fix: resolve 3 workflow bugs found during integration testing#93
fix: resolve 3 workflow bugs found during integration testing#93
Conversation
Bug 1 — github.base_ref empty on issue_comment trigger: Phase 1 & Phase 2 workflows crash with "unknown revision origin/...HEAD" when triggered by issue_comment events. Added BASE_REF fallback to main. Bug 2 — package-test.yml pytest not found: uv sync alone doesn't install test extras. Changed to uv sync --extra test. Bug 3 — Slack notification 400 errors: nightly-docs-update and issue-to-pr missing secret validation guards. Added 3-var shell guard (RUBE_API_TOKEN, SLACK_CHANNEL_ID, RUBE_ENTITY_ID) matching the pattern from commit-notifications.yml. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Reviewer's GuideThis PR fixes three workflow issues by introducing a robust BASE_REF fallback in review workflows, ensuring test dependencies are installed for package tests, and hardening Slack notification steps with consistent secret validation guards. Sequence diagram for issue_comment-triggered review workflow with BASE_REF fallbacksequenceDiagram
actor Developer
participant GitHub
participant Workflow_claude_review_phase1
participant Git
Developer->>GitHub: Comment @claude-review on PR
GitHub-->>Workflow_claude_review_phase1: Trigger issue_comment event
Workflow_claude_review_phase1->>Workflow_claude_review_phase1: Read github.base_ref into BASE_REF
Workflow_claude_review_phase1->>Workflow_claude_review_phase1: Check if BASE_REF is empty
alt BASE_REF empty
Workflow_claude_review_phase1->>Workflow_claude_review_phase1: Set BASE_REF to main
else BASE_REF provided
Workflow_claude_review_phase1->>Workflow_claude_review_phase1: Use provided BASE_REF
end
Workflow_claude_review_phase1->>Git: git diff origin/BASE_REF...HEAD
Git-->>Workflow_claude_review_phase1: Changed files and stats
Workflow_claude_review_phase1->>Workflow_claude_review_phase1: Compute size and high-stakes status
Workflow_claude_review_phase1-->>GitHub: Post review results and checks
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
AI Patch Generation BlockedModifications to protected files detected: .github/workflows/. AI patch generation not allowed. Security Policy: Automated patch generation is disabled for:
You can still get a review comment by using the AI Code Review workflow. |
📝 WalkthroughWalkthroughUpdated GitHub workflow files to normalize base branch references with fallback to main, enhanced Slack notification steps to require and verify additional environment variables (SLACK_CHANNEL_ID, RUBE_ENTITY_ID), and modified package-test workflow to include test extras in dependency synchronization. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
PAL MCP Consensus Not AvailableSecurity-sensitive files were detected, but PAL MCP multi-model consensus is not configured. High-stakes files changed: To enable PAL MCP consensus:
Claude Code Review results are still available above. |
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- The
BASE_REFfallback logic is duplicated across multiple steps; consider extracting this into a reusable action/composite or a shared step (e.g., viaenvor an earlier job step output) to avoid drift and keep the behavior consistent. - Using
mainas the hardcoded fallback forBASE_REFassumes the default branch name; if some repos usemasteror another default, you might want to parameterize this or derive it from repository configuration to avoid mis-targeted diffs. - The three-variable Slack secret guard is now duplicated in two workflows; consider centralizing this pattern (e.g., a reusable workflow or shared script) so future updates to the validation logic only need to happen in one place.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The `BASE_REF` fallback logic is duplicated across multiple steps; consider extracting this into a reusable action/composite or a shared step (e.g., via `env` or an earlier job step output) to avoid drift and keep the behavior consistent.
- Using `main` as the hardcoded fallback for `BASE_REF` assumes the default branch name; if some repos use `master` or another default, you might want to parameterize this or derive it from repository configuration to avoid mis-targeted diffs.
- The three-variable Slack secret guard is now duplicated in two workflows; consider centralizing this pattern (e.g., a reusable workflow or shared script) so future updates to the validation logic only need to happen in one place.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
Claude Code Review (via AWS Bedrock)OverviewThis PR addresses three critical workflow bugs identified during integration testing:
All fixes follow defensive programming patterns with graceful degradation. Critical IssuesNone — these are well-crafted bug fixes that improve workflow reliability. High PriorityNone — the implementation is solid. Medium Priority1. BASE_REF Duplication (Minor DRY violation)
2. Bash String Comparison Could Be More Explicit if [ -z "$RUBE_API_TOKEN" ] || [ -z "$SLACK_CHANNEL_ID" ] || [ -z "$RUBE_ENTITY_ID" ]; then
Positive Observations✅ Excellent defensive programming — all git diff commands now have safe fallbacks Specific Technical Wins
Review Summary
Recommendation: ✅ Approve and merge — These are essential reliability improvements with no identified risks. Generated by Claude Code Review (AWS Bedrock) on 2026-03-28 |
PAL MCP Consensus Code Review (via AWS Bedrock)OverviewThis PR addresses 3 critical workflow bugs discovered during integration testing:
Files Changed: 5 GitHub Actions workflow files Critical Issues
None - All changes are bug fixes improving robustness. No blocking issues identified. High Priority
None - The fixes are well-implemented and follow best practices. Medium Priority
Low Priority / Suggestions
Positive Observations✅ Excellent defensive programming: The base_ref fallback prevents silent failures
✅ Graceful degradation for Slack notifications:
✅ Correct dependency fix:
✅ Consistent pattern application:
✅ Security-conscious:
Technical Analysis by Category1. claude-review-phase1.yml (Lines +4/-2)Bug Fixed: Missing base_ref fallback in PR size check Analysis:
2. claude-review-phase2.yml (Lines +8/-3)Bug Fixed: Base_ref fallback in two locations (high-stakes check + PAL MCP context) Analysis:
Pattern Consistency: Both use identical fallback logic (good for maintainability) 3. issue-to-pr.yml (Lines +7/-1)Bug Fixed: Slack notification failures when secrets not configured Analysis:
4. nightly-docs-update.yml (Lines +6/-2)Bug Fixed: Same Slack notification issue as #3 Analysis:
5. package-test.yml (Lines +1/-1)Bug Fixed: Missing test dependencies in pytest run Analysis:
Security AnalysisSecret Handling: ✅ PASSED
Command Injection: ✅ PASSED
Workflow Security: ✅ PASSED
Code Quality AnalysisMaintainability: ✅ GOOD
Error Handling: ✅ EXCELLENT
Testing:
Review Summary
Overall Assessment: ✅ APPROVE This PR fixes real bugs that would cause workflow failures in production. All fixes are:
Merge Recommendation: ✅ Safe to merge immediately
Testing EvidenceFrom commit message and PR description:
Validation Confidence: ✅ HIGH This review was generated by Claude Sonnet 4.5 using comprehensive static analysis. |
There was a problem hiding this comment.
Actionable comments posted: 3
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/issue-to-pr.yml (1)
486-501:⚠️ Potential issue | 🟠 MajorGuard checks for environment variables that the script ignores.
The
.github/scripts/notify_slack.pyscript does not readSLACK_CHANNEL_IDandRUBE_ENTITY_IDfrom environment, but the workflow guard requires them:
Variable Guard checks Script behavior RUBE_API_TOKEN✓ Used via os.environ.get()SLACK_CHANNEL_ID✓ Hardcoded to "C02UJAFKRRC"on line 11RUBE_ENTITY_ID✓ Never used — script uses SLACK_CONNECTED_ACCOUNT_IDwith"default"fallbackThis causes notifications to be skipped when only
RUBE_API_TOKENis configured, even though that's the only variable the script requires.Either:
- Simplify the guard to check only
RUBE_API_TOKEN, or- Update
.github/scripts/notify_slack.pyto readSLACK_CHANNEL_IDandRUBE_ENTITY_IDfrom environment instead of hardcoding/ignoring them🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/issue-to-pr.yml around lines 486 - 501, The workflow currently gates on SLACK_CHANNEL_ID and RUBE_ENTITY_ID but notify_slack.py ignores them; update .github/scripts/notify_slack.py to read SLACK_CHANNEL_ID and RUBE_ENTITY_ID from the environment (use os.environ.get('SLACK_CHANNEL_ID') and os.environ.get('RUBE_ENTITY_ID') with sensible fallbacks) instead of the hardcoded channel ID or unused SLACK_CONNECTED_ACCOUNT_ID/default logic, and then use those variables where the script posts/identifies the Slack target so the existing guard in the workflow (checking RUBE_API_TOKEN, SLACK_CHANNEL_ID, RUBE_ENTITY_ID) correctly reflects the script’s requirements.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/claude-review-phase1.yml:
- Around line 52-55: The diff range is computed against the wrong ref for
issue_comment events because actions/checkout doesn't check out the PR head and
github.base_ref may be empty; update the workflow to detect issue_comment (or
missing github.base_ref), obtain the PR head ref/sha from
github.event.pull_request.head.ref or .sha, ensure actions/checkout checks out
that PR ref (or explicitly fetch the PR head), and then compute FILES_CHANGED
and LINES_CHANGED using origin/${BASE_REF}...${PR_HEAD_REF_OR_SHA} (replace HEAD
with the actual PR head variable) so BASE_REF, FILES_CHANGED and LINES_CHANGED
reflect the real PR diff.
In @.github/workflows/claude-review-phase2.yml:
- Around line 46-48: The workflow assumes github.base_ref is always present
(used to populate BASE_REF and later in the checkout/diff logic), which is false
for issue_comment events; update the logic that sets BASE_REF/REF so it
explicitly handles the issue_comment case: detect github.event_name ==
'issue_comment', retrieve the PR metadata (e.g., using
xt0rted/pull-request-comment-branch or github-script to read
github.event.issue.pull_request or fetch the PR by number) and set BASE_REF to
the PR base ref and set a HEAD_REF (the PR head ref) before the checkout step;
finally ensure the checkout action (the step referencing ref) uses that explicit
ref (HEAD_REF) instead of falling back to main, and apply the same fix to the
other places where BASE_REF/REF are assumed (the other similar blocks).
In @.github/workflows/package-test.yml:
- Line 60: The CI runs "uv run mypy . --ignore-missing-imports" but mypy is not
declared in any dependency set, so add "mypy" to the project's dependency
declarations and ensure it's included in the "test" extra that the workflow
installs with "uv sync --extra test"; update either requirements.txt,
pyproject.toml/dev-dependencies, or the extras named "test" to include "mypy"
(or add it to main deps) so the "uv run mypy . --ignore-missing-imports" step
can find the mypy executable.
---
Outside diff comments:
In @.github/workflows/issue-to-pr.yml:
- Around line 486-501: The workflow currently gates on SLACK_CHANNEL_ID and
RUBE_ENTITY_ID but notify_slack.py ignores them; update
.github/scripts/notify_slack.py to read SLACK_CHANNEL_ID and RUBE_ENTITY_ID from
the environment (use os.environ.get('SLACK_CHANNEL_ID') and
os.environ.get('RUBE_ENTITY_ID') with sensible fallbacks) instead of the
hardcoded channel ID or unused SLACK_CONNECTED_ACCOUNT_ID/default logic, and
then use those variables where the script posts/identifies the Slack target so
the existing guard in the workflow (checking RUBE_API_TOKEN, SLACK_CHANNEL_ID,
RUBE_ENTITY_ID) correctly reflects the script’s requirements.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 5b8eaf9f-19f9-431f-92ff-c6e7bd4fbb9e
📒 Files selected for processing (5)
.github/workflows/claude-review-phase1.yml.github/workflows/claude-review-phase2.yml.github/workflows/issue-to-pr.yml.github/workflows/nightly-docs-update.yml.github/workflows/package-test.yml
| BASE_REF="${{ github.base_ref }}" | ||
| BASE_REF="${BASE_REF:-main}" | ||
| FILES_CHANGED=$(git diff --name-only origin/${BASE_REF}...HEAD | wc -l) | ||
| LINES_CHANGED=$(git diff --stat origin/${BASE_REF}...HEAD | tail -1 | awk '{print $4+$6}') |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
For GitHub Actions issue_commentevents, isgithub.base_refpopulated, and doesactions/checkout default to the PR head commit?
💡 Result:
No, for GitHub Actions issue_comment events, github.base_ref is not populated. Yes, actions/checkout defaults to checking out the default branch (not the PR head commit) when no ref is specified.
Citations:
- 1: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows
- 2: https://docs.github.com/en/actions/reference/contexts-reference
- 3: Any way to checkout PR from
issue_commentevent? actions/checkout#331 - 4: checkout not checking out branch actions/checkout#1637
- 5: https://github.com/actions/checkout
🏁 Script executed:
cat -n .github/workflows/claude-review-phase1.yml | head -70Repository: Tony363/SuperClaude
Length of output: 2780
For issue_comment events, the diff range computation is incorrect because HEAD is not the PR head.
When triggered by issue_comment, github.base_ref is empty (falls back to main on line 53), but actions/checkout without an explicit ref parameter defaults to checking out the default branch—not the PR head. This means git diff origin/main...HEAD compares the default branch against itself, yielding no changes. The review would proceed with a silently incorrect diff, and line 60's size check would pass with LINES_CHANGED=0.
Suggested fix
- BASE_REF="${{ github.base_ref }}"
- BASE_REF="${BASE_REF:-main}"
- FILES_CHANGED=$(git diff --name-only origin/${BASE_REF}...HEAD | wc -l)
- LINES_CHANGED=$(git diff --stat origin/${BASE_REF}...HEAD | tail -1 | awk '{print $4+$6}')
+ if [[ "${{ github.event_name }}" == "issue_comment" ]]; then
+ PR_NUMBER="${{ github.event.issue.number }}"
+ git fetch origin "pull/${PR_NUMBER}/merge:pr-${PR_NUMBER}-merge"
+ RANGE="pr-${PR_NUMBER}-merge^1...pr-${PR_NUMBER}-merge"
+ else
+ BASE_REF="${{ github.base_ref || github.event.repository.default_branch }}"
+ RANGE="origin/${BASE_REF}...HEAD"
+ fi
+
+ FILES_CHANGED=$(git diff --name-only "$RANGE" | wc -l | tr -d ' ')
+ LINES_CHANGED=$(git diff --numstat "$RANGE" | awk '{a+=$1; d+=$2} END {print a+d+0}')📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| BASE_REF="${{ github.base_ref }}" | |
| BASE_REF="${BASE_REF:-main}" | |
| FILES_CHANGED=$(git diff --name-only origin/${BASE_REF}...HEAD | wc -l) | |
| LINES_CHANGED=$(git diff --stat origin/${BASE_REF}...HEAD | tail -1 | awk '{print $4+$6}') | |
| if [[ "${{ github.event_name }}" == "issue_comment" ]]; then | |
| PR_NUMBER="${{ github.event.issue.number }}" | |
| git fetch origin "pull/${PR_NUMBER}/merge:pr-${PR_NUMBER}-merge" | |
| RANGE="pr-${PR_NUMBER}-merge^1...pr-${PR_NUMBER}-merge" | |
| else | |
| BASE_REF="${{ github.base_ref || github.event.repository.default_branch }}" | |
| RANGE="origin/${BASE_REF}...HEAD" | |
| fi | |
| FILES_CHANGED=$(git diff --name-only "$RANGE" | wc -l | tr -d ' ') | |
| LINES_CHANGED=$(git diff --numstat "$RANGE" | awk '{a+=$1; d+=$2} END {print a+d+0}') |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/claude-review-phase1.yml around lines 52 - 55, The diff
range is computed against the wrong ref for issue_comment events because
actions/checkout doesn't check out the PR head and github.base_ref may be empty;
update the workflow to detect issue_comment (or missing github.base_ref), obtain
the PR head ref/sha from github.event.pull_request.head.ref or .sha, ensure
actions/checkout checks out that PR ref (or explicitly fetch the PR head), and
then compute FILES_CHANGED and LINES_CHANGED using
origin/${BASE_REF}...${PR_HEAD_REF_OR_SHA} (replace HEAD with the actual PR head
variable) so BASE_REF, FILES_CHANGED and LINES_CHANGED reflect the real PR diff.
| BASE_REF="${{ github.base_ref }}" | ||
| BASE_REF="${BASE_REF:-main}" | ||
|
|
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
In GitHub Actions, what is the recommended way to compute PR diffs for workflows triggered by issue_comment?
💡 Result:
The recommended way to compute PR diffs in GitHub Actions workflows triggered by issue_comment is to first fetch the PR details (head ref and SHA), checkout the PR branch using actions/checkout with the appropriate ref, set fetch-depth: 0 or a sufficient depth to fetch history, and then run git diff between the PR's base branch and the PR head (e.g., git diff origin/main...HEAD --name-only or similar, depending on the exact diff needed, such as full PR vs. last commit). Key steps in workflow YAML: 1. Use actions/github-script or xt0rted/pull-request-comment-branch to get PR head_ref and base_ref from github.event.issue.number, since issue_comment lacks direct github.head_ref. 2. Checkout with: - uses: actions/checkout@v4 with: ref: ${{ steps.get-pr.outputs.head_ref }} # or from action output fetch-depth: 0 # for full history/diff 3. Fetch base branch: git fetch origin ${{ steps.get-pr.outputs.base_ref }} 4. Compute diff: git diff --name-only origin/${{ steps.get-pr.outputs.base_ref }}...HEAD For changed files only, after checkout, use tj-actions/changed-files (supports issue_comment with proper base_sha input). Use pull_request_target trigger if needing secrets/write perms, but carefully checkout untrusted PR code. Examples from actions/checkout issue #331 (updated 2025) and xt0rted/pull-request-comment-branch repo confirm gh pr checkout or API+checkout as standard practices. CodeQL-action uses GitHub Compare API for diffs without full git history.
Citations:
- 1: Any way to checkout PR from
issue_commentevent? actions/checkout#331 - 2: https://github.com/xt0rted/pull-request-comment-branch
- 3: Checkout not checking out to PR branch actions/checkout#1325
- 4: https://github.com/tj-actions/changed-files
- 5: [Feature] Support issue comment created trigger scenario in pull request tj-actions/changed-files#1667
- 6: getPullRequestEditedDiffRanges: use GitHub API github/codeql-action#2679
🏁 Script executed:
# First, check if the file exists and examine lines 46-48 and 61
if [ -f ".github/workflows/claude-review-phase2.yml" ]; then
echo "=== Lines 40-70 of the workflow file ==="
sed -n '40,70p' ".github/workflows/claude-review-phase2.yml"
else
echo "File not found"
fiRepository: Tony363/SuperClaude
Length of output: 1017
🏁 Script executed:
# Also check the event triggers and overall structure
head -30 ".github/workflows/claude-review-phase2.yml" | cat -nRepository: Tony363/SuperClaude
Length of output: 1041
🏁 Script executed:
# Check checkout configuration and line 61 usage
echo "=== Lines 35-45 (checkout config) ==="
sed -n '35,45p' ".github/workflows/claude-review-phase2.yml"
echo -e "\n=== Lines 55-65 (git diff usage) ==="
sed -n '55,65p' ".github/workflows/claude-review-phase2.yml"Repository: Tony363/SuperClaude
Length of output: 636
🏁 Script executed:
# Search for the second occurrence mentioned at lines 212-217
wc -l ".github/workflows/claude-review-phase2.yml"Repository: Tony363/SuperClaude
Length of output: 109
🏁 Script executed:
# Check if there are more occurrences of BASE_REF pattern or github.base_ref
rg "BASE_REF|github\.base_ref" ".github/workflows/claude-review-phase2.yml" -nRepository: Tony363/SuperClaude
Length of output: 591
High-stakes detection bypassed for issue_comment-triggered runs.
Lines 46-48 and 61 assume github.base_ref is available, but this context variable is undefined in issue_comment events. The fallback to main combines with the missing ref parameter in the checkout step, causing the workflow to compare main...main (no diffs detected). This silently bypasses security review consensus for PRs triggered via comments.
The standard fix is to explicitly handle the issue_comment case by fetching PR metadata using xt0rted/pull-request-comment-branch action or github-script, then checkout the PR head with an explicit ref before computing diffs. Alternatively, the approach suggested below (fetch merge commit) also works:
Suggested fix
- BASE_REF="${{ github.base_ref }}"
- BASE_REF="${BASE_REF:-main}"
-
- CHANGED_FILES=$(git diff --name-only origin/${BASE_REF}...HEAD)
+ if [[ "${{ github.event_name }}" == "issue_comment" ]]; then
+ PR_NUMBER="${{ github.event.issue.number }}"
+ git fetch origin "pull/${PR_NUMBER}/merge:pr-${PR_NUMBER}-merge"
+ RANGE="pr-${PR_NUMBER}-merge^1...pr-${PR_NUMBER}-merge"
+ else
+ BASE_REF="${{ github.base_ref || github.event.repository.default_branch }}"
+ RANGE="origin/${BASE_REF}...HEAD"
+ fi
+
+ CHANGED_FILES=$(git diff --name-only "$RANGE")Also applies to: 212-216
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/claude-review-phase2.yml around lines 46 - 48, The
workflow assumes github.base_ref is always present (used to populate BASE_REF
and later in the checkout/diff logic), which is false for issue_comment events;
update the logic that sets BASE_REF/REF so it explicitly handles the
issue_comment case: detect github.event_name == 'issue_comment', retrieve the PR
metadata (e.g., using xt0rted/pull-request-comment-branch or github-script to
read github.event.issue.pull_request or fetch the PR by number) and set BASE_REF
to the PR base ref and set a HEAD_REF (the PR head ref) before the checkout
step; finally ensure the checkout action (the step referencing ref) uses that
explicit ref (HEAD_REF) instead of falling back to main, and apply the same fix
to the other places where BASE_REF/REF are assumed (the other similar blocks).
|
|
||
| - name: Install dependencies | ||
| run: uv sync | ||
| run: uv sync --extra test |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Verify that ruff and mypy are available after installing only test extras
# Check if ruff or mypy are in the main dependencies (not just optional extras)
echo "=== Checking pyproject.toml for ruff and mypy in main dependencies ==="
rg -n "^\s*['\"]ruff" pyproject.toml
rg -n "^\s*['\"]mypy" pyproject.toml
echo ""
echo "=== Checking all optional-dependencies groups ==="
rg -A 20 "^\[project\.optional-dependencies\]" pyproject.toml
echo ""
echo "=== Checking if dev extra includes ruff ==="
rg -A 5 "^dev = \[" pyproject.tomlRepository: Tony363/SuperClaude
Length of output: 868
🌐 Web query:
What is the correct syntax for uv sync to install multiple optional dependency groups, specifically for installing both test and dev extras?
💡 Result:
The correct syntax for uv sync to install multiple optional dependency groups (extras), such as both "test" and "dev", is to repeat the --extra flag for each group: uv sync --extra test --extra dev. "test" and "dev" are typically dependency groups (defined in [dependency-groups] in pyproject.toml per PEP 735), not optional dependencies (extras in [project.optional-dependencies]). For dependency groups, use the repeated --group flag: uv sync --group test --group dev. The dev group is included by default unless --no-dev is used. The query specifies "optional dependency groups" and "test and dev extras", likely referring to extras. Official uv docs confirm --extra can be provided multiple times, analogous to --group which explicitly states "May be provided multiple times." (docs.astral.sh/uv/concepts/projects/sync/, docs.astral.sh/uv/concepts/projects/dependencies/, GitHub issues #8594, CLI help snippets).
Citations:
- 1: https://docs.astral.sh/uv/concepts/projects/dependencies/
- 2: https://docs.astral.sh/uv/concepts/projects/sync/
- 3: https://git.joshthomas.dev/mirrors/uv/src/commit/1ae2c3f14287cfc6b149a442c54347f463a3f878/docs/reference/cli.md
- 4: https://git.joshthomas.dev/mirrors/uv/commit/2dc4fd0a1966e1058ea8a67c4eccce7b84467e95?show-outdated=&style=split&whitespace=ignore-eol
- 5: Add
--groupand--only-grouptouv syncand includes all groups inuv lockastral-sh/uv#8110
🏁 Script executed:
# Check if mypy is used in the workflow
grep -n "mypy" .github/workflows/package-test.yml
# Get the complete test extra definition
rg -A 10 "^test = \[" pyproject.toml
# Verify ruff is in main dependencies
head -70 pyproject.toml | tail -20Repository: Tony363/SuperClaude
Length of output: 668
🏁 Script executed:
# Verify that mypy is truly absent from all dependencies by checking the entire pyproject.toml
cat pyproject.toml | grep -i mypy
# Also check if there might be a requirements file or other dep spec
find . -name "requirements*.txt" -o -name "setup.py" -o -name "setup.cfg" | head -5Repository: Tony363/SuperClaude
Length of output: 81
🏁 Script executed:
# Check requirements.txt for mypy
cat requirements.txt | grep -i mypy
# Show full requirements.txt
cat requirements.txtRepository: Tony363/SuperClaude
Length of output: 284
The --extra test fix is correct for pytest, but mypy is missing from all dependency declarations and will cause workflow failure on Ubuntu.
The change correctly installs pytest and test dependencies. However, line 83 runs uv run mypy . --ignore-missing-imports, but mypy is not declared in dependencies anywhere (main dependencies, optional extras, or requirements.txt). This will cause the workflow to fail on Ubuntu with "mypy not found."
Add mypy to the project dependencies—either the main dependencies or the dev extra, depending on project conventions.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/package-test.yml at line 60, The CI runs "uv run mypy .
--ignore-missing-imports" but mypy is not declared in any dependency set, so add
"mypy" to the project's dependency declarations and ensure it's included in the
"test" extra that the workflow installs with "uv sync --extra test"; update
either requirements.txt, pyproject.toml/dev-dependencies, or the extras named
"test" to include "mypy" (or add it to main deps) so the "uv run mypy .
--ignore-missing-imports" step can find the mypy executable.
Summary
Fixes 3 bugs discovered by triggering all 21 GitHub Actions workflows and analyzing their logs:
github.base_refempty onissue_comment— Phase 1 and Phase 2 review workflows crash withfatal: ambiguous argument 'origin/...HEAD'when triggered byissue_commentevents. AddedBASE_REFshell variable with fallback tomain. (2 files, 6 instances)package-test.ymlpytest not found —uv syncdoesn't install test extras; pytest is in[project.optional-dependencies] test. Changed touv sync --extra test. (1 file)nightly-docs-update.ymlandissue-to-pr.ymlmissing proper secret validation. Added 3-variable shell guard (RUBE_API_TOKEN,SLACK_CHANNEL_ID,RUBE_ENTITY_ID) matching the pattern fromcommit-notifications.yml. (2 files)Files Changed
claude-review-phase1.ymlBASE_REFfallback (2 instances)claude-review-phase2.ymlBASE_REFfallback (4 instances across 2 steps)package-test.ymluv sync→uv sync --extra testnightly-docs-update.ymlif:, add 3-var Slack guardissue-to-pr.ymlTest plan
pull_requestevent (tests normal path)@claude-reviewon PR to triggerissue_commentevent (tests fallback path)--extra test🤖 Generated with Claude Code
Summary by Sourcery
Fix workflow issues in review, test, and notification GitHub Actions uncovered during integration testing.
Bug Fixes:
CI:
Summary by CodeRabbit