Skip to content

replace auto commit to format suggestion#7375

Merged
youknowone merged 1 commit intoRustPython:mainfrom
youknowone:workflow
Mar 7, 2026
Merged

replace auto commit to format suggestion#7375
youknowone merged 1 commit intoRustPython:mainfrom
youknowone:workflow

Conversation

@youknowone
Copy link
Member

@youknowone youknowone commented Mar 7, 2026
edited by coderabbitai bot
Loading

fix #7311

Summary by CodeRabbit

  • Chores
    • Updated pull request formatting workflow. Automatic formatting and commit functionality has been removed. Formatting validation is now performed without auto-applying changes to PRs.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 7, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 9fe86054-7616-4cfa-bedf-8228f5c01b8f

📥 Commits

Reviewing files that changed from the base of the PR and between fc1c278 and 8e48008.

📒 Files selected for processing (2)
  • .github/workflows/pr-auto-commit.yaml
  • .github/workflows/pr-format.yaml
📝 Walkthrough

Walkthrough

Removed the vulnerable pr-auto-commit.yaml workflow that auto-committed formatting changes to PRs, replacing it with a new pr-format.yaml workflow that performs format checks and posts non-invasive formatting suggestions via reviewdog instead.

Changes

Cohort / File(s) Summary
GitHub Actions Workflows
.github/workflows/pr-auto-commit.yaml, .github/workflows/pr-format.yaml		 Deleted vulnerable auto-commit workflow that directly interpolated branch names into shell commands. Added read-only format-check workflow using reviewdog to post inline formatting suggestions without committing to the PR branch.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Suggested reviewers

  • ShaharNaveh

Poem

🐰 A workflow once pushed with secrets so near,
Now safely suggests—without commit or fear!
Reviewdog whispers formatting advice,
No shell injections, no malicious splice,
The rabbit hops on, the pipeline is bright! ✨

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@youknowone youknowone marked this pull request as ready for review March 7, 2026 05:52
@youknowone youknowone enabled auto-merge (squash) March 7, 2026 05:52
@youknowone youknowone disabled auto-merge March 7, 2026 05:53
@youknowone youknowone merged commit ed5bffe into RustPython:main Mar 7, 2026
11 of 14 checks passed
@youknowone youknowone deleted the workflow branch March 7, 2026 05:53
youknowone added a commit to youknowone/RustPython that referenced this pull request Mar 8, 2026
@youknowone
replace auto commit to format suggestion (RustPython#7375)
b2b7d31
@coderabbitai coderabbitai bot mentioned this pull request Mar 12, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security: Branch name injection in pr-auto-commit.yaml — actively exploited by hackerbot-claw

1 participant

@youknowone