fix(ci): Port deploy_nodes changes #7305
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
📝 WalkthroughWalkthroughThe workflow for deploying via GitHub Actions was updated to change the trigger conditions, now requiring stricter checks on the package input, continuous deployment flag, and PR labels. Additionally, the authentication token for the repository dispatch action was switched from the default GitHub token to a custom runner token. Changes
Sequence Diagram(s)sequenceDiagram
participant Developer
participant GitHub Actions
participant Repository
Developer->>GitHub Actions: Push/PR with package='hoprd', CD enabled, label='deploy_nodes'
GitHub Actions->>GitHub Actions: Evaluate new trigger conditions
alt All conditions met
GitHub Actions->>Repository: repository_dispatch (using GH_RUNNER_TOKEN)
end
Possibly related PRs
Suggested labels
Suggested reviewers
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
There was a problem hiding this comment.
Pull Request Overview
Ports the deploy_nodes trigger logic from the upstream repository into our CI workflow and updates the token used for repository dispatch.
- Simplifies the
ifcondition to use thepr-labelsstep output instead ofenv.GITHUB_PR_LABEL_DEPLOY_NODESorinputs.production - Swaps
GITHUB_TOKENforGH_RUNNER_TOKENwhen callingpeter-evans/repository-dispatch
Comments suppressed due to low confidence (3)
.github/workflows/build-docker.yaml:148
- Ensure that the step with ID
pr-labelsis defined earlier in this workflow and actually outputs alabelsarray; otherwise this condition will always evaluate to false.
if: inputs.package == 'hoprd' && vars.CONTINUOUS_DEPLOYMENT_ENABLED == 'true' && contains(steps.pr-labels.outputs.labels, 'deploy_nodes')
.github/workflows/build-docker.yaml:151
- Add a comment or update the repo documentation to note that
GH_RUNNER_TOKENmust be set in GitHub Secrets with the necessary scopes to dispatch workflows.
token: ${{ secrets.GH_RUNNER_TOKEN }}
.github/workflows/build-docker.yaml:147
- [nitpick] Double-check the removal of the
inputs.productioncheck; if you still need to trigger deploys for production packages without a PR label, consider reintroducing or documenting this change.
- name: Trigger deploy workflow if needed
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/build-docker.yaml(1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings
Learnt from: NumberFour8
PR: hoprnet/hoprnet#6630
File: crypto/packet/src/por.rs:84-84
Timestamp: 2024-11-13T17:56:37.536Z
Learning: In PR #6630, the changes include the removal of ticket validation from the last hop and fixes for Index Offset handling as specified in the PR objectives.
Learnt from: Teebor-Choka
PR: hoprnet/hoprnet#6545
File: transport/p2p/src/swarm.rs:491-494
Timestamp: 2024-10-11T10:43:34.869Z
Learning: When reviewing revert pull requests in the `hoprnet/hoprnet` repository, avoid making code recommendations or suggestions.
Learnt from: mjadach-iv
PR: hoprnet/hoprnet#6663
File: deploy/compose/.env.sample:57-57
Timestamp: 2024-11-21T13:58:22.345Z
Learning: In code reviews for this project, focus comments on the changes made in the PR, and avoid discussing unrelated code.
Learnt from: NumberFour8
PR: hoprnet/hoprnet#6244
File: transport/protocol/src/ack/processor.rs:31-32
Timestamp: 2024-10-09T06:16:18.170Z
Learning: The GitHub issue to standardize the usage of `METRIC_TICKETS_COUNT` across the codebase was successfully created and can be tracked at https://github.com/hoprnet/hoprnet/issues/6245.
Learnt from: NumberFour8
PR: hoprnet/hoprnet#6244
File: transport/protocol/src/ack/processor.rs:31-32
Timestamp: 2024-07-28T07:26:06.634Z
Learning: The GitHub issue to standardize the usage of `METRIC_TICKETS_COUNT` across the codebase was successfully created and can be tracked at https://github.com/hoprnet/hoprnet/issues/6245.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7251
File: .github/workflows/package.yaml:28-28
Timestamp: 2025-06-19T10:07:29.649Z
Learning: In GitHub Actions reusable workflows, the github.event_name context may inherit from the parent workflow rather than being set to 'workflow_call', allowing conditions like 'github.event_name == 'pull_request'' to work correctly when the parent workflow was triggered by a pull_request event.
Learnt from: Teebor-Choka
PR: hoprnet/hoprnet#6886
File: nix/rust-package.nix:84-84
Timestamp: 2025-02-25T00:35:33.437Z
Learning: When transitioning from vendored dependencies to a private proxy registry in Rust projects, GitHub Actions workflows need to be refactored to accommodate the new update strategy, particularly workflows handling dependency updates like renovate-cargo-update.yaml.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7251
File: .github/workflows/package.yaml:28-28
Timestamp: 2025-06-19T10:07:29.649Z
Learning: In GitHub Actions reusable workflows, the github context from the caller workflow is inherited by the called workflow, so github.event_name reflects the original triggering event (e.g., 'pull_request') rather than being set to 'workflow_call'. Conditions like 'github.event_name == 'pull_request'' work correctly in reusable workflows when the parent workflow was triggered by that event type.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7251
File: .github/workflows/package.yaml:28-28
Timestamp: 2025-06-19T10:08:43.091Z
Learning: In GitHub Actions reusable workflows, the github context from the caller workflow is inherited by the called workflow, so github.event_name reflects the original triggering event (e.g., 'pull_request') rather than being set to 'workflow_call'. Conditions like 'github.event_name == 'pull_request'' work correctly in reusable workflows when the parent workflow was triggered by that event type.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7251
File: .github/workflows/package.yaml:28-28
Timestamp: 2025-06-19T10:08:43.091Z
Learning: In GitHub Actions reusable workflows, the github context from the caller workflow is inherited by the called workflow, so github.event_name reflects the original triggering event (e.g., 'pull_request') rather than being set to 'workflow_call'. Conditions like 'github.event_name == 'pull_request'' work correctly in reusable workflows when the parent workflow was triggered by that event type.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7191
File: .github/workflows/add-labels.yaml:49-57
Timestamp: 2025-05-27T16:21:03.705Z
Learning: GitHub CLI (gh) accepts GITHUB_TOKEN as an environment variable for authentication in GitHub Actions workflows, not just GH_TOKEN. The environment variable GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} works correctly with gh commands like "gh pr edit".
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7191
File: .github/workflows/build-dappnode.yaml:40-40
Timestamp: 2025-05-27T16:23:08.868Z
Learning: In the hoprnet repository's GitHub workflows, labels are passed from build.yaml to build-dappnode.yaml with a trailing comma using `format('{0},', join(github.event.pull_request.labels.*.name, ','))`. Therefore, the condition checks in build-dappnode.yaml correctly use `format('package:{0},', inputs.dappnode_repository)` with a trailing comma to match the exact label format and prevent false positives.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7280
File: .github/workflows/checks-pre-commit.yaml:30-36
Timestamp: 2025-07-01T13:09:08.718Z
Learning: In the hoprnet repository's GitHub Actions workflow architecture, ausias-armesto prefers to centralize input resolution and fallback logic in the main checks.yaml workflow, which then calls individual reusable workflows like checks-pre-commit.yaml. The individual workflows are designed to be called primarily through the main workflow rather than directly, so fallback values in the individual workflows may be considered redundant.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7191
File: .github/workflows/open-pr.yaml:83-95
Timestamp: 2025-06-30T08:36:01.731Z
Learning: The self-hosted-hoprnet-small runners in the hoprnet repository have GitHub CLI (gh) pre-installed and available for use in workflows.
Learnt from: tolbrino
PR: hoprnet/hoprnet#6502
File: flake.nix:12-14
Timestamp: 2024-09-30T08:27:16.849Z
Learning: The project already has CI workflows that automatically check for compatibility issues when updating dependencies, including compiling smart contracts with new Solidity versions, running the test suite, checking for compiler warnings or deprecation notices, and reviewing changelogs for breaking changes.
.github/workflows/build-docker.yaml (10)
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7191
File: .github/workflows/build-dappnode.yaml:40-40
Timestamp: 2025-05-27T16:23:08.868Z
Learning: In the hoprnet repository's GitHub workflows, labels are passed from build.yaml to build-dappnode.yaml with a trailing comma using `format('{0},', join(github.event.pull_request.labels.*.name, ','))`. Therefore, the condition checks in build-dappnode.yaml correctly use `format('package:{0},', inputs.dappnode_repository)` with a trailing comma to match the exact label format and prevent false positives.
Learnt from: Teebor-Choka
PR: hoprnet/hoprnet#6886
File: nix/rust-package.nix:84-84
Timestamp: 2025-02-25T00:35:33.437Z
Learning: When transitioning from vendored dependencies to a private proxy registry in Rust projects, GitHub Actions workflows need to be refactored to accommodate the new update strategy, particularly workflows handling dependency updates like renovate-cargo-update.yaml.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7251
File: .github/workflows/package.yaml:28-28
Timestamp: 2025-06-19T10:07:29.649Z
Learning: In GitHub Actions reusable workflows, the github.event_name context may inherit from the parent workflow rather than being set to 'workflow_call', allowing conditions like 'github.event_name == 'pull_request'' to work correctly when the parent workflow was triggered by a pull_request event.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#6681
File: .github/workflows/build-binaries.yaml:61-97
Timestamp: 2024-11-26T17:47:32.384Z
Learning: The code in the 'Set environment variables' step in `.github/workflows/build-binaries.yaml` is obsolete and should not be reviewed in future code reviews.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7280
File: .github/workflows/checks-pre-commit.yaml:30-36
Timestamp: 2025-07-01T13:09:08.718Z
Learning: In the hoprnet repository's GitHub Actions workflow architecture, ausias-armesto prefers to centralize input resolution and fallback logic in the main checks.yaml workflow, which then calls individual reusable workflows like checks-pre-commit.yaml. The individual workflows are designed to be called primarily through the main workflow rather than directly, so fallback values in the individual workflows may be considered redundant.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7251
File: .github/workflows/package.yaml:66-68
Timestamp: 2025-06-19T10:10:00.368Z
Learning: In the HOPR packaging workflow (.github/workflows/package.yaml), the `just package` command creates a single distribution package that includes all binaries (hoprd and hopli) for the target architecture. The workflow downloads both hoprd and hopli artifacts, extracts them to ./dist/bin, and nfpm packages both binaries together into one .deb, .rpm, or .apk file per target.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7191
File: .github/workflows/open-pr.yaml:83-95
Timestamp: 2025-06-30T08:36:01.731Z
Learning: The self-hosted-hoprnet-small runners in the hoprnet repository have GitHub CLI (gh) pre-installed and available for use in workflows.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7251
File: .github/workflows/package.yaml:0-0
Timestamp: 2025-06-19T11:37:27.410Z
Learning: In the HOPR packaging workflow (.github/workflows/package.yaml), both hoprd and hopli binaries are downloaded and used together in a single package creation process. The `just package` command creates one distribution package (.deb, .rpm, or .apk) per target that contains both binaries, which is why the workflow only uploads one package per format rather than separate packages for each binary.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#7191
File: .github/workflows/open-pr.yaml:34-43
Timestamp: 2025-06-30T08:33:20.991Z
Learning: In the hoprnet repository, the maintainer ausias-armesto prefers to add commit types to the semantic PR validation workflow incrementally as needed, rather than preemptively adding all possible types. This conservative approach keeps the workflow configuration lean.
Learnt from: ausias-armesto
PR: hoprnet/hoprnet#6635
File: .github/workflows/build-dappnode.yaml:51-52
Timestamp: 2024-11-14T17:33:28.735Z
Learning: In the `.github/workflows/build-dappnode.yaml` file, explicit error handling for GitHub API calls is not required.
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
- GitHub Check: hoprd / docker
- GitHub Check: hopli / docker
- GitHub Check: Docs / Rust
- GitHub Check: Zizmor / Zizmor
- GitHub Check: Lint / Lint
🔇 Additional comments (1)
.github/workflows/build-docker.yaml (1)
148-148: Label-match may be too permissive
contains(steps.pr-labels.outputs.labels, 'deploy_nodes')omits the surrounding spaces that are used elsewhere (e.g. the' release 'check above).
Without the spaces, the expression will also match superset labels such asmy-deploy_nodes-test, potentially triggering an unintended production deploy.- if: inputs.package == 'hoprd' && vars.CONTINUOUS_DEPLOYMENT_ENABLED == 'true' && contains(steps.pr-labels.outputs.labels, 'deploy_nodes') + if: inputs.package == 'hoprd' && vars.CONTINUOUS_DEPLOYMENT_ENABLED == 'true' && contains(steps.pr-labels.outputs.labels, ' deploy_nodes ')Consider aligning the pattern with the established convention unless you have verified the output format of
pr-labels-actionfor this workflow.
| uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0 | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| token: ${{ secrets.GH_RUNNER_TOKEN }} |
There was a problem hiding this comment.
Ensure GH_RUNNER_TOKEN has repo-scoped repository_dispatch rights
Switching from the default GITHUB_TOKEN to secrets.GH_RUNNER_TOKEN will break the dispatch if the new secret lacks repo → write:repository_dispatch scope or is undefined on all runners. Double-check the secret definition in the repository settings and its permission set before merging.
🤖 Prompt for AI Agents
In .github/workflows/build-docker.yaml at line 151, the secret GH_RUNNER_TOKEN
is used for repository dispatch but may lack the necessary repo-scoped
write:repository_dispatch permission or be undefined. Verify in the repository
settings that GH_RUNNER_TOKEN is properly defined and has the repo scope with
write:repository_dispatch rights to ensure the dispatch action works correctly.
|
Implemented also in #7306 |
auto-merge was automatically disabled
July 14, 2025 14:42
Pull request was closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ported from https://github.com/hoprnet/hoprnet/pull/7255/files#diff-97e1e79b4ecbd5261fd1b1a49312400b613bd1953d84d3485019f8eb0667d2e6
Can be merged since the change will only be picked up after merge.