Conversation
📝 WalkthroughWalkthroughThis PR updates CI/CD infrastructure, development environment configuration, and dependency versions across the project and its template. Changes include adding new configuration flags, bumping tool and GitHub Actions versions, updating the DevContainer base image, restructuring CI workflow logic, and introducing new tooling (ty.toml and pull_from_ecr configuration). Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
🚥 Pre-merge checks | ❌ 3❌ Failed checks (3 warnings)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 6
🤖 Fix all issues with AI agents
In @.devcontainer/Dockerfile:
- Line 4: The FROM line currently pins an explicit platform flag ("FROM
--platform=linux/amd64 mcr.microsoft.com/devcontainers/universal:5.1.1-noble");
remove the "--platform=linux/amd64" token to allow multi-architecture images
(arm64 users on Apple Silicon) or, if amd64 is strictly required, add a clear
comment above that FROM line explaining the architecture restriction and why
amd64-only is necessary. Ensure the change targets the FROM instruction so the
devcontainer can run on both linux/amd64 and linux/arm64 when appropriate.
In @.devcontainer/install-ci-tooling.py:
- Around line 10-14: The constants COPIER_VERSION and
COPIER_TEMPLATE_EXTENSIONS_VERSION include the "==" specifier while others do
not; rename them to COPIER_SPEC and COPIER_TEMPLATE_EXTENSIONS_SPEC and update
any references to use these new names so it’s clear they contain a version
specifier (e.g., change COPIER_VERSION -> COPIER_SPEC and
COPIER_TEMPLATE_EXTENSIONS_VERSION -> COPIER_TEMPLATE_EXTENSIONS_SPEC and adjust
any code that uses those symbols to pass the spec strings into
installers/requirements).
In @.github/reusable_workflows/build-docker-image.yaml:
- Around line 159-162: The workflow updates actions/upload-artifact to v6.0.0
which requires Node.js 24 and runner >= 2.327.1; before merging either (a)
revert/pin the action to the previous compatible version (e.g., keep the
existing tag) or (b) add a clear guard/check and documentation that self-hosted
runners must be updated, and verify your self-hosted runner versions meet the
requirement; locate the usage of actions/upload-artifact@v6.0.0 and the artifact
name references
(steps.calculate-build-context-hash.outputs.image_name_no_slashes) and then
decide to pin to a known-compatible version or confirm/upgrade runners and
update the workflow comment to explicitly state the runner/node requirements.
In `@copier.yml`:
- Around line 1-6: The file contains excessive leading blank lines at the top of
copier.yml; remove the extra empty lines so that there are no more than two
consecutive blank lines at the beginning of the file (trim leading whitespace to
a single or at most two blank lines), saving the cleaned copier.yml file to
satisfy YAMLlint.
In `@template/.github/actions/check-skip-duplicates/action.yml`:
- Around line 12-40: The check step (id: check) can fail because GH_TOKEN lacks
pull-requests: read permission and because the script shells JSON through jq;
update the action usage so the calling workflow sets permissions: pull-requests:
read for GITHUB_TOKEN, replace the jq pipeline by using gh pr list --jq to
directly extract the PR number (e.g., use gh pr list --repo "$REPO_NAME" --head
"$REF_NAME" --state open --limit 1 --jq '.[0].number // ""'), and add a
preflight check at the top of the run script to ensure gh is installed (exit
with a clear message if not) so the logic in the check step reliably sets
GITHUB_OUTPUT should_run based on the gh response.
In `@template/.github/workflows/pre-commit.yaml`:
- Around line 61-63: The workflow step "Cache Pre-commit hooks" currently uses
actions/cache@v5.0.2 which has breaking behavior (no retries on HTTP 429) and
requires Node.js 24 + runner >= 2.327.1; either downgrade or pin to a compatible
release (e.g., actions/cache@v4) or update CI runners to meet v5 requirements,
and/or add a fallback/retry strategy around the caching step; locate the step by
its name "Cache Pre-commit hooks" and the uses entry "actions/cache@v5.0.2" and
update the version or runner configuration accordingly.
| # added the platform flag to override any local settings since this image is only compatible with linux/amd64. since this image is only x64 compatible, suppressing the hadolint rule | ||
| # hadolint ignore=DL3029 | ||
| FROM --platform=linux/amd64 mcr.microsoft.com/devcontainers/universal:2.13.1-focal | ||
| FROM --platform=linux/amd64 mcr.microsoft.com/devcontainers/universal:5.1.1-noble |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
devcontainers/universal 5.1.1-noble tag release supported architectures
💡 Result:
For devcontainers/universal:5.1.1-noble, the published image is built for two Linux architectures:
- linux/amd64
- linux/arm64 (deepwiki.com)
Citations:
Remove --platform=linux/amd64 or document architecture restrictions.
The devcontainers/universal:5.1.1-noble tag supports both linux/amd64 and linux/arm64. The explicit --platform=linux/amd64 restriction unnecessarily prevents Apple Silicon and other arm64 users from using this configuration. Either remove the platform restriction to enable multi-architecture support, or document why amd64-only is required.
🤖 Prompt for AI Agents
In @.devcontainer/Dockerfile at line 4, The FROM line currently pins an explicit
platform flag ("FROM --platform=linux/amd64
mcr.microsoft.com/devcontainers/universal:5.1.1-noble"); remove the
"--platform=linux/amd64" token to allow multi-architecture images (arm64 users
on Apple Silicon) or, if amd64 is strictly required, add a clear comment above
that FROM line explaining the architecture restriction and why amd64-only is
necessary. Ensure the change targets the FROM instruction so the devcontainer
can run on both linux/amd64 and linux/arm64 when appropriate.
| UV_VERSION = "0.9.26" | ||
| PNPM_VERSION = "10.28.1" | ||
| COPIER_VERSION = "==9.11.2" | ||
| COPIER_TEMPLATE_EXTENSIONS_VERSION = "==0.3.3" | ||
| PRE_COMMIT_VERSION = "4.5.1" |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
🧩 Analysis chain
🏁 Script executed:
# First, let's read the install-ci-tooling.py file to understand the full context
cat -n .devcontainer/install-ci-tooling.pyRepository: LabAutomationAndScreening/copier-python-package-template
Length of output: 7394
Clarify version-specifier naming to prevent misuse.
COPIER_VERSION and COPIER_TEMPLATE_EXTENSIONS_VERSION contain version specifiers (==9.11.2 and ==0.3.3), unlike other version constants which hold only the version number. This inconsistency invites mistakes—if someone later edits the constant to 9.11.2 (matching the pattern of UV_VERSION or PNPM_VERSION), the resulting copier9.11.2 will be invalid. Rename these to COPIER_SPEC and COPIER_TEMPLATE_EXTENSIONS_SPEC to signal the embedded specifier:
Suggested change
-COPIER_VERSION = "==9.11.2"
-COPIER_TEMPLATE_EXTENSIONS_VERSION = "==0.3.3"
+COPIER_SPEC = "==9.11.2"
+COPIER_TEMPLATE_EXTENSIONS_SPEC = "==0.3.3"
...
- f"copier{COPIER_VERSION}",
+ f"copier{COPIER_SPEC}",
...
- f"copier-template-extensions{COPIER_TEMPLATE_EXTENSIONS_VERSION}",
+ f"copier-template-extensions{COPIER_TEMPLATE_EXTENSIONS_SPEC}",🤖 Prompt for AI Agents
In @.devcontainer/install-ci-tooling.py around lines 10 - 14, The constants
COPIER_VERSION and COPIER_TEMPLATE_EXTENSIONS_VERSION include the "==" specifier
while others do not; rename them to COPIER_SPEC and
COPIER_TEMPLATE_EXTENSIONS_SPEC and update any references to use these new names
so it’s clear they contain a version specifier (e.g., change COPIER_VERSION ->
COPIER_SPEC and COPIER_TEMPLATE_EXTENSIONS_VERSION ->
COPIER_TEMPLATE_EXTENSIONS_SPEC and adjust any code that uses those symbols to
pass the spec strings into installers/requirements).
| uses: actions/upload-artifact@v6.0.0 | ||
| with: | ||
| name: ${{ steps.calculate-build-context-hash.outputs.image_name_no_slashes }} | ||
| path: ${{ steps.calculate-build-context-hash.outputs.image_name_no_slashes }}.tar |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
actions/upload-artifact v6.0.0 release notes breaking changes
💡 Result:
actions/upload-artifact v6.0.0 (released Dec 12, 2025) — release notes & breaking changes
Breaking change / upgrade impact
- Runtime moved to Node.js 24 (
runs.using: node24). If your workflows/self-hosted environment can’t run Node 24, upgrading tov6can break your pipeline. [1] - Minimum GitHub Actions Runner version required: 2.327.1 (primarily affects self-hosted runners—they must be updated before upgrading). [1]
What changed in v6.0.0
- Added Node 24 support. [1]
- Updated
@actions/artifactto address Node 24 “punycode” deprecation. [1]
Sources: GitHub release page / repo docs for actions/upload-artifact v6.0.0. [1]
Verify self-hosted runner compatibility before upgrading to actions/upload-artifact@v6.0.0.
v6.0.0 (released Dec 12, 2025) introduces breaking changes:
- Runtime moved to Node.js 24—will fail if runners cannot execute Node 24
- Requires GitHub Actions Runner version 2.327.1+ (critical for self-hosted runners)
If you use self-hosted runners, ensure they're updated before merging this change. GitHub-hosted runners are typically updated automatically and should be compatible.
🤖 Prompt for AI Agents
In @.github/reusable_workflows/build-docker-image.yaml around lines 159 - 162,
The workflow updates actions/upload-artifact to v6.0.0 which requires Node.js 24
and runner >= 2.327.1; before merging either (a) revert/pin the action to the
previous compatible version (e.g., keep the existing tag) or (b) add a clear
guard/check and documentation that self-hosted runners must be updated, and
verify your self-hosted runner versions meet the requirement; locate the usage
of actions/upload-artifact@v6.0.0 and the artifact name references
(steps.calculate-build-context-hash.outputs.image_name_no_slashes) and then
decide to pin to a known-compatible version or confirm/upgrade runners and
update the workflow comment to explicitly state the runner/node requirements.
| # Questions specific to this template | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
There was a problem hiding this comment.
Remove excessive blank lines.
YAMLlint flags 5 blank lines where maximum 2 are allowed. This appears to be unintentional whitespace at the top of the file.
🧹 Proposed fix
# Questions specific to this template
-
-
-
-
-
# Questions managed by upstream template📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| # Questions specific to this template | |
| # Questions specific to this template |
🧰 Tools
🪛 YAMLlint (1.38.0)
[error] 6-6: too many blank lines (5 > 2)
(empty-lines)
🤖 Prompt for AI Agents
In `@copier.yml` around lines 1 - 6, The file contains excessive leading blank
lines at the top of copier.yml; remove the extra empty lines so that there are
no more than two consecutive blank lines at the beginning of the file (trim
leading whitespace to a single or at most two blank lines), saving the cleaned
copier.yml file to satisfy YAMLlint.
| - name: Check if push has associated open PR | ||
| id: check | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| REF_NAME: ${{ github.ref_name }} | ||
| REPO_NAME: ${{ github.repository }} | ||
| EVENT_NAME: ${{ github.event_name }} | ||
| shell: bash | ||
| run: | | ||
| # For non-push events, always run | ||
| if [ "$EVENT_NAME" != "push" ]; then | ||
| echo "should_run=true" >> $GITHUB_OUTPUT | ||
| echo "Event is $EVENT_NAME, will run CI" | ||
| exit 0 | ||
| fi | ||
|
|
||
| # For push events, check if there's an open PR for this branch | ||
| pr_json=$(gh pr list \ | ||
| --repo "$REPO_NAME" \ | ||
| --head "$REF_NAME" \ | ||
| --state open \ | ||
| --json number \ | ||
| --limit 1) | ||
|
|
||
| pr_number=$(echo "$pr_json" | jq -r '.[0].number // ""') | ||
|
|
||
| if [ -n "$pr_number" ]; then | ||
| echo "should_run=false" >> $GITHUB_OUTPUT | ||
| echo "Push to branch with open PR #$pr_number detected, skipping (PR event will run CI)" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# Find and examine the action file
find . -name "action.yml" -path "*check-skip-duplicates*" -type fRepository: LabAutomationAndScreening/copier-python-package-template
Length of output: 159
🏁 Script executed:
# Search for usage of this action in workflows
rg "check-skip-duplicates" -C 5 --type yamlRepository: LabAutomationAndScreening/copier-python-package-template
Length of output: 82
🏁 Script executed:
# Check permissions configuration in related workflows
rg "permissions:" -A 10 -B 2 --type yaml | head -100Repository: LabAutomationAndScreening/copier-python-package-template
Length of output: 82
🏁 Script executed:
# Verify gh CLI documentation for --jq flag support
web_search
gh cli --jq flag support gh pr listRepository: LabAutomationAndScreening/copier-python-package-template
Length of output: 545
🏁 Script executed:
cat -n ./template/.github/actions/check-skip-duplicates/action.ymlRepository: LabAutomationAndScreening/copier-python-package-template
Length of output: 2027
🏁 Script executed:
# Search for workflows in .github/workflows
find . -path "*/.github/workflows/*.yml" -o -path "*/.github/workflows/*.yaml" | head -20Repository: LabAutomationAndScreening/copier-python-package-template
Length of output: 327
🏁 Script executed:
# Broader search for any reference to this action
rg "check-skip-duplicates" -C 3Repository: LabAutomationAndScreening/copier-python-package-template
Length of output: 82
🌐 Web query:
gh pr list --jq flag support GitHub CLI documentation
💡 Result:
gh pr list does support the --jq flag.
- In the GitHub CLI manual for
gh pr list,-q, --jq <expression>is listed as an option (“Filter JSON output using a jq expression”). [1] --jqis intended to be used together with--json <fields>(i.e., you must request JSON output/fields first, then filter with jq). [2]
Example:
gh pr list --json number,title,url --jq '.[] | {number,title,url}'Sources: GitHub CLI manual (gh pr list) [1], GitHub CLI formatting docs (gh formatting) [2].
🏁 Script executed:
cat -n ./template/.github/workflows/ci.yamlRepository: LabAutomationAndScreening/copier-python-package-template
Length of output: 168
🏁 Script executed:
cat -n ./.github/workflows/ci.yamlRepository: LabAutomationAndScreening/copier-python-package-template
Length of output: 8093
🌐 Web query:
jq installed GitHub-hosted runners default tools
💡 Result:
- Yes—
jqis preinstalled on GitHub-hosted runners (Ubuntu/macOS/Windows). GitHub’s own hosted runners “come with a version of jq pre-installed.” [1] - To see the default/preinstalled tool list (and the exact
jqversion) for the runner that executed your job, open your workflow run log → Set up job → Runner Image → Included Software (this link points to the exact image’s software inventory). [2] - The canonical source for what’s on GitHub-owned runner images is the
actions/runner-imagesrepository (it’s what GitHub uses to build and track the images/tools). [2][3]
Sources:
[1] GitHub Marketplace – “Install jq” action (notes jq is preinstalled) (github.com)
[2] GitHub Docs – About GitHub-hosted runners (where to find “Included Software” in logs; images updated weekly) (docs.github.com)
[3] actions/runner-images repository (runner image definitions/source) (github.com)
Citations:
- 1: https://github.com/marketplace/actions/install-jq?utm_source=openai
- 2: https://docs.github.com/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners?utm_source=openai
- 3: https://github.com/actions/runner-images?utm_source=openai
🌐 Web query:
GitHub Actions gh pr list requires pull_requests read permission
💡 Result:
gh pr list (GitHub CLI) calls the GitHub API to read pull requests, so in GitHub Actions the token you use must have Pull requests: read.
If you use GITHUB_TOKEN
Set explicit workflow/job permissions (since defaults may be read-only / restricted):
permissions:
contents: read
pull-requests: readpull-requests is a first-class GITHUB_TOKEN permission you can set to read|write|none. [1]
If you use a PAT (e.g., GH_TOKEN)
Ensure the PAT has permission to read PRs (for classic PATs this is typically covered by repo on private repos; fine-grained PATs must grant PR read access for the repo).
Note on forked PRs / Dependabot
For PRs from forks (and Dependabot-triggered workflows), GITHUB_TOKEN can be limited (often read-only) regardless of what you want to do, by design. [2]
Sources: GitHub Actions token permissions model (includes pull-requests). [1] GitHub’s notes on read-only tokens in certain PR contexts. [2] GitHub CLI gh pr list command reference. [3]
[1] (github.blog)
[2] (github.blog)
[3] (cli.github.com)
Citations:
- 1: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/?utm_source=openai
- 2: https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/?utm_source=openai
- 3: https://cli.github.com/manual/gh_pr_list?utm_source=openai
Add pull-requests: read permission and simplify gh pr list with native --jq support.
This action calls gh pr list, which requires pull-requests: read permission on GITHUB_TOKEN. The current workflow does not grant this permission, so the check could fail silently or return incorrect results. Additionally, piping JSON through jq is unnecessary—gh pr list natively supports --jq filtering. For robustness on self-hosted runners, add a preflight check for gh.
Ensure the workflow calling this action includes:
permissions:
pull-requests: read♻️ Suggested adjustment (use gh --jq + preflight)
run: |
+ command -v gh >/dev/null || { echo "gh CLI is required"; exit 1; }
+
# For non-push events, always run
if [ "$EVENT_NAME" != "push" ]; then
echo "should_run=true" >> $GITHUB_OUTPUT
echo "Event is $EVENT_NAME, will run CI"
exit 0
fi
# For push events, check if there's an open PR for this branch
- pr_json=$(gh pr list \
+ pr_number=$(gh pr list \
--repo "$REPO_NAME" \
--head "$REF_NAME" \
--state open \
--json number \
- --limit 1)
-
- pr_number=$(echo "$pr_json" | jq -r '.[0].number // ""')
+ --limit 1 \
+ --jq '.[0].number // ""')🤖 Prompt for AI Agents
In `@template/.github/actions/check-skip-duplicates/action.yml` around lines 12 -
40, The check step (id: check) can fail because GH_TOKEN lacks pull-requests:
read permission and because the script shells JSON through jq; update the action
usage so the calling workflow sets permissions: pull-requests: read for
GITHUB_TOKEN, replace the jq pipeline by using gh pr list --jq to directly
extract the PR number (e.g., use gh pr list --repo "$REPO_NAME" --head
"$REF_NAME" --state open --limit 1 --jq '.[0].number // ""'), and add a
preflight check at the top of the run script to ensure gh is installed (exit
with a clear message if not) so the logic in the check step reliably sets
GITHUB_OUTPUT should_run based on the gh response.
| - name: Cache Pre-commit hooks | ||
| uses: actions/cache@v4.3.0 | ||
| uses: actions/cache@v5.0.2 | ||
| env: |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
actions/cache v5.0.2 release notes breaking changes
💡 Result:
actions/cache v5.0.2 release notes — breaking changes
- No explicit “breaking changes” are called out for v5.0.2. The v5.0.2 release note lists a behavior change: when creating (saving) cache entries, HTTP 429 responses from the cache service will not be retried. If you previously relied on automatic retries to succeed under rate limiting, this can manifest as new failures (a practical breaking behavior change). [1]
Breaking changes to be aware of when moving to actions/cache@v5 (in general)
- Runtime upgrade:
actions/cache@v5runs on Node.js 24. [2] - Minimum runner requirement: requires GitHub Actions Runner >= 2.327.1 (notably relevant for self-hosted runners). [2]
Sources: [1] [3] [2]
Review release notes for v5.0.2 behavior changes and compatibility requirements.
The upgrade to v5.0.2 introduces a practical breaking change: HTTP 429 responses (rate limiting) will no longer be retried when saving cache entries, which could cause cache operations to fail in rate-limited scenarios. Additionally, v5.0 requires Node.js 24 and GitHub Actions Runner >= 2.327.1, which may impact self-hosted runners. Verify these changes do not affect your CI environment or cache reliability before merging.
🤖 Prompt for AI Agents
In `@template/.github/workflows/pre-commit.yaml` around lines 61 - 63, The
workflow step "Cache Pre-commit hooks" currently uses actions/cache@v5.0.2 which
has breaking behavior (no retries on HTTP 429) and requires Node.js 24 + runner
>= 2.327.1; either downgrade or pin to a compatible release (e.g.,
actions/cache@v4) or update CI runners to meet v5 requirements, and/or add a
fallback/retry strategy around the caching step; locate the step by its name
"Cache Pre-commit hooks" and the uses entry "actions/cache@v5.0.2" and update
the version or runner configuration accordingly.
There was a problem hiding this comment.
Pull request overview
Pulls in upstream Copier template updates, primarily refreshing the devcontainer base image and modernizing CI/tooling configuration.
Changes:
- Update devcontainer base image to
mcr.microsoft.com/devcontainers/universal:5.1.1-nobleand adjust related Dockerfile setup. - Bump/align tooling and automation versions (Copier, pyright, uv/pnpm/pre-commit, GitHub Actions, pre-commit hooks).
- Add new template option
pull_from_ecrand introducety.tomlconfiguration files.
Reviewed changes
Copilot reviewed 30 out of 31 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| uv.lock | Updates locked tool/dependency versions (e.g., copier, pyright) and adds ty. |
| ty.toml | Adds repo-level ty configuration (excludes). |
| tests/copier_data/data1.yaml | Adds pull_from_ecr to test fixture answers. |
| tests/copier_data/data2.yaml | Adds pull_from_ecr to test fixture answers. |
| tests/copier_data/data3.yaml | Adds pull_from_ecr to test fixture answers. |
| template/ty.toml | Adds ty config to generated template output. |
| template/pyproject.toml.jinja | Adjusts dependency specifier templating (version vars now include operators). |
| template/.pre-commit-config.yaml | Bumps hook revisions (typos/check-jsonschema/check-json5/ruff). |
| template/.github/workflows/pre-commit.yaml | Bumps actions/cache version. |
| template/.github/workflows/ci.yaml.jinja | Refactors needs formatting and improves “required-check” failure logic. |
| template/.github/actions/update-devcontainer-hash/action.yml | Removes unsupported/unused permissions block. |
| template/.github/actions/install_deps/action.yml | Bumps setup-python / setup-node action versions. |
| template/.github/actions/check-skip-duplicates/action.yml | Adds new composite action to skip duplicate CI runs. |
| template/.devcontainer/install-ci-tooling.py.jinja | Adjusts how version specifiers are concatenated for uv tool installs. |
| template/.devcontainer/devcontainer.json.jinja | Updates recommended VS Code extension versions. |
| template/.devcontainer/Dockerfile | Updates base image + adds yarn apt-source workaround. |
| template/.coderabbit.yaml | Updates CodeRabbit configuration and path-specific instructions. |
| pyproject.toml | Updates template-repo dependencies (incl. ty) and version pins. |
| extensions/context.py | Refreshes version pins/specifiers used during template rendering. |
| copier.yml | Adds pull_from_ecr question and wires it into AWS-related prompts. |
| .pre-commit-config.yaml | Bumps hook revisions (typos/check-jsonschema/check-json5/ruff). |
| .github/workflows/pre-commit.yaml | Bumps actions/cache version. |
| .github/workflows/ci.yaml | Bumps actions/cache version. |
| .github/reusable_workflows/build-docker-image.yaml | Bumps actions/upload-artifact version. |
| .github/actions/update-devcontainer-hash/action.yml | Removes unsupported/unused permissions block. |
| .github/actions/install_deps/action.yml | Bumps setup-python / setup-node action versions. |
| .devcontainer/install-ci-tooling.py | Updates tool versions and adjusts version-specifier concatenation. |
| .devcontainer/devcontainer.json | Updates recommended VS Code extension versions and devcontainer hash. |
| .devcontainer/Dockerfile | Updates base image + adds yarn apt-source workaround. |
| .copier-answers.yml | Updates tracked upstream template commit. |
| .coderabbit.yaml | Updates CodeRabbit configuration and path-specific instructions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| [src] | ||
| exclude = [ | ||
| # excludes managed by this repository | ||
|
|
||
| # excludes managed by template | ||
| "**/node_modules", | ||
| "**/.precommit_cache", | ||
| "**/.ruff_cache", | ||
| "**/.npm_cache", | ||
| "**/.pipx_cache", | ||
| "**/__pycache__", | ||
| "**/vendor_files", | ||
| "**/generated/graphql", | ||
| "**/generated/open_api", | ||
| "**/.venv", | ||
| "**/venv", | ||
| "**/copier_template_resources" | ||
| ] |
There was a problem hiding this comment.
ty.toml is added to the generated template, but the template doesn’t currently install or run ty (no reference in template/pyproject.toml.jinja or template/.pre-commit-config.yaml). Consider adding ty to the template’s dev dependencies / tooling, or omit this config file until it’s used.
| [src] | |
| exclude = [ | |
| # excludes managed by this repository | |
| # excludes managed by template | |
| "**/node_modules", | |
| "**/.precommit_cache", | |
| "**/.ruff_cache", | |
| "**/.npm_cache", | |
| "**/.pipx_cache", | |
| "**/__pycache__", | |
| "**/vendor_files", | |
| "**/generated/graphql", | |
| "**/generated/open_api", | |
| "**/.venv", | |
| "**/venv", | |
| "**/copier_template_resources" | |
| ] | |
| # This file is intentionally left without active configuration. | |
| # The template does not currently install or invoke `ty`, so we omit | |
| # any `ty` settings until the tool is integrated into the tooling. |
| context["vcrpy_version"] = ">=8.1.1" | ||
| context["pytest_recording_version"] = ">=0.13.4" | ||
| context["pytest_asyncio_version"] = ">=1.3.0" | ||
| context["pytest_reserial_version"] = ">=0.6.0" |
There was a problem hiding this comment.
pytest_reserial_version is added to the context, but it isn’t referenced anywhere in this repo’s template files. If it’s not intended to be used yet, consider removing it until there’s a corresponding template dependency/config to consume it.
| context["pytest_reserial_version"] = ">=0.6.0" |
| - path: "**/vendor_files/**" | ||
| instructions: "These files came from a vendor and we're not allowed to change them. Refer to it if you need to understand how the main code interacts with it, but do not make comments about it." | ||
| - path: "**/*.py" | ||
| instructions: "Do not express concerns about assert statements being removed by using the -O python flag; we never use that flag. Do not express concerns about ruff rules; a pre-commit hook already runs a ruff check. Do not warn about unnecessary super().init() calls; pyright prefers those to be present." |
There was a problem hiding this comment.
The instructions string refers to super().init() which is not a valid Python initializer call; it should reference super().__init__() to avoid confusion.
| instructions: "Do not express concerns about assert statements being removed by using the -O python flag; we never use that flag. Do not express concerns about ruff rules; a pre-commit hook already runs a ruff check. Do not warn about unnecessary super().init() calls; pyright prefers those to be present." | |
| instructions: "Do not express concerns about assert statements being removed by using the -O python flag; we never use that flag. Do not express concerns about ruff rules; a pre-commit hook already runs a ruff check. Do not warn about unnecessary super().__init__() calls; pyright prefers those to be present." |
| - path: "**/vendor_files/**" | ||
| instructions: "These files came from a vendor and we're not allowed to change them. Refer to it if you need to understand how the main code interacts with it, but do not make comments about it." | ||
| - path: "**/*.py" | ||
| instructions: "Do not express concerns about assert statements being removed by using the -O python flag; we never use that flag. Do not express concerns about ruff rules; a pre-commit hook already runs a ruff check. Do not warn about unnecessary super().init() calls; pyright prefers those to be present." |
There was a problem hiding this comment.
The instructions string refers to super().init() which is not a valid Python initializer call; it should reference super().__init__() to avoid confusion.
| instructions: "Do not express concerns about assert statements being removed by using the -O python flag; we never use that flag. Do not express concerns about ruff rules; a pre-commit hook already runs a ruff check. Do not warn about unnecessary super().init() calls; pyright prefers those to be present." | |
| instructions: "Do not express concerns about assert statements being removed by using the -O python flag; we never use that flag. Do not express concerns about ruff rules; a pre-commit hook already runs a ruff check. Do not warn about unnecessary super().__init__() calls; pyright prefers those to be present." |
| @@ -0,0 +1,44 @@ | |||
| name: Check Skip Duplicates | |||
| description: 'Check that will output a variable to allow you to skip duplicate runs. Example: If you have both push and pull_request triggers enabled and you dont want to run 2 jobs for the same commit if a PR is already open you can add this to your jobs to skip that extra execution.' | |||
There was a problem hiding this comment.
Typo in description: "dont" should be "don't".
| description: 'Check that will output a variable to allow you to skip duplicate runs. Example: If you have both push and pull_request triggers enabled and you dont want to run 2 jobs for the same commit if a PR is already open you can add this to your jobs to skip that extra execution.' | |
| description: 'Check that will output a variable to allow you to skip duplicate runs. Example: If you have both push and pull_request triggers enabled and you don't want to run 2 jobs for the same commit if a PR is already open you can add this to your jobs to skip that extra execution.' |
| SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
|
|
||
| # temporary hack until yarn updates its GPG key | ||
| RUN rm /etc/apt/sources.list.d/yarn.list || true |
There was a problem hiding this comment.
rm ... || true will mask real failures (e.g., permission or filesystem errors). Prefer rm -f ... to ignore only the missing-file case while still failing on unexpected errors.
| RUN rm /etc/apt/sources.list.d/yarn.list || true | |
| RUN rm -f /etc/apt/sources.list.d/yarn.list |
| SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
|
|
||
| # temporary hack until yarn updates its GPG key | ||
| RUN rm /etc/apt/sources.list.d/yarn.list || true |
There was a problem hiding this comment.
rm ... || true will mask real failures (e.g., permission or filesystem errors). Prefer rm -f ... to ignore only the missing-file case while still failing on unexpected errors.
| RUN rm /etc/apt/sources.list.d/yarn.list || true | |
| RUN rm -f /etc/apt/sources.list.d/yarn.list |
| context["pytest_version"] = ">=9.0.2" | ||
| context["pytest_randomly_version"] = ">=4.0.1" | ||
| context["pytest_cov_version"] = ">=7.0.0" | ||
| context["ty_version"] = ">=0.0.13" |
There was a problem hiding this comment.
ty_version is added to the Copier context, but it isn’t referenced anywhere in the template (e.g., in template/pyproject.toml.jinja or pre-commit hooks). This makes the context value effectively dead; consider either wiring it into the template (so generated repos actually install/run ty) or removing it to avoid confusion.
| context["ty_version"] = ">=0.0.13" |
Pull in upstream template changes
Summary by CodeRabbit
New Features
Chores
✏️ Tip: You can customize this high-level summary in your review settings.