Skip to content
This repository was archived by the owner on Jul 10, 2026. It is now read-only.

fix(todos): consume v9.0.7 retry-helper repair#379

Merged
devantler merged 1 commit into
mainfrom
claude/todos-actions-v907-reusable
Jul 10, 2026
Merged

fix(todos): consume v9.0.7 retry-helper repair#379
devantler merged 1 commit into
mainfrom
claude/todos-actions-v907-reusable

Conversation

@devantler

Copy link
Copy Markdown
Contributor

🤖 Generated by the Daily AI Assistant

Why

The supported scan-for-todo-comments reusable workflow still pins create-issues-from-todos to actions v9.0.4. That release predates the retry-helper fixes completed in actions#523, so this shared wrapper can still hit the same missing-helper failure already repaired across direct consumers.

What

  • Pin create-issues-from-todos to the actions v9.0.7 release SHA.
  • Keep every input, permission, and workflow trigger unchanged.

Validation

  • Red/green exact-pin assertion against the workflow file
  • Ruby standard-library YAML parse
  • yamllint .github/workflows/scan-for-todo-comments.yaml
  • zizmor --config zizmor.yml .github/workflows/scan-for-todo-comments.yaml
  • actionlint .github/workflows/scan-for-todo-comments.yaml
  • git diff --check

Notes

This is additive and backward-compatible. It completes the supported shared-wrapper propagation after actions#523 and v9.0.7; all direct portfolio consumers are already green on the same release SHA.

@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0e23739c-dffa-4dff-999b-1b2e76d6f120

📥 Commits

Reviewing files that changed from the base of the PR and between 99a3a60 and ef5160a.

📒 Files selected for processing (1)
  • .github/workflows/scan-for-todo-comments.yaml
📜 Recent review details
🧰 Additional context used
📓 Path-based instructions (1)
.github/workflows/*.yaml

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/*.yaml: All reusable workflows must use the workflow_call trigger.
Pin all external actions to commit SHAs and never use floating tags such as @v4 (uses: owner/repo@<sha> # <version-comment>).
Include step-security/harden-runner as the first step of every job, with egress-policy: audit.
Set top-level permissions: {} in reusable workflows and grant permissions only at the job level.
Use persist-credentials: false on actions/checkout unless the job needs to push commits.
Reusable workflows used as organization-level repository rulesets must also include pull_request and merge_group triggers alongside workflow_call.

Files:

  • .github/workflows/scan-for-todo-comments.yaml
🔇 Additional comments (1)
.github/workflows/scan-for-todo-comments.yaml (1)

36-36: LGTM!


📝 Walkthrough

Walkthrough

The TODO scanning workflow updates its create-issues-from-todos GitHub Action reference from an older pinned commit to a newer pinned commit. No workflow inputs or surrounding wiring were changed.

Possibly related issues

  • devantler-tech/actions#426: Addresses the issue’s objective of updating the SHA pin for the TODO-scanning action.

Possibly related PRs

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the pin update to v9.0.7 for the retry-helper fix.
Description check ✅ Passed The description accurately describes the workflow pin update and unchanged inputs, permissions, and triggers.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@devantler

Copy link
Copy Markdown
Contributor Author

@coderabbitai review

🤖 Generated by the Daily AI Assistant

CI is fully green at head ef5160a. Please review the v9.0.7 pin update and refresh the pre-merge checks against the current PR description.

@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown
🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail
gh pr view 379 --repo devantler-tech/reusable-workflows --json title,body,headRefOid,files,mergeable,statusCheckRollup -q '.'
echo "---diff---"
gh pr diff 379 --repo devantler-tech/reusable-workflows

Length of output: 19513


🏁 Script executed:

#!/bin/bash
set -euo pipefail
echo "--- Verify tag matches SHA ---"
gh api repos/devantler-tech/actions/git/refs/tags/v9.0.7 --jq '.object.sha' || true
echo "--- Check commit SHA in repo (resolve annotated tag if needed) ---"
gh api repos/devantler-tech/actions/git/tags/$(gh api repos/devantler-tech/actions/git/refs/tags/v9.0.7 --jq '.object.sha') --jq '.object.sha' 2>/dev/null || true
echo "--- Compare with pinned SHA in PR ---"
echo "84813ae61fb21741e0a6193b5c14c6941a448577"

Length of output: 946


@devantler, review complete.

I verified the change in .github/workflows/scan-for-todo-comments.yaml:

  • The create-issues-from-todos action pin was updated from fec61388ed0c4ec4d6d93e3f1a8b8d17e7d40a72 # v9.0.4 to 84813ae61fb21741e0a6193b5c14c6941a448577 # v9.0.7.
  • I confirmed independently via the GitHub API that 84813ae61fb21741e0a6193b5c14c6941a448577 is exactly the commit devantler-tech/actions tag v9.0.7 points to, so the SHA comment matches the pin correctly.
  • The diff is minimal (1 line changed) — all inputs (client-id, app-private-key), permissions, and workflow triggers are untouched, matching the "What" section of the PR description.
  • CI is green at head ef5160a, including the required checks, CodeQL, zizmor, and dependency-review.

This looks correct and complete. Nice work.

;)

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@devantler devantler marked this pull request as ready for review July 10, 2026 09:48
@devantler devantler merged commit 50c1aba into main Jul 10, 2026
53 checks passed
@github-project-automation github-project-automation Bot moved this from 🫴 Ready to ✅ Done in 🌊 Project Board Jul 10, 2026
@devantler devantler deleted the claude/todos-actions-v907-reusable branch July 10, 2026 10:03
@botantler-1

botantler-1 Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 5.6.8 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@botantler-1 botantler-1 Bot added the released label Jul 10, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

Status: ✅ Done

Development

Successfully merging this pull request may close these issues.

1 participant