Conversation
|
Warning Review limit reached
Next review available in: 18 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
📝 WalkthroughWalkthroughThis PR pins GitHub Actions in merge and verify workflows, adjusts cache version values, adds gated PEP 740 attestation generation steps, and updates release metadata in ChangesCI workflow hardening and release metadata
Estimated code review effort: 2 (Simple) | ~12 minutes Sequence Diagram(s)sequenceDiagram
participant GitHubActionsWorkflow as GitHub Actions workflow
participant CheckPackage as check_package
participant AttestAction as astral-sh/attest-action
participant PyPI as PyPI publish step
GitHubActionsWorkflow->>CheckPackage: read should_publish output
CheckPackage-->>GitHubActionsWorkflow: true
GitHubActionsWorkflow->>AttestAction: generate PEP 740 attestations
AttestAction-->>GitHubActionsWorkflow: attestations ready
GitHubActionsWorkflow->>PyPI: publish package
Possibly related PRs
Suggested labels: Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/verify.yml:
- Around line 191-194: Update the shellcheck workflow to match the other
hardened checkout steps: add persist-credentials: false to the checkout used by
the shellcheck job, and also to the dependencies_check and test-publishing
checkouts. While you’re in the shellcheck job, replace
ludeeus/action-shellcheck@master with a pinned SHA reference so it is no longer
a floating branch. Use the existing checkout/action names to locate the affected
steps and keep the rollout consistent with the ruff and mypy jobs.
- Around line 283-285: The Generate PEP 740 Attestations step is missing the
required paths input for astral-sh/attest-action, so the attestation job cannot
find artifacts automatically. Update the workflow step that uses
astral-sh/attest-action in verify.yml to pass an explicit distribution glob via
paths, using the existing should_publish gate to keep the behavior unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 6c1c8432-a6c5-4b12-9a69-3e074f67e147
📒 Files selected for processing (4)
.github/workflows/merge.yml.github/workflows/verify.ymlCHANGELOG.mdpyproject.toml
| @@ -1,5 +1,11 @@ | |||
| # Changelog | |||
|
|
|||
| ## v1.12.1 | |||
There was a problem hiding this comment.
Why a version-bump? There are no changes to the functional code?
There was a problem hiding this comment.
Or is that to test the release-related update?
There was a problem hiding this comment.
Yes as the attestation needs to be published on PyPi
There was a problem hiding this comment.
Seeing the intent for 1.13 - I can just drop the version increase so we only have testpypi checked and 1.13 being the guinea pig for attestation on release?
There was a problem hiding this comment.
Requires rebasing the others though
bouwew
left a comment
There was a problem hiding this comment.
LGTM besides the version-bump :)
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #891 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 21 21
Lines 3484 3484
=========================================
Hits 3484 3484 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
|
Attestation completed for test PyPI (https://test.pypi.org/project/plugwise/1.12.1a1/#plugwise-1.12.1a1.tar.gz), dropping version in changelog and pyproject |
|



Summary by CodeRabbit
New Features
Chores
1.12.1a0.Documentation
v1.12.1describing the attestations and workflow updates.