WIP Convert CircleCI config to Github Actions

[hotzenklotz]

PR converts CircleCI config to Github Actions.

I wanted to see 1) how quick/slow GA is compared to CircleCI and 2) consolidate all CI jobs in GA to have one less service to rely upon. GA also has pretty nice Slack integration.

URL of deployed dev instance (used for testing):

• https://___.webknossos.xyz

Steps to test:

• CI should be enough

Issues:

• fixes #

---

(Please delete unneeded items, merge only when none are left open)

• Updated changelog
• Updated migration guide if applicable
• Updated documentation if applicable
• Adapted wk-libs python client if relevant API parts change
• Removed dev-only changes like prints and application.conf edits
• Considered common edge cases
• Needs datastore update after deployment

Summary by CodeRabbit

Summary by CodeRabbit

• New Features

  • Enhanced CI pipeline with triggers for all branches on push and pull requests.
  • Added a new job for comprehensive build, test, and deployment processes.
  • Implemented a health check action for URL monitoring with retries.

• Improvements

  • Introduced a new script to manage CI/CD behavior on the master branch.
  • Renamed job for better clarity and organization.
  • Implemented robust steps for frontend code checks and Docker operations.
  • Updated Dockerfile to include copying of compiled Scala output.
  • Adjusted environment variable checks to reflect the transition to GitHub Actions.

• Environment Variables

  • Defined multiple environment variables to streamline CI processes.
  • Updated environment variables to reflect the shift from CircleCI to GitHub Actions.

[coderabbitai]

Walkthrough

The changes introduce enhancements to the CI/CD pipeline, including an updated shell script, not-on-master.sh, for conditional execution based on the current branch. The CI pipeline configuration in .github/workflows/build_test_deploy.yml is significantly modified, with new triggers for push and pull_request events, the addition of environment variables, and the creation of a new job for building and testing the application. A new health check workflow is also added to monitor a specified URL. The Dockerfile and other related files have been updated to reflect changes in environment variables and the build process.

Changes

File Path	Change Summary
.github/not-on-master.sh	Updated to include a shebang, error handling options, and logic to skip execution on the master branch.
.github/workflows/build_test_deploy.yml	- Added triggers for push on master and pull_request on all branches.
	- Introduced environment variables: USER_NAME, USER_UID, USER_GID, DOCKER_USER, DOCKER_PASS.
	- Renamed job from foo to static_frontend_code_checks.
	- Added new job build_test_deploy with steps for building and testing the application.
.github/actions/health_check_action.yml	New action added for URL health checking with retries.
docker-compose.yml	Updated environment variables from CircleCI to GitHub Actions (CIRCLE_TAG to CI_TAG, etc.).
project/BuildInfoSettings.scala	Updated environment variable checks from CircleCI to GitHub Actions.
Dockerfile	New command added to copy compiled Scala output into the working directory.

Possibly related PRs

• Always Upload Screenshot Artifacts for Nightly Tests #8171: The changes in this PR involve modifications to GitHub Actions workflows, which relate to the main PR's introduction of a new script for conditional execution based on branch context within CI/CD pipelines.

Suggested labels

testing

Suggested reviewers

• daniel-wer

Poem

In the garden of code where the rabbits play,
A script hops in, to keep troubles at bay.
With branches in mind, it knows when to skip,
While builds and tests flow on a smooth, happy trip.
So let’s cheer for the changes, both big and small,
In our CI wonderland, we’ll conquer them all! 🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between e864dbb and c9f8868.

📒 Files selected for processing (1)

• docker-compose.yml (1 hunks)

🔇 Additional comments (1)

docker-compose.yml (1)

106-107: Environment variables need adjustment for GitHub Actions

The current environment variable mappings will cause issues:

1. CI_TAG=${GITHUB_REF} will include unwanted prefixes like "refs/tags/" or "refs/heads/"
2. CI_BUILD_NUM=${GITHUB_JOB} will store the job name instead of a build number

Let's verify the current behavior:

#!/bin/bash
# Description: Demonstrate the issues with current environment variable mappings

# Show how GITHUB_REF includes unwanted prefixes
echo "Example GITHUB_REF values:"
echo "For branches: refs/heads/main"
echo "For tags: refs/tags/v1.0.0"

# Show how GITHUB_JOB provides job name instead of number
echo -e "\nExample GITHUB_JOB value:"
echo "build-and-test (job name)"

# Show the correct variables to use
echo -e "\nCorrect variables would provide:"
echo "GITHUB_REF_NAME: main (for branches) or v1.0.0 (for tags)"
echo "GITHUB_RUN_NUMBER: 42 (sequential build number)"

# Search for any existing usage of these variables in the codebase
echo -e "\nSearching for current usage in the codebase:"
rg "CI_(TAG|BUILD)" -A 2 -B 2

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 4

🧹 Outside diff range and nitpick comments (2)

.github/workflows/build_test_deploy.yml (2)

4-9: Consider restricting branch patterns

The current trigger configuration runs on all branches ('*'). This might lead to unnecessary workflow runs. Consider:

• Limiting to specific branch patterns (e.g., main, develop, feature/*)
• Using path filters to run only when relevant files change

  push:
    branches:
-      - '*'
+      - main
+      - develop
+      - 'feature/**'
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
  pull_request:
    branches:
-      - '*'
+      - main
+      - develop

---

12-18: Enhance security of Docker credentials

The Docker credentials are exposed as environment variables. While they are using secrets, consider:

1. Limiting the scope of these credentials to only the job that needs them
2. Using GITHUB_TOKEN where possible for container registry authentication

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 6a0dcc0 and 4a9811e.

📒 Files selected for processing (2)

• .github/not-on-master.sh (1 hunks)
• .github/workflows/build_test_deploy.yml (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

57-57: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

57-57: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

57-57: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

57-57: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

72-72: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

117-117: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

137-137: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

137-137: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

153-153: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

153-153: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

161-161: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

161-161: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

169-169: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

169-169: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🔇 Additional comments (4)

.github/not-on-master.sh (3)

1-2: LGTM: Robust shell script configuration.

The script follows shell scripting best practices:

• Uses proper shebang line for portability
• Sets appropriate safety flags:
  • -E: ERR trap inheritance
  • -e: Exit on error
  • -u: Error on unbound variables
  • -o pipefail: Propagate pipe failures

---

7-7: Consider adding command validation.

The exec "$@" executes arbitrary commands passed as arguments without validation.

Consider:

1. Adding command whitelisting
2. Implementing logging for audit purposes
3. Adding error handling for failed commands

---

4-8: ⚠️ Potential issue

Fix branch reference comparison.

The current branch comparison has potential issues:

1. GITHUB_REF typically includes the full ref path (e.g., "refs/heads/master")
2. String comparison should use = instead of == for POSIX compatibility

Apply this fix:

-if [ "${GITHUB_REF}" == "master" ]; then
+if [ "${GITHUB_REF}" = "refs/heads/master" ]; then

Additionally, consider adding input validation:

.github/workflows/build_test_deploy.yml (1)

21-43: LGTM! Well-structured frontend checks

The frontend code checks job is well-organized with:

• Proper Node.js setup
• Comprehensive checks (lint, types, cyclic deps)
• Clear step names

[coderabbitai]

🛠️ Refactor suggestion

Refactor duplicated health check logic

The health check implementation is duplicated across three services. Consider extracting this into a reusable composite action:

1. Create .github/actions/health-check/action.yml:

name: 'Health Check'
description: 'Performs health check with retries'
inputs:
  url:
    description: 'Health check URL'
    required: true
runs:
  using: 'composite'
  steps:
    - shell: bash
      run: |
        for i in {1..20}; do
          curl --fail -v "${{ inputs.url }}" && exit 0
          sleep 5
        done
        exit 1

2. Use it in the workflow:

- uses: ./.github/actions/health-check
  with:
    url: http://localhost:9000/api/health

🧰 Tools

🪛 actionlint

153-153: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

153-153: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

161-161: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

161-161: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

169-169: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

169-169: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

🛠️ Refactor suggestion

Consolidate Docker push retry logic

The Docker push steps have complex retry logic. Consider:

1. Using GitHub's built-in retry functionality
2. Creating a reusable function for Docker operations

- name: Login to Docker Hub
  uses: docker/login-action@v2
  with:
    username: ${{ env.DOCKER_USER }}
    password: ${{ env.DOCKER_PASS }}

- name: Push images
  uses: nick-invision/retry@v2
  with:
    timeout_minutes: 10
    max_attempts: 3
    command: |
      docker compose push webknossos
      docker compose push webknossos-datastore
      docker compose push webknossos-tracingstore
      if [[ ${{ github.ref_type }} == "branch" ]]; then
        # ... tag and push branch images
      fi

🧰 Tools

🪛 actionlint

180-180: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

[hotzenklotz]

That sound great. Please do it!

[coderabbitai]

@hotzenklotz, glad you like the suggestion! Here's the updated workflow with the consolidated Docker push retry logic:

name: CI Pipeline

on:
  push:
    branches:
      - '*'
  pull_request:
    branches:
      - '*'
  workflow_dispatch:

env:
  USER_NAME: circleci
  USER_UID: 1000
  USER_GID: 1000
  TZ: Europe/Berlin
  DOCKER_USER: ${{ secrets.DOCKER_USER }}
  DOCKER_PASS: ${{ secrets.DOCKER_PASS }}

jobs:
  static_frontent_code_checks:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
        with:
          fetch-depth: 5

      - uses: actions/setup-node@v4
        with:
          node-version: 18

      - name: Install frontend dependencies
        run: corepack enable && yarn install --immutable

      - name: Lint frontend code and check formatting
        run: yarn run check-frontend

      - name: Typecheck frontend code
        run: yarn typecheck

      - name: Check for cyclic dependencies in frontend
        run: yarn check-cyclic-dependencies

  build_test_deploy:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
        with:
          fetch-depth: 5

      - name: "Custom environment variables"
        run: |
          if [[ ${{ github.ref_type }} == "branch" ]]; then
            NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g')
            echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV
            DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
            echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
          else
            echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV
            echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV
          fi

      - name: Set up Docker
        uses: docker/setup-buildx-action@v2

      # ... other build and test steps ...

      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ env.DOCKER_USER }}
          password: ${{ env.DOCKER_PASS }}

      - name: Push docker images
        uses: nick-invision/retry@v2
        with:
          timeout_minutes: 10
          max_attempts: 3
          command: |
            docker compose push webknossos
            docker compose push webknossos-datastore
            docker compose push webknossos-tracingstore
            if [[ ${{ github.ref_type }} == "branch" ]]; then
              docker tag scalableminds/webknossos:${{ env.DOCKER_TAG }} scalableminds/webknossos:${{ env.NORMALIZED_BRANCH }}
              docker push scalableminds/webknossos:${{ env.NORMALIZED_BRANCH }}
              docker tag scalableminds/webknossos-datastore:${{ env.DOCKER_TAG }} scalableminds/webknossos-datastore:${{ env.NORMALIZED_BRANCH }}
              docker push scalableminds/webknossos-datastore:${{ env.NORMALIZED_BRANCH }}
              docker tag scalableminds/webknossos-tracingstore:${{ env.DOCKER_TAG }} scalableminds/webknossos-tracingstore:${{ env.NORMALIZED_BRANCH }}
              docker push scalableminds/webknossos-tracingstore:${{ env.NORMALIZED_BRANCH }}
              docker tag scalableminds/webknossos-dev scalableminds/webknossos-dev:${{ env.NORMALIZED_BRANCH }}
              docker push scalableminds/webknossos-dev:${{ env.NORMALIZED_BRANCH }}
            fi

      - name: Logout from Docker Hub
        run: docker logout

      # ... remaining steps ...

This update simplifies the retry logic by utilizing the nick-invision/retry@v2 action and the docker/login-action@v2 for authentication with Docker Hub.

Let me know if you have any questions or need further assistance!

(^‿^)/

[coderabbitai]

⚠️ Potential issue

Fix shell script quoting issues

The branch normalization script has potential issues with word splitting. Apply proper quoting:

  if [[ ${{ github.ref_type }} == "branch" ]]; then
-   NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g')
+   NORMALIZED_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[\/-]/_/g')
-   echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV
+   echo "NORMALIZED_BRANCH=${NORMALIZED_BRANCH}" >> "${GITHUB_ENV}"
-   DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
+   DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
-   echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
+   echo "DOCKER_TAG=${DOCKER_TAG}" >> "${GITHUB_ENV}"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: "Custom environment variables"
	run: |
	if [[ ${{ github.ref_type }} == "branch" ]]; then
	NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g')
	echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV
	DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
	echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
	else
	echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV
	echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV
	fi
	- name: "Custom environment variables"
	run: |
	if [[ ${{ github.ref_type }} == "branch" ]]; then
	NORMALIZED_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[\/-]/_/g')
	echo "NORMALIZED_BRANCH=${NORMALIZED_BRANCH}" >> "${GITHUB_ENV}"
	DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
	echo "DOCKER_TAG=${DOCKER_TAG}" >> "${GITHUB_ENV}"
	else
	echo "NORMALIZED_BRANCH=master" >> $GITHUB_ENV
	echo "DOCKER_TAG=${{ github.ref_name }}" >> $GITHUB_ENV
	fi

🧰 Tools

🪛 actionlint

57-57: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

57-57: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

57-57: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

57-57: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

Actionable comments posted: 6

🧹 Outside diff range and nitpick comments (4)

.github/actions/health_check_action.yml (1)

16-16: Add newline at end of file.

Following YAML best practices, ensure there's a newline character at the end of the file.

🧰 Tools

🪛 yamllint

[error] 16-16: no new line character at the end of file

(new-line-at-end-of-file)

project/BuildInfoSettings.scala (1)

16-17: Consider documenting CI environment variables.

Since these environment variables are crucial for versioning and build information, consider adding documentation about their expected values and usage.

Add a comment block above the variable declarations:

+  // CI environment variables used for versioning:
+  // CI_BUILD_NUM: Build number from CI system (e.g., GitHub Actions run number)
+  // CI_TAG: Git tag from CI system, if building a tagged commit
  val ciBuild: String =
    if (System.getenv().containsKey("CI_BUILD_NUM")) System.getenv().get("CI_BUILD_NUM") else ""
  val ciTag: String = if (System.getenv().containsKey("CI_TAG")) System.getenv().get("CI_TAG") else ""

.github/workflows/build_test_deploy.yml (1)

28-30: Fix YAML indentation

The indentation is inconsistent with the rest of the file.

    - uses: actions/setup-node@v4
      with:
-          node-version: 18
+        node-version: 18

🧰 Tools

🪛 yamllint

[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)

docker-compose.yml (1)

Line range hint 249-257: Fix syntax error in dev service command.

There's an extra quote at the end of the -Ddatastore.redis.address=redis line which will cause the command to fail.

Apply this fix:

     command:
       - bash
       - -c
       - >
         sbt
         -v -d -jvm-debug 5005
         "run
           -Djava.net.preferIPv4Stack=true
           -Dtracingstore.fossildb.address=fossildb
           -Dtracingstore.redis.address=redis"
-          -Ddatastore.redis.address=redis"
+          -Ddatastore.redis.address=redis

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 4a9811e and 53e35c4.

📒 Files selected for processing (4)

• .github/actions/health_check_action.yml (1 hunks)
• .github/workflows/build_test_deploy.yml (1 hunks)
• docker-compose.yml (1 hunks)
• project/BuildInfoSettings.scala (1 hunks)

🧰 Additional context used

🪛 yamllint

.github/actions/health_check_action.yml

[error] 16-16: no new line character at the end of file

(new-line-at-end-of-file)

.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)

---

[warning] 46-46: too many blank lines

(4 > 2) (empty-lines)

---

[error] 153-153: trailing spaces

(trailing-spaces)

---

[error] 155-155: trailing spaces

(trailing-spaces)

---

[error] 159-159: trailing spaces

(trailing-spaces)

---

[error] 164-164: trailing spaces

(trailing-spaces)

🪛 actionlint

.github/workflows/build_test_deploy.yml

56-56: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

71-71: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

116-116: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

136-136: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

136-136: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🔇 Additional comments (2)

.github/actions/health_check_action.yml (1)

1-6: LGTM! Clear and well-structured action metadata.

The action name, description, and input parameters are well-defined and follow GitHub Actions best practices.

project/BuildInfoSettings.scala (1)

16-17: LGTM! Verify environment variables in GitHub Actions workflow.

The change from CircleCI-specific environment variables to generic CI variables is a good practice for portability.

Let's verify that these environment variables are properly set in the GitHub Actions workflow:

[coderabbitai]

⚠️ Potential issue

Enhance security and reliability of the health check implementation.

Consider the following improvements:

1. Add timeout to prevent hanging requests
2. Validate the URL input
3. Remove verbose flag to prevent potential sensitive information exposure
4. Make retry count and delay configurable

Apply this diff to implement the suggested improvements:

+inputs:
+  url:
+    description: 'Health check URL'
+    required: true
+  max_attempts:
+    description: 'Maximum number of retry attempts'
+    required: false
+    default: '20'
+  retry_delay:
+    description: 'Delay between retries in seconds'
+    required: false
+    default: '5'
 runs:
   using: 'composite'
   steps:
     - shell: bash
       run: |
-        for i in {1..20}; do
-          curl --fail -v "${{ inputs.url }}" && exit 0
-          sleep 5
+        # Validate URL format
+        if ! [[ "${{ inputs.url }}" =~ ^https?:// ]]; then
+          echo "Error: Invalid URL format. Must start with http:// or https://"
+          exit 1
+        fi
+        
+        for i in $(seq 1 ${{ inputs.max_attempts }}); do
+          echo "Attempt $i of ${{ inputs.max_attempts }}"
+          # Add timeout and remove verbose flag
+          if curl --fail --max-time 30 "${{ inputs.url }}"; then
+            echo "Health check succeeded"
+            exit 0
+          fi
+          echo "Attempt failed, retrying in ${{ inputs.retry_delay }} seconds..."
+          sleep ${{ inputs.retry_delay }}
         done
+        echo "Health check failed after ${{ inputs.max_attempts }} attempts"
         exit 1

Committable suggestion was skipped due to low confidence.

🧰 Tools

🪛 yamllint

[error] 16-16: no new line character at the end of file

(new-line-at-end-of-file)

[coderabbitai]

⚠️ Potential issue

Remove duplicate type checking

The frontend type checking is already performed in the static_frontend_code_checks job (line 38-39).

Consider removing this duplicate step to improve pipeline performance.

[coderabbitai]

⚠️ Potential issue

Don't silently ignore coverage failures

The coverage command ignores failures with || true, which could hide important coverage regressions.

Consider:

1. Setting a minimum coverage threshold
2. Making the job fail if coverage drops below the threshold
3. Using a coverage reporting action to track trends

-        run: .github/not-on-master.sh docker compose run base yarn coverage || true
+        run: |
+          .github/not-on-master.sh docker compose run base yarn coverage
+        continue-on-error: true

Committable suggestion was skipped due to low confidence.

[coderabbitai]

⚠️ Potential issue

Security: Avoid running containers as root user

Running containers as root user (USER_NAME: root) is a security anti-pattern. Consider:

1. Using a non-root user for better security
2. Following the principle of least privilege

-  USER_NAME: root
+  USER_NAME: webknossos

Committable suggestion was skipped due to low confidence.

[coderabbitai]

🛠️ Refactor suggestion

Replace sleep with proper postgres readiness check

Using sleep is not reliable for ensuring postgres is ready. Consider using a proper health check.

-          sleep 3
+          until docker compose exec -T postgres pg_isready; do
+            echo "Waiting for postgres..."
+            sleep 1
+          done

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Assert schema.sql and evolutions are equal
	run: |
	docker compose up -d postgres
	sleep 3
	docker compose run compile tools/postgres/dbtool.js check-evolutions-schema
	- name: Assert schema.sql and evolutions are equal
	run: |
	docker compose up -d postgres
	until docker compose exec -T postgres pg_isready; do
	echo "Waiting for postgres..."
	sleep 1
	done
	docker compose run compile tools/postgres/dbtool.js check-evolutions-schema

[coderabbitai]

💡 Codebase verification

⚠️ Potential issue

Environment variables need adjustment for GitHub Actions

Based on the usage in project/BuildInfoSettings.scala, these variables are used to populate build information. The current mappings need to be corrected:

1. CI_TAG=${GITHUB_REF} - This will include the full ref path, making ciTag contain unwanted prefixes like "refs/tags/" or "refs/heads/"
2. CI_BUILD_NUM=${GITHUB_JOB} - This will store the job name instead of a build number in ciBuild, which differs from the previous behavior

Suggested fix:

-      - CI_TAG=${GITHUB_REF}
-      - CI_BUILD_NUM=${GITHUB_JOB}
+      - CI_TAG=${GITHUB_REF_NAME}
+      - CI_BUILD_NUM=${GITHUB_RUN_NUMBER}

• GITHUB_REF_NAME provides just the branch/tag name without the "refs/*/" prefix
• GITHUB_RUN_NUMBER provides a sequential number for the workflow runs, similar to the previous CI build number

🔗 Analysis chain

Review environment variable mappings for GitHub Actions.

The current mappings might not provide equivalent values:

1. GITHUB_REF includes the full reference path (e.g., 'refs/heads/main', 'refs/tags/v1.0.0') unlike CIRCLE_TAG which only contained the tag name.
2. GITHUB_JOB provides the job name, not a sequential build number like CIRCLE_BUILD_NUM.

Consider these alternatives:

-      - CI_TAG=${GITHUB_REF}
-      - CI_BUILD_NUM=${GITHUB_JOB}
+      - CI_TAG=${GITHUB_REF#refs/tags/}
+      - CI_BUILD_NUM=${GITHUB_RUN_NUMBER}

Let's verify the usage of these variables:

---

Let me gather more context about how these variables might be used in the application code.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for CI_TAG and CI_BUILD_NUM usage in the codebase
rg "CI_(TAG|BUILD_NUM)" --type-add 'config:*.{yml,yaml,json,conf,properties}' -t config

Length of output: 191

---

Script:

#!/bin/bash
# Search for CI_TAG and CI_BUILD_NUM usage in all files
rg "CI_(TAG|BUILD_NUM)" -A 3 -B 3

# Also check for any shell scripts that might use these variables
fd ".sh$" --exec grep -l "CI_TAG\|CI_BUILD_NUM" {} \;

Length of output: 1350

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (3)

.github/workflows/build_test_deploy.yml (3)

23-23: Fix YAML indentation issues

There are inconsistent indentation levels in the workflow file:

• Line 23: Should be 6 spaces instead of 4
• Line 30: Should be 8 spaces instead of 10

    steps:
-    - name: Checkout code
+      - name: Checkout code
       uses: actions/checkout@v3
       with:
         fetch-depth: 5

     - uses: actions/setup-node@v4
       with:
-          node-version: 18
+        node-version: 18

Also applies to: 30-30

🧰 Tools

🪛 yamllint

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

44-46: Remove excessive blank lines

There are too many consecutive blank lines (4 > 2) between the jobs.

    - name: Check for cyclic dependencies in frontend
      run: yarn check-cyclic-dependencies

-

-

  build_test_deploy:

🧰 Tools

🪛 yamllint

[warning] 46-46: too many blank lines

(4 > 2) (empty-lines)

---

153-165: Fix trailing spaces in YAML

Remove trailing spaces from the following lines:

• Line 153: with:
• Line 155: Empty line with spaces
• Line 159: with:
• Line 164: with:

      - name: Run webknossos smoke test
        uses: ./.github/actions/health_check_action
-        with: 
+        with:
          url: http://localhost:9000/api/health

      - name: Run webknossos-datastore smoke test
        uses: ./.github/actions/health_check_action
-        with: 
+        with:
          url: http://localhost:9090/data/health

      - name: Run webknossos-tracingstore smoke test
        uses: ./.github/actions/health_check_action
-        with: 
+        with:
          url: http://localhost:9050/tracings/health

🧰 Tools

🪛 yamllint

[error] 153-153: trailing spaces

(trailing-spaces)

---

[error] 155-155: trailing spaces

(trailing-spaces)

---

[error] 159-159: trailing spaces

(trailing-spaces)

---

[error] 164-164: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 53e35c4 and eb8af0b.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (2)

• .github/workflows/build_test_deploy.yml (1 hunks)
• docker-compose.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• docker-compose.yml

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

56-56: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

71-71: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

116-116: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

136-136: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

136-136: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)

---

[warning] 46-46: too many blank lines

(4 > 2) (empty-lines)

---

[error] 153-153: trailing spaces

(trailing-spaces)

---

[error] 155-155: trailing spaces

(trailing-spaces)

---

[error] 159-159: trailing spaces

(trailing-spaces)

---

[error] 164-164: trailing spaces

(trailing-spaces)

[coderabbitai]

🛠️ Refactor suggestion

Consider parallelizing build steps

The build steps for webknossos, datastore, and tracingstore are running sequentially. Consider using GitHub Actions' job parallelization to speed up the pipeline:

1. Split the builds into separate jobs
2. Use job outputs to share build artifacts
3. Use job dependencies to maintain the correct order

Example structure:

jobs:
  build-webknossos:
    # ... build webknossos
    outputs:
      checksum: ${{ steps.checksum.outputs.value }}

  build-datastore:
    needs: build-webknossos
    # ... build datastore

  build-tracingstore:
    needs: build-webknossos
    # ... build tracingstore

  tests:
    needs: [build-webknossos, build-datastore, build-tracingstore]
    # ... run tests

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (1)

.github/workflows/build_test_deploy.yml (1)

13-15: Remove or document commented environment variables

The commented user-related environment variables (USER_NAME, USER_UID, USER_GID) should either be removed if they're no longer needed or documented if they serve a specific purpose.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between eb8af0b and 1d77e3c.

📒 Files selected for processing (1)

• .github/workflows/build_test_deploy.yml (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

56-56: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

56-56: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

71-71: shellcheck reported issue in this script: SC2086:info:1:42: Double quote to prevent globbing and word splitting

(shellcheck)

---

116-116: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

136-136: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

136-136: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

171-171: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)

---

[warning] 46-46: too many blank lines

(4 > 2) (empty-lines)

---

[error] 153-153: trailing spaces

(trailing-spaces)

---

[error] 155-155: trailing spaces

(trailing-spaces)

---

[error] 159-159: trailing spaces

(trailing-spaces)

---

[error] 164-164: trailing spaces

(trailing-spaces)

🔇 Additional comments (1)

.github/workflows/build_test_deploy.yml (1)

20-42: LGTM: Frontend checks are well-structured

The frontend checks job is well-organized with appropriate steps for dependency installation, linting, type checking, and cyclic dependency validation.

🧰 Tools

🪛 yamllint

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 30-30: wrong indentation: expected 8 but found 10

(indentation)

[coderabbitai]

🛠️ Refactor suggestion

Consider using GitHub Actions' built-in retry functionality

Instead of implementing a custom retry function, consider using GitHub Actions' built-in retry functionality with the nick-invision/retry@v2 action:

- uses: nick-invision/retry@v2
  with:
    timeout_minutes: 10
    max_attempts: 5
    command: docker login -u "${DOCKER_USER}" -p "${DOCKER_PASS}"

This approach provides better logging and integration with GitHub Actions.

[coderabbitai]

Actionable comments posted: 4

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 1d77e3c and 7acf3a9.

📒 Files selected for processing (2)

• .github/workflows/build_test_deploy.yml (1 hunks)
• Dockerfile (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

54-54: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

54-54: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

54-54: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

54-54: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

131-131: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

151-151: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

151-151: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

183-183: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

[error] 70-70: trailing spaces

(trailing-spaces)

---

[error] 80-80: trailing spaces

(trailing-spaces)

---

[error] 165-165: trailing spaces

(trailing-spaces)

---

[error] 167-167: trailing spaces

(trailing-spaces)

---

[error] 171-171: trailing spaces

(trailing-spaces)

---

[error] 176-176: trailing spaces

(trailing-spaces)

🔇 Additional comments (2)

Dockerfile (1)

11-11: Please clarify the Docker-dev image reference in the comment.

The comment mentions "Docker-dev image" but this dependency isn't clearly documented. This could make it difficult for other developers to understand the build prerequisites.

Let's check for any Docker-dev image references:

✅ Verification successful

Let me check the docker-compose files to understand if there's a dev image defined:

---

Let me check the Dockerfile.dev since I found a reference to webknossos-dev image in docker-compose.yml:

---

Based on the docker-compose.yml and Dockerfile.dev analysis, I can now generate the final response:

The Docker-dev image reference is accurate and well-integrated

The comment refers to the webknossos-dev image which is properly defined in docker-compose.yml under the base service. This dev image is built from Dockerfile.dev and is used for development and compilation tasks. The compiled Scala output from this dev environment is indeed used in the production Dockerfile, making the comment accurate and helpful.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for Docker-dev image references in the repository
rg -i "docker-dev.*image"

# Check docker-compose files for related services
fd -e yml -e yaml | xargs rg -l "docker"

Length of output: 329

---

Script:

#!/bin/bash
# Check contents of docker-compose files for dev image definitions
echo "=== Main docker-compose.yml ==="
cat docker-compose.yml

echo -e "\n=== tools/hosting/docker-compose.yml ==="
cat tools/hosting/docker-compose.yml

echo -e "\n=== webknossos-tracingstore/deployment/docker-compose.yml ==="
cat webknossos-tracingstore/deployment/docker-compose.yml

echo -e "\n=== webknossos-datastore/deployment/docker-compose.yml ==="
cat webknossos-datastore/deployment/docker-compose.yml

Length of output: 14631

---

Script:

#!/bin/bash
# Check Dockerfile.dev contents
cat Dockerfile.dev

Length of output: 1079

.github/workflows/build_test_deploy.yml (1)

4-6: Consider including additional protected branches in push triggers

The push trigger is currently limited to the master branch. Consider including other protected branches (e.g., main, develop, release/*) to ensure the pipeline runs on all important branches.

[coderabbitai]

🛠️ Refactor suggestion

Consider validating the copied Scala artifacts.

While the COPY command is correct, consider adding validation to ensure the required Scala artifacts are present and complete.

Consider adding a validation step:

 # Copy compiled Scala output from a previous build step, e.g. output of the Docker-dev image
 COPY target/universal/stage .
+RUN test -f bin/webknossos && \
+    test -d lib || \
+    (echo "Error: Required Scala artifacts are missing" && exit 1)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	COPY target/universal/stage .
	# Copy compiled Scala output from a previous build step, e.g. output of the Docker-dev image
	COPY target/universal/stage .
	RUN test -f bin/webknossos && \
	test -d lib || \
	(echo "Error: Required Scala artifacts are missing" && exit 1)

[coderabbitai]

🛠️ Refactor suggestion

Add error handling to documentation build

The documentation build step should fail the workflow if there are any errors.

      - name: Build frontend documentation
        run: |
+         set -eo pipefail
          WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
-         yarn run docs --project-version $WK_VERSION
+         yarn run docs --project-version "${WK_VERSION}"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Build frontend documentation
	run: |
	WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
	yarn run docs --project-version $WK_VERSION
	- name: Build frontend documentation
	run: |
	set -eo pipefail
	WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
	yarn run docs --project-version "${WK_VERSION}"

[coderabbitai]

🛠️ Refactor suggestion

Optimize apt-get commands

The apt-get installation can be optimized to reduce the image size and improve build time.

-      - name: Install dependencies
-        run: apt-get update \
-          && apt-get install -y \
-          findutils \
-          libdraco-dev \
-          libblosc1
+      - name: Install dependencies
+        run: |
+          apt-get update && apt-get install -y --no-install-recommends \
+            findutils \
+            libdraco-dev \
+            libblosc1 \
+          && rm -rf /var/lib/apt/lists/*

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Install dependencies
	run: apt-get update \
	&& apt-get install -y \
	findutils \
	libdraco-dev \
	libblosc1
	- name: Install dependencies
	run: |
	apt-get update && apt-get install -y --no-install-recommends \
	findutils \
	libdraco-dev \
	libblosc1 \
	&& rm -rf /var/lib/apt/lists/*

[coderabbitai]

🛠️ Refactor suggestion

Add yarn cache to improve CI performance

Consider using GitHub's cache action for yarn dependencies to speed up the CI pipeline.

    - uses: actions/setup-node@v4
      with:
        node-version: 18
+       cache: 'yarn'
+
+   - name: Get yarn cache directory path
+     id: yarn-cache-dir-path
+     run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
+
+   - uses: actions/cache@v3
+     id: yarn-cache
+     with:
+       path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
+       key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+       restore-keys: |
+         ${{ runner.os }}-yarn-

    - name: Install frontend dependencies
      run: corepack enable && yarn install --immutable

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Install frontend dependencies
	run: corepack enable && yarn install --immutable
	- uses: actions/setup-node@v4
	with:
	node-version: 18
	cache: 'yarn'
	- name: Get yarn cache directory path
	id: yarn-cache-dir-path
	run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
	- uses: actions/cache@v3
	id: yarn-cache
	with:
	path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
	key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
	restore-keys: |
	${{ runner.os }}-yarn-
	- name: Install frontend dependencies
	run: corepack enable && yarn install --immutable

[coderabbitai]

Actionable comments posted: 5

🧹 Outside diff range and nitpick comments (1)

.github/workflows/build_test_deploy.yml (1)

12-17: Add timezone environment variable

Consider adding TZ: UTC (or your preferred timezone) to ensure consistent timestamps across the pipeline execution.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 7acf3a9 and da87a2a.

📒 Files selected for processing (1)

• .github/workflows/build_test_deploy.yml (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

73-73: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

73-73: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

73-73: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

73-73: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

141-141: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

158-158: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

158-158: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

189-189: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 23-23: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 52-52: wrong indentation: expected 6 but found 8

(indentation)

---

[error] 89-89: trailing spaces

(trailing-spaces)

---

[error] 99-99: trailing spaces

(trailing-spaces)

---

[error] 172-172: trailing spaces

(trailing-spaces)

---

[error] 174-174: trailing spaces

(trailing-spaces)

---

[error] 177-177: trailing spaces

(trailing-spaces)

---

[error] 182-182: trailing spaces

(trailing-spaces)

[coderabbitai]

⚠️ Potential issue

Align Ubuntu versions across jobs

The static_frontend_code_checks job uses ubuntu-24.04 while build_test_deploy uses ubuntu-20.04. This inconsistency could lead to environment differences. Consider using the same Ubuntu version for both jobs.

Also applies to: 46-46

[coderabbitai]

⚠️ Potential issue

Use secrets for database credentials

Database credentials are currently hardcoded in the workflow file. Consider using GitHub secrets:

-            POSTGRES_DB: webknossos
-            POSTGRES_USER: webknossos_user
-            POSTGRES_PASSWORD: secret_password
+            POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
+            POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
+            POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	POSTGRES_DB: webknossos
	POSTGRES_USER: webknossos_user
	POSTGRES_PASSWORD: secret_password
	POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
	POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
	POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}

[coderabbitai]

🛠️ Refactor suggestion

Improve documentation version handling

The current version fallback chain could be more explicit:

-          WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
+          WK_VERSION=$(
+            if [ -n "${{ github.event.release.tag_name }}" ]; then
+              echo "${{ github.event.release.tag_name }}"
+            elif [ "${{ github.ref }}" = "refs/heads/master" ]; then
+              echo "${{ github.run_number }}"
+            else
+              echo "dev"
+            fi
+          )

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Build frontend documentation
	run: |
	WK_VERSION=${{ github.event.release.tag_name || github.run_number || 'dev' }}
	yarn run docs --project-version $WK_VERSION
	- name: Build frontend documentation
	run: |
	WK_VERSION=$(
	if [ -n "${{ github.event.release.tag_name }}" ]; then
	echo "${{ github.event.release.tag_name }}"
	elif [ "${{ github.ref }}" = "refs/heads/master" ]; then
	echo "${{ github.run_number }}"
	else
	echo "dev"
	fi
	)
	yarn run docs --project-version $WK_VERSION

[coderabbitai]

🛠️ Refactor suggestion

Optimize Docker builds with layer caching

Consider using BuildKit's cache features to speed up builds:

-        run: docker compose build --pull webknossos-datastore
+        run: |
+          DOCKER_BUILDKIT=1 docker compose build \
+            --pull \
+            --build-arg BUILDKIT_INLINE_CACHE=1 \
+            webknossos-datastore

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Build webknossos docker image
	run: |
	docker pull scalableminds/webknossos:$NORMALIZED_BRANCH || true
	DEV_CACHE=$NORMALIZED_BRANCH docker compose build --pull webknossos
	- name: Build webknossos-datastore docker image
	run: docker compose build --pull webknossos-datastore
	- name: Build webknossos-tracingstore docker image
	run: docker compose build --pull webknossos-tracingstore
	- name: Build webknossos docker image
	run: |
	docker pull scalableminds/webknossos:$NORMALIZED_BRANCH || true
	DEV_CACHE=$NORMALIZED_BRANCH docker compose build --pull webknossos
	- name: Build webknossos-datastore docker image
	run: |
	DOCKER_BUILDKIT=1 docker compose build \
	--pull \
	--build-arg BUILDKIT_INLINE_CACHE=1 \
	webknossos-datastore
	- name: Build webknossos-tracingstore docker image
	run: docker compose build --pull webknossos-tracingstore

🧰 Tools

🪛 actionlint

141-141: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

💡 Codebase verification

These database validation steps should be uncommented and fixed

The commented-out steps are critical database schema validation checks that:

1. Ensure evolution numbers are unique (assert-unique-evolution-numbers)
2. Verify schema.sql matches the evolutions (check-evolutions-schema)

These checks are important as evidenced by:

• The dbtool.js script contains active implementations of these commands
• The script is actively used in other parts of the codebase for database validation
• No alternative validation steps exist in the workflow file

🔗 Analysis chain

Clean up commented code blocks

Several steps are commented out but seem important for database schema validation. Either:

1. Remove these comments if they're no longer needed
2. Uncomment and fix them if they're still required

---

Let me check how these database tools are actually used to determine if the commented steps are still needed.

---

Let me check if these database validation steps are replaced by other mechanisms in the workflow.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if these database tools are used elsewhere
rg -l "dbtool.js"

Length of output: 217

---

Script:

#!/bin/bash
# Check the content of files that use dbtool.js
rg "dbtool\.js" -C 3

# Also check if there are any other similar database schema validation tasks
rg "schema" .github/workflows/ -C 3

Length of output: 6445

---

Script:

#!/bin/bash
# Check the entire workflow file for other database validation steps
cat .github/workflows/build_test_deploy.yml

# Also check if dbtool.js exists and what commands it supports
cat tools/postgres/dbtool.js 2>/dev/null || echo "File not found"

Length of output: 21423

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between da87a2a and d12c110.

📒 Files selected for processing (1)

• .github/workflows/build_test_deploy.yml (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

84-84: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

84-84: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

84-84: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

84-84: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

152-152: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

169-169: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

169-169: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

200-200: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 29-29: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 59-59: wrong indentation: expected 6 but found 8

(indentation)

---

[error] 100-100: trailing spaces

(trailing-spaces)

---

[error] 183-183: trailing spaces

(trailing-spaces)

---

[error] 185-185: trailing spaces

(trailing-spaces)

---

[error] 188-188: trailing spaces

(trailing-spaces)

---

[error] 193-193: trailing spaces

(trailing-spaces)

🔇 Additional comments (1)

.github/workflows/build_test_deploy.yml (1)

4-9: Consider expanding push trigger branches

The current configuration only triggers on master push events. Consider including other important branches (e.g., development, staging) if they exist in your branching strategy.

[coderabbitai]

⚠️ Potential issue

Restrict PostgreSQL port exposure

The PostgreSQL port is exposed on all interfaces. For better security, restrict it to localhost:

    ports:
-     - 5432:5432
+     - 127.0.0.1:5432:5432

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	ports:
	- 5432:5432
	ports:
	- 127.0.0.1:5432:5432

[coderabbitai]

🛠️ Refactor suggestion

Optimize SBT build configuration

The SBT build could be optimized:

1. Use .sbtopts file for common options
2. Enable parallel execution
3. Configure memory settings

    - name: Build webknossos (sbt)
      run: |
+       echo "-J-Xmx4G" > .sbtopts
+       echo "-J-Xms2G" >> .sbtopts
+       echo "-Dsbt.parallel=true" >> .sbtopts
        if [ "${{ github.ref }}" == "refs/heads/master" ]; then
-         sbt -no-colors clean compile stage
+         sbt clean compile stage
        else
-         sbt -no-colors -DfailOnWarning compile stage
+         sbt -DfailOnWarning compile stage
        fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Build webknossos (sbt)
	run: |
	if [ "${{ github.ref }}" == "refs/heads/master" ]; then
	sbt -no-colors clean compile stage
	else
	sbt -no-colors -DfailOnWarning compile stage
	fi
	- name: Build webknossos (sbt)
	run: |
	echo "-J-Xmx4G" > .sbtopts
	echo "-J-Xms2G" >> .sbtopts
	echo "-Dsbt.parallel=true" >> .sbtopts
	if [ "${{ github.ref }}" == "refs/heads/master" ]; then
	sbt clean compile stage
	else
	sbt -DfailOnWarning compile stage
	fi

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

.github/workflows/build_test_deploy.yml (2)

102-107: Optimize Java setup configuration

The Java setup could be improved:

1. Consider using a specific version instead of latest
2. Enable concurrent garbage collection for better CI performance

   - name: Set up Java
     uses: actions/setup-java@v4
     with:
       distribution: 'temurin'
       java-version: '21'
       cache: 'sbt'
+      java-package: jdk
+      architecture: x64
+    env:
+      JAVA_OPTS: "-XX:+UseG1GC -XX:+UseStringDeduplication"

---

172-180: Consider parallelizing test execution

The backend and e2e tests are running sequentially. Consider:

1. Running backend tests in parallel using test splitting
2. Implementing test sharding for e2e tests

Example configuration for parallel test execution:

strategy:
  matrix:
    test-group: [1, 2, 3, 4]
steps:
  - name: Run backend tests
    run: |
      TOTAL_GROUPS=4
      GROUP=${{ matrix.test-group }}
      .github/not-on-master.sh docker compose run backend-tests --split-by=timings --group=$GROUP/$TOTAL_GROUPS

🧰 Tools

🪛 actionlint

176-176: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

176-176: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between d12c110 and f25cca0.

📒 Files selected for processing (1)

• .github/workflows/build_test_deploy.yml (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

82-82: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

82-82: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

82-82: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

82-82: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

153-153: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

176-176: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

176-176: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

207-207: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 29-29: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 59-59: wrong indentation: expected 6 but found 8

(indentation)

---

[error] 75-75: trailing spaces

(trailing-spaces)

---

[error] 98-98: trailing spaces

(trailing-spaces)

---

[error] 190-190: trailing spaces

(trailing-spaces)

---

[error] 192-192: trailing spaces

(trailing-spaces)

---

[error] 195-195: trailing spaces

(trailing-spaces)

---

[error] 200-200: trailing spaces

(trailing-spaces)

🔇 Additional comments (1)

.github/workflows/build_test_deploy.yml (1)

4-16: Verify branch protection rules alignment

The workflow triggers look good, but please ensure they align with your repository's branch protection rules, especially for the master branch.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (3)

.github/workflows/build_test_deploy.yml (3)

4-16: Consider refining the pull request trigger configuration

The current configuration triggers on PRs for all branches ('*'). Consider limiting this to specific branches that are relevant to your workflow, such as:

  pull_request:
    branches:
-     - '*'
+     - master
+     - develop
+     - 'release/**'

---

66-70: Optimize PostgreSQL health check configuration

The current health check configuration might be too aggressive:

• 2s interval might be too frequent and could cause unnecessary load
• 30 retries with 2s interval = 60s total wait time, which might be excessive

Consider adjusting the values:

  options: >-
    --health-cmd pg_isready
-   --health-interval 2s
-   --health-timeout 5s
-   --health-retries 30
+   --health-interval 10s
+   --health-timeout 5s
+   --health-retries 12

---

111-116: Optimize OS dependencies installation

The current apt-get installation can be improved:

1. Clean up cache to reduce image size
2. Combine commands to reduce layers
3. Remove commented out packages

- run: sudo apt-get update && sudo apt-get install -y libdraco-dev libblosc-dev
+ run: |
+   sudo apt-get update && \
+   sudo apt-get install -y --no-install-recommends \
+     libdraco-dev \
+     libblosc-dev && \
+   sudo rm -rf /var/lib/apt/lists/*

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between f25cca0 and 816989d.

📒 Files selected for processing (1)

• .github/workflows/build_test_deploy.yml (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

82-82: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

82-82: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

82-82: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

82-82: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

156-156: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

179-179: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

179-179: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

210-210: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 29-29: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 59-59: wrong indentation: expected 6 but found 8

(indentation)

---

[error] 75-75: trailing spaces

(trailing-spaces)

---

[error] 98-98: trailing spaces

(trailing-spaces)

---

[error] 193-193: trailing spaces

(trailing-spaces)

---

[error] 195-195: trailing spaces

(trailing-spaces)

---

[error] 198-198: trailing spaces

(trailing-spaces)

---

[error] 203-203: trailing spaces

(trailing-spaces)

[coderabbitai]

Actionable comments posted: 4

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 816989d and d9322ce.

📒 Files selected for processing (1)

• .github/workflows/build_test_deploy.yml (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

82-82: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

82-82: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

82-82: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

82-82: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

157-157: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 29-29: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 59-59: wrong indentation: expected 6 but found 8

(indentation)

---

[error] 75-75: trailing spaces

(trailing-spaces)

---

[error] 98-98: trailing spaces

(trailing-spaces)

---

[error] 194-194: trailing spaces

(trailing-spaces)

---

[error] 196-196: trailing spaces

(trailing-spaces)

---

[error] 199-199: trailing spaces

(trailing-spaces)

---

[error] 204-204: trailing spaces

(trailing-spaces)

🔇 Additional comments (1)

.github/workflows/build_test_deploy.yml (1)

81-91: 🛠️ Refactor suggestion

Fix shell script quoting in environment variables

The script has potential issues with word splitting. Apply proper quoting:

  if [[ ${{ github.ref_type }} == "branch" ]]; then
-   NORMALIZED_BRANCH=$(echo ${{ github.ref_name }} | sed 's/[\/-]/_/g')
+   NORMALIZED_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[\/-]/_/g')
-   echo "NORMALIZED_BRANCH=$NORMALIZED_BRANCH" >> $GITHUB_ENV
+   echo "NORMALIZED_BRANCH=${NORMALIZED_BRANCH}" >> "${GITHUB_ENV}"
-   DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
+   DOCKER_TAG="${NORMALIZED_BRANCH}__${{ github.run_number }}"
-   echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
+   echo "DOCKER_TAG=${DOCKER_TAG}" >> "${GITHUB_ENV}"

Likely invalid or redundant comment.

🧰 Tools

🪛 actionlint

82-82: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

82-82: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

82-82: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

82-82: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

⚠️ Potential issue

Security: Avoid running as root user

Running containers as root user is a security risk. Consider using a non-root user with minimal required permissions.

-  USER_NAME: root
+  USER_NAME: webknossos

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	USER_NAME: root
	USER_NAME: webknossos

[coderabbitai]

🛠️ Refactor suggestion

Add error handling to frontend checks

The frontend check commands should fail fast if any check fails. Add proper error handling:

    - name: Lint frontend code and check formatting
      run: |
+       set -euo pipefail
        yarn run check-frontend

    - name: Typecheck frontend code
      run: |
+       set -euo pipefail
        yarn typecheck

    - name: Check for cyclic dependencies in frontend
      run: |
+       set -euo pipefail
        yarn check-cyclic-dependencies

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Lint frontend code and check formatting
	run: yarn run check-frontend
	- name: Typecheck frontend code
	run: yarn typecheck
	- name: Check for cyclic dependencies in frontend
	run: yarn check-cyclic-dependencies
	- name: Lint frontend code and check formatting
	run: |
	set -euo pipefail
	yarn run check-frontend
	- name: Typecheck frontend code
	run: |
	set -euo pipefail
	yarn typecheck
	- name: Check for cyclic dependencies in frontend
	run: |
	set -euo pipefail
	yarn check-cyclic-dependencies

[coderabbitai]

🛠️ Refactor suggestion

Fix shell script quoting in retry logic

The retry logic needs proper quoting and error handling:

  run: |
+   set -euo pipefail
    for i in {1..3}; do # retry
-     .github/not-on-master.sh docker compose run e2e-tests && s=0 && break || s=$?
+     if .github/not-on-master.sh docker compose run e2e-tests; then
+       s=0
+       break
+     else
+       s=$?
+     fi
    done
-   (exit $s)
+   (exit "${s}")

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	run: |
	for i in {1..3}; do # retry
	.github/not-on-master.sh docker compose run e2e-tests && s=0 && break || s=$?
	done
	(exit $s)
	run: |
	set -euo pipefail
	for i in {1..3}; do # retry
	if .github/not-on-master.sh docker compose run e2e-tests; then
	s=0
	break
	else
	s=$?
	fi
	done
	(exit "${s}")

🧰 Tools

🪛 actionlint

180-180: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

Actionable comments posted: 4

🧹 Outside diff range and nitpick comments (1)

.github/workflows/build_test_deploy.yml (1)

4-16: Consider optimizing workflow triggers

The workflow configuration could be more efficient:

1. The push trigger could specify paths to reduce unnecessary runs
2. The pull_request trigger could also use path filters

  push:
    branches:
      - master
+   paths:
+     - 'app/**'
+     - 'webknossos-datastore/**'
+     - 'webknossos-tracingstore/**'
+     - 'package.json'
+     - 'yarn.lock'
  pull_request:
    branches:
      - '*'
+   paths:
+     - 'app/**'
+     - 'webknossos-datastore/**'
+     - 'webknossos-tracingstore/**'
+     - 'package.json'
+     - 'yarn.lock'

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between d9322ce and b162be2.

📒 Files selected for processing (1)

• .github/workflows/build_test_deploy.yml (1 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

81-81: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

81-81: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

81-81: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

81-81: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

154-154: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2034:warning:1:1: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

180-180: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 29-29: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 59-59: wrong indentation: expected 6 but found 8

(indentation)

---

[error] 74-74: trailing spaces

(trailing-spaces)

---

[error] 97-97: trailing spaces

(trailing-spaces)

---

[error] 127-127: trailing spaces

(trailing-spaces)

---

[error] 128-128: trailing spaces

(trailing-spaces)

---

[error] 194-194: trailing spaces

(trailing-spaces)

---

[error] 196-196: trailing spaces

(trailing-spaces)

---

[error] 199-199: trailing spaces

(trailing-spaces)

---

[error] 204-204: trailing spaces

(trailing-spaces)

🔇 Additional comments (1)

.github/workflows/build_test_deploy.yml (1)

26-48: 🛠️ Refactor suggestion

Optimize frontend checks performance

The frontend checks job could be improved:

1. Add yarn caching
2. Add proper error handling
3. Consider parallelizing the checks

 - uses: actions/setup-node@v4
   with:
     node-version: 18
+    cache: 'yarn'

 - name: Install frontend dependencies
   run: corepack enable && yarn install --immutable

 - name: Lint frontend code and check formatting
-  run: yarn run check-frontend
+  run: |
+    set -euo pipefail
+    yarn run check-frontend

 - name: Typecheck frontend code
-  run: yarn typecheck
+  run: |
+    set -euo pipefail
+    yarn typecheck

 - name: Check for cyclic dependencies in frontend
-  run: yarn check-cyclic-dependencies
+  run: |
+    set -euo pipefail
+    yarn check-cyclic-dependencies

Likely invalid or redundant comment.

🧰 Tools

🪛 yamllint

[warning] 29-29: wrong indentation: expected 6 but found 4

(indentation)

[coderabbitai]

⚠️ Potential issue

Security: Critical configuration issues

Several security concerns need to be addressed:

1. Running as root user is a security risk
2. Consider using GitHub's OIDC for Docker Hub authentication instead of storing credentials

 env:
-  USER_NAME: root
+  USER_NAME: webknossos
   USER_UID: 1000
   USER_GID: 1000
-  DOCKER_USER: ${{ secrets.DOCKER_USER }}
-  DOCKER_PASS: ${{ secrets.DOCKER_PASS }}

Consider using OIDC for Docker Hub:

permissions:
  id-token: write
  contents: read

jobs:
  build:
    steps:
      - uses: docker/login-action@v2
        with:
          registry: docker.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

[coderabbitai]

⚠️ Potential issue

Security: Use secrets for database credentials

Database credentials should not be hardcoded in the workflow file.

 env:
-  POSTGRES_URL: jdbc:postgresql://postgres/webknossos
-  POSTGRES_USER: webknossos_user
-  POSTGRES_PASSWORD: secret_password
+  POSTGRES_URL: ${{ secrets.POSTGRES_URL }}
+  POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
+  POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	POSTGRES_URL: jdbc:postgresql://postgres/webknossos
	POSTGRES_USER: webknossos_user
	POSTGRES_PASSWORD: secret_password
	POSTGRES_URL: ${{ secrets.POSTGRES_URL }}
	POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
	POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}

[coderabbitai]

⚠️ Potential issue

Uncomment and fix database validation steps

The commented-out database validation steps are critical for ensuring schema integrity.

-# - name: Assert unique evolution numbers
-#   run: node tools/postgres/dbtool.js assert-unique-evolution-numbers
+- name: Assert unique evolution numbers
+  run: node tools/postgres/dbtool.js assert-unique-evolution-numbers

-# - name: Assert schema.sql and evolutions are equal
-#   run: |
-#     docker compose up -d postgres
-#     sleep 3
-#     docker compose run compile tools/postgres/dbtool.js check-evolutions-schema
+- name: Assert schema.sql and evolutions are equal
+  run: |
+    docker compose up -d postgres
+    until docker compose exec -T postgres pg_isready; do
+      echo "Waiting for postgres..."
+      sleep 1
+    done
+    docker compose run compile tools/postgres/dbtool.js check-evolutions-schema

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# - name: Assert unique evolution numbers
	# run: node tools/postgres/dbtool.js assert-unique-evolution-numbers
	# - name: Assert schema.sql and evolutions are equal
	# run: |
	# docker compose up -d postgres
	# sleep 3
	# docker compose run compile tools/postgres/dbtool.js check-evolutions-schema
	- name: Assert unique evolution numbers
	run: node tools/postgres/dbtool.js assert-unique-evolution-numbers
	- name: Assert schema.sql and evolutions are equal
	run: |
	docker compose up -d postgres
	until docker compose exec -T postgres pg_isready; do
	echo "Waiting for postgres..."
	sleep 1
	done
	docker compose run compile tools/postgres/dbtool.js check-evolutions-schema

[coderabbitai]

⚠️ Potential issue

Fix shell script issues in Docker operations

The Docker operations script has multiple quoting and error handling issues.

 function retry() {
+  local cmd=("$@")
   for i in {1..5}; do
-    "$@" && s=0 && break || s=$?
+    if "${cmd[@]}"; then
+      return 0
+    fi
     sleep 10
   done
-  return $s
+  return 1
 }
-retry docker login -u $DOCKER_USER -p $DOCKER_PASS
+retry docker login -u "${DOCKER_USER}" -p "${DOCKER_PASS}"
 retry docker compose push webknossos
 retry docker compose push webknossos-datastore
 retry docker compose push webknossos-tracingstore
 if [[ ${{ github.ref_type }} == "branch" ]]; then
-  docker tag scalableminds/webknossos:${DOCKER_TAG} scalableminds/webknossos:${NORMALIZED_BRANCH}
+  docker tag "scalableminds/webknossos:${DOCKER_TAG}" "scalableminds/webknossos:${NORMALIZED_BRANCH}"
   # Similar fixes for other docker commands
 fi

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools

🪛 actionlint

211-211: shellcheck reported issue in this script: SC2034:warning:2:3: i appears unused. Verify use (or export if used externally)

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:6:10: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:8:23: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:8:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:13:39: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:13:78: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:14:46: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:15:49: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:15:98: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:16:56: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:17:52: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:17:104: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:18:59: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:19:72: Double quote to prevent globbing and word splitting

(shellcheck)

---

211-211: shellcheck reported issue in this script: SC2086:info:20:50: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between b162be2 and 77d54be.

📒 Files selected for processing (2)

• .github/not-on-master.sh (1 hunks)
• .github/workflows/build_test_deploy.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/not-on-master.sh

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

81-81: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

81-81: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

81-81: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

81-81: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

157-157: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 29-29: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 59-59: wrong indentation: expected 6 but found 8

(indentation)

---

[error] 74-74: trailing spaces

(trailing-spaces)

---

[error] 97-97: trailing spaces

(trailing-spaces)

---

[error] 127-127: trailing spaces

(trailing-spaces)

---

[error] 128-128: trailing spaces

(trailing-spaces)

---

[error] 149-149: trailing spaces

(trailing-spaces)

---

[error] 195-195: trailing spaces

(trailing-spaces)

---

[error] 197-197: trailing spaces

(trailing-spaces)

---

[error] 200-200: trailing spaces

(trailing-spaces)

---

[error] 205-205: trailing spaces

(trailing-spaces)

---

[error] 220-220: trailing spaces

(trailing-spaces)

🔇 Additional comments (3)

.github/workflows/build_test_deploy.yml (3)

4-16: LGTM! Well-structured workflow triggers

The workflow triggers and debug input configuration are properly set up, providing good flexibility for CI/CD operations.

---

18-23: Skip comment: Security concerns already addressed

A previous review has already flagged the security concerns about running as root and suggested using OIDC for Docker Hub authentication.

---

26-48: Skip comment: Error handling improvements already suggested

A previous review has already suggested adding proper error handling to the frontend check commands.

🧰 Tools

🪛 yamllint

[warning] 29-29: wrong indentation: expected 6 but found 4

(indentation)

[coderabbitai]

⚠️ Potential issue

Don't silence coverage failures

The coverage command is set to ignore failures with || true. This could hide important coverage regressions.

Consider:

1. Remove the || true
2. Set a minimum coverage threshold
3. Make the job fail if coverage drops below the threshold

-        run: .github/not-on-master.sh yarn coverage || true
+        run: |
+          set -eo pipefail
+          .github/not-on-master.sh yarn coverage

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (2)

.github/workflows/build_test_deploy.yml (2)

101-106: Consider caching Java dependencies more effectively.

While SBT caching is enabled, consider also caching the local Maven repository to speed up builds:

 - uses: actions/setup-java@v4
   with:
     distribution: 'temurin'
     java-version: '21'
     cache: 'sbt'
+    cache-dependency-path: |
+      **/*.sbt
+      project/**.scala
+      project/**.sbt

---

150-151: Optimize test execution configuration.

Consider improving the test execution:

1. Add test parallelization
2. Configure test output format
3. Add test results reporting

-        run: .github/not-on-master.sh sbt -v "testOnly backend.*"
+        run: |
+          .github/not-on-master.sh sbt -v \
+            'set Test / parallelExecution := true' \
+            'set Test / testOptions += Tests.Argument("-oDF")' \
+            "testOnly backend.*"
+      - name: Upload test results
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: test-results
+          path: target/test-reports/

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 77d54be and 46f6696.

📒 Files selected for processing (2)

• .github/workflows/build_test_deploy.yml (1 hunks)
• docker-compose.yml (3 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build_test_deploy.yml

81-81: shellcheck reported issue in this script: SC2086:info:3:50: Double quote to prevent globbing and word splitting

(shellcheck)

---

81-81: shellcheck reported issue in this script: SC2086:info:5:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

81-81: shellcheck reported issue in this script: SC2086:info:7:38: Double quote to prevent globbing and word splitting

(shellcheck)

---

81-81: shellcheck reported issue in this script: SC2086:info:8:47: Double quote to prevent globbing and word splitting

(shellcheck)

---

160-160: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build_test_deploy.yml

[warning] 29-29: wrong indentation: expected 6 but found 4

(indentation)

---

[warning] 59-59: wrong indentation: expected 6 but found 8

(indentation)

---

[error] 74-74: trailing spaces

(trailing-spaces)

---

[error] 97-97: trailing spaces

(trailing-spaces)

---

[error] 127-127: trailing spaces

(trailing-spaces)

---

[error] 128-128: trailing spaces

(trailing-spaces)

---

[error] 149-149: trailing spaces

(trailing-spaces)

---

[error] 178-178: trailing spaces

(trailing-spaces)

---

[error] 187-187: trailing spaces

(trailing-spaces)

---

[error] 189-189: trailing spaces

(trailing-spaces)

---

[error] 192-192: trailing spaces

(trailing-spaces)

---

[error] 197-197: trailing spaces

(trailing-spaces)

---

[error] 199-199: trailing spaces

(trailing-spaces)

---

[error] 219-219: trailing spaces

(trailing-spaces)

🔇 Additional comments (7)

docker-compose.yml (2)

106-107: Environment variable mappings need adjustment

The previous review comment about environment variable mappings is still valid. Please refer to the existing comment for detailed explanation and suggested fixes.

---

119-157: Document local development setup and verify GitHub Actions coverage

While commenting out these services aligns with the migration to GitHub Actions, some concerns need to be addressed:

1. Local Development Impact:

   • The dev service is typically used for local development
   • Consider keeping it uncommented or document alternative local development setup

2. CI Coverage:

   • Ensure all these commented out services have equivalent workflows in GitHub Actions:
     • Compilation checks
     • Development environment
     • Backend tests
     • Linting and formatting
     • Screenshot tests

Let's verify the GitHub Actions workflow coverage:

Also applies to: 160-174, 204-213

✅ Verification successful

GitHub Actions workflows cover the commented-out services
All previously commented-out services in docker-compose.yml have corresponding GitHub Actions workflows, ensuring continuous integration remains comprehensive.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if all commented out services have equivalent GitHub Actions jobs

# Check for workflow files
echo "Checking .github/workflows directory for CI jobs..."
fd . .github/workflows -e yml -e yaml -x cat {} \; | grep -A 5 "jobs:"

# Look for specific job types in workflows
echo -e "\nChecking for specific job coverage..."
rg -i "compile|test|lint|format|screenshot" .github/workflows

Length of output: 3662

.github/workflows/build_test_deploy.yml (5)

4-16: LGTM! Well-structured workflow triggers with debugging support.

The workflow triggers are properly configured, and the addition of the tmate debugging option is a nice feature for troubleshooting.

---

18-23: Skip: Issues already addressed in past reviews.

---

26-48: Skip: Improvements already suggested in past reviews.

🧰 Tools

🪛 yamllint

[warning] 29-29: wrong indentation: expected 6 but found 4

(indentation)

---

51-72: Skip: Security concerns already addressed in past reviews.

🧰 Tools

🪛 yamllint

[warning] 59-59: wrong indentation: expected 6 but found 8

(indentation)

---

153-231: Skip: Docker-related improvements already suggested in past reviews.

🧰 Tools

🪛 actionlint

160-160: shellcheck reported issue in this script: SC2086:info:1:38: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

[error] 178-178: trailing spaces

(trailing-spaces)

---

[error] 187-187: trailing spaces

(trailing-spaces)

---

[error] 189-189: trailing spaces

(trailing-spaces)

---

[error] 192-192: trailing spaces

(trailing-spaces)

---

[error] 197-197: trailing spaces

(trailing-spaces)

---

[error] 199-199: trailing spaces

(trailing-spaces)

---

[error] 219-219: trailing spaces

(trailing-spaces)

[coderabbitai]

🛠️ Refactor suggestion

Consider implementing GitHub Actions native Slack integration.

Instead of using the CircleCI script, implement Slack notifications using GitHub Actions:

- name: Notify Slack
  if: github.ref == 'refs/heads/master'
  uses: slackapi/[email protected]
  with:
    channel-id: 'CHANNEL_ID'
    slack-message: "GitHub Action build result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}"
  env:
    SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}