Open
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
🦋 Changeset detectedLatest commit: e69a0d9 The changes in this PR will be included in the next version bump. This PR includes changesets to release 10 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Contributor
📝 WalkthroughWalkthroughThis PR updates 🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/backend/src/api/endpoints/BetaFeaturesApi.ts`:
- Around line 39-45: The get method in BetaFeaturesApi is a test-only endpoint
(see the TODO) and must not be merged into production; remove this test method
from the BetaFeaturesApi class or relocate it into a non-published test
fixture/module (e.g., a dedicated test file or mock API) so it isn't part of the
published package, and update any callers or tests to import the new test-only
module instead of BetaFeaturesApi.get (ensure you stop using basePath/request
from the production API in tests or mark the module as test-only).
Comment on lines
+39
to
+45
| public async get() { | ||
| // TODO: Remove - Strictly a test endpoint | ||
| return this.request<void>({ | ||
| method: 'GET', | ||
| path: joinPaths(basePath), | ||
| }); | ||
| } |
Contributor
There was a problem hiding this comment.
Test endpoint should not be merged to production code.
This method is explicitly marked as a test endpoint via the TODO comment. Adding test-only code to production API classes is a merge-blocking concern—this could accidentally ship and expose an unintended endpoint.
If this is purely for CI testing purposes, consider:
- Moving it to a test fixture or mock
- Using a separate test-only module that isn't published
- Removing before merge if the PR objective is only CI workflow changes
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@packages/backend/src/api/endpoints/BetaFeaturesApi.ts` around lines 39 - 45,
The get method in BetaFeaturesApi is a test-only endpoint (see the TODO) and
must not be merged into production; remove this test method from the
BetaFeaturesApi class or relocate it into a non-published test fixture/module
(e.g., a dedicated test file or mock API) so it isn't part of the published
package, and update any callers or tests to import the new test-only module
instead of BetaFeaturesApi.get (ensure you stop using basePath/request from the
production API in tests or mark the module as test-only).
@clerk/agent-toolkit
@clerk/astro
@clerk/backend
@clerk/chrome-extension
@clerk/clerk-js
@clerk/dev-cli
@clerk/expo
@clerk/expo-passkeys
@clerk/express
@clerk/fastify
@clerk/hono
@clerk/localizations
@clerk/nextjs
@clerk/nuxt
@clerk/react
@clerk/react-router
@clerk/shared
@clerk/tanstack-react-start
@clerk/testing
@clerk/ui
@clerk/upgrade
@clerk/vue
commit: |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/ci.yml:
- Around line 288-299: The CI job "integration-setup" uses a custom runner label
"blacksmith-8vcpu-ubuntu-2204" which actionlint flags; fix this by either adding
"self-hosted" to the runs-on array for the integration-setup job (e.g., runs-on:
[self-hosted, 'blacksmith-8vcpu-ubuntu-2204']) or by adding the custom label
"blacksmith-8vcpu-ubuntu-2204" to your actionlint configuration
(actionlint.yaml) so actionlint recognizes it; update the runs-on or
actionlint.yaml and rerun the linter.
- Around line 327-331: The artifact name in the "Upload Verdaccio Storage" step
uses `${{ github.run_id }}-${{ github.run_attempt }}` which changes on reruns
and breaks the downloader; change the artifact naming to a stable value (e.g.,
use only `${{ github.run_id }}`) so the upload step ("Upload Verdaccio Storage")
produces a consistent artifact name that the download step can reliably
reference across reruns.
- Around line 447-461: The "Start Verdaccio" step's health-check loop may time
out silently causing later steps to fail; modify the step so after the for-loop
that checks curl -f http://localhost:4873/ you explicitly fail the job if
Verdaccio never becomes healthy (e.g., detect that the loop completed without
break and run an exit 1 with a clear error message). Update the same step that
runs nohup ./node_modules/.bin/verdaccio and the for i in {1..10} loop to add a
guard (post-loop conditional) that echoes an explanatory error and exits
non-zero when the registry is unreachable, ensuring subsequent steps don't run
against a missing registry.
---
Duplicate comments:
In @.github/workflows/ci.yml:
- Around line 242-249: Duplicate review — no code changes required; keep the
GitHub Actions step "Checkout Repo" using uses: actions/checkout@v6 as already
verified by the action-version check, so leave the checkout step (the "Checkout
Repo" action) unchanged and do not add additional modifications.
- Around line 440-445: The "Download Verdaccio Storage" step is using an
artifact name expression that must exactly match the upload step; update the
name field in the "Download Verdaccio Storage" step so it uses the identical
artifact naming expression or shared variable used by the upload step (e.g., the
same template or VERDACCIO artifact name), ensuring the artifact name (the value
currently set in name: verdaccio-storage-${{ github.run_id }}-${{
github.run_attempt }}) exactly matches the upload step's artifact name so
downloads succeed on reruns.
- Around line 538-544: This upload-artifact step is already covered by the
action-version verification referenced earlier, so no functional change is
required; keep the uses: actions/upload-artifact@v6 intact, ensure the step name
"Upload test-results" and its inputs (name, path, retention-days) remain
correct, and remove any duplicate or redundant review comments related to
version verification to avoid noise.
- Around line 160-168: Remove the duplicate review comment regarding the
actions/checkout@v6 verification and ensure the workflow step "Checkout Repo"
(uses: actions/checkout@v6) remains as-is; specifically delete the redundant
duplicate_comment note from the PR or commit so only the original verification
comment remains and no duplicate feedback is present.
- Around line 135-142: The reviewer flagged this as a duplicate with no new
concerns; ensure the GitHub Action step "Upload Turbo Summary" (the job using
uses: actions/upload-artifact@v6 and guarded by if: ${{ env.TURBO_SUMMARIZE ==
'true' }}) remains pinned to v6 and remove any duplicate or redundant
review-change attempts—keep the step as-is with continue-on-error: true, name,
path (.turbo/runs) and retention-days: 5, and do not add extra version checks or
duplicate edits for the same action.
- Around line 109-116: The review flagged a duplicate remark about verifying the
action version; remove the redundant comment and ensure the workflow step using
actions/checkout@v6 remains unchanged (the block with "uses:
actions/checkout@v6" and its with: keys) so the earlier action-version
verification is the single source of truth.
- Around line 390-397: This review note is a duplicate of the earlier
action-version verification; remove the redundant comment or mark it resolved
and keep the workflow step "Checkout Repo" intact (the uses: actions/checkout@v6
entry must remain as-is). Ensure no other changes are made to the checkout step
configuration (fetch-depth, fetch-tags, filter, show-progress) and push the
updated CI YAML without the duplicate comment.
- Around line 559-566: The workflow contains a duplicate verification of the
checkout action; ensure there is only one Checkout repository step using uses:
actions/checkout@v6 (the step with name "Checkout repository") by removing the
redundant/check-duplicate step or consolidating checks so the v6 tag
verification exists only once.
- Around line 198-205: This "Upload Turbo Summary" CI step is already covered by
the earlier action-version verification, so no functional change is needed; just
ensure the step keeps uses: actions/upload-artifact@v6, the conditional if: ${{
env.TURBO_SUMMARIZE == 'true' }}, and the with fields (name pattern, path:
.turbo/runs, retention-days: 5) consistent with the verified version, and remove
the duplicate review comment/annotation that flagged it as redundant.
Comment on lines
+288
to
+299
| integration-setup: | ||
| needs: [check-permissions] | ||
| if: ${{ github.event_name != 'pull_request' || github.event.pull_request.draft == false }} | ||
| name: Integration Test Setup | ||
| runs-on: "blacksmith-8vcpu-ubuntu-2204" | ||
| permissions: | ||
| contents: read | ||
| actions: write | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| timeout-minutes: ${{ vars.TIMEOUT_MINUTES_NORMAL && fromJSON(vars.TIMEOUT_MINUTES_NORMAL) || 10 }} |
Contributor
There was a problem hiding this comment.
Actionlint will flag the custom runner label.
Line 292 uses blacksmith-8vcpu-ubuntu-2204, which actionlint doesn’t recognize by default. If this is a self-hosted label, add it to actionlint.yaml (or include self-hosted in runs-on) to avoid lint failures.
🧰 Tools
🪛 actionlint (1.7.11)
[error] 292-292: label "blacksmith-8vcpu-ubuntu-2204" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2025-vs2026", "windows-2022", "windows-11-arm", "ubuntu-slim", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26-large", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xlarge", "macos-14-large", "macos-14", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file
(runner-label)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/ci.yml around lines 288 - 299, The CI job
"integration-setup" uses a custom runner label "blacksmith-8vcpu-ubuntu-2204"
which actionlint flags; fix this by either adding "self-hosted" to the runs-on
array for the integration-setup job (e.g., runs-on: [self-hosted,
'blacksmith-8vcpu-ubuntu-2204']) or by adding the custom label
"blacksmith-8vcpu-ubuntu-2204" to your actionlint configuration
(actionlint.yaml) so actionlint recognizes it; update the runs-on or
actionlint.yaml and rerun the linter.
Comment on lines
+327
to
+331
| - name: Upload Verdaccio Storage | ||
| uses: actions/upload-artifact@v6 | ||
| with: | ||
| name: verdaccio-storage-${{ github.run_id }}-${{ github.run_attempt }} | ||
| path: .verdaccio/storage |
Contributor
There was a problem hiding this comment.
Avoid run_attempt in Verdaccio storage artifact name.
On “Re-run failed jobs,” integration-setup may not rerun, so the download step (Line 440+) will look for a new run_attempt artifact that doesn’t exist. Use a stable name (e.g., run_id only) or force integration-setup to rerun.
🛠️ Proposed fix (stable artifact name across reruns)
- name: verdaccio-storage-${{ github.run_id }}-${{ github.run_attempt }}
+ name: verdaccio-storage-${{ github.run_id }}- name: verdaccio-storage-${{ github.run_id }}-${{ github.run_attempt }}
+ name: verdaccio-storage-${{ github.run_id }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| - name: Upload Verdaccio Storage | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: verdaccio-storage-${{ github.run_id }}-${{ github.run_attempt }} | |
| path: .verdaccio/storage | |
| - name: Upload Verdaccio Storage | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: verdaccio-storage-${{ github.run_id }} | |
| path: .verdaccio/storage |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/ci.yml around lines 327 - 331, The artifact name in the
"Upload Verdaccio Storage" step uses `${{ github.run_id }}-${{
github.run_attempt }}` which changes on reruns and breaks the downloader; change
the artifact naming to a stable value (e.g., use only `${{ github.run_id }}`) so
the upload step ("Upload Verdaccio Storage") produces a consistent artifact name
that the download step can reliably reference across reruns.
Comment on lines
447
to
461
| - name: Start Verdaccio | ||
| if: ${{ steps.task-status.outputs.affected == '1' }} | ||
| uses: ./.github/actions/verdaccio | ||
| with: | ||
| publish-cmd: | | ||
| if [ "$(pnpm config get registry)" = "https://registry.npmjs.org/" ]; then echo 'Error: Using default registry' && exit 1; else pnpm turbo build $TURBO_ARGS --only && pnpm changeset publish --no-git-tag --tag latest; fi | ||
| run: | | ||
| pnpm set registry http://localhost:4873 | ||
| nohup ./node_modules/.bin/verdaccio --config ./verdaccio.install.yaml & | ||
| for i in {1..10}; do | ||
| if curl -f http://localhost:4873/ > /dev/null 2>&1; then | ||
| echo "Verdaccio is up and running" | ||
| break | ||
| fi | ||
| echo "Waiting for Verdaccio to start (attempt $i)..." | ||
| sleep 2 | ||
| done | ||
| pnpm config set //localhost:4873/:_authToken secretToken | ||
|
|
Contributor
There was a problem hiding this comment.
Fail fast if Verdaccio never starts.
If the loop times out, the job currently continues and later steps fail with less actionable errors. Add a guard to exit when the registry never becomes healthy.
🛠️ Proposed fix (explicit failure on startup timeout)
- name: Start Verdaccio
if: ${{ steps.task-status.outputs.affected == '1' }}
run: |
pnpm set registry http://localhost:4873
nohup ./node_modules/.bin/verdaccio --config ./verdaccio.install.yaml &
+ started=false
for i in {1..10}; do
if curl -f http://localhost:4873/ > /dev/null 2>&1; then
echo "Verdaccio is up and running"
+ started=true
break
fi
echo "Waiting for Verdaccio to start (attempt $i)..."
sleep 2
done
+ if [ "$started" != "true" ]; then
+ echo "Verdaccio failed to start" >&2
+ exit 1
+ fi
pnpm config set //localhost:4873/:_authToken secretToken🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/ci.yml around lines 447 - 461, The "Start Verdaccio"
step's health-check loop may time out silently causing later steps to fail;
modify the step so after the for-loop that checks curl -f http://localhost:4873/
you explicitly fail the job if Verdaccio never becomes healthy (e.g., detect
that the loop completed without break and run an exit 1 with a clear error
message). Update the same step that runs nohup ./node_modules/.bin/verdaccio and
the for i in {1..10} loop to add a guard (post-loop conditional) that echoes an
explanatory error and exits non-zero when the registry is unreachable, ensuring
subsequent steps don't run against a missing registry.
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/ci.yml (1)
446-451: Download artifact name must match upload naming scheme.This download uses
run_attemptin the artifact name (line 450). If the upload step changes to use onlyrun_idas suggested above, update this to match:- name: verdaccio-storage-${{ github.run_id }}-${{ github.run_attempt }} + name: verdaccio-storage-${{ github.run_id }}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci.yml around lines 446 - 451, The download step named "Download Verdaccio Storage" is using an artifact name that includes run_attempt (verdaccio-storage-${{ github.run_id }}-${{ github.run_attempt }}), which will mismatch if the upload step is changed to use only run_id; update the artifact name in this step to match the upload naming scheme (e.g., verdaccio-storage-${{ github.run_id }}) so the actions/download-artifact@v6 call finds the uploaded artifact, keeping the existing if condition (steps.task-status.outputs.affected == '1') and step name unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In @.github/workflows/ci.yml:
- Line 294: Actionlint is flagging the custom runner label
"blacksmith-8vcpu-ubuntu-2204" used in runs-on; either add that label to your
actionlint configuration (actionlint.yaml) so it’s recognized, or modify the
workflow runs-on value to include the standard token (e.g., ["self-hosted",
"blacksmith-8vcpu-ubuntu-2204"]) so actionlint no longer reports the unknown
label; update the .github/workflows/ci.yml runs-on entry or the actionlint.yaml
accordingly.
- Around line 453-466: The health-check loop in the "Start Verdaccio" step can
time out silently; modify the shell block that runs nohup
./node_modules/.bin/verdaccio and the for loop (the curl -f
http://localhost:4873/ check) to detect failure and explicitly exit non‑zero if
Verdaccio never becomes reachable — e.g., after the loop ends, run a final curl
check and if it fails echo an error like "Verdaccio failed to start" and exit 1
so subsequent commands (like pnpm config set //localhost:4873/:_authToken) do
not run; update the same step script where nohup, the for loop, and pnpm config
set are defined.
- Around line 329-334: The artifact name in the "Upload Verdaccio Storage" step
uses both github.run_id and github.run_attempt which makes reruns fail; update
the step that defines the artifact name (the "Upload Verdaccio Storage" action)
to remove github.run_attempt and use a stable name based only on github.run_id
(e.g., verdaccio-storage-${{ github.run_id }}) so downstream jobs like
"integration-tests" can reliably find the uploaded artifact on reruns.
---
Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 446-451: The download step named "Download Verdaccio Storage" is
using an artifact name that includes run_attempt (verdaccio-storage-${{
github.run_id }}-${{ github.run_attempt }}), which will mismatch if the upload
step is changed to use only run_id; update the artifact name in this step to
match the upload naming scheme (e.g., verdaccio-storage-${{ github.run_id }}) so
the actions/download-artifact@v6 call finds the uploaded artifact, keeping the
existing if condition (steps.task-status.outputs.affected == '1') and step name
unchanged.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
TEST
Checklist
pnpm testruns as expected.pnpm buildruns as expected.Type of change
Summary by CodeRabbit
New Features
Chores