Dev 336/amplify webhook builds #2906
Conversation
|
|
Warning Rate limit exceeded@codechirag123 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 20 minutes and 55 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (3)
WalkthroughThis pull request introduces three new GitHub Actions workflow files (deploy-backoffice.yml, deploy-dashboard.yml, and deploy-kyb.yml) to automate build and deployment processes for different applications. Each workflow is designed to trigger builds on pushes to the "dev" branch for specific application paths, support manual triggering, and send Slack notifications upon successful build completion. The workflows share a consistent structure with three primary jobs: a Changes
Possibly related PRs
Suggested reviewers
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (3)
.github/workflows/deploy-kyb.yml (1)
49-51: Remove unnecessary permissionsThe
packages: writepermission is not used in this job and should be removed.permissions: contents: read - packages: write.github/workflows/deploy-backoffice.yml (2)
40-42: Enhance webhook payload with environment informationThe webhook payload is empty but could include useful context about the build.
- name: Trigger Build webhook run: | - curl -X POST -d {} "${{ secrets.BACKOFFICE_WEBHOOK_URL }}" -H "Content-Type:application/json" + curl -X POST \ + -d "{\"environment\":\"${{ github.event_name == 'push' && github.ref_name || inputs.environment }}\",\"trigger\":\"${{ github.event_name }}\"}" \ + "${{ secrets.BACKOFFICE_WEBHOOK_URL }}" \ + -H "Content-Type:application/json"
58-59: Improve Slack message formattingConsider using Slack's block kit for better message formatting and visibility.
with: channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}' - slack-message: "Back-office Build initialized in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}." + payload: | + { + "blocks": [ + { + "type": "header", + "text": { + "type": "plain_text", + "text": "🏗️ Back-office Build Started" + } + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Environment:*\n${{ github.event_name == 'push' && github.ref_name || inputs.environment }}" + }, + { + "type": "mrkdwn", + "text": "*Triggered by:*\n${{ github.event_name }}" + } + ] + } + ] + }
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
.github/workflows/deploy-backoffice.yml(1 hunks).github/workflows/deploy-dashboard.yml(1 hunks).github/workflows/deploy-kyb.yml(1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.4)
.github/workflows/deploy-dashboard.yml
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/deploy-kyb.yml
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/deploy-backoffice.yml
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
| name: Under Testing - Build and Deploy Dashboard Application | ||
|
|
||
| on: | ||
| push: | ||
| paths: | ||
| # Run this pipeline only if there are changes in specified path | ||
| - 'apps/workflows-dashboard/**' | ||
| branches: | ||
| - "dev" | ||
| workflow_dispatch: | ||
| inputs: | ||
| environment: | ||
| type: choice | ||
| description: 'Choose Environment' | ||
| required: true | ||
| default: 'dev' | ||
| options: | ||
| - 'dev' | ||
| - 'sb' | ||
| - 'prod' | ||
| workflow_call: | ||
| inputs: | ||
| environment: | ||
| type: string | ||
| description: 'Environment' | ||
| required: true | ||
| default: 'dev' | ||
|
|
||
| jobs: | ||
| build: | ||
| name: Build Dashboard App | ||
| runs-on: ubuntu-latest | ||
| environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }} | ||
| steps: | ||
| # Checkout the repository | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| # Trigger a webhook | ||
| - name: Trigger Build webhook | ||
| run: | | ||
| curl -X POST -d {} "${{ secrets.DASHBOARD_WEBHOOK_URL }}" -H "Content-Type:application/json" | ||
|
|
||
| send-to-slack: | ||
| runs-on: ubuntu-latest | ||
| needs: [build] | ||
| if: ${{ needs.build.result == 'success' }} | ||
| environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }} | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
|
|
||
| steps: | ||
| - name: Send alert to Slack channel | ||
| id: slack | ||
| uses: slackapi/[email protected] | ||
| with: | ||
| channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}' | ||
| slack-message: "Dashboard Build initialized in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}." | ||
| env: | ||
| SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }} |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Consider implementing reusable workflow pattern
All three workflows share identical structure and logic, differing only in application-specific values. Consider refactoring into a reusable workflow.
Create a new file .github/workflows/deploy-app.yml:
name: Deploy Application
on:
workflow_call:
inputs:
app_name:
type: string
required: true
app_path:
type: string
required: true
environment:
type: string
required: false
default: 'dev'
secrets:
webhook_url:
required: true
slack_channel_id:
required: true
slack_bot_token:
required: true
jobs:
build:
name: Build ${{ inputs.app_name }}
runs-on: ubuntu-latest
environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}
steps:
- uses: actions/checkout@v4
- name: Trigger Build webhook
run: |
response=$(curl -s -w "\n%{http_code}" -X POST \
-d "{\"app\":\"${{ inputs.app_name }}\",\"environment\":\"${{ github.event_name == 'push' && github.ref_name || inputs.environment }}\",\"trigger\":\"${{ github.event_name }}\"}" \
"${{ secrets.webhook_url }}" \
-H "Content-Type:application/json")
status_code=$(echo "$response" | tail -n 1)
if [ "$status_code" -lt 200 ] || [ "$status_code" -ge 300 ]; then
echo "Error: Webhook request failed with status $status_code"
echo "Response: $(echo "$response" | head -n -1)"
exit 1
fi
send-to-slack:
runs-on: ubuntu-latest
needs: [build]
if: ${{ needs.build.result == 'success' }}
environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}
permissions:
contents: read
steps:
- uses: slackapi/[email protected]
with:
channel-id: ${{ secrets.slack_channel_id }}
payload: |
{
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "🏗️ ${{ inputs.app_name }} Build Started"
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Environment:*\n${{ github.event_name == 'push' && github.ref_name || inputs.environment }}"
},
{
"type": "mrkdwn",
"text": "*Triggered by:*\n${{ github.event_name }}"
}
]
}
]
}
env:
SLACK_BOT_TOKEN: ${{ secrets.slack_bot_token }}Then simplify each app-specific workflow to:
name: Under Testing - Build and Deploy Dashboard Application
on:
push:
paths:
- 'apps/workflows-dashboard/**'
branches:
- "dev"
workflow_dispatch:
inputs:
environment:
type: choice
description: 'Choose Environment'
required: true
default: 'dev'
options: ['dev', 'sb', 'prod']
jobs:
deploy:
uses: ./.github/workflows/deploy-app.yml
with:
app_name: 'Dashboard'
app_path: 'apps/workflows-dashboard'
environment: ${{ inputs.environment }}
secrets:
webhook_url: ${{ secrets.DASHBOARD_WEBHOOK_URL }}
slack_channel_id: ${{ secrets.ARGO_SLACK_CHANNEL_ID }}
slack_bot_token: ${{ secrets.ARGO_SLACK_BOT_TOKEN }}🧰 Tools
🪛 actionlint (1.7.4)
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
There was a problem hiding this comment.
Actionable comments posted: 3
♻️ Duplicate comments (5)
.github/workflows/deploy-kyb.yml (4)
22-27:⚠️ Potential issueFix workflow_call input configuration
The
environmentinput is marked as both required and has a default value, which is contradictory. The default value will never be used if the input is required.Apply this diff to fix the configuration:
workflow_call: inputs: environment: type: string description: 'Environment' - required: true - default: 'dev' + required: false + default: 'dev'🧰 Tools
🪛 actionlint (1.7.4)
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
36-37:⚠️ Potential issueUpdate actions/checkout to the latest version
The current version (@V3) is outdated. Update to the latest stable version for security fixes and improvements.
- uses: actions/checkout@v3 + uses: actions/checkout@v4🧰 Tools
🪛 actionlint (1.7.4)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
40-42:⚠️ Potential issueAdd error handling to webhook trigger
The current webhook implementation lacks error handling and validation. Consider adding proper error handling and response validation.
- name: Trigger Build webhook run: | - curl -X POST -d {} "${{ secrets.KYB_WEBHOOK_URL }}" -H "Content-Type:application/json" + response=$(curl -s -w "\n%{http_code}" -X POST -d {} "${{ secrets.KYB_WEBHOOK_URL }}" -H "Content-Type:application/json") + status_code=$(echo "$response" | tail -n 1) + if [ "$status_code" -lt 200 ] || [ "$status_code" -ge 300 ]; then + echo "Error: Webhook request failed with status $status_code" + echo "Response: $(echo "$response" | head -n -1)" + exit 1 + fi
1-79: 🛠️ Refactor suggestionConsider implementing reusable workflow pattern
All three workflows share identical structure and logic, differing only in application-specific values. Consider refactoring into a reusable workflow.
Create a new file
.github/workflows/deploy-app.ymlwith a reusable workflow pattern that accepts application-specific inputs and secrets. Then simplify each app-specific workflow to use the reusable workflow. This will:
- Reduce code duplication
- Centralize maintenance
- Ensure consistent behavior across applications
🧰 Tools
🪛 actionlint (1.7.4)
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/deploy-backoffice.yml (1)
1-79: 🛠️ Refactor suggestionImplement reusable workflow pattern
This workflow shares identical structure with deploy-dashboard.yml. Consider refactoring into a reusable workflow to reduce duplication and improve maintainability.
See the previous review comment for detailed implementation of the reusable workflow pattern.
🧰 Tools
🪛 actionlint (1.7.4)
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🪛 yamllint (1.35.1)
[warning] 9-9: wrong indentation: expected 6 but found 4
(indentation)
[error] 79-79: no new line character at the end of file
(new-line-at-end-of-file)
🧹 Nitpick comments (2)
.github/workflows/deploy-backoffice.yml (2)
49-51: Remove unnecessary permissionsThe
packages:writepermission is not required for sending Slack notifications.permissions: contents: read - packages: write
54-61: Enhance Slack notifications with rich formattingThe current Slack messages are basic text. Consider using Slack's block kit for better formatting and more context.
- name: Send alert to Slack channel id: slack uses: slackapi/[email protected] with: channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}' - slack-message: "Back-office Build initialized in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}." + payload: | + { + "blocks": [ + { + "type": "header", + "text": { + "type": "plain_text", + "text": "🏗️ Back-office Build Started" + } + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Environment:*\n${{ github.event_name == 'push' && github.ref_name || inputs.environment }}" + }, + { + "type": "mrkdwn", + "text": "*Triggered by:*\n${{ github.event_name }}" + } + ] + } + ] + } env: SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }}
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
.github/workflows/deploy-backoffice.yml(1 hunks).github/workflows/deploy-dashboard.yml(1 hunks).github/workflows/deploy-kyb.yml(1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.4)
.github/workflows/deploy-kyb.yml
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/deploy-dashboard.yml
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/deploy-backoffice.yml
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🪛 yamllint (1.35.1)
.github/workflows/deploy-dashboard.yml
[warning] 9-9: wrong indentation: expected 6 but found 4
(indentation)
[error] 79-79: no new line character at the end of file
(new-line-at-end-of-file)
.github/workflows/deploy-backoffice.yml
[warning] 9-9: wrong indentation: expected 6 but found 4
(indentation)
[error] 79-79: no new line character at the end of file
(new-line-at-end-of-file)
🔇 Additional comments (1)
.github/workflows/deploy-dashboard.yml (1)
1-79: Address identical issues as in deploy-backoffice.yml
This workflow has the same issues as identified in deploy-backoffice.yml:
- Workflow_call input configuration
- Outdated checkout action
- Basic webhook implementation
- Unnecessary permissions
- Basic Slack notifications
- Need for reusable workflow pattern
Please apply the same fixes as suggested for deploy-backoffice.yml.
🧰 Tools
🪛 actionlint (1.7.4)
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🪛 yamllint (1.35.1)
[warning] 9-9: wrong indentation: expected 6 but found 4
(indentation)
[error] 79-79: no new line character at the end of file
(new-line-at-end-of-file)
| - name: Checkout code | ||
| uses: actions/checkout@v3 |
There was a problem hiding this comment.
Update actions/checkout to latest version
The checkout action version v3 is outdated. Update to the latest version for security and performance improvements.
- uses: actions/checkout@v3
+ uses: actions/checkout@v4📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Checkout code | |
| uses: actions/checkout@v4 |
🧰 Tools
🪛 actionlint (1.7.4)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
| workflow_call: | ||
| inputs: | ||
| environment: | ||
| type: string | ||
| description: 'Environment' | ||
| required: true | ||
| default: 'dev' |
There was a problem hiding this comment.
Fix workflow_call input configuration
The environment input in the workflow_call event is marked as both required and has a default value. This is redundant as the default value will never be used when the input is required.
Apply this fix:
workflow_call:
inputs:
environment:
type: string
description: 'Environment'
- required: true
- default: 'dev'
+ required: false
+ default: 'dev'📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| workflow_call: | |
| inputs: | |
| environment: | |
| type: string | |
| description: 'Environment' | |
| required: true | |
| default: 'dev' | |
| workflow_call: | |
| inputs: | |
| environment: | |
| type: string | |
| description: 'Environment' | |
| required: false | |
| default: 'dev' |
🧰 Tools
🪛 actionlint (1.7.4)
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
| - name: Trigger Build webhook | ||
| run: | | ||
| curl -X POST -d {} "${{ secrets.BACKOFFICE_WEBHOOK_URL }}" -H "Content-Type:application/json" |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Enhance webhook call with proper error handling and payload
The current webhook implementation has several issues:
- No error handling for failed requests
- Empty payload doesn't provide context about the build
- No verification of webhook response
- name: Trigger Build webhook
run: |
- curl -X POST -d {} "${{ secrets.BACKOFFICE_WEBHOOK_URL }}" -H "Content-Type:application/json"
+ response=$(curl -s -w "\n%{http_code}" -X POST \
+ -d "{\"app\":\"backoffice\",\"environment\":\"${{ github.event_name == 'push' && github.ref_name || inputs.environment }}\",\"trigger\":\"${{ github.event_name }}\"}" \
+ "${{ secrets.BACKOFFICE_WEBHOOK_URL }}" \
+ -H "Content-Type:application/json")
+ status_code=$(echo "$response" | tail -n 1)
+ if [ "$status_code" -lt 200 ] || [ "$status_code" -ge 300 ]; then
+ echo "Error: Webhook request failed with status $status_code"
+ echo "Response: $(echo "$response" | head -n -1)"
+ exit 1
+ fi📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Trigger Build webhook | |
| run: | | |
| curl -X POST -d {} "${{ secrets.BACKOFFICE_WEBHOOK_URL }}" -H "Content-Type:application/json" | |
| - name: Trigger Build webhook | |
| run: | | |
| response=$(curl -s -w "\n%{http_code}" -X POST \ | |
| -d "{\"app\":\"backoffice\",\"environment\":\"${{ github.event_name == 'push' && github.ref_name || inputs.environment }}\",\"trigger\":\"${{ github.event_name }}\"}" \ | |
| "${{ secrets.BACKOFFICE_WEBHOOK_URL }}" \ | |
| -H "Content-Type:application/json") | |
| status_code=$(echo "$response" | tail -n 1) | |
| if [ "$status_code" -lt 200 ] || [ "$status_code" -ge 300 ]; then | |
| echo "Error: Webhook request failed with status $status_code" | |
| echo "Response: $(echo "$response" | head -n -1)" | |
| exit 1 | |
| fi |
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (3)
.github/workflows/deploy-kyb.yml (3)
21-27:⚠️ Potential issueFix contradictory workflow_call input configuration
The
environmentinput is marked as both required and has a default value, which is contradictory as the default value will never be used.Apply this fix:
workflow_call: inputs: environment: type: string description: 'Environment' - required: true - default: 'dev' + required: false + default: 'dev'🧰 Tools
🪛 actionlint (1.7.4)
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
36-37:⚠️ Potential issueUpdate actions/checkout to the latest version
The current version (@V3) is outdated. Update to the latest stable version for security fixes and improvements.
- uses: actions/checkout@v3 + uses: actions/checkout@v4🧰 Tools
🪛 actionlint (1.7.4)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
1-86: 🛠️ Refactor suggestionConsider implementing reusable workflow pattern
All three workflows share identical structure and logic, differing only in application-specific values. Consider refactoring into a reusable workflow to improve maintainability and reduce duplication.
Create a new file
.github/workflows/deploy-app.ymlthat accepts app-specific parameters. Then simplify each app-specific workflow to call this reusable workflow. Would you like me to provide the implementation details for this refactoring?🧰 Tools
🪛 actionlint (1.7.4)
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🧹 Nitpick comments (2)
.github/workflows/deploy-kyb.yml (1)
41-49: Enhance webhook payload with build contextWhile error handling is implemented correctly, the webhook payload is empty and doesn't provide context about the build.
- name: Trigger Build webhook run: | response=$(curl -s -w "\n%{http_code}" -X POST \ - -d {} \ + -d "{\"app\":\"kyb\",\"environment\":\"${{ github.event_name == 'push' && github.ref_name || inputs.environment }}\",\"trigger\":\"${{ github.event_name }}\"}" \ "${{ secrets.KYB_WEBHOOK_URL }}" \ -H "Content-Type:application/json").github/workflows/deploy-backoffice.yml (1)
66-66: Maintain consistent naming convention in Slack messagesThe application name is inconsistently formatted in Slack messages:
- Line 66: "Back-office"
- Line 84: "Backoffice"
Standardize the naming across all messages.
- slack-message: "Back-office Build initialized in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}." + slack-message: "Backoffice Build initialized in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}."Also applies to: 84-84
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
.github/workflows/deploy-backoffice.yml(1 hunks).github/workflows/deploy-dashboard.yml(1 hunks).github/workflows/deploy-kyb.yml(1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.4)
.github/workflows/deploy-backoffice.yml
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/deploy-kyb.yml
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/deploy-dashboard.yml
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🪛 yamllint (1.35.1)
.github/workflows/deploy-backoffice.yml
[warning] 9-9: wrong indentation: expected 6 but found 4
(indentation)
[error] 86-86: no new line character at the end of file
(new-line-at-end-of-file)
.github/workflows/deploy-dashboard.yml
[warning] 9-9: wrong indentation: expected 6 but found 4
(indentation)
[error] 86-86: no new line character at the end of file
(new-line-at-end-of-file)
🔇 Additional comments (1)
.github/workflows/deploy-dashboard.yml (1)
1-86: Review completed
The issues found in this file are identical to those in deploy-kyb.yml. Please apply the same fixes suggested in the previous review comments.
🧰 Tools
🪛 actionlint (1.7.4)
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
37-37: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🪛 yamllint (1.35.1)
[warning] 9-9: wrong indentation: expected 6 but found 4
(indentation)
[error] 86-86: no new line character at the end of file
(new-line-at-end-of-file)
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
.github/workflows/deploy-kyb.yml (1)
22-27:⚠️ Potential issueFix contradictory workflow_call input configuration
The
environmentinput is marked as both required and has a default value, which is contradictory as the default value will never be used.workflow_call: inputs: environment: type: string description: 'Environment' - required: true - default: 'dev' + required: false + default: 'dev'🧰 Tools
🪛 actionlint (1.7.4)
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
🧹 Nitpick comments (8)
.github/workflows/deploy-kyb.yml (2)
52-54: Optimize job permissionsThe jobs only need Slack notifications functionality but have additional permissions:
contents: read- Not needed for Slack notificationspackages: write- Not needed for Slack notificationsConsider removing unnecessary permissions to follow the principle of least privilege.
permissions: - contents: read - packages: writeAlso applies to: 71-73
61-62: Enhance Slack notifications with more contextThe current Slack messages could be more informative by including:
- The PR/commit that triggered the build
- Link to the GitHub Actions run
- Build duration (for success message)
- slack-message: "KYB Build initialized in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}." + slack-message: | + KYB Build initialized in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }} + Trigger: ${{ github.event_name == 'push' && format('Commit {0}', github.sha) || 'Manual trigger' }} + Run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}Also applies to: 79-80
.github/workflows/deploy-backoffice.yml (4)
1-1: Clarify the testing status in the workflow nameThe workflow name includes "Under Testing" which might cause confusion. Consider either:
- Removing "Under Testing" if the workflow is ready for production
- Adding a comment explaining what aspects are being tested
-name: Under Testing - Build and Deploy Backoffice Application +name: Build and Deploy Backoffice Application
5-7: Consider making the path filter more specificThe current path filter includes all files under
apps/backoffice-v2/**. Consider making it more specific to only trigger on relevant file changes (e.g., excluding test files or documentation).paths: # Run this pipeline only if there are changes in specified path - - 'apps/backoffice-v2/**' + - 'apps/backoffice-v2/src/**' + - 'apps/backoffice-v2/package.json' + - 'apps/backoffice-v2/package-lock.json'
33-33: Refactor repeated environment determination logicThe environment determination logic
${{ github.event_name == 'push' && github.ref_name || inputs.environment }}is repeated across multiple jobs. Consider using a job output or environment variable to maintain DRY principles.jobs: + set-environment: + runs-on: ubuntu-latest + outputs: + env_name: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }} + steps: + - run: echo "Setting environment" build: name: Build Backoffice App + needs: [set-environment] runs-on: ubuntu-latest - environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }} + environment: ${{ needs.set-environment.outputs.env_name }}Also applies to: 51-51, 70-70
47-82: Optimize Slack notification jobsConsider the following improvements:
- Consolidate duplicate Slack notification logic into a reusable workflow
- Add timeout configuration to prevent long-running jobs
- Add concurrency configuration to prevent multiple builds for the same environment
+ concurrency: + group: ${{ github.workflow }}-${{ github.event_name == 'push' && github.ref_name || inputs.environment }} + cancel-in-progress: true jobs: build: + timeout-minutes: 10 + notify-slack: + runs-on: ubuntu-latest + needs: [build] + if: always() + environment: ${{ github.event_name == 'push' && github.ref_name || inputs.environment }} + permissions: + contents: read + packages: write + steps: + - name: Send alert to Slack channel + id: slack + uses: slackapi/[email protected] + with: + channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}' + slack-message: "Back-office Build ${{ needs.build.result == 'success' && 'initialized' || 'failed' }} in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}." + env: + SLACK_BOT_TOKEN: ${{ secrets.ARGO_SLACK_BOT_TOKEN }} - send-to-slack: - # Remove duplicate job - on-failure: - # Remove duplicate job🧰 Tools
🪛 yamllint (1.35.1)
[error] 82-82: no new line character at the end of file
(new-line-at-end-of-file)
.github/workflows/deploy-dashboard.yml (2)
52-55: Remove unnecessary permissionsBoth Slack notification jobs include
packages: writepermission which is not required for sending Slack messages.Remove the unnecessary permission:
permissions: contents: read - packages: writeAlso applies to: 71-74
47-82: Enhance Slack notifications with rich formattingThe current Slack messages are basic text. Consider using block kit formatting to provide richer, more informative notifications.
Replace both Slack notification steps with this enhanced version:
- name: Send alert to Slack channel id: slack uses: slackapi/[email protected] with: channel-id: '${{ secrets.ARGO_SLACK_CHANNEL_ID }}' - slack-message: "Dashboard Build initialized in ${{ github.event_name == 'push' && github.ref_name || inputs.environment }}." + payload: | + { + "blocks": [ + { + "type": "header", + "text": { + "type": "plain_text", + "text": "🏗️ Dashboard Build ${{ job.status == 'success' && 'Started' || 'Failed' }}" + } + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Environment:*\n${{ github.event_name == 'push' && github.ref_name || inputs.environment }}" + }, + { + "type": "mrkdwn", + "text": "*Triggered by:*\n${{ github.event_name }}" + } + ] + } + ] + }Also, consider consolidating both Slack notification jobs into a single reusable job to reduce code duplication.
🧰 Tools
🪛 yamllint (1.35.1)
[error] 82-82: no new line character at the end of file
(new-line-at-end-of-file)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
.github/workflows/deploy-backoffice.yml(1 hunks).github/workflows/deploy-dashboard.yml(1 hunks).github/workflows/deploy-kyb.yml(1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.4)
.github/workflows/deploy-kyb.yml
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
.github/workflows/deploy-backoffice.yml
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
.github/workflows/deploy-dashboard.yml
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
🪛 yamllint (1.35.1)
.github/workflows/deploy-backoffice.yml
[warning] 9-9: wrong indentation: expected 6 but found 4
(indentation)
[error] 82-82: no new line character at the end of file
(new-line-at-end-of-file)
.github/workflows/deploy-dashboard.yml
[warning] 9-9: wrong indentation: expected 6 but found 4
(indentation)
[error] 82-82: no new line character at the end of file
(new-line-at-end-of-file)
🔇 Additional comments (6)
.github/workflows/deploy-kyb.yml (2)
1-1: Clarify the testing status in the workflow name
The workflow name includes "Under Testing" - is this intended for production use? Consider removing this prefix once testing is complete.
34-45: 🛠️ Refactor suggestion
Add repository checkout step
The build job is missing the checkout step which might be needed for accessing repository contents.
steps:
+ - name: Checkout
+ uses: actions/checkout@v4
# Trigger a webhook
- name: Trigger Build webhookLikely invalid or redundant comment.
.github/workflows/deploy-backoffice.yml (2)
21-27: Fix workflow_call input configuration
The environment input in the workflow_call event is marked as both required and has a default value. This is redundant as the default value will never be used when the input is required.
workflow_call:
inputs:
environment:
type: string
description: 'Environment'
- required: true
- default: 'dev'
+ required: false
+ default: 'dev'🧰 Tools
🪛 actionlint (1.7.4)
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
36-45: Enhance webhook implementation
The current webhook implementation can be improved in several ways:
- Add proper request headers for authentication
- Include meaningful payload with build context
- Add retry mechanism for transient failures
- name: Trigger Build webhook
run: |
+ MAX_RETRIES=3
+ retry_count=0
+ while [ $retry_count -lt $MAX_RETRIES ]; do
response=$(curl -s -w "\n%{http_code}" -X POST \
- -d {} \
+ -d "{\"app\":\"backoffice\",\"environment\":\"${{ github.event_name == 'push' && github.ref_name || inputs.environment }}\",\"trigger\":\"${{ github.event_name }}\",\"sha\":\"${{ github.sha }}\"}" \
"${{ secrets.BACKOFFICE_WEBHOOK_URL }}" \
- -H "Content-Type:application/json"
+ -H "Content-Type:application/json" \
+ -H "X-GitHub-Event: ${{ github.event_name }}" \
+ -H "X-Hub-Signature: ${{ github.sha }}"
status_code=$(echo "$response" | tail -n 1)
if [ "$status_code" -lt 200 ] || [ "$status_code" -ge 300 ]; then
+ retry_count=$((retry_count + 1))
+ if [ $retry_count -lt $MAX_RETRIES ]; then
+ echo "Attempt $retry_count failed. Retrying in 5 seconds..."
+ sleep 5
+ continue
+ fi
echo "Error: Webhook request failed with status $status_code"
echo "Response: $(echo "$response" | head -n -1)"
exit 1
fi
+ break
+ done.github/workflows/deploy-dashboard.yml (2)
1-82: Consider implementing reusable workflow pattern
As suggested in a previous review, all three workflows (dashboard, backoffice, and kyb) share identical structure and logic. Consider refactoring into a reusable workflow to improve maintainability.
The previous review provided a detailed implementation suggestion for creating a reusable workflow pattern. Please refer to that comment for the implementation details.
🧰 Tools
🪛 actionlint (1.7.4)
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
🪛 yamllint (1.35.1)
[warning] 9-9: wrong indentation: expected 6 but found 4
(indentation)
[error] 82-82: no new line character at the end of file
(new-line-at-end-of-file)
36-45: 🛠️ Refactor suggestion
Enhance webhook payload with build context
The webhook request is sent with an empty payload (-d {}), which misses important context about the build. Consider including relevant information such as:
- Environment
- Trigger source (push/manual)
- Repository information
- Branch/commit details
Apply this diff to enhance the webhook payload:
- name: Trigger Build webhook
run: |
- response=$(curl -s -w "\n%{http_code}" -X POST -d {} "${{ secrets.DASHBOARD_WEBHOOK_URL }}" -H "Content-Type:application/json")
+ response=$(curl -s -w "\n%{http_code}" -X POST \
+ -d "{\"app\":\"dashboard\",\"environment\":\"${{ github.event_name == 'push' && github.ref_name || inputs.environment }}\",\"trigger\":\"${{ github.event_name }}\",\"repo\":\"${{ github.repository }}\",\"ref\":\"${{ github.ref }}\"}" \
+ "${{ secrets.DASHBOARD_WEBHOOK_URL }}" \
+ -H "Content-Type:application/json")
status_code=$(echo "$response" | tail -n 1)
if [ "$status_code" -lt 200 ] || [ "$status_code" -ge 300 ]; then
echo "Error: Webhook request failed with status $status_code"Likely invalid or redundant comment.
| on: | ||
| push: | ||
| paths: | ||
| # Run this pipeline only if there are changes in specified path | ||
| - 'apps/workflows-dashboard/**' | ||
| branches: | ||
| - "dev" | ||
| workflow_dispatch: | ||
| inputs: | ||
| environment: | ||
| type: choice | ||
| description: 'Choose Environment' | ||
| required: true | ||
| default: 'dev' | ||
| options: | ||
| - 'dev' | ||
| - 'sb' | ||
| - 'prod' | ||
| workflow_call: | ||
| inputs: | ||
| environment: | ||
| type: string | ||
| description: 'Environment' | ||
| required: true | ||
| default: 'dev' | ||
|
|
There was a problem hiding this comment.
Fix workflow trigger configuration issues
There are several issues in the workflow trigger configuration:
- The
environmentinput inworkflow_callis marked as both required and has a default value, which is redundant. - Environment configuration is inconsistent between
workflow_dispatchandworkflow_call. - Branch indentation is incorrect.
Apply this diff to fix the issues:
on:
push:
paths:
# Run this pipeline only if there are changes in specified path
- 'apps/workflows-dashboard/**'
branches:
- - "dev"
+ - "dev"
workflow_dispatch:
inputs:
environment:
type: choice
description: 'Choose Environment'
required: true
default: 'dev'
options:
- 'dev'
- 'sb'
- 'prod'
workflow_call:
inputs:
environment:
type: string
description: 'Environment'
- required: true
- default: 'dev'
+ required: false
+ default: 'dev'
+ enum: ['dev', 'sb', 'prod']📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| on: | |
| push: | |
| paths: | |
| # Run this pipeline only if there are changes in specified path | |
| - 'apps/workflows-dashboard/**' | |
| branches: | |
| - "dev" | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| type: choice | |
| description: 'Choose Environment' | |
| required: true | |
| default: 'dev' | |
| options: | |
| - 'dev' | |
| - 'sb' | |
| - 'prod' | |
| workflow_call: | |
| inputs: | |
| environment: | |
| type: string | |
| description: 'Environment' | |
| required: true | |
| default: 'dev' | |
| on: | |
| push: | |
| paths: | |
| # Run this pipeline only if there are changes in specified path | |
| - 'apps/workflows-dashboard/**' | |
| branches: | |
| - "dev" | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| type: choice | |
| description: 'Choose Environment' | |
| required: true | |
| default: 'dev' | |
| options: | |
| - 'dev' | |
| - 'sb' | |
| - 'prod' | |
| workflow_call: | |
| inputs: | |
| environment: | |
| type: string | |
| description: 'Environment' | |
| required: false | |
| default: 'dev' | |
| enum: ['dev', 'sb', 'prod'] |
🧰 Tools
🪛 actionlint (1.7.4)
27-27: input "environment" of workflow_call event has the default value "dev", but it is also required. if an input is marked as required, its default value will never be used
(events)
🪛 yamllint (1.35.1)
[warning] 9-9: wrong indentation: expected 6 but found 4
(indentation)
New Actions for Amplify Applications to build manually
Summary by CodeRabbit
New Features
Chores