustPython/RustPython PR: 5932
File: .github/workflows/comment-commands.yml:18-24
Timestamp: 2025-07-10T10:08:43.330Z
Learning: In GitHub Actions workflows for the RustPython project, the maintainer ShaharNaveh prefers to keep workflows simple and doesn't mind if steps fail when the desired state is already achieved (e.g., user already assigned to an issue). Avoid suggesting complex error handling for edge cases they don't consider problematic.
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-11T05:06:59.971Z
Learning: Applies to **/*.rs : Format Rust code with the default rustfmt style (run `cargo fmt`)
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-11T05:06:59.971Z
Learning: Applies to **/*.rs : Run clippy and fix any warnings or lints introduced by your changes
📚 Learning: 2025-09-11T05:06:59.971Z
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-11T05:06:59.971Z
Learning: Applies to **/*.rs : Run clippy and fix any warnings or lints introduced by your changes
Applied to files:
.github/workflows/ci.yaml
📚 Learning: 2025-09-11T05:06:59.971Z
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-11T05:06:59.971Z
Learning: Applies to **/*.rs : Format Rust code with the default rustfmt style (run `cargo fmt`)
Applied to files:
.github/workflows/ci.yaml
📚 Learning: 2025-09-11T05:06:59.971Z
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-11T05:06:59.971Z
Learning: Applies to extra_tests/**/*.py : Use ruff to lint custom Python code
Applied to files:
.github/workflows/ci.yaml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)
- GitHub Check: Check Rust code with clippy
- GitHub Check: Run snippets and cpython tests on wasm-wasi
- GitHub Check: Run rust tests (windows-latest)
- GitHub Check: Run rust tests (ubuntu-latest)
- GitHub Check: Run snippets and cpython tests (macos-latest)
- GitHub Check: Run snippets and cpython tests (windows-latest)
- GitHub Check: Run tests under miri
- GitHub Check: Run snippets and cpython tests (ubuntu-latest)
- GitHub Check: Run rust tests (macos-latest)
- GitHub Check: Ensure compilation on various targets
- GitHub Check: Check the WASM package and demo
🔇 Additional comments (4)
.github/workflows/ci.yaml (4)
309-316: Lint job updates look good.Removing rustfmt from the lint step and dedicating it to the new auto_format_commit job is a clean separation of concerns.
465-475: Checkout and Rust setup are correct.Line 469 correctly uses
${{ github.event.pull_request.head.ref || github.ref_name }}to handle both PR and push events—good alignment with the past suggestion from fanninpm.
476-480: Cargo fmt command is standard and correct.
495-501: PR comment logic is sound.The conditional on line 496 correctly gates the comment to PR events, and the message is clear.
Sorry, something went wrong.
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: Length of output: 8609 🏁 Script executed: Length of output: 23955 @fanninpm The CI is failing because of how the Root CauseThe error in the logs shows: This happens because:
Why It Worked on the ForkWhen @YashSuthar983 tested this on their own fork, it worked because:
Additional Problem: Write PermissionsEven if the checkout issue were fixed, there's a security restriction: GitHub Actions from forked PRs don't have write permissions to the base repository by default. The workflow tries to push formatting changes back to the PR branch, which would fail for forked PRs. SolutionsFor this auto-format workflow to work properly with forked PRs, you have a few options:
The simplest fix would be option #2 - only auto-format for PRs from branches in the main repository, not from forks. 🧠 Learnings used |
Sorry, something went wrong.
|
@fanninpm i am still confused as when i tested with my different account where i fork my fork then make a pr ,there it works . |
Sorry, something went wrong.
Signed-off-by: Yash Suthar <yashsuthar983@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
.github/workflows/ci.yaml (1)
459-459: CRITICAL: Condition fails on pull_request events.Line 459 accesses
github.event.head_commit.message, which is only available onpushevents. The workflow triggers on bothpushandpull_request(lines 2–5), so this condition is broken for PR events. For PRs,github.event.head_commitisnull, causingcontains(null, '[skip ci]')to behave unpredictably—the job will likely run unconditionally.This matches the root cause identified in the previous review: the workflow works on your fork (where you have permissions) but fails here because the condition doesn't distinguish event types. Per previous review recommendations, the simplest fix is to skip auto-format for fork PRs by checking the event type:
- if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }} + if: ${{ github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) }}This skips the job for fork PRs (where you don't have write permissions anyway) and checks the commit message only on push events where the context is available.
🧹 Nitpick comments (1)
.github/workflows/ci.yaml (1)
459-459: Align skip condition with other jobs.Other jobs in this workflow use
!contains(github.event.pull_request.labels.*.name, 'skip:ci')to determine whether to run (lines 111, 176, 237, etc.). The new job uses a different mechanism: commit message matching. For consistency and predictability, consider aligning the auto-format job to use the same label-based skip pattern already established throughout the workflow:- if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }} + if: ${{ !contains(github.event.pull_request.labels.*.name, 'skip:ci') }}This ensures that all jobs respond to the same
skip:cilabel, making the workflow behavior uniform and easier to reason about.
📜 Review details
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/ci.yaml(2 hunks)
🧰 Additional context used
🧠 Learnings (5)
📓 Common learnings
Learnt from: ShaharNaveh
Repo: RustPython/RustPython PR: 5932
File: .github/workflows/comment-commands.yml:18-24
Timestamp: 2025-07-10T10:08:43.330Z
Learning: In GitHub Actions workflows for the RustPython project, the maintainer ShaharNaveh prefers to keep workflows simple and doesn't mind if steps fail when the desired state is already achieved (e.g., user already assigned to an issue). Avoid suggesting complex error handling for edge cases they don't consider problematic.
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-11T05:06:59.971Z
Learning: Applies to **/*.rs : Format Rust code with the default rustfmt style (run `cargo fmt`)
📚 Learning: 2025-09-11T05:06:59.971Z
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-11T05:06:59.971Z
Learning: Applies to **/*.rs : Run clippy and fix any warnings or lints introduced by your changes
Applied to files:
.github/workflows/ci.yaml
📚 Learning: 2025-09-11T05:06:59.971Z
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-11T05:06:59.971Z
Learning: Applies to **/*.rs : Format Rust code with the default rustfmt style (run `cargo fmt`)
Applied to files:
.github/workflows/ci.yaml
📚 Learning: 2025-07-10T10:08:43.330Z
Learnt from: ShaharNaveh
Repo: RustPython/RustPython PR: 5932
File: .github/workflows/comment-commands.yml:18-24
Timestamp: 2025-07-10T10:08:43.330Z
Learning: In GitHub Actions workflows for the RustPython project, the maintainer ShaharNaveh prefers to keep workflows simple and doesn't mind if steps fail when the desired state is already achieved (e.g., user already assigned to an issue). Avoid suggesting complex error handling for edge cases they don't consider problematic.
Applied to files:
.github/workflows/ci.yaml
📚 Learning: 2025-09-11T05:06:59.971Z
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-11T05:06:59.971Z
Learning: Applies to extra_tests/**/*.py : Use ruff to lint custom Python code
Applied to files:
.github/workflows/ci.yaml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)
- GitHub Check: Run snippets and cpython tests on wasm-wasi
- GitHub Check: Run snippets and cpython tests (windows-latest)
- GitHub Check: Run tests under miri
- GitHub Check: Check the WASM package and demo
- GitHub Check: Run snippets and cpython tests (macos-latest)
- GitHub Check: Run snippets and cpython tests (ubuntu-latest)
- GitHub Check: Check Rust code with clippy
- GitHub Check: Run rust tests (ubuntu-latest)
- GitHub Check: Run rust tests (windows-latest)
- GitHub Check: Run rust tests (macos-latest)
- GitHub Check: Ensure compilation on various targets
🔇 Additional comments (1)
.github/workflows/ci.yaml (1)
309-316: Lint job refactor looks good.Removing rustfmt from the lint job and moving it to a separate auto-format job is a clean separation of concerns. The lint job retains clippy for static analysis, which is appropriate.
Sorry, something went wrong.
There was a problem hiding this comment.
Actionable comments posted: 2
📜 Review details
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/pr-auto-commit.yaml(1 hunks)
🧰 Additional context used
🧠 Learnings (1)
📓 Common learnings
Learnt from: ShaharNaveh
Repo: RustPython/RustPython PR: 5932
File: .github/workflows/comment-commands.yml:18-24
Timestamp: 2025-07-10T10:08:43.330Z
Learning: In GitHub Actions workflows for the RustPython project, the maintainer ShaharNaveh prefers to keep workflows simple and doesn't mind if steps fail when the desired state is already achieved (e.g., user already assigned to an issue). Avoid suggesting complex error handling for edge cases they don't consider problematic.
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-11T05:06:59.971Z
Learning: Applies to **/*.rs : Format Rust code with the default rustfmt style (run `cargo fmt`)
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-11T05:06:59.971Z
Learning: Applies to **/*.rs : Run clippy and fix any warnings or lints introduced by your changes
🪛 actionlint (1.7.8)
.github/workflows/pr-auto-commit.yaml
69-69: "github.event.pull_request.head.ref" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/reference/security/secure-use#good-practices-for-mitigating-script-injection-attacks for more details
(expression)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)
- GitHub Check: Run rust tests (windows-latest)
- GitHub Check: Check the WASM package and demo
- GitHub Check: Run snippets and cpython tests on wasm-wasi
- GitHub Check: Run tests under miri
- GitHub Check: Run snippets and cpython tests (macos-latest)
- GitHub Check: Run rust tests (ubuntu-latest)
- GitHub Check: Run snippets and cpython tests (windows-latest)
- GitHub Check: Run snippets and cpython tests (ubuntu-latest)
- GitHub Check: Check Rust code with clippy
- GitHub Check: Run rust tests (macos-latest)
- GitHub Check: Ensure compilation on various targets
🔇 Additional comments (2)
.github/workflows/pr-auto-commit.yaml (2)
78-92: Well-designed PR comment notification.The PR comment step is appropriately gated to only run when formatting changes are detected, and the message clearly explains what happened and how to pull the latest changes. This is good UX.
37-46: ****The
poseidon/wait-for-status-checksaction waits until all watched checks succeed (or are skipped) or one fails, meaning it validates success and exits with failure if any check fails. The workflow will not proceed past that step if checks don't pass. The echo at lines 45–46 merely confirms that the validation passed; no additional verification is needed.Likely an incorrect or invalid review comment.
Sorry, something went wrong.
|
@fanninpm @youknowone now i have done diff approach here i used pull_request_target as this has more permissions then workflow_run . tested in pr |
Sorry, something went wrong.
Signed-off-by: Yash Suthar <yashsuthar983@gmail.com>
YashSuthar983
force-pushed
the
chore/ci-autoformat
branch
from
40a778d to
012693f
Compare
November 8, 2025 18:25
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (2)
.github/workflows/pr-auto-commit.yaml (2)
16-19: ⚠️ Critical: Add fork guard to prevent workflow failure on forked PRs.The job condition lacks a check to ensure the PR originates from the base repository. When this workflow runs on PRs from forked repositories, GitHub Actions in the base repo cannot push to the fork's branch, causing the workflow to fail. This is why the workflow succeeds in the author's fork but fails in the main repository.
Add a guard to skip auto-format for forked PRs:
auto_format: if: | !contains(github.event.pull_request.labels.*.name, 'skip:ci') && !contains(github.event.pull_request.head.sha, '[skip ci]') && + github.event.pull_request.head.repo.full_name == github.repositoryThis ensures the job only runs for PRs opened against the main repository, not forked PRs.
67-76: ⚠️ Major: Mitigate script injection risk by passing ref through environment variable.Line 76 directly interpolates
github.event.pull_request.head.refinto the inline shell script. An untrusted PR ref could be crafted to inject arbitrary shell commands. Per GitHub's security guidance, pass the ref through an environment variable instead:- name: Commit and push formatting changes if: steps.check_changes.outputs.has_changes == 'true' + env: + HEAD_REF: ${{ github.event.pull_request.head.ref }} run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" git add -u git commit -m "Auto-format code [skip ci]" - git push origin HEAD:${{ github.event.pull_request.head.ref }} + git push origin HEAD:"$HEAD_REF"
🧹 Nitpick comments (1)
.github/workflows/pr-auto-commit.yaml (1)
78-95: Minor: Consistent script variable handling in PR comment message.Line 94 also interpolates
${{ github.event.pull_request.head.ref }}directly. While this is in a message/documentation context (lower risk than the git push command), apply the same mitigation for consistency and to establish a pattern:- name: Comment on PR if: steps.check_changes.outputs.has_changes == 'true' + env: + HEAD_REF: ${{ github.event.pull_request.head.ref }} uses: marocchino/sticky-pull-request-comment@v2 with: number: ${{ github.event.pull_request.number }} message: | **Code has been automatically formatted** The code in this PR has been formatted using `cargo fmt`. The changes have been committed with `[skip ci]` to avoid triggering another CI run. **Triggered by commit:** `${{ github.event.pull_request.head.sha }}` **Last formatted:** ${{ github.event.pull_request.updated_at }} You may need to pull the latest changes before pushing again: ```bash - git pull origin ${{ github.event.pull_request.head.ref }} + git pull origin "$HEAD_REF" ```
📜 Review details
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/pr-auto-commit.yaml(1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings
Learnt from: ShaharNaveh
Repo: RustPython/RustPython PR: 5932
File: .github/workflows/comment-commands.yml:18-24
Timestamp: 2025-07-10T10:08:43.330Z
Learning: In GitHub Actions workflows for the RustPython project, the maintainer ShaharNaveh prefers to keep workflows simple and doesn't mind if steps fail when the desired state is already achieved (e.g., user already assigned to an issue). Avoid suggesting complex error handling for edge cases they don't consider problematic.
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-11T05:06:59.971Z
Learning: Applies to **/*.rs : Format Rust code with the default rustfmt style (run `cargo fmt`)
Learnt from: CR
Repo: RustPython/RustPython PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-11T05:06:59.971Z
Learning: Applies to **/*.rs : Run clippy and fix any warnings or lints introduced by your changes
📚 Learning: 2025-07-10T10:08:43.330Z
Learnt from: ShaharNaveh
Repo: RustPython/RustPython PR: 5932
File: .github/workflows/comment-commands.yml:18-24
Timestamp: 2025-07-10T10:08:43.330Z
Learning: In GitHub Actions workflows for the RustPython project, the maintainer ShaharNaveh prefers to keep workflows simple and doesn't mind if steps fail when the desired state is already achieved (e.g., user already assigned to an issue). Avoid suggesting complex error handling for edge cases they don't consider problematic.
Applied to files:
.github/workflows/pr-auto-commit.yaml
🪛 actionlint (1.7.8)
.github/workflows/pr-auto-commit.yaml
69-69: "github.event.pull_request.head.ref" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/reference/security/secure-use#good-practices-for-mitigating-script-injection-attacks for more details
(expression)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)
- GitHub Check: Check Rust code with clippy
- GitHub Check: Check the WASM package and demo
- GitHub Check: Run snippets and cpython tests (windows-latest)
- GitHub Check: Run snippets and cpython tests on wasm-wasi
- GitHub Check: Run snippets and cpython tests (ubuntu-latest)
- GitHub Check: Run rust tests (ubuntu-latest)
- GitHub Check: Run rust tests (windows-latest)
- GitHub Check: Run snippets and cpython tests (macos-latest)
- GitHub Check: Run rust tests (macos-latest)
- GitHub Check: Ensure compilation on various targets
Sorry, something went wrong.
|
I'm a bit concerned about the formatting failure, but let's give it another try. |
Sorry, something went wrong.
youknowone
merged commit 2d46172
into
RustPython:main
Nov 10, 2025
|
Great, it looks working well! https://github.com/RustPython/RustPython/actions/runs/19235980885/job/54985900338?pr=6234 |
Sorry, something went wrong.
|
Thank you so much! 👍 |
Sorry, something went wrong.
|
okay, not good in this case: https://github.com/RustPython/RustPython/actions/runs/19236037205/job/54989070706?pr=6234 |
Sorry, something went wrong.
|
@youknowone i guess its failing because fork using old auto-commit job, |
Sorry, something went wrong.
Reviewers
3 participants
After running all all test i have added a another which check the rust format and if its not correct it make a commit with
[skip ci] which tell github workflow to ignore this commit.
@youknowone now this should work. i tested again on my fork with different account for testing.
issue :#6204
Summary by CodeRabbit