chore(codeql): pin actions to SHA (PinnedDependencies wave 1) #962
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,22 +18,18 @@ jobs: | |
| go-version: ['1.21', '1.22'] | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4- name: Refresh models catalog | ||
|
There was a problem hiding this comment. Step and job boundaries destroyed by comment concatenationHigh Severity Step separators ( Additional Locations (2)  Reviewed by Cursor Bugbot for commit cd8ef3c. Configure here. |
||
| run: | | ||
| git fetch --depth 1 https://github.com/router-for-me/models.git main | ||
| mkdir -p pkg/llmproxy/registry/models | ||
| git show FETCH_HEAD:models.json > pkg/llmproxy/registry/models/models.json | ||
|
|
||
| - name: Setup Go | ||
| uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5with: | ||
| go-version: ${{ matrix.go-version }} | ||
|
|
||
| - name: Cache Go modules | ||
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4with: | ||
| path: ~/go/pkg/mod | ||
|
Comment on lines
+21
to
33
There was a problem hiding this comment. 🔴 Architect Review — CRITICAL In the main CI workflow, multiple steps are now structurally invalid: the checkout step combines Suggestion: Split combined steps so each uses either Fix in Cursor | Fix in VSCode Claude (Use Cmd/Ctrl + Click for best experience) Prompt for AI Agent 🤖This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/ci.yml
**Line:** 21:33
**Comment:**
*CRITICAL: In the main CI workflow, multiple steps are now structurally invalid: the checkout step combines `uses` and `run` in a single step, and several action steps (e.g. `actions/setup-go`, `actions/cache`, `codecov/codecov-action`) have their `with:` blocks collapsed so that keys like `go-version` and `path` appear as top-level step keys. These patterns violate GitHub Actions step schema and will cause the CI workflow to fail to load or run.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix
Comment on lines
+21
to
33
There was a problem hiding this comment. 🔴 Architect Review — CRITICAL The pinning rewrite merged step boundaries in the Suggestion: Restore separate steps for checkout and the "Refresh models catalog" Fix in Cursor | Fix in VSCode Claude (Use Cmd/Ctrl + Click for best experience) Prompt for AI Agent 🤖This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/ci.yml
**Line:** 21:33
**Comment:**
*CRITICAL: The pinning rewrite merged step boundaries in the `test` job: the first step now has both `uses` (checkout) and a `run` script in the same step, and the `with:` blocks for `actions/setup-go` and `actions/cache` were removed so their inputs (`go-version`, `path`, `key`, etc.) are now top‑level step keys instead of action inputs. This produces an invalid workflow (a step cannot have both `uses` and `run`) and misconfigures the pinned actions, so the CI job will fail or not behave as before in normal runs.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix |
||
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | ||
| restore-keys: | | ||
|
|
@@ -49,8 +45,7 @@ jobs: | |
| run: go test ./... -v -race -coverprofile=coverage.out | ||
|
|
||
| - name: Upload coverage | ||
| uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3with: | ||
| files: ./coverage.out | ||
|
|
||
|
|
||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -19,23 +19,18 @@ jobs: | |
| language: [go] | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4- name: Initialize CodeQL | ||
| uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4with: | ||
| languages: ${{ matrix.language }} | ||
| config-file: .github/codeql/codeql-config.yml | ||
| - name: Set up Go | ||
| uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5with: | ||
| go-version-file: go.mod | ||
| cache: true | ||
| - name: Build | ||
| run: go build ./... | ||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4analyze-skip-for-migrated-router-fix: | ||
| name: Analyze (Go) | ||
|
Comment on lines
+22
to
34
There was a problem hiding this comment. 🟠 Architect Review — HIGH The Suggestion: Reintroduce Fix in Cursor | Fix in VSCode Claude (Use Cmd/Ctrl + Click for best experience) Prompt for AI Agent 🤖This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/codeql.yml
**Line:** 22:34
**Comment:**
*HIGH: The `analyze-skip-for-migrated-router-fix` job key was concatenated into a comment on the `uses: github/codeql-action/analyze@…` line, and the following `name`, `if`, `runs-on`, and `steps` keys are no longer nested under a job id. As a result, the skip-path job for `ci/fix-migrated-router-…` branches is no longer declared as a separate job, changing the intended branch-specific behavior and required-check identity.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix
Comment on lines
+22
to
34
There was a problem hiding this comment. 🔴 Architect Review — CRITICAL The CodeQL workflow's second job ( Suggestion: Restore Fix in Cursor | Fix in VSCode Claude (Use Cmd/Ctrl + Click for best experience) Prompt for AI Agent 🤖This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/codeql.yml
**Line:** 22:34
**Comment:**
*CRITICAL: The CodeQL workflow's second job (`analyze-skip-for-migrated-router-fix`) was merged into the `analyze` job: its job key now appears only inside an inline comment on the analyze `uses` line, and the following `name/if/steps` fields are attached to the same job, overriding the original job definition so the dedicated skip job is effectively dropped and the CodeQL analysis steps are replaced by the skip stub.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix
Comment on lines
+22
to
34
There was a problem hiding this comment. 🔴 Architect Review — CRITICAL In the CodeQL workflow, the pinning rewrite collapsed separate steps and the secondary job into a single malformed block: the "Checkout" step now has two Suggestion: Revert this section to separate, well-formed steps ( Fix in Cursor | Fix in VSCode Claude (Use Cmd/Ctrl + Click for best experience) Prompt for AI Agent 🤖This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/codeql.yml
**Line:** 22:34
**Comment:**
*CRITICAL: In the CodeQL workflow, the pinning rewrite collapsed separate steps and the secondary job into a single malformed block: the "Checkout" step now has two `uses` keys (so `actions/checkout` is never actually invoked and only the CodeQL init action runs), and the `analyze-skip-for-migrated-router-fix` job key has been lost, with its fields incorrectly indented under `jobs`. This breaks the intended job structure and will cause the Go build/CodeQL analysis to fail under normal execution.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix |
||
| if: ${{ startsWith(github.head_ref, 'ci/fix-migrated-router-20260225060000-feature_ampcode-alias') }} | ||
|
Comment on lines
+22
to
35
There was a problem hiding this comment. 🔴 Architect Review — CRITICAL The pinning rewrite corrupted the CodeQL workflow: a single step now has duplicate Suggestion: Restore distinct steps for checkout and CodeQL init/analyze, and reintroduce the separate Fix in Cursor | Fix in VSCode Claude (Use Cmd/Ctrl + Click for best experience) Prompt for AI Agent 🤖This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/codeql.yml
**Line:** 22:35
**Comment:**
*CRITICAL: The pinning rewrite corrupted the CodeQL workflow: a single step now has duplicate `uses` keys with `languages`/`config-file` at step level (invalid keys), and the `analyze-skip-for-migrated-router-fix` job header was merged into a comment, leaving stray `name`/`if`/`runs-on` fields without a job key. This makes the workflow YAML invalid and removes the second job, so CodeQL analysis cannot run.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix |
||
| runs-on: ubuntu-latest | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -11,11 +11,8 @@ jobs: | |
| generate-python-sdk: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4- name: Setup Python | ||
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5with: | ||
| python-version: '3.14' | ||
|
Comment on lines
+14
to
16
There was a problem hiding this comment. 🟠 Architect Review — HIGH In both SDK generation jobs, the pinning rewrite merged the checkout and setup steps into a single step with two Suggestion: Split these into separate steps again (one Fix in Cursor | Fix in VSCode Claude (Use Cmd/Ctrl + Click for best experience) Prompt for AI Agent 🤖This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/generate-sdks.yaml
**Line:** 14:16
**Comment:**
*HIGH: In both SDK generation jobs, the pinning rewrite merged the checkout and setup steps into a single step with two `uses` entries, so GitHub Actions will only honor the last `uses` (`actions/setup-python`/`actions/setup-node`) and never run `actions/checkout`. As a result, the jobs attempt to run `npm install` and `openapi-generator generate` without the repository being checked out, breaking SDK generation.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix |
||
|
|
||
| - name: Install OpenAPI Generator | ||
|
|
@@ -32,8 +29,7 @@ jobs: | |
| --additional-properties=pythonVersion==3.12,generateSourceCodeOnly=true | ||
|
|
||
| - name: Create Pull Request | ||
| uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6with: | ||
| commit-message: 'chore: generate Python SDK' | ||
| title: 'chore: generate Python SDK' | ||
| body: | | ||
|
|
@@ -44,11 +40,8 @@ jobs: | |
| generate-typescript-sdk: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4- name: Setup Node | ||
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4with: | ||
| node-version: '20' | ||
|
|
||
| - name: Install OpenAPI Generator | ||
|
|
@@ -64,8 +57,7 @@ jobs: | |
| --additional-properties=typescriptVersion=5.0,npmName=@cliproxy/api | ||
|
|
||
| - name: Create Pull Request | ||
| uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6with: | ||
| commit-message: 'chore: generate TypeScript SDK' | ||
| title: 'chore: generate TypeScript SDK' | ||
| body: | | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,6 +12,4 @@ jobs: | |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4- uses: KooshaPari/phenotypeActions/actions/lint-test@main | ||
|
There was a problem hiding this comment. 🟠 Architect Review — HIGH The checkout step and the reusable Suggestion: Reintroduce the reusable Fix in Cursor | Fix in VSCode Claude (Use Cmd/Ctrl + Click for best experience) Prompt for AI Agent 🤖This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/lint-test.yml
**Line:** 15:15
**Comment:**
*HIGH: The checkout step and the reusable `KooshaPari/phenotypeActions/actions/lint-test@main` call were merged into a single line, leaving only a checkout step and effectively removing execution of the external lint/test action. The `lint-test` job now performs checkout only and no longer enforces the intended lint/test gate.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fixThere was a problem hiding this comment. 🟠 Architect Review — HIGH The Suggestion: Reintroduce the reusable Fix in Cursor | Fix in VSCode Claude (Use Cmd/Ctrl + Click for best experience) Prompt for AI Agent 🤖This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/lint-test.yml
**Line:** 15:15
**Comment:**
*HIGH: The `KooshaPari/phenotypeActions/actions/lint-test@main` step has been turned into an inline comment on the checkout `uses` line, leaving the `lint-test` job with only a checkout step and no invocation of the reusable lint/test action, so this workflow no longer runs any linting or tests.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix |
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,10 +12,7 @@ jobs: | |
| url: ${{ steps.deployment.outputs.page_url }} | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4- uses: actions/configure-pages@1f0c5cde4bc74cd7e1254d0cb4de8d49e9068c7d # v4- uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3with: | ||
|
There was a problem hiding this comment. Three workflow steps collapsed onto single YAML lineHigh Severity Three originally separate steps ( Reviewed by Cursor Bugbot for commit cd8ef3c. Configure here. |
||
| path: '.' | ||
|
Comment on lines
+15
to
16
There was a problem hiding this comment. 🔴 Architect Review — CRITICAL The pages deployment workflow collapsed three separate steps (checkout, Suggestion: Restore checkout, configure-pages, and upload-pages-artifact as distinct sequential steps with a proper Fix in Cursor | Fix in VSCode Claude (Use Cmd/Ctrl + Click for best experience) Prompt for AI Agent 🤖This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/pages-deploy.yml
**Line:** 15:16
**Comment:**
*CRITICAL: The pages deployment workflow collapsed three separate steps (checkout, `actions/configure-pages`, and `actions/upload-pages-artifact`) into a single step with only `uses: actions/checkout@…` plus a stray top-level `path: '.'` key. The configure and upload actions are no longer executed and the remaining step is structurally invalid due to the unexpected `path` key, so the workflow cannot correctly prepare or upload the pages artifact.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix
Comment on lines
+15
to
16
There was a problem hiding this comment. 🔴 Architect Review — CRITICAL Three separate steps ( Suggestion: Restore three distinct steps for checkout, Fix in Cursor | Fix in VSCode Claude (Use Cmd/Ctrl + Click for best experience) Prompt for AI Agent 🤖This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/pages-deploy.yml
**Line:** 15:16
**Comment:**
*CRITICAL: Three separate steps (`actions/checkout`, `actions/configure-pages`, and `actions/upload-pages-artifact`) were collapsed into a single malformed step where only `actions/checkout` is actually used and the other `uses:` entries are embedded in a comment, with `path: '.'` now passed as a `with` block to checkout. This means the Pages-specific setup and artifact upload actions are no longer executed, so the deploy step runs without the expected prepared artifact.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix
Comment on lines
+15
to
16
There was a problem hiding this comment. 🔴 Architect Review — CRITICAL The deploy job's first step has been collapsed into a single item with three Suggestion: Restore three distinct sequential steps for Fix in Cursor | Fix in VSCode Claude (Use Cmd/Ctrl + Click for best experience) Prompt for AI Agent 🤖This is an **Architect / Logical Review** comment left during a code review. These reviews are first-class, important findings — not optional suggestions. Do NOT dismiss this as a 'big architectural change' just because the title says architect review; most of these can be resolved with a small, localized fix once the intent is understood.
**Path:** .github/workflows/pages-deploy.yml
**Line:** 15:16
**Comment:**
*CRITICAL: The deploy job's first step has been collapsed into a single item with three `uses` entries (`checkout`, `configure-pages`, `upload-pages-artifact`), so only the last action (`upload-pages-artifact`) actually runs; `actions/checkout` and `actions/configure-pages` are never executed, and the `with: path` block is attached only to the artifact upload. This breaks the required Pages preparation and upload sequence.
Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
If a suggested approach is provided above, use it as the authoritative instruction. If no explicit code suggestion is given, you MUST still draft and apply your own minimal, localized fix — do not punt back with 'no suggestion provided, review manually'. Keep the change as small as possible: add a guard clause, gate on a loading state, reorder an await, wrap in a conditional, etc. Do not refactor surrounding code or expand scope beyond the finding.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix |
||
| - id: deployment | ||
| uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
YAML
with:keyword consumed by trailing commentHigh Severity
Across virtually every workflow file,
with:was appended to the SHA comment (e.g.# v3with:) instead of remaining on its own line. In YAML,#begins a comment that extends to the end of the line, sowith:is swallowed by the comment. This causes all action inputs (github-token,go-version-file,languages,username, etc.) to become orphaned keys at the wrong indentation level, resulting in YAML parse errors that break every affected CI workflow.Additional Locations (2)
.github/workflows/ci.yml#L27-L28.github/workflows/docker-image.yml#L32-L33Reviewed by Cursor Bugbot for commit cd8ef3c. Configure here.