Fix problems with GitHub actions

[alexeyr-ci]

Summary

Fixes:

• String comparison of versions instead of a numeric one.
• Deprecated commands.

Also adds Actionlint to CI to prefer future problems.

Pull Request checklist

• Add/update test to cover these changes
• Update documentation
• Update CHANGELOG file

Other Information

A rare case where CodeRabbit gave useful suggestions on a previous PR (thanks to running actionlint itself 😄)

---

This change is 

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions workflow files to use modern syntax for setting output variables
  • Removed Travis CI configuration file
  • Removed CircleCI configuration file
  • Added linting step for GitHub Actions workflow files
  • Improved error handling for Ruby Gems installation
  • Enhanced version checking and step ordering in CI workflows
  • Introduced a new problem matcher configuration for actionlint

[coderabbitai]

Warning

Rate limit exceeded

@alexeyr-ci has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 19 minutes and 49 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 8ee607c and a6c16a7.

📒 Files selected for processing (1)

• .github/workflows/lint-js-and-ruby.yml (2 hunks)

Walkthrough

The pull request introduces updates to GitHub Actions workflow files, focusing on modernizing the syntax for setting output variables and enhancing workflow configurations. The changes primarily involve replacing the deprecated ::set-output command with the $GITHUB_OUTPUT environment variable method. Additionally, a new linting step for GitHub Actions files has been added, and both the Travis CI and CircleCI configuration files have been completely removed, indicating a shift in the project's continuous integration strategy.

Changes

File	Change Summary
.github/workflows/examples.yml	Updated SHA output setting from deprecated ::set-output to $GITHUB_OUTPUT. Refactored Ruby Gems installation to include a conditional check.
.github/workflows/lint-js-and-ruby.yml	Added new "Lint GitHub Actions" step to check and lint workflow files. Updated Ruby Gems installation command with a conditional check. Adjusted RAILS_ENV variable quoting.
.github/workflows/main.yml	Updated SHA output method, modified Chrome version check operator, adjusted Ruby Gems installation command, and improved step order.
.travis.yml	Completely removed Travis CI configuration file.
.circleci/config.yml	Completely removed CircleCI configuration file.
.github/actionlint-matcher.json	Added new problem matcher configuration for actionlint.

Poem

🐰 In workflows bright, we hop and play,
Old commands fade, new paths lay.
Linting with care, our code takes flight,
Travis and CircleCI bid goodnight.
With GitHub Actions, we leap with delight! 🚀

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.github/workflows/lint-js-and-ruby.yml (1)

68-75: LGTM! Consider caching the Actionlint binary.

The Actionlint integration is well implemented, with proper conditional execution. However, downloading Actionlint on every workflow run could be optimized.

Consider caching the Actionlint binary using GitHub's cache action:

    - name: Lint GitHub Actions
      # We only download and run Actionlint if there is any difference in GitHub Action workflows
+     id: check-workflows
      run: |
        if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q '^.github/workflows'; then
+         echo "changed=true" >> $GITHUB_OUTPUT
+       fi
+     shell: bash
+   - name: Setup Actionlint
+     if: steps.check-workflows.outputs.changed == 'true'
+     uses: actions/cache@v4
+     id: cache-actionlint
+     with:
+       path: ./actionlint
+       key: ${{ runner.os }}-actionlint-${{ hashFiles('.github/workflows/**') }}
+   - name: Download Actionlint
+     if: steps.check-workflows.outputs.changed == 'true' && steps.cache-actionlint.outputs.cache-hit != 'true'
+     run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
+   - name: Run Actionlint
+     if: steps.check-workflows.outputs.changed == 'true'
+     run: ./actionlint -color

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 00a570e and a26fd57.

📒 Files selected for processing (4)

• .github/workflows/examples.yml (1 hunks)
• .github/workflows/lint-js-and-ruby.yml (1 hunks)
• .github/workflows/main.yml (3 hunks)
• .travis.yml (0 hunks)

💤 Files with no reviewable changes (1)

• .travis.yml

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/examples.yml

64-64: shellcheck reported issue in this script: SC2086:info:1:37: Double quote to prevent globbing and word splitting

(shellcheck)

.github/workflows/main.yml

76-76: shellcheck reported issue in this script: SC2086:info:1:37: Double quote to prevent globbing and word splitting

(shellcheck)

---

136-136: shellcheck reported issue in this script: SC2086:info:1:37: Double quote to prevent globbing and word splitting

(shellcheck)

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: build-dummy-app-webpack-test-bundles (newest)
• GitHub Check: rspec-package-tests (newest)
• GitHub Check: rspec-package-tests (oldest)
• GitHub Check: build-dummy-app-webpack-test-bundles (oldest)
• GitHub Check: build

🔇 Additional comments (1)

.github/workflows/main.yml (1)

161-161: LGTM! Correct fix for version comparison.

The change from < to -lt properly fixes the string comparison to numeric comparison for Chrome versions.

[coderabbitai]

🛠️ Refactor suggestion

Quote the command substitution in the echo statement.

While the migration from ::set-output to $GITHUB_OUTPUT is correct, the command substitution should be quoted to prevent word splitting and globbing.

Apply this fix:

-      run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+      run: echo "sha=\"$(git rev-parse HEAD)\"" >> $GITHUB_OUTPUT

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
	run: echo "sha=\"$(git rev-parse HEAD)\"" >> $GITHUB_OUTPUT

🧰 Tools

🪛 actionlint (1.7.4)

64-64: shellcheck reported issue in this script: SC2086:info:1:37: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

🛠️ Refactor suggestion

Quote the command substitution in both echo statements.

Similar to examples.yml, the command substitutions should be quoted in both SHA output steps.

Apply this fix to both locations:

-      run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+      run: echo "sha=\"$(git rev-parse HEAD)\"" >> $GITHUB_OUTPUT

Also applies to: 136-136

🧰 Tools

🪛 actionlint (1.7.4)

76-76: shellcheck reported issue in this script: SC2086:info:1:37: Double quote to prevent globbing and word splitting

(shellcheck)

[alexeyr-ci]

I think even if we ever want to switch back, the starting point should be actually maintained GitHub Actions workflows instead of this.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/actionlint-matcher.json (1)

7-7: Consider adding documentation for the regex pattern.

The regex pattern is complex and handles various edge cases. Consider adding comments to explain:

1. The purpose of ANSI color code handling ((?:\\x1b\\[\\d+m)?)
2. Example matches to demonstrate the pattern

Add documentation above the pattern:

 {
   "problemMatcher": [
     {
       "owner": "actionlint",
       "pattern": [
         {
+          "// Matches actionlint output format with ANSI color codes",
+          "// Example match: 'workflow.yml:10:5: Error in workflow [E001]'",
           "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$",

.github/workflows/main.yml (1)

70-75: Consider refactoring duplicated bundle installation logic.

The bundle installation logic is duplicated in three places. Consider creating a reusable composite action to reduce duplication.

Example composite action:

# .github/actions/bundle-install/action.yml
name: 'Bundle Install'
description: 'Install Ruby gems with caching'
inputs:
  working-directory:
    description: 'Directory to run bundle install in'
    required: false
    default: '.'
runs:
  using: "composite"
  steps:
    - shell: bash
      working-directory: ${{ inputs.working-directory }}
      run: |
        bundle lock --add-platform 'x86_64-linux'
        if ! bundle check --path=vendor/bundle; then
          bundle _2.5.9_ install --path=vendor/bundle --jobs=4 --retry=3
        fi

Usage:

-    - name: Install Ruby Gems for dummy app
-      run: |
-        cd spec/dummy
-        bundle lock --add-platform 'x86_64-linux'
-        if ! bundle check --path=vendor/bundle; then
-          bundle _2.5.9_ install --path=vendor/bundle --jobs=4 --retry=3
-        fi
+    - name: Install Ruby Gems for dummy app
+      uses: ./.github/actions/bundle-install
+      with:
+        working-directory: spec/dummy

Also applies to: 158-162, 164-169

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a26fd57 and 5e5c6e2.

📒 Files selected for processing (6)

• .circleci/config.yml (0 hunks)
• .github/actionlint-matcher.json (1 hunks)
• .github/workflows/examples.yml (1 hunks)
• .github/workflows/lint-js-and-ruby.yml (2 hunks)
• .github/workflows/main.yml (4 hunks)
• .travis.yml (0 hunks)

💤 Files with no reviewable changes (2)

• .circleci/config.yml
• .travis.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/lint-js-and-ruby.yml

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/examples.yml

64-64: shellcheck reported issue in this script: SC2086:info:1:41: Double quote to prevent globbing and word splitting

(shellcheck)

.github/workflows/main.yml

81-81: shellcheck reported issue in this script: SC2086:info:1:41: Double quote to prevent globbing and word splitting

(shellcheck)

---

141-141: shellcheck reported issue in this script: SC2086:info:1:41: Double quote to prevent globbing and word splitting

(shellcheck)

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: rspec-package-tests (newest)
• GitHub Check: build-dummy-app-webpack-test-bundles (newest)
• GitHub Check: build
• GitHub Check: build-dummy-app-webpack-test-bundles (oldest)
• GitHub Check: rspec-package-tests (oldest)

🔇 Additional comments (3)

.github/actionlint-matcher.json (1)

1-17: LGTM! The problem matcher configuration is well-structured.

The implementation correctly handles ANSI color codes and captures all necessary components for error reporting.

.github/workflows/examples.yml (1)

64-64: LGTM! Well-structured workflow improvements.

The changes improve the workflow by:

1. Using the modern $GITHUB_OUTPUT syntax for setting outputs
2. Adding conditional bundle installation to optimize CI performance

Also applies to: 72-76

🧰 Tools

🪛 actionlint (1.7.4)

64-64: shellcheck reported issue in this script: SC2086:info:1:41: Double quote to prevent globbing and word splitting

(shellcheck)

.github/workflows/main.yml (1)

77-77: LGTM! Workflow syntax and logic improvements.

The changes correctly:

1. Use modern $GITHUB_OUTPUT syntax
2. Use proper numeric comparison with -lt
3. Use consistent quoting for environment variables

Also applies to: 79-79, 81-81, 141-141, 175-175, 185-185

[alexeyr-ci]

I don't like this duplication across workflow files, but I checked https://docs.github.com/en/actions/sharing-automations/avoiding-duplication and the setup there seems even worse.

[alexeyr-ci]

Should info messages be included as well? I fixed them in this PR, and GH Actions problem matchers only support warning and error as severities.

[alexeyr-ci]

.github/workflows/lint-js-and-ruby.yml (1)> 68-75: LGTM! Consider caching the Actionlint binary.

The Actionlint integration is well implemented, with proper conditional execution. However, downloading Actionlint on every workflow run could be optimized.
Consider caching the Actionlint binary using GitHub's cache action:

    - name: Lint GitHub Actions
      # We only download and run Actionlint if there is any difference in GitHub Action workflows
+     id: check-workflows
      run: |
        if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q '^.github/workflows'; then
+         echo "changed=true" >> $GITHUB_OUTPUT
+       fi
+     shell: bash
+   - name: Setup Actionlint
+     if: steps.check-workflows.outputs.changed == 'true'
+     uses: actions/cache@v4
+     id: cache-actionlint
+     with:
+       path: ./actionlint
+       key: ${{ runner.os }}-actionlint-${{ hashFiles('.github/workflows/**') }}
+   - name: Download Actionlint
+     if: steps.check-workflows.outputs.changed == 'true' && steps.cache-actionlint.outputs.cache-hit != 'true'
+     run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
+   - name: Run Actionlint
+     if: steps.check-workflows.outputs.changed == 'true'
+     run: ./actionlint -color

This looks like a good idea, though ${{ hashFiles('.github/workflows/**') }} is wrong. What I'd need to do instead is get the latest version number and use that as a part of the cache key.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a2ed178 and 8ee607c.

📒 Files selected for processing (6)

• .circleci/config.yml (0 hunks)
• .github/actionlint-matcher.json (1 hunks)
• .github/workflows/examples.yml (1 hunks)
• .github/workflows/lint-js-and-ruby.yml (2 hunks)
• .github/workflows/main.yml (4 hunks)
• .travis.yml (0 hunks)

💤 Files with no reviewable changes (2)

• .circleci/config.yml
• .travis.yml

🚧 Files skipped from review as they are similar to previous changes (3)

• .github/workflows/examples.yml
• .github/workflows/main.yml
• .github/actionlint-matcher.json

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: build-dummy-app-webpack-test-bundles (newest)
• GitHub Check: rspec-package-tests (newest)
• GitHub Check: rspec-package-tests (oldest)
• GitHub Check: build
• GitHub Check: build-dummy-app-webpack-test-bundles (oldest)

🔇 Additional comments (4)

.github/workflows/lint-js-and-ruby.yml (4)

55-60: LGTM! Improved bundle install efficiency.

The refactored installation script with conditional checking and platform locking is a good improvement for efficiency and consistency.

---

62-62: LGTM! Proper environment variable quoting.

Good practice to quote the RAILS_ENV value to prevent potential shell interpretation issues.

---

97-98: LGTM! Good error reporting setup.

The problem matcher configuration and colored output will improve the visibility of linting issues in the GitHub Actions UI.

---

92-93: Consider security implications of curl | bash pattern.

The current pattern of downloading and executing a script directly from the internet poses security risks. Consider:

1. Downloading the script first
2. Verifying its checksum
3. Then executing it

✅ Verification successful

The current implementation is secure enough for CI/CD usage

While the curl|bash pattern can be risky, this specific implementation is secure because it:

• Downloads from GitHub's release infrastructure using HTTPS
• Uses immutable, signed release artifacts
• Is widely adopted (2.9k+ stars) and actively maintained

The script includes proper error handling and validation, making it suitable for CI/CD environments. If additional security is desired, you could pin to a specific version instead of using the latest.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if the download script has changed recently
# This helps verify if we need to update our security review

curl -sI https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash | grep -i 'last-modified'

Length of output: 123

---

Script:

#!/bin/bash
# Fetch and examine the download script
echo "=== Download Script Content ==="
curl -s https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash

echo -e "\n=== GitHub Repository Stats ==="
gh repo view rhysd/actionlint --json stargazerCount,updatedAt

echo -e "\n=== Usage in Popular Repositories ==="
# Search for repositories using this script in their workflows
gh search code "curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash" --limit 5

Length of output: 5374

[coderabbitai]

⚠️ Potential issue

Add error handling for push events.

The git fetch command will fail for push events as github.event.pull_request.base.sha is only available in pull_request events. Consider adding a condition:

-git fetch origin ${{ github.event.pull_request.base.sha }}
-if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q '^.github/workflows'; then
+if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+  git fetch origin ${{ github.event.pull_request.base.sha }}
+  base_sha="${{ github.event.pull_request.base.sha }}"
+else
+  git fetch origin ${{ github.event.before }}
+  base_sha="${{ github.event.before }}"
+fi
+if git diff --name-only "$base_sha" ${{ github.sha }} | grep -q '^.github/workflows'; then

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	git fetch origin ${{ github.event.pull_request.base.sha }}
	if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q '^.github/workflows'; then
	echo "changed=true" >> "$GITHUB_OUTPUT"
	actionlint_version=$(curl -s https://api.github.com/repos/rhysd/actionlint/releases/latest | jq -r .tag_name)
	echo "actionlint_version=\"$actionlint_version\"" >> "$GITHUB_OUTPUT"
	fi
	if [[ "${{ github.event_name }}" == "pull_request" ]]; then
	git fetch origin ${{ github.event.pull_request.base.sha }}
	base_sha="${{ github.event.pull_request.base.sha }}"
	else
	git fetch origin ${{ github.event.before }}
	base_sha="${{ github.event.before }}"
	fi
	if git diff --name-only "$base_sha" ${{ github.sha }} | grep -q '^.github/workflows'; then
	echo "changed=true" >> "$GITHUB_OUTPUT"
	actionlint_version=$(curl -s https://api.github.com/repos/rhysd/actionlint/releases/latest | jq -r .tag_name)
	echo "actionlint_version=\"$actionlint_version\"" >> "$GITHUB_OUTPUT"
	fi