[NO-ISSUE] SwiftLint strict 적용 및 lint/format CI 정비#72
Conversation
|
Warning Review limit reached
More reviews will be available in 36 minutes and 54 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 Walkthrough워크스루이 PR은 소유물 폼 생성/편집 기능 구현과 CI/CD 검증 인프라 통합, 그리고 화면 리팩토링을 결합한 대규모 변경입니다. 뷰모델 액션 처리를 헬퍼 메서드로 분해하고, 이미지 처리와 제출 흐름을 확장 모듈로 추가했으며, GitHub Actions strict 린트 검증을 도입했습니다. 변경 사항소유물 폼 VM 분해 및 이미지 처리
소유물 폼 뷰 및 컨트롤러 렌더 데이터 구조화
화면 리팩토링 및 협업 로직 분리
CI/CD 검증 인프라
코드 정리 및 마이너 UI 조정
평가 코드 리뷰 난이도🎯 4 (Complex) | ⏱️ ~60분 관련 가능성 있는 PR
제안된 라벨
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/verify.yml (1)
1-71:⚠️ Potential issue | 🟠 Major | 🏗️ Heavy liftGitHub Actions 보안 설정 보완이 필요합니다.
정적 분석 도구가 다음 보안 이슈를 플래그했습니다:
- Unpinned actions: actions를 태그(v4, v2) 대신 커밋 해시로 고정하면 공급망 공격 리스크를 줄일 수 있습니다.
- Credential persistence:
actions/checkout에persist-credentials: false설정이 없어 GITHUB_TOKEN이 워크플로우 실행 중 남아있을 수 있습니다.- Excessive permissions:
permissions:블록이 없어 GITHUB_TOKEN이 기본(과도한) 권한을 갖습니다.🔒 보안 강화 제안
name: Verify + +permissions: + contents: read on: pull_request: @@ -18,10 +21,12 @@ runs-on: macos-15 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@<COMMIT_HASH> # v4의 최신 커밋 해시로 교체 + with: + persist-credentials: false - name: Setup mise - uses: jdx/mise-action@v2 + uses: jdx/mise-action@<COMMIT_HASH> # v2의 최신 커밋 해시로 교체 # build 잡에도 동일하게 적용커밋 해시 확인 방법:
# actions/checkout v4 gh api repos/actions/checkout/commits/v4 --jq .sha # jdx/mise-action v2 gh api repos/jdx/mise-action/commits/v2 --jq .sha🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/verify.yml around lines 1 - 71, The workflow uses unpinned action tags and leaves GITHUB_TOKEN and permissions too permissive; update all action references (e.g., the uses entries for actions/checkout@v4 and jdx/mise-action@v2) to fixed commit SHAs, add persist-credentials: false to the actions/checkout step(s) in both the lint and build jobs, and add an explicit permissions: block (least-privilege) at the top level of the workflow to restrict GITHUB_TOKEN scopes required for the jobs.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/harness/skills.md`:
- Line 15: Update the broken relative link for the `souzip-commit` entry: in
docs/harness/skills.md locate the `souzip-commit` row (the link text `[로컬 전용
파일]`) and change the target from
../.codex/skills/souzip-commit/SKILL.md#never-commit-로컬-전용 to
../../.codex/skills/souzip-commit/SKILL.md#never-commit-로컬-전용 so the path
correctly climbs out of docs/ before referencing .codex.
In `@Projects/Presentation/Sources/Scene/Auth/Login/LoginViewModel.swift`:
- Around line 36-45: The loading state may not be cleared if performLogin throws
or the Task fails; wrap the async call in a Task that guarantees
emit(.loading(false)) using a defer (or a do { defer { emit(.loading(false)) };
await performLogin(...) } pattern). Update the .tapLogin branch (where you
currently call emit(.loading(true)) then await performLogin(provider) then
emit(.loading(false))) to set loading true, then defer clearing it, and do the
same for the .tapGuest branch (currently Task { await performLogin(nil) }) so
both branches always call emit(.loading(false)) even on errors; reference
performLogin, emit(.loading(true)), emit(.loading(false)), .tapLogin and
.tapGuest.
---
Outside diff comments:
In @.github/workflows/verify.yml:
- Around line 1-71: The workflow uses unpinned action tags and leaves
GITHUB_TOKEN and permissions too permissive; update all action references (e.g.,
the uses entries for actions/checkout@v4 and jdx/mise-action@v2) to fixed commit
SHAs, add persist-credentials: false to the actions/checkout step(s) in both the
lint and build jobs, and add an explicit permissions: block (least-privilege) at
the top level of the workflow to restrict GITHUB_TOKEN scopes required for the
jobs.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 81583de9-d952-49ed-bf2e-1b5fdbfa6e83
📒 Files selected for processing (36)
.codex/skills/souzip-commit/SKILL.md.github/workflows/verify.yml.swiftlint.ymlCLAUDE.mdProjects/Core/Analytics/Sources/AnalyticsEvent.swiftProjects/Data/Sources/Souvenir/DTO/SouvenirDTOMapper.swiftProjects/Presentation/Sources/Scene/Auth/Login/LoginViewModel.swiftProjects/Presentation/Sources/Scene/Discovery/Discovery/Base/DiscoveryView.swiftProjects/Presentation/Sources/Scene/Discovery/Recommend/Base/RecommendIntent.swiftProjects/Presentation/Sources/Scene/Discovery/Recommend/Base/RecommendView.swiftProjects/Presentation/Sources/Scene/Home/Globe/Base/GlobeViewModel.swiftProjects/Presentation/Sources/Scene/Home/Globe/SubView/View/SouvenirSheetView.swiftProjects/Presentation/Sources/Scene/MyPage/MyPage/Base/MyPageView.swiftProjects/Presentation/Sources/Scene/MyPage/MyPage/SubView/MyCollectionView.swiftProjects/Presentation/Sources/Scene/MyPage/Notice/Base/NoticeListViewController.swiftProjects/Presentation/Sources/Scene/MyPage/NoticeDetail/NoticeDetailViewController.swiftProjects/Presentation/Sources/Scene/Souvernir/Detail/Detail/Base/SouvenirDetailView.swiftProjects/Presentation/Sources/Scene/Souvernir/Form/Base/SouvenirFormView.swiftProjects/Presentation/Sources/Scene/Souvernir/Form/Base/SouvenirFormViewController.swiftProjects/Presentation/Sources/Scene/Souvernir/Form/Base/SouvenirFormViewModel+Actions.swiftProjects/Presentation/Sources/Scene/Souvernir/Form/Base/SouvenirFormViewModel+ImageProcessing.swiftProjects/Presentation/Sources/Scene/Souvernir/Form/Base/SouvenirFormViewModel+Submit.swiftProjects/Presentation/Sources/Scene/Souvernir/Form/Base/SouvenirFormViewModel+Supporting.swiftProjects/Presentation/Sources/Scene/Souvernir/Form/Base/SouvenirFormViewModel.swiftProjects/Presentation/Sources/Scene/Souvernir/Search/Country/SubView/SearchCountryNoResultsView.swiftProjects/Presentation/Sources/Scene/Souvernir/Search/Country/SubView/SearchCountryOnboardingView.swiftProjects/Presentation/Sources/Scene/Souvernir/Search/Result/Base/LocationSearchResultView.swiftProjects/Shared/DesignSystem/Sources/Component/Navigation/DSNavigationBar.swiftProjects/Shared/DesignSystem/Sources/Component/View/DSSpeechBubbleView.swiftProjects/Shared/DesignSystem/Sources/Layout/LayoutConstants.swiftWorkspace.swiftdocs/harness/scripts/prepare-ci-config.shdocs/harness/scripts/swiftlint-strict.shdocs/harness/scripts/verify.shdocs/harness/skills.mddocs/harness/verification.md
📌 변경 요약
SwiftLint·SwiftFormat 설정을 정렬하고, PR CI에서 strict lint를 강제합니다.
기존 위반을 전부 해소했으며, 로컬 Xcode 빌드는 lint 실패로 막지 않습니다.
📌 변경 내용
인프라·CI
.swiftlint.yml:trailing_comma비활성(SwiftFormat과 충돌 해소),file_length비활성.github/workflows/verify.yml신규:lint(SwiftFormat + SwiftLint strict) →build→testdocs/harness/scripts/swiftlint-strict.sh신규,verify.sh연동docs/harness/scripts/prepare-ci-config.sh신규 (CI secrets → Config 복원)docs/harness/verification.md,CLAUDE.md(mise trust/install) 업데이트souzip-commit스킬: 로컬 전용 파일 커밋 제외 규칙 추가Lint 정책
--strict)코드 정리
DiscoveryView/RecommendView: CellRegistration struct + helper 분리SouvenirFormViewModel: extension 4파일로 분리,type_body_lengthdisable 제거RecommendSectionInput제거DSNavigationBar.Style.trailingSettings(탭 루트 마이페이지용 settings only)CI secrets (build/test job)
SOUZIP_DEBUG_XCCONFIG,SOUZIP_RELEASE_XCCONFIGSOUZIP_GOOGLE_SERVICE_DEBUG,SOUZIP_GOOGLE_SERVICE_RELEASE📌 기타 참고 사항
검증
docs/harness/scripts/verify.sh plan통과수집-Debug통과의도적 예외 (후속 optional)
SouvenirDetailView,LocationSearchResultView:type_body_lengthdisable 유지LayoutConstants:nestingdisable 2곳develop 겹침
fb552f4base_commit..origin/develop: 변경 없음Jira
Note
Medium Risk
CI가 develop PR에서 strict lint·Tuist build/test를 강제하며, Config secrets 미설정 시 build job만 실패합니다. SouvenirFormViewModel 분리는 구조 변경이 크지만 동작은 extension으로 이전한 수준입니다.
Overview
SwiftLint strict와 PR CI 검증을 맞추기 위한 인프라·설정 변경이 핵심입니다.
.swiftlint.yml에서trailing_comma·file_length를 끄고,verify.yml로 develop PR/push 시 lint → build → test 파이프라인을 추가합니다.swiftlint-strict.sh,prepare-ci-config.sh(secrets로 Config 복원),verify.sh·harness 문서·souzip-commit스킬(로컬 전용 경로 커밋 금지)도 같이 갱신됩니다.기존 위반을 없애기 위한 리팩터·스타일 정리가 넓게 들어갑니다.
DiscoveryView/RecommendView는 셀 등록·dequeue·섹션 레이아웃을 helper로 쪼갰고,SouvenirFormViewModel은 Actions·Submit·ImageProcessing·Supporting extension으로 나눴습니다. 폼 UI는 튜플 대신SouvenirFormPhotoRenderLine등 명시 타입을 쓰고,DSNavigationBar.Style은.Settings→.trailingSettings로 바뀌며 마이페이지 탭 루트에 맞춥니다.RecommendState의makeSectionModels는 인자 없이 state를 읽도록 단순화됩니다.동작 변경은 거의 없고 로그인 메서드명(
performLogin),GlobeViewModel업로드 탭 추출, 로딩 인디케이터 ternary 제거 등은 lint·가독성용입니다.SouvenirDetailView·LocationSearchResultView는type_body_lengthdisable을 유지합니다.Reviewed by Cursor Bugbot for commit d546aea. Configure here.