chore(ci): adopt reusable workflow templates#573
Merged
Conversation
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
CodeAnt AI is reviewing your PR. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
codeant-ai
Bot
added
the
size:XS
|
CodeAnt AI finished reviewing your PR. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed: Missing codex-rs cargo-deny target
- Restored cargo-deny to run against codex-rs/Cargo.toml via manifest-path so the production Rust workspace and deny.toml are enforced instead of the minimal root package.
Or push these changes by commenting:
@cursor push df0972a0c9
Preview (df0972a0c9)
diff --git a/.github/workflows/cargo-deny.yml b/.github/workflows/cargo-deny.yml
--- a/.github/workflows/cargo-deny.yml
+++ b/.github/workflows/cargo-deny.yml
@@ -6,4 +6,18 @@
- main
jobs:
cargo-deny:
- uses: KooshaPari/phenotype-tooling/.github/workflows/reusable/cargo-deny.yml@main
+ runs-on: ubuntu-24.04
+ steps:
+ - name: Checkout
+ uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.2.2
+
+ - name: Install Rust toolchain
+ uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
+ with:
+ toolchain: stable
+
+ - name: Run cargo-deny
+ uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb # v6
+ with:
+ rust-version: stable
+ manifest-path: codex-rs/Cargo.tomlYou can send follow-ups to the cloud agent here.
Reviewed by Cursor Bugbot for commit a0e2291. Configure here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Use shared reusable trufflehog/cargo-deny workflows from phenotype-tooling.
Note
Low Risk
CI-only refactor with no application code changes; behavior now depends on external reusable workflows pinned to
@main.Overview
cargo-deny and Trufflehog workflows no longer run their steps inline. Each job now delegates to shared reusable workflows in
KooshaPari/phenotype-toolingonmain, matching the pattern already used for SBOM refresh.For cargo-deny, the local checkout, Rust toolchain, and
EmbarkStudios/cargo-deny-actionsteps (including./codex-rsdefaults) are removed, and theworkflow_dispatchtrigger is dropped so only PR and push-to-mainruns remain.For Trufflehog, the checkout, setup, and
trufflehog github --only-verifiedrun are replaced by the reusable workflow; trigger coverage stays PR plus push tomain.Reviewed by Cursor Bugbot for commit a0e2291. Bugbot is set up for automated code reviews on this repo. Configure here.
CodeAnt-AI Description
Move secret and dependency scans to shared CI workflows
What Changed
mainmainImpact
✅ Consistent security checks across repositories✅ Fewer CI maintenance updates✅ Less chance of missed secret and dependency scan runs💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.