Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdd explicit RabbitMQ major.minor versioning: new Changes
Sequence DiagramsequenceDiagram
participant Updater as Update Script (hack/update-versions.sh)
participant GitHub as GitHub Releases API
participant Files as files/versions.yaml
participant Values as values.yaml
participant Chart as Helm Chart (_versions.tpl + rabbitmq.yaml)
participant K8s as Kubernetes API
participant Migration as Migration 34
Updater->>GitHub: GET /repos/rabbitmq/rabbitmq-server/releases?per_page=100
GitHub-->>Updater: releases list (tags)
Updater->>Updater: filter stable tags, pick latest patch per major.minor
Updater->>Files: write files/versions.yaml (v4.2→4.2.4, ...)
Updater->>Values: insert/replace version enum block in values.yaml
Note right of Chart: At deploy time
Chart->>Files: fromYaml files/versions.yaml (rabbitmq.versionMap)
Chart->>Chart: validate .Values.version exists → return patch
Chart->>K8s: create/update RabbitMQCluster with image rabbitmq:<patch>-management
Migration->>K8s: list RabbitMQCluster resources
K8s-->>Migration: resource list
Migration->>Migration: for each resource, if spec.version missing then set "v3.13"
Migration->>K8s: patch resource spec.version
K8s-->>Migration: acknowledge
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello @myasnikovdaniil, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the RabbitMQ application's version management capabilities. It introduces a configurable Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](proxy.php?url=https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a robust and automated version selection mechanism for RabbitMQ. The changes include adding a versions.yaml file to map major.minor versions to their latest patch releases, a new update-versions.sh script to automate fetching and updating these versions from the GitHub API, and integrating this functionality into the Helm chart. The Makefile has been updated with an update target to streamline the version update process. Additionally, the README.md, values.schema.json, and values.yaml files have been updated to expose and document the new version parameter, and the rabbitmq.yaml manifest now dynamically sets the RabbitMQ image tag using a new Helm template. Overall, the implementation is well-structured, enhances maintainability, and provides clear validation for supported versions.
myasnikovdaniil
requested review from
IvanHunters,
androndo,
kvaps,
lexfrei,
lllamnyp and
sircthulhu
as code owners
dosubot
bot
added
size:L
![coderabbitai[bot]](proxy.php?url=https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (2)
packages/core/platform/images/migrations/migrations/33 (1)
60-68: Edge case: image tags without a hyphen suffix.If the image tag doesn't contain a hyphen (e.g.,
rabbitmq:3.13.2instead ofrabbitmq:3.13.2-management), the parameter expansion${TAG%%-*}will return the full tag, which is the desired behavior. However, if the tag format is unexpected (e.g.,latestor a SHA), the version extraction may produce invalid results.Consider adding validation that
VERSIONmatches an expected semver pattern before proceeding.Optional: Add version format validation
# Extract version from image tag, e.g. "rabbitmq:3.13.2-management" -> "3.13.2" TAG="${IMAGE##*:}" # strip repository prefix VERSION="${TAG%%-*}" # strip suffix like "-management" - if [ -z "$VERSION" ]; then + if [ -z "$VERSION" ] || ! echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+'; then echo "ERROR $NS/$CLUSTER_NAME: could not parse version from image '$IMAGE'" >&2 EXIT_CODE=1 continue fi🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/core/platform/images/migrations/migrations/33` around lines 60 - 68, The VERSION extraction from TAG (using TAG="${IMAGE##*:}" and VERSION="${TAG%%-*}") can yield non-semver values (like "latest" or SHAs); add a validation step after that extraction to ensure VERSION matches a semver pattern (e.g., major.minor.patch with optional prerelease/build) and if it does not, echo an error including $IMAGE/$NS/$CLUSTER_NAME to stderr, set EXIT_CODE=1 and continue; update the block around TAG/VERSION to perform this regex check and short-circuit on invalid versions before proceeding.packages/apps/rabbitmq/hack/update-versions.sh (1)
80-81: Use single quotes in trap to delay variable expansion.The trap command expands
$TEMP_FILEimmediately at definition time. While this works here since the variable is already set and doesn't change, using single quotes is the idiomatic approach to ensure expansion happens at signal time.♻️ Proposed fix
TEMP_FILE=$(mktemp) -trap "rm -f $TEMP_FILE" EXIT +trap 'rm -f $TEMP_FILE' EXIT🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/apps/rabbitmq/hack/update-versions.sh` around lines 80 - 81, The trap currently uses double quotes which expands $TEMP_FILE immediately; update the trap invocation that references TEMP_FILE (the line using trap "rm -f $TEMP_FILE" EXIT) to use single quotes so the variable is expanded at signal time (e.g., change the trap argument to a single-quoted string like 'rm -f "$TEMP_FILE"') to delay expansion and follow the idiomatic pattern with mktemp/TEMP_FILE.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/apps/rabbitmq/templates/rabbitmq.yaml`:
- Line 10: The YAML value for the image contains nested double quotes which
break parsing; update the image line so the outer string uses single quotes (or
escape the inner quotes) around the include directive referenced as include
"rabbitmq.versionMap" $ so that image: 'rabbitmq:{{ include
"rabbitmq.versionMap" $ }}-management' (i.e., change the outer quotes to single
quotes to avoid the nested-quote conflict).
In `@packages/core/platform/images/migrations/migrations/33`:
- Line 23: The script tracks EXIT_CODE but never uses it—ensure the migration
only stamps completion on success and exits with the tracked code on failure:
after the blocks that set EXIT_CODE=1 on errors, add logic to check EXIT_CODE
and if non-zero exit with that value (exit $EXIT_CODE) before performing the
migration stamp; alternatively, invert the flow so the stamping step runs only
when EXIT_CODE==0. Reference the EXIT_CODE variable and the migration stamping
step in the script and ensure any early cleanup still runs before exiting.
---
Nitpick comments:
In `@packages/apps/rabbitmq/hack/update-versions.sh`:
- Around line 80-81: The trap currently uses double quotes which expands
$TEMP_FILE immediately; update the trap invocation that references TEMP_FILE
(the line using trap "rm -f $TEMP_FILE" EXIT) to use single quotes so the
variable is expanded at signal time (e.g., change the trap argument to a
single-quoted string like 'rm -f "$TEMP_FILE"') to delay expansion and follow
the idiomatic pattern with mktemp/TEMP_FILE.
In `@packages/core/platform/images/migrations/migrations/33`:
- Around line 60-68: The VERSION extraction from TAG (using TAG="${IMAGE##*:}"
and VERSION="${TAG%%-*}") can yield non-semver values (like "latest" or SHAs);
add a validation step after that extraction to ensure VERSION matches a semver
pattern (e.g., major.minor.patch with optional prerelease/build) and if it does
not, echo an error including $IMAGE/$NS/$CLUSTER_NAME to stderr, set EXIT_CODE=1
and continue; update the block around TAG/VERSION to perform this regex check
and short-circuit on invalid versions before proceeding.
ℹ️ Review info
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (12)
packages/apps/rabbitmq/Chart.yamlpackages/apps/rabbitmq/Makefilepackages/apps/rabbitmq/README.mdpackages/apps/rabbitmq/files/versions.yamlpackages/apps/rabbitmq/hack/update-versions.shpackages/apps/rabbitmq/templates/_versions.tplpackages/apps/rabbitmq/templates/rabbitmq.yamlpackages/apps/rabbitmq/values.schema.jsonpackages/apps/rabbitmq/values.yamlpackages/core/platform/images/migrations/migrations/33packages/core/platform/values.yamlpackages/system/rabbitmq-rd/cozyrds/rabbitmq.yaml
| echo "$1" | awk -F. '{printf "v%s.%s", $1, $2}' | ||
| } | ||
|
|
||
| EXIT_CODE=0 |
There was a problem hiding this comment.
EXIT_CODE is tracked but never used.
The script sets EXIT_CODE=1 on errors (lines 56, 66) but never exits with this value. The migration version is stamped at the end regardless of whether errors occurred, which could mark the migration as complete even when some resources failed to migrate.
Proposed fix to exit with the tracked error code
kubectl create configmap -n cozy-system cozystack-version \
--from-literal=version=34 --dry-run=client -o yaml | kubectl apply -f-
+
+exit $EXIT_CODE🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@packages/core/platform/images/migrations/migrations/33` at line 23, The
script tracks EXIT_CODE but never uses it—ensure the migration only stamps
completion on success and exits with the tracked code on failure: after the
blocks that set EXIT_CODE=1 on errors, add logic to check EXIT_CODE and if
non-zero exit with that value (exit $EXIT_CODE) before performing the migration
stamp; alternatively, invert the flow so the stamping step runs only when
EXIT_CODE==0. Reference the EXIT_CODE variable and the migration stamping step
in the script and ensure any early cleanup still runs before exiting.
5c2e48c to
a94abaa
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
packages/apps/rabbitmq/templates/rabbitmq.yaml (1)
10-10:⚠️ Potential issue | 🔴 CriticalYAML syntax error: nested quotes conflict.
The nested double quotes in the
includedirective conflict with the outer double quotes, causing a YAML parsing error. YAMLlint confirms: "syntax error: expected<block end>, but found<scalar>".Use single quotes for the outer string to avoid the conflict.
🐛 Proposed fix
- image: "rabbitmq:{{ include "rabbitmq.versionMap" $ }}-management" + image: 'rabbitmq:{{ include "rabbitmq.versionMap" $ }}-management'🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/apps/rabbitmq/templates/rabbitmq.yaml` at line 10, Change the outer double quotes around the image string to single quotes to avoid conflicting nested quotes in the Helm template: update the image line that uses the include directive (the expression using include "rabbitmq.versionMap" $) so the outer string uses single quotes (e.g., 'rabbitmq:{{ include "rabbitmq.versionMap" $ }}-management') ensuring valid YAML parsing while keeping the include "rabbitmq.versionMap" $ expression unchanged.
🧹 Nitpick comments (2)
packages/apps/rabbitmq/hack/update-versions.sh (2)
19-26: Consider adding authentication for GitHub API requests.Unauthenticated GitHub API requests are limited to 60 requests per hour. If this script runs frequently in CI or is used by multiple developers, it may hit rate limits. Consider supporting an optional
GITHUB_TOKENenvironment variable.♻️ Proposed enhancement
# Fetch releases from GitHub API echo "Fetching releases from GitHub API..." -RELEASES_JSON=$(curl -sSL "${GITHUB_API_URL}?per_page=100") +CURL_OPTS=(-sSL) +if [ -n "${GITHUB_TOKEN:-}" ]; then + CURL_OPTS+=(-H "Authorization: token ${GITHUB_TOKEN}") +fi +RELEASES_JSON=$(curl "${CURL_OPTS[@]}" "${GITHUB_API_URL}?per_page=100")🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/apps/rabbitmq/hack/update-versions.sh` around lines 19 - 26, The script fetches GitHub releases using an unauthenticated curl call (RELEASES_JSON from GITHUB_API_URL) which can hit rate limits; update the curl invocation in update-versions.sh to optionally use a GITHUB_TOKEN environment variable by adding an Authorization: token header when GITHUB_TOKEN is set (and fall back to the current unauthenticated behavior when not set), ensure the header is injected into the same variable/context that builds RELEASES_JSON, and validate/emit a warning if the token is present but the request still fails so callers know to check token validity.
81-81: Use single quotes in trap to defer variable expansion.ShellCheck SC2064: The
$TEMP_FILEvariable expands when the trap is defined, not when it's triggered. While this works here becauseTEMP_FILEis set before the trap, using single quotes is safer practice and avoids issues if the variable were to change.♻️ Proposed fix
-trap "rm -f $TEMP_FILE" EXIT +trap 'rm -f "$TEMP_FILE"' EXIT🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/apps/rabbitmq/hack/update-versions.sh` at line 81, The trap currently expands $TEMP_FILE when defined (trap "rm -f $TEMP_FILE" EXIT); change it to defer expansion by using single quotes around the trap command so $TEMP_FILE is expanded at trap execution time (i.e., make the trap use single-quoted command string referencing TEMP_FILE) in update-versions.sh.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/core/platform/images/migrations/migrations/34`:
- Around line 57-64: The parsing can mis-handle images without a tag (e.g.,
"rabbitmq") because TAG="${IMAGE##*:}" and VERSION="${TAG%%-*}" may yield the
repository name; update the migration to validate that the extracted VERSION
matches a semver pattern (e.g., major.minor.patch) before using it: after
computing TAG and VERSION, test VERSION against a regex like
^[0-9]+\.[0-9]+\.[0-9]+$ and if it does not match, log an error (using the same
echo format "ERROR $NS/$CLUSTER_NAME: ...") and continue, ensuring images
lacking a proper tag are skipped safely.
---
Duplicate comments:
In `@packages/apps/rabbitmq/templates/rabbitmq.yaml`:
- Line 10: Change the outer double quotes around the image string to single
quotes to avoid conflicting nested quotes in the Helm template: update the image
line that uses the include directive (the expression using include
"rabbitmq.versionMap" $) so the outer string uses single quotes (e.g.,
'rabbitmq:{{ include "rabbitmq.versionMap" $ }}-management') ensuring valid YAML
parsing while keeping the include "rabbitmq.versionMap" $ expression unchanged.
---
Nitpick comments:
In `@packages/apps/rabbitmq/hack/update-versions.sh`:
- Around line 19-26: The script fetches GitHub releases using an unauthenticated
curl call (RELEASES_JSON from GITHUB_API_URL) which can hit rate limits; update
the curl invocation in update-versions.sh to optionally use a GITHUB_TOKEN
environment variable by adding an Authorization: token header when GITHUB_TOKEN
is set (and fall back to the current unauthenticated behavior when not set),
ensure the header is injected into the same variable/context that builds
RELEASES_JSON, and validate/emit a warning if the token is present but the
request still fails so callers know to check token validity.
- Line 81: The trap currently expands $TEMP_FILE when defined (trap "rm -f
$TEMP_FILE" EXIT); change it to defer expansion by using single quotes around
the trap command so $TEMP_FILE is expanded at trap execution time (i.e., make
the trap use single-quoted command string referencing TEMP_FILE) in
update-versions.sh.
ℹ️ Review info
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (12)
packages/apps/rabbitmq/Chart.yamlpackages/apps/rabbitmq/Makefilepackages/apps/rabbitmq/README.mdpackages/apps/rabbitmq/files/versions.yamlpackages/apps/rabbitmq/hack/update-versions.shpackages/apps/rabbitmq/templates/_versions.tplpackages/apps/rabbitmq/templates/rabbitmq.yamlpackages/apps/rabbitmq/values.schema.jsonpackages/apps/rabbitmq/values.yamlpackages/core/platform/images/migrations/migrations/34packages/core/platform/values.yamlpackages/system/rabbitmq-rd/cozyrds/rabbitmq.yaml
🚧 Files skipped from review as they are similar to previous changes (7)
- packages/apps/rabbitmq/Makefile
- packages/apps/rabbitmq/files/versions.yaml
- packages/apps/rabbitmq/templates/_versions.tpl
- packages/core/platform/values.yaml
- packages/apps/rabbitmq/Chart.yaml
- packages/apps/rabbitmq/values.schema.json
- packages/apps/rabbitmq/README.md
| # Extract version from image tag, e.g. "rabbitmq:3.13.2-management" -> "3.13.2" | ||
| TAG="${IMAGE##*:}" # strip repository prefix | ||
| VERSION="${TAG%%-*}" # strip suffix like "-management" | ||
|
|
||
| if [ -z "$VERSION" ]; then | ||
| echo "ERROR $NS/$CLUSTER_NAME: could not parse version from image '$IMAGE'" >&2 | ||
| continue | ||
| fi |
There was a problem hiding this comment.
Edge case: image format without colon could yield incorrect version.
If IMAGE doesn't contain a colon (e.g., rabbitmq without a tag), TAG="${IMAGE##*:}" will return the entire image string, and VERSION="${TAG%%-*}" may extract an invalid version like rabbitmq.
Consider adding validation that the extracted version matches expected semver pattern before proceeding.
🛡️ Proposed fix to validate version format
# Extract version from image tag, e.g. "rabbitmq:3.13.2-management" -> "3.13.2"
TAG="${IMAGE##*:}" # strip repository prefix
VERSION="${TAG%%-*}" # strip suffix like "-management"
- if [ -z "$VERSION" ]; then
+ if [ -z "$VERSION" ] || ! echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+'; then
echo "ERROR $NS/$CLUSTER_NAME: could not parse version from image '$IMAGE'" >&2
continue
fi🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@packages/core/platform/images/migrations/migrations/34` around lines 57 - 64,
The parsing can mis-handle images without a tag (e.g., "rabbitmq") because
TAG="${IMAGE##*:}" and VERSION="${TAG%%-*}" may yield the repository name;
update the migration to validate that the extracted VERSION matches a semver
pattern (e.g., major.minor.patch) before using it: after computing TAG and
VERSION, test VERSION against a regex like ^[0-9]+\.[0-9]+\.[0-9]+$ and if it
does not match, log an error (using the same echo format "ERROR
$NS/$CLUSTER_NAME: ...") and continue, ensuring images lacking a proper tag are
skipped safely.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/core/platform/images/migrations/migrations/34`:
- Line 17: The kubectl list command currently swallows errors via "2>/dev/null"
which can make the migration think it handled resources when it actually listed
nothing; remove the stderr redirection from the resource loop (the for resource
in $(kubectl get rabbitmqs.apps.cozystack.io -A -o jsonpath=...) line) and add
an explicit CRD existence check (run kubectl get crd rabbitmqs.apps.cozystack.io
and if the CRD is absent, treat as a genuine no-op and exit successfully),
otherwise perform the kubectl get list without redirecting stderr and check its
exit status (fail-fast and exit non-zero on error) so the subsequent stamping
code (the migration stamp at the lines that write/version-stamp version 35) only
runs when the listing succeeded.
Signed-off-by: Myasnikov Daniil <[email protected]>
myasnikovdaniil
force-pushed
the
update-rabbitmq
branch
from
8409e3c to
dc5c3dc
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/apps/rabbitmq/hack/update-versions.sh`:
- Around line 21-31: The script currently uses curl -sSL to populate
RELEASES_JSON and then parses it, but curl does not treat HTTP errors as
failures so error/rate-limit responses get parsed; update the fetch logic that
sets RELEASES_JSON to check curl's HTTP status and exit on non-2xx responses
(capture HTTP status or use --fail/--show-error), validate RELEASES_JSON is
valid JSON before piping to jq, and surface a clear error via stderr if the
request failed or returned invalid JSON; key symbols to change: RELEASES_JSON
assignment, GITHUB_API_URL usage, and the later check that references
RELEASES_JSON and RELEASE_TAGS.
ℹ️ Review info
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (12)
packages/apps/rabbitmq/Chart.yamlpackages/apps/rabbitmq/Makefilepackages/apps/rabbitmq/README.mdpackages/apps/rabbitmq/files/versions.yamlpackages/apps/rabbitmq/hack/update-versions.shpackages/apps/rabbitmq/templates/_versions.tplpackages/apps/rabbitmq/templates/rabbitmq.yamlpackages/apps/rabbitmq/values.schema.jsonpackages/apps/rabbitmq/values.yamlpackages/core/platform/images/migrations/migrations/34packages/core/platform/values.yamlpackages/system/rabbitmq-rd/cozyrds/rabbitmq.yaml
🚧 Files skipped from review as they are similar to previous changes (7)
- packages/core/platform/images/migrations/migrations/34
- packages/apps/rabbitmq/templates/_versions.tpl
- packages/core/platform/values.yaml
- packages/apps/rabbitmq/values.schema.json
- packages/system/rabbitmq-rd/cozyrds/rabbitmq.yaml
- packages/apps/rabbitmq/files/versions.yaml
- packages/apps/rabbitmq/README.md
| RELEASES_JSON=$(curl -sSL "${GITHUB_API_URL}?per_page=100") | ||
|
|
||
| if [ -z "$RELEASES_JSON" ]; then | ||
| echo "Error: Could not fetch releases from GitHub API" >&2 | ||
| exit 1 | ||
| fi | ||
|
|
||
| # Extract stable release tags (format: v3.13.7, v4.0.3, etc.) | ||
| # Filter out pre-releases and draft releases | ||
| RELEASE_TAGS=$(echo "$RELEASES_JSON" | jq -r '.[] | select(.prerelease == false) | select(.draft == false) | .tag_name' | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | sort -V) | ||
|
|
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
file=$(fd 'update-versions.sh$' | grep 'packages/apps/rabbitmq/hack/update-versions.sh')
echo "Inspecting $file"
# Verify current fetch flags and missing response-shape guard.
rg -n --fixed-strings 'curl -sSL "${GITHUB_API_URL}?per_page=100"' "$file"
rg -n --fixed-strings "type == \"array\"" "$file" || trueRepository: cozystack/cozystack
Length of output: 183
Handle HTTP/API failures explicitly before parsing release JSON.
At Line 21, curl -sSL does not fail on HTTP errors. Rate-limit/error payloads can flow into parsing and fail later with less clear diagnostics.
🐛 Proposed fix
-RELEASES_JSON=$(curl -sSL "${GITHUB_API_URL}?per_page=100")
+RELEASES_JSON=$(curl --fail-with-body -sSL "${GITHUB_API_URL}?per_page=100")
+
+if ! echo "$RELEASES_JSON" | jq -e 'type == "array"' >/dev/null; then
+ echo "Error: GitHub API returned a non-release payload" >&2
+ exit 1
+fi🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@packages/apps/rabbitmq/hack/update-versions.sh` around lines 21 - 31, The
script currently uses curl -sSL to populate RELEASES_JSON and then parses it,
but curl does not treat HTTP errors as failures so error/rate-limit responses
get parsed; update the fetch logic that sets RELEASES_JSON to check curl's HTTP
status and exit on non-2xx responses (capture HTTP status or use
--fail/--show-error), validate RELEASES_JSON is valid JSON before piping to jq,
and surface a clear error via stderr if the request failed or returned invalid
JSON; key symbols to change: RELEASES_JSON assignment, GITHUB_API_URL usage, and
the later check that references RELEASES_JSON and RELEASE_TAGS.
3 participants
What this PR does
Release note
Summary by CodeRabbit
New Features
Chores
Migration