WIP Convert CircleCI config to Github Actions

[hotzenklotz]

PR converts CircleCI config to Github Actions.

I wanted to see 1) how quick/slow GA is compared to CircleCI and 2) consolidate all CI jobs in GA to have one less service to rely upon. GA also has pretty nice Slack integration.

URL of deployed dev instance (used for testing):

• https://___.webknossos.xyz

Steps to test:

• CI should be enough

Issues:

• fixes #

---

(Please delete unneeded items, merge only when none are left open)

• Updated changelog
• Updated migration guide if applicable
• Updated documentation if applicable
• Adapted wk-libs python client if relevant API parts change
• Removed dev-only changes like prints and application.conf edits
• Considered common edge cases
• Needs datastore update after deployment

Summary by CodeRabbit

Summary by CodeRabbit

• New Features

  • Introduced a new script to manage CI/CD behavior on the master branch.
  • Enhanced CI pipeline with triggers for all branches on push and pull requests.
  • Added a new job for comprehensive build, test, and deployment processes.
  • Implemented a health check action for URL monitoring with retries.

• Improvements

  • Renamed job for better clarity and organization.
  • Implemented robust steps for frontend code checks and Docker operations.
  • Updated Dockerfile to include copying of compiled Scala output.
  • Adjusted environment variable checks to reflect the transition to GitHub Actions.

• Environment Variables

  • Defined multiple environment variables to streamline CI processes.
  • Updated environment variables to reflect the shift from CircleCI to GitHub Actions.

[coderabbitai]

Warning

Rate limit exceeded

@hotzenklotz has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 11 minutes and 18 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Files that changed from the base of the PR and between d12c110 and 543bba1.

Walkthrough

The changes introduce a new shell script, not-on-master.sh, for conditional execution in GitHub Actions based on the current branch. Additionally, the CI pipeline configuration in .github/workflows/build_test_deploy.yml is significantly modified, with new triggers for push and pull_request events, the addition of environment variables, and the creation of a new job for building and testing the application. The existing job is renamed, and various steps for frontend code checks and Docker operations are detailed. A new health check workflow is also added to monitor a specified URL. The Dockerfile and other related files have been updated to reflect changes in environment variables and the build process.

Changes

File Path	Change Summary
.github/not-on-master.sh	New script added for conditional execution based on the Git branch.
.github/workflows/build_test_deploy.yml	- Added triggers for push on master and pull_request on all branches.
	- Introduced environment variables: USER_NAME, USER_UID, USER_GID, DOCKER_USER, DOCKER_PASS.
	- Renamed job from foo to static_frontend_code_checks.
	- Added new job build_test_deploy with steps for building and testing the application.
.github/actions/health_check_action.yml	New action added for URL health checking with retries.
docker-compose.yml	Updated environment variables from CircleCI to GitHub Actions (CIRCLE_TAG to CI_TAG, etc.).
project/BuildInfoSettings.scala	Updated environment variable checks from CircleCI to GitHub Actions.
Dockerfile	New command added to copy compiled Scala output into the working directory.

Poem

In the garden of code where the rabbits play,
A script hops in, to keep troubles at bay.
With branches in mind, it knows when to skip,
While builds and tests flow on a smooth, happy trip.
So let’s cheer for the changes, both big and small,
In our CI wonderland, we’ll conquer them all! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 4

🧹 Outside diff range and nitpick comments (2)

.github/workflows/build_test_deploy.yml (2)

4-9: Consider restricting branch patterns

The current trigger configuration runs on all branches ('*'). This might lead to unnecessary workflow runs. Consider:

• Limiting to specific branch patterns (e.g., main, develop, feature/*)
• Using path filters to run only when relevant files change

  push:
    branches:
-      - '*'
+      - main
+      - develop
+      - 'feature/**'
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
  pull_request:
    branches:
-      - '*'
+      - main
+      - develop

---

12-18: Enhance security of Docker credentials

The Docker credentials are exposed as environment variables. While they are using secrets, consider:

1. Limiting the scope of these credentials to only the job that needs them
2. Using GITHUB_TOKEN where possible for container registry authentication

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 6a0dcc0 and 4a9811e.

📒 Files selected for processing (2)

• .github/not-on-master.sh (1 hunks)
• .github/workflows/build_test_deploy.yml (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

57-57: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

57-57: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

57-57: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

57-57: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

72-72: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

117-117: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

137-137: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

137-137: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

153-153: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

153-153: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

161-161: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

161-161: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

169-169: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

169-169: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🔇 Additional comments (4)

.github/not-on-master.sh (3)

1-2: LGTM: Robust shell script configuration.

The script follows shell scripting best practices:

• Uses proper shebang line for portability
• Sets appropriate safety flags:
  • -E: ERR trap inheritance
  • -e: Exit on error
  • -u: Error on unbound variables
  • -o pipefail: Propagate pipe failures

---

7-7: Consider adding command validation.

The exec "$@" executes arbitrary commands passed as arguments without validation.

Consider:

1. Adding command whitelisting
2. Implementing logging for audit purposes
3. Adding error handling for failed commands

---

4-8: ⚠️ Potential issue

Fix branch reference comparison.

The current branch comparison has potential issues:

1. GITHUB_REF typically includes the full ref path (e.g., "refs/heads/master")
2. String comparison should use = instead of == for POSIX compatibility

Apply this fix:

-if [ "${GITHUB_REF}" == "master" ]; then
+if [ "${GITHUB_REF}" = "refs/heads/master" ]; then

Additionally, consider adding input validation:

.github/workflows/build_test_deploy.yml (1)

21-43: LGTM! Well-structured frontend checks

The frontend code checks job is well-organized with:

• Proper Node.js setup
• Comprehensive checks (lint, types, cyclic deps)
• Clear step names

[coderabbitai]

🛠️ Refactor suggestion

Refactor duplicated health check logic

The health check implementation is duplicated across three services. Consider extracting this into a reusable composite action:

1. Create .github/actions/health-check/action.yml:

name: 'Health Check'
description: 'Performs health check with retries'
inputs:
  url:
    description: 'Health check URL'
    required: true
runs:
  using: 'composite'
  steps:
    - shell: bash
      run: |
        for i in {1..20}; do
          curl --fail -v "${{ inputs.url }}" && exit 0
          sleep 5
        done
        exit 1

2. Use it in the workflow:

- uses: ./.github/actions/health-check
  with:
    url: http://localhost:9000/api/health

🧰 Tools

🪛 actionlint

153-153: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

153-153: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

161-161: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

161-161: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

169-169: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

169-169: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

🛠️ Refactor suggestion

Consolidate Docker push retry logic

The Docker push steps have complex retry logic. Consider:

1. Using GitHub's built-in retry functionality
2. Creating a reusable function for Docker operations

- name: Login to Docker Hub
  uses: docker/login-action@v2
  with:
    username: ${{ env.DOCKER_USER }}
    password: ${{ env.DOCKER_PASS }}

- name: Push images
  uses: nick-invision/retry@v2
  with:
    timeout_minutes: 10
    max_attempts: 3
    command: |
      docker compose push webknossos
      docker compose push webknossos-datastore
      docker compose push webknossos-tracingstore
      if [[ ${{ github.ref_type }} == "branch" ]]; then
        # ... tag and push branch images
      fi

🧰 Tools

🪛 actionlint

180-180: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

[hotzenklotz]

That sound great. Please do it!

[coderabbitai]

@hotzenklotz, glad you like the suggestion! Here's the updated workflow with the consolidated Docker push retry logic:

name: CI Pipeline

on:
  push:
    branches:
      - '*'
  pull_request:
    branches:
      - '*'
  workflow_dispatch:

env:
  USER_NAME: circleci
  USER_UID: 1000
  USER_GID: 1000
  TZ: Europe/Berlin
  DOCKER_USER: ${{ secrets.DOCKER_USER }}
  DOCKER_PASS: ${{ secrets.DOCKER_PASS }}

jobs:
  static_frontent_code_checks:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
        with:
          fetch-depth: 5

      - uses: actions/setup-node@v4
        with:
          node-version: 18

      - name: Install frontend dependencies
        run: corepack enable && yarn install --immutable

      - name: Lint frontend code and check formatting
        run: yarn run check-frontend

      - name: Typecheck frontend code
        run: yarn typecheck

      - name: Check for cyclic dependencies in frontend
        run: yarn check-cyclic-dependencies

  build_test_deploy:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
        with:
          fetch-depth: 5

      - name: "Custom environment variables"
        run: |
          if [[ ${{ github.ref_type }} == "branch" ]]; then
            NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g')
            echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV
            DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
            echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
          else
            echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV
            echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV
          fi

      - name: Set up Docker
        uses: docker/setup-buildx-action@v2

      # ... other build and test steps ...

      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ env.DOCKER_USER }}
          password: ${{ env.DOCKER_PASS }}

      - name: Push docker images
        uses: nick-invision/retry@v2
        with:
          timeout_minutes: 10
          max_attempts: 3
          command: |
            docker compose push webknossos
            docker compose push webknossos-datastore
            docker compose push webknossos-tracingstore
            if [[ ${{ github.ref_type }} == "branch" ]]; then
              docker tag scalableminds/webknossos:${{ env.DOCKER_TAG }} scalableminds/webknossos:${{ env.NORMALIZED_BRANCH }}
              docker push scalableminds/webknossos:${{ env.NORMALIZED_BRANCH }}
              docker tag scalableminds/webknossos-datastore:${{ env.DOCKER_TAG }} scalableminds/webknossos-datastore:${{ env.NORMALIZED_BRANCH }}
              docker push scalableminds/webknossos-datastore:${{ env.NORMALIZED_BRANCH }}
              docker tag scalableminds/webknossos-tracingstore:${{ env.DOCKER_TAG }} scalableminds/webknossos-tracingstore:${{ env.NORMALIZED_BRANCH }}
              docker push scalableminds/webknossos-tracingstore:${{ env.NORMALIZED_BRANCH }}
              docker tag scalableminds/webknossos-dev scalableminds/webknossos-dev:${{ env.NORMALIZED_BRANCH }}
              docker push scalableminds/webknossos-dev:${{ env.NORMALIZED_BRANCH }}
            fi

      - name: Logout from Docker Hub
        run: docker logout

      # ... remaining steps ...

This update simplifies the retry logic by utilizing the nick-invision/retry@v2 action and the docker/login-action@v2 for authentication with Docker Hub.

Let me know if you have any questions or need further assistance!

(^‿^)/

[coderabbitai]

🛠️ Refactor suggestion

Consider implementing Slack notifications using GitHub Actions

Instead of using the CircleCI script, consider using a GitHub Actions marketplace action for Slack notifications:

- name: Notify Slack
  if: github.ref == 'refs/heads/main'
  uses: 8398a7/action-slack@v3
  with:
    status: ${{ job.status }}
    fields: repo,message,commit,author,action,eventName,ref,workflow,job,took
  env:
    SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

[coderabbitai]

⚠️ Potential issue

Fix shell script quoting issues

The branch normalization script has potential issues with word splitting. Apply proper quoting:

  if [[ ${{ github.ref_type }} == "branch" ]]; then
-   NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g')
+   NORMALIZED_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[\/-]/_/g')
-   echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV
+   echo "NORMALIZED_BRANCH=${NORMALIZED_BRANCH}" >> "${GITHUB_ENV}"
-   DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
+   DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
-   echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
+   echo "DOCKER_TAG=${DOCKER_TAG}" >> "${GITHUB_ENV}"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: "Custom environment variables"
	run: |
	if [[ ${{ github.ref_type }} == "branch" ]]; then
	NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g')
	echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV
	DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
	echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
	else
	echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV
	echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV
	fi
	- name: "Custom environment variables"
	run: |
	if [[ ${{ github.ref_type }} == "branch" ]]; then
	NORMALIZED_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[\/-]/_/g')
	echo "NORMALIZED_BRANCH=${NORMALIZED_BRANCH}" >> "${GITHUB_ENV}"
	DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
	echo "DOCKER_TAG=${DOCKER_TAG}" >> "${GITHUB_ENV}"
	else
	echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV
	echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV
	fi

🧰 Tools

🪛 actionlint

57-57: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

57-57: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

57-57: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

57-57: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

Actionable comments posted: 6

🧹 Outside diff range and nitpick comments (4)

.github/actions/health_check_action.yml (1)

16-16: Add newline at end of file.

Following YAML best practices, ensure there's a newline character at the end of the file.

🧰 Tools

🪛 yamllint

[error] 16-16: no new line character at the end of file

(new-line-at-end-of-file)

project/BuildInfoSettings.scala (1)

16-17: Consider documenting CI environment variables.

Since these environment variables are crucial for versioning and build information, consider adding documentation about their expected values and usage.

Add a comment block above the variable declarations:

+  // CI environment variables used for versioning:
+  // CI_BUILD_NUM: Build number from CI system (e.g., GitHub Actions run number)
+  // CI_TAG: Git tag from CI system, if building a tagged commit
  val ciBuild: String =
    if (System.getenv().containsKey("CI_BUILD_NUM")) System.getenv().get("CI_BUILD_NUM") else ""
  val ciTag: String = if (System.getenv().containsKey("CI_TAG")) System.getenv().get("CI_TAG") else ""

.github/workflows/build_test_deploy.yml (1)

28-30: Fix YAML indentation

The indentation is inconsistent with the rest of the file.

    - uses: actions/setup-node@v4
      with:
-          node-version: 18
+        node-version: 18

🧰 Tools

🪛 yamllint

[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)

docker-compose.yml (1)

Line range hint 249-257: Fix syntax error in dev service command.

There's an extra quote at the end of the -Ddatastore.redis.address=redis line which will cause the command to fail.

Apply this fix:

     command:
       - bash
       - -c
       - >
         sbt
         -v -d -jvm-debug 5005
         "run
           -Djava.net.preferIPv4Stack=true
           -Dtracingstore.fossildb.address=fossildb
           -Dtracingstore.redis.address=redis"
-          -Ddatastore.redis.address=redis"
+          -Ddatastore.redis.address=redis

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 4a9811e and 53e35c4.

📒 Files selected for processing (4)

• .github/actions/health_check_action.yml (1 hunks)
• .github/workflows/build_test_deploy.yml (1 hunks)
• docker-compose.yml (1 hunks)
• project/BuildInfoSettings.scala (1 hunks)

🧰 Additional context used

🪛 yamllint

.github/actions/health_check_action.yml

[error] 16-16: no new line character at the end of file

(new-line-at-end-of-file)

.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)

---

[warning] 46-46: too many blank lines

(4 > 2) (empty-lines)

---

[error] 153-153: trailing spaces

(trailing-spaces)

---

[error] 155-155: trailing spaces

(trailing-spaces)

---

[error] 159-159: trailing spaces

(trailing-spaces)

---

[error] 164-164: trailing spaces

(trailing-spaces)

🪛 actionlint

.github/workflows/build_test_deploy.yml

56-56: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

71-71: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

116-116: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

136-136: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

136-136: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🔇 Additional comments (2)

.github/actions/health_check_action.yml (1)

1-6: LGTM! Clear and well-structured action metadata.

The action name, description, and input parameters are well-defined and follow GitHub Actions best practices.

project/BuildInfoSettings.scala (1)

16-17: LGTM! Verify environment variables in GitHub Actions workflow.

The change from CircleCI-specific environment variables to generic CI variables is a good practice for portability.

Let's verify that these environment variables are properly set in the GitHub Actions workflow:

[coderabbitai]

⚠️ Potential issue

Enhance security and reliability of the health check implementation.

Consider the following improvements:

1. Add timeout to prevent hanging requests
2. Validate the URL input
3. Remove verbose flag to prevent potential sensitive information exposure
4. Make retry count and delay configurable

Apply this diff to implement the suggested improvements:

+inputs:
+  url:
+    description: 'Health check URL'
+    required: true
+  max_attempts:
+    description: 'Maximum number of retry attempts'
+    required: false
+    default: '20'
+  retry_delay:
+    description: 'Delay between retries in seconds'
+    required: false
+    default: '5'
 runs:
   using: 'composite'
   steps:
     - shell: bash
       run: |
-        for i in {1..20}; do
-          curl --fail -v "${{ inputs.url }}" && exit 0
-          sleep 5
+        # Validate URL format
+        if ! [[ "${{ inputs.url }}" =~ ^https?:// ]]; then
+          echo "Error: Invalid URL format. Must start with http:// or https://"
+          exit 1
+        fi
+        
+        for i in $(seq 1 ${{ inputs.max_attempts }}); do
+          echo "Attempt $i of ${{ inputs.max_attempts }}"
+          # Add timeout and remove verbose flag
+          if curl --fail --max-time 30 "${{ inputs.url }}"; then
+            echo "Health check succeeded"
+            exit 0
+          fi
+          echo "Attempt failed, retrying in ${{ inputs.retry_delay }} seconds..."
+          sleep ${{ inputs.retry_delay }}
         done
+        echo "Health check failed after ${{ inputs.max_attempts }} attempts"
         exit 1

Committable suggestion was skipped due to low confidence.

🧰 Tools

🪛 yamllint

[error] 16-16: no new line character at the end of file

(new-line-at-end-of-file)

[coderabbitai]

⚠️ Potential issue

Remove duplicate type checking

The frontend type checking is already performed in the static_frontend_code_checks job (line 38-39).

Consider removing this duplicate step to improve pipeline performance.

[coderabbitai]

⚠️ Potential issue

Don't silently ignore coverage failures

The coverage command ignores failures with || true, which could hide important coverage regressions.

Consider:

1. Setting a minimum coverage threshold
2. Making the job fail if coverage drops below the threshold
3. Using a coverage reporting action to track trends

-        run: .github/not-on-master.sh docker compose run base yarn coverage || true
+        run: |
+          .github/not-on-master.sh docker compose run base yarn coverage
+        continue-on-error: true

Committable suggestion was skipped due to low confidence.

[coderabbitai]

⚠️ Potential issue

Security: Avoid running containers as root user

Running containers as root user (USER_NAME: root) is a security anti-pattern. Consider:

1. Using a non-root user for better security
2. Following the principle of least privilege

-  USER_NAME: root
+  USER_NAME: webknossos

Committable suggestion was skipped due to low confidence.

[coderabbitai]

🛠️ Refactor suggestion

Replace sleep with proper postgres readiness check

Using sleep is not reliable for ensuring postgres is ready. Consider using a proper health check.

-          sleep 3
+          until docker compose exec -T postgres pg_isready; do
+            echo "Waiting for postgres..."
+            sleep 1
+          done

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Assert schema.sql and evolutions are equal
	run: |
	docker compose up -d postgres
	sleep 3
	docker compose run compile tools/postgres/dbtool.js check-evolutions-schema
	- name: Assert schema.sql and evolutions are equal
	run: |
	docker compose up -d postgres
	until docker compose exec -T postgres pg_isready; do
	echo "Waiting for postgres..."
	sleep 1
	done
	docker compose run compile tools/postgres/dbtool.js check-evolutions-schema

[coderabbitai]

💡 Codebase verification

⚠️ Potential issue

Environment variables need adjustment for GitHub Actions

Based on the usage in project/BuildInfoSettings.scala, these variables are used to populate build information. The current mappings need to be corrected:

1. CI_TAG=${GITHUB_REF} - This will include the full ref path, making ciTag contain unwanted prefixes like "refs/tags/" or "refs/heads/"
2. CI_BUILD_NUM=${GITHUB_JOB} - This will store the job name instead of a build number in ciBuild, which differs from the previous behavior

Suggested fix:

-      - CI_TAG=${GITHUB_REF}
-      - CI_BUILD_NUM=${GITHUB_JOB}
+      - CI_TAG=${GITHUB_REF_NAME}
+      - CI_BUILD_NUM=${GITHUB_RUN_NUMBER}

• GITHUB_REF_NAME provides just the branch/tag name without the "refs/*/" prefix
• GITHUB_RUN_NUMBER provides a sequential number for the workflow runs, similar to the previous CI build number

🔗 Analysis chain

Review environment variable mappings for GitHub Actions.

The current mappings might not provide equivalent values:

1. GITHUB_REF includes the full reference path (e.g., 'refs/heads/main', 'refs/tags/v1.0.0') unlike CIRCLE_TAG which only contained the tag name.
2. GITHUB_JOB provides the job name, not a sequential build number like CIRCLE_BUILD_NUM.

Consider these alternatives:

-      - CI_TAG=${GITHUB_REF}
-      - CI_BUILD_NUM=${GITHUB_JOB}
+      - CI_TAG=${GITHUB_REF#refs/tags/}
+      - CI_BUILD_NUM=${GITHUB_RUN_NUMBER}

Let's verify the usage of these variables:

---

Let me gather more context about how these variables might be used in the application code.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for CI_TAG and CI_BUILD_NUM usage in the codebase
rg "CI_(TAG|BUILD_NUM)" --type-add 'config:*.{yml,yaml,json,conf,properties}' -t config

Length of output: 191

---

Script:

#!/bin/bash
# Search for CI_TAG and CI_BUILD_NUM usage in all files
rg "CI_(TAG|BUILD_NUM)" -A 3 -B 3

# Also check for any shell scripts that might use these variables
fd ".sh$" --exec grep -l "CI_TAG\|CI_BUILD_NUM" {} \;

Length of output: 1350

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (3)

.github/workflows/build_test_deploy.yml (3)

23-23: Fix YAML indentation issues

There are inconsistent indentation levels in the workflow file:

• Line 23: Should be 6 spaces instead of 4
• Line 30: Should be 8 spaces instead of 10

    steps:
-    - name: Checkout code
+      - name: Checkout code
       uses: actions/checkout@v3
       with:
         fetch-depth: 5

     - uses: actions/setup-node@v4
       with:
-          node-version: 18
+        node-version: 18

Also applies to: 30-30

🧰 Tools

🪛 yamllint

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

44-46: Remove excessive blank lines

There are too many consecutive blank lines (4 > 2) between the jobs.

    - name: Check for cyclic dependencies in frontend
      run: yarn check-cyclic-dependencies

-

-

  build_test_deploy:

🧰 Tools

🪛 yamllint

[warning] 46-46: too many blank lines

(4 > 2) (empty-lines)

---

153-165: Fix trailing spaces in YAML

Remove trailing spaces from the following lines:

• Line 153: with:
• Line 155: Empty line with spaces
• Line 159: with:
• Line 164: with:

      - name: Run webknossos smoke test
        uses: ./.github/actions/health_check_action
-        with: 
+        with:
          url: http://localhost:9000/api/health

      - name: Run webknossos-datastore smoke test
        uses: ./.github/actions/health_check_action
-        with: 
+        with:
          url: http://localhost:9090/data/health

      - name: Run webknossos-tracingstore smoke test
        uses: ./.github/actions/health_check_action
-        with: 
+        with:
          url: http://localhost:9050/tracings/health

🧰 Tools

🪛 yamllint

[error] 153-153: trailing spaces

(trailing-spaces)

---

[error] 155-155: trailing spaces

(trailing-spaces)

---

[error] 159-159: trailing spaces

(trailing-spaces)

---

[error] 164-164: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 53e35c4 and eb8af0b.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (2)

• .github/workflows/build_test_deploy.yml (1 hunks)
• docker-compose.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• docker-compose.yml

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

56-56: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

71-71: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

116-116: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

136-136: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

136-136: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)

---

[warning] 46-46: too many blank lines

(4 > 2) (empty-lines)

---

[error] 153-153: trailing spaces

(trailing-spaces)

---

[error] 155-155: trailing spaces

(trailing-spaces)

---

[error] 159-159: trailing spaces

(trailing-spaces)

---

[error] 164-164: trailing spaces

(trailing-spaces)

[coderabbitai]

🛠️ Refactor suggestion

Consider parallelizing build steps

The build steps for webknossos, datastore, and tracingstore are running sequentially. Consider using GitHub Actions' job parallelization to speed up the pipeline:

1. Split the builds into separate jobs
2. Use job outputs to share build artifacts
3. Use job dependencies to maintain the correct order

Example structure:

jobs:
  build-webknossos:
    # ... build webknossos
    outputs:
      checksum: ${{ steps.checksum.outputs.value }}

  build-datastore:
    needs: build-webknossos
    # ... build datastore

  build-tracingstore:
    needs: build-webknossos
    # ... build tracingstore

  tests:
    needs: [build-webknossos, build-datastore, build-tracingstore]
    # ... run tests

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (1)

.github/workflows/build_test_deploy.yml (1)

13-15: Remove or document commented environment variables

The commented user-related environment variables (USER_NAME, USER_UID, USER_GID) should either be removed if they're no longer needed or documented if they serve a specific purpose.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between eb8af0b and 1d77e3c.

📒 Files selected for processing (1)

• .github/workflows/build_test_deploy.yml (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

56-56: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

71-71: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

116-116: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

136-136: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

136-136: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)

---

[warning] 46-46: too many blank lines

(4 > 2) (empty-lines)

---

[error] 153-153: trailing spaces

(trailing-spaces)

---

[error] 155-155: trailing spaces

(trailing-spaces)

---

[error] 159-159: trailing spaces

(trailing-spaces)

---

[error] 164-164: trailing spaces

(trailing-spaces)

🔇 Additional comments (1)

.github/workflows/build_test_deploy.yml (1)

20-42: LGTM: Frontend checks are well-structured

The frontend checks job is well-organized with appropriate steps for dependency installation, linting, type checking, and cyclic dependency validation.

🧰 Tools

🪛 yamllint

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)

[coderabbitai]

🛠️ Refactor suggestion

Consider using GitHub Actions' built-in retry functionality

Instead of implementing a custom retry function, consider using GitHub Actions' built-in retry functionality with the nick-invision/retry@v2 action:

- uses: nick-invision/retry@v2
  with:
    timeout_minutes: 10
    max_attempts: 5
    command: docker login -u "${DOCKER_USER}" -p "${DOCKER_PASS}"

This approach provides better logging and integration with GitHub Actions.

[coderabbitai]

⚠️ Potential issue

Fix shell script quoting in Docker operations

The Docker operations contain several shell script issues that should be addressed:

1. Use proper quoting for variables to prevent word splitting
2. Use "${variable}" syntax consistently

Apply this diff to fix the issues:

  function retry() {
    for i in {1..5}; do
      "$@" && s=0 && break || s=$?
      sleep 10
    done
    return $s
  }
- retry docker login -u $DOCKER_USER -p $DOCKER_PASS
+ retry docker login -u "${DOCKER_USER}" -p "${DOCKER_PASS}"
  retry docker compose push webknossos
  retry docker compose push webknossos-datastore
  retry docker compose push webknossos-tracingstore
  if [[ ${{ github.ref_type }} == "branch" ]]; then
-   docker tag scalableminds/webknossos:${DOCKER_TAG} scalableminds/webknossos:${NORMALIZED_BRANCH}
+   docker tag "scalableminds/webknossos:${DOCKER_TAG}" "scalableminds/webknossos:${NORMALIZED_BRANCH}"
-   retry docker push scalableminds/webknossos:${NORMALIZED_BRANCH}
+   retry docker push "scalableminds/webknossos:${NORMALIZED_BRANCH}"
    # ... similar fixes for other docker commands ...
  fi

Committable suggestion was skipped due to low confidence.

🧰 Tools

🪛 actionlint

171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

Actionable comments posted: 4

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 1d77e3c and 7acf3a9.

📒 Files selected for processing (2)

• .github/workflows/build_test_deploy.yml (1 hunks)
• Dockerfile (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

54-54: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

54-54: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

54-54: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

54-54: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

131-131: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

151-151: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

151-151: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

[error] 70-70: trailing spaces

(trailing-spaces)

---

[error] 80-80: trailing spaces

(trailing-spaces)

---

[error] 165-165: trailing spaces

(trailing-spaces)

---

[error] 167-167: trailing spaces

(trailing-spaces)

---

[error] 171-171: trailing spaces

(trailing-spaces)

---

[error] 176-176: trailing spaces

(trailing-spaces)

🔇 Additional comments (2)

Dockerfile (1)

11-11: Please clarify the Docker-dev image reference in the comment.

The comment mentions "Docker-dev image" but this dependency isn't clearly documented. This could make it difficult for other developers to understand the build prerequisites.

Let's check for any Docker-dev image references:

✅ Verification successful

Let me check the docker-compose files to understand if there's a dev image defined:

---

Let me check the Dockerfile.dev since I found a reference to webknossos-dev image in docker-compose.yml:

---

Based on the docker-compose.yml and Dockerfile.dev analysis, I can now generate the final response:

The Docker-dev image reference is accurate and well-integrated

The comment refers to the webknossos-dev image which is properly defined in docker-compose.yml under the base service. This dev image is built from Dockerfile.dev and is used for development and compilation tasks. The compiled Scala output from this dev environment is indeed used in the production Dockerfile, making the comment accurate and helpful.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for Docker-dev image references in the repository
rg -i "docker-dev.*image"

# Check docker-compose files for related services
fd -e yml -e yaml | xargs rg -l "docker"

Length of output: 329

---

Script:

#!/bin/bash
# Check contents of docker-compose files for dev image definitions
echo "=== Main docker-compose.yml ==="
cat docker-compose.yml

echo -e "\n=== tools/hosting/docker-compose.yml ==="
cat tools/hosting/docker-compose.yml

echo -e "\n=== webknossos-tracingstore/deployment/docker-compose.yml ==="
cat webknossos-tracingstore/deployment/docker-compose.yml

echo -e "\n=== webknossos-datastore/deployment/docker-compose.yml ==="
cat webknossos-datastore/deployment/docker-compose.yml

Length of output: 14631

---

Script:

#!/bin/bash
# Check Dockerfile.dev contents
cat Dockerfile.dev

Length of output: 1079

.github/workflows/build_test_deploy.yml (1)

4-6: Consider including additional protected branches in push triggers

The push trigger is currently limited to the master branch. Consider including other protected branches (e.g., main, develop, release/*) to ensure the pipeline runs on all important branches.

[coderabbitai]

🛠️ Refactor suggestion

Consider validating the copied Scala artifacts.

While the COPY command is correct, consider adding validation to ensure the required Scala artifacts are present and complete.

Consider adding a validation step:

 # Copy compiled Scala output from a previous build step, e.g. output of the Docker-dev image
 COPY target/universal/stage .
+RUN test -f bin/webknossos && \
+    test -d lib || \
+    (echo "Error: Required Scala artifacts are missing" && exit 1)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	COPY target/universal/stage .
	# Copy compiled Scala output from a previous build step, e.g. output of the Docker-dev image
	COPY target/universal/stage .
	RUN test -f bin/webknossos && \
	test -d lib || \
	(echo "Error: Required Scala artifacts are missing" && exit 1)

[coderabbitai]

🛠️ Refactor suggestion

Add error handling to documentation build

The documentation build step should fail the workflow if there are any errors.

      - name: Build frontend documentation
        run: |
+         set -eo pipefail
          WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
-         yarn run docs --project-version $WK_VERSION
+         yarn run docs --project-version "${WK_VERSION}"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Build frontend documentation
	run: |
	WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
	yarn run docs --project-version $WK_VERSION
	- name: Build frontend documentation
	run: |
	set -eo pipefail
	WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
	yarn run docs --project-version "${WK_VERSION}"

[coderabbitai]

🛠️ Refactor suggestion

Optimize apt-get commands

The apt-get installation can be optimized to reduce the image size and improve build time.

-      - name: Install dependencies
-        run: apt-get update \
-          && apt-get install -y \
-          findutils \
-          libdraco-dev \
-          libblosc1
+      - name: Install dependencies
+        run: |
+          apt-get update && apt-get install -y --no-install-recommends \
+            findutils \
+            libdraco-dev \
+            libblosc1 \
+          && rm -rf /var/lib/apt/lists/*

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Install dependencies
	run: apt-get update \
	&& apt-get install -y \
	findutils \
	libdraco-dev \
	libblosc1
	- name: Install dependencies
	run: |
	apt-get update && apt-get install -y --no-install-recommends \
	findutils \
	libdraco-dev \
	libblosc1 \
	&& rm -rf /var/lib/apt/lists/*

[coderabbitai]

🛠️ Refactor suggestion

Add yarn cache to improve CI performance

Consider using GitHub's cache action for yarn dependencies to speed up the CI pipeline.

    - uses: actions/setup-node@v4
      with:
        node-version: 18
+       cache: 'yarn'
+
+   - name: Get yarn cache directory path
+     id: yarn-cache-dir-path
+     run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
+
+   - uses: actions/cache@v3
+     id: yarn-cache
+     with:
+       path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
+       key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+       restore-keys: |
+         ${{ runner.os }}-yarn-

    - name: Install frontend dependencies
      run: corepack enable && yarn install --immutable

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Install frontend dependencies
	run: corepack enable && yarn install --immutable
	- uses: actions/setup-node@v4
	with:
	node-version: 18
	cache: 'yarn'
	- name: Get yarn cache directory path
	id: yarn-cache-dir-path
	run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
	- uses: actions/cache@v3
	id: yarn-cache
	with:
	path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
	key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
	restore-keys: |
	${{ runner.os }}-yarn-
	- name: Install frontend dependencies
	run: corepack enable && yarn install --immutable

[coderabbitai]

Actionable comments posted: 5

🧹 Outside diff range and nitpick comments (1)

.github/workflows/build_test_deploy.yml (1)

12-17: Add timezone environment variable

Consider adding TZ: UTC (or your preferred timezone) to ensure consistent timestamps across the pipeline execution.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 7acf3a9 and da87a2a.

📒 Files selected for processing (1)

• .github/workflows/build_test_deploy.yml (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

73-73: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

73-73: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

73-73: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

73-73: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

141-141: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

158-158: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

158-158: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 52-52: wrong indentation: expected 6 but found 8

(indentation)

---

[error] 89-89: trailing spaces

(trailing-spaces)

---

[error] 99-99: trailing spaces

(trailing-spaces)

---

[error] 172-172: trailing spaces

(trailing-spaces)

---

[error] 174-174: trailing spaces

(trailing-spaces)

---

[error] 177-177: trailing spaces

(trailing-spaces)

---

[error] 182-182: trailing spaces

(trailing-spaces)

[coderabbitai]

⚠️ Potential issue

Align Ubuntu versions across jobs

The static_frontend_code_checks job uses ubuntu-24.04 while build_test_deploy uses ubuntu-20.04. This inconsistency could lead to environment differences. Consider using the same Ubuntu version for both jobs.

Also applies to: 46-46

[coderabbitai]

⚠️ Potential issue

Use secrets for database credentials

Database credentials are currently hardcoded in the workflow file. Consider using GitHub secrets:

-            POSTGRES_DB: webknossos
-            POSTGRES_USER: webknossos_user
-            POSTGRES_PASSWORD: secret_password
+            POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
+            POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
+            POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	POSTGRES_DB: webknossos
	POSTGRES_USER: webknossos_user
	POSTGRES_PASSWORD: secret_password
	POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
	POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
	POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}

[coderabbitai]

🛠️ Refactor suggestion

Improve documentation version handling

The current version fallback chain could be more explicit:

-          WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
+          WK_VERSION=$(
+            if [ -n "${{ github.event.release.tag_name }}" ]; then
+              echo "${{ github.event.release.tag_name }}"
+            elif [ "${{ github.ref }}" = "refs/heads/master" ]; then
+              echo "${{ github.run_number }}"
+            else
+              echo "dev"
+            fi
+          )

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Build frontend documentation
	run: |
	WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
	yarn run docs --project-version $WK_VERSION
	- name: Build frontend documentation
	run: |
	WK_VERSION=$(
	if [ -n "${{ github.event.release.tag_name }}" ]; then
	echo "${{ github.event.release.tag_name }}"
	elif [ "${{ github.ref }}" = "refs/heads/master" ]; then
	echo "${{ github.run_number }}"
	else
	echo "dev"
	fi
	)
	yarn run docs --project-version $WK_VERSION

[coderabbitai]

🛠️ Refactor suggestion

Optimize Docker builds with layer caching

Consider using BuildKit's cache features to speed up builds:

-        run: docker compose build --pull webknossos-datastore
+        run: |
+          DOCKER_BUILDKIT=1 docker compose build \
+            --pull \
+            --build-arg BUILDKIT_INLINE_CACHE=1 \
+            webknossos-datastore

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Build webknossos docker image
	run: |
	docker pull scalableminds/webknossos:$NORMALIZED_BRANCH || true
	DEV_CACHE=$NORMALIZED_BRANCH docker compose build --pull webknossos
	- name: Build webknossos-datastore docker image
	run: docker compose build --pull webknossos-datastore
	- name: Build webknossos-tracingstore docker image
	run: docker compose build --pull webknossos-tracingstore
	- name: Build webknossos docker image
	run: |
	docker pull scalableminds/webknossos:$NORMALIZED_BRANCH || true
	DEV_CACHE=$NORMALIZED_BRANCH docker compose build --pull webknossos
	- name: Build webknossos-datastore docker image
	run: |
	DOCKER_BUILDKIT=1 docker compose build \
	--pull \
	--build-arg BUILDKIT_INLINE_CACHE=1 \
	webknossos-datastore
	- name: Build webknossos-tracingstore docker image
	run: docker compose build --pull webknossos-tracingstore

🧰 Tools

🪛 actionlint

141-141: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

💡 Codebase verification

These database validation steps should be uncommented and fixed

The commented-out steps are critical database schema validation checks that:

1. Ensure evolution numbers are unique (assert-unique-evolution-numbers)
2. Verify schema.sql matches the evolutions (check-evolutions-schema)

These checks are important as evidenced by:

• The dbtool.js script contains active implementations of these commands
• The script is actively used in other parts of the codebase for database validation
• No alternative validation steps exist in the workflow file

🔗 Analysis chain

Clean up commented code blocks

Several steps are commented out but seem important for database schema validation. Either:

1. Remove these comments if they're no longer needed
2. Uncomment and fix them if they're still required

---

Let me check how these database tools are actually used to determine if the commented steps are still needed.

---

Let me check if these database validation steps are replaced by other mechanisms in the workflow.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if these database tools are used elsewhere
rg -l "dbtool.js"

Length of output: 217

---

Script:

#!/bin/bash
# Check the content of files that use dbtool.js
rg "dbtool\.js" -C 3

# Also check if there are any other similar database schema validation tasks
rg "schema" .github/workflows/ -C 3

Length of output: 6445

---

Script:

#!/bin/bash
# Check the entire workflow file for other database validation steps
cat .github/workflows/build_test_deploy.yml

# Also check if dbtool.js exists and what commands it supports
cat tools/postgres/dbtool.js 2>/dev/null || echo "File not found"

Length of output: 21423

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between da87a2a and d12c110.

📒 Files selected for processing (1)

• .github/workflows/build_test_deploy.yml (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

84-84: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

84-84: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

84-84: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

84-84: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

152-152: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

169-169: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

169-169: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 29-29: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 59-59: wrong indentation: expected 6 but found 8

(indentation)

---

[error] 100-100: trailing spaces

(trailing-spaces)

---

[error] 183-183: trailing spaces

(trailing-spaces)

---

[error] 185-185: trailing spaces

(trailing-spaces)

---

[error] 188-188: trailing spaces

(trailing-spaces)

---

[error] 193-193: trailing spaces

(trailing-spaces)

🔇 Additional comments (1)

.github/workflows/build_test_deploy.yml (1)

4-9: Consider expanding push trigger branches

The current configuration only triggers on master push events. Consider including other important branches (e.g., development, staging) if they exist in your branching strategy.

[coderabbitai]

⚠️ Potential issue

Restrict PostgreSQL port exposure

The PostgreSQL port is exposed on all interfaces. For better security, restrict it to localhost:

    ports:
-     - 5432:5432
+     - 127.0.0.1:5432:5432

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	ports:
	- 5432:5432
	ports:
	- 127.0.0.1:5432:5432

[coderabbitai]

🛠️ Refactor suggestion

Optimize SBT build configuration

The SBT build could be optimized:

1. Use .sbtopts file for common options
2. Enable parallel execution
3. Configure memory settings

    - name: Build webknossos (sbt)
      run: |
+       echo "-J-Xmx4G" > .sbtopts
+       echo "-J-Xms2G" >> .sbtopts
+       echo "-Dsbt.parallel=true" >> .sbtopts
        if [ "${{ github.ref }}" == "refs/heads/master" ]; then
-         sbt -no-colors clean compile stage
+         sbt clean compile stage
        else
-         sbt -no-colors -DfailOnWarning compile stage
+         sbt -DfailOnWarning compile stage
        fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Build webknossos (sbt)
	run: |
	if [ "${{ github.ref }}" == "refs/heads/master" ]; then
	sbt -no-colors clean compile stage
	else
	sbt -no-colors -DfailOnWarning compile stage
	fi
	- name: Build webknossos (sbt)
	run: |
	echo "-J-Xmx4G" > .sbtopts
	echo "-J-Xms2G" >> .sbtopts
	echo "-Dsbt.parallel=true" >> .sbtopts
	if [ "${{ github.ref }}" == "refs/heads/master" ]; then
	sbt clean compile stage
	else
	sbt -DfailOnWarning compile stage
	fi

[coderabbitai]

⚠️ Potential issue

Add error handling to frontend checks

The frontend check commands should fail fast if any check fails. Add set -e to ensure the job fails immediately on any error:

    - name: Lint frontend code and check formatting
      run: |
+       set -e
        yarn run check-frontend

    - name: Typecheck frontend code
      run: |
+       set -e
        yarn typecheck

    - name: Check for cyclic dependencies in frontend
      run: |
+       set -e
        yarn check-cyclic-dependencies

Committable suggestion was skipped due to low confidence.