[#556] Improve Workflow by Adding Initial Danger Job

[thinh2k1310]

• Close Improve Workflow by Adding Initial Danger Job #556

What happened 👀

• Move early check danger jobs: check big PRs, missing label, swiftformat, and swiftlint to a new file EarlyDangerfile.
• Run early_review job at the initial of automatic_pull_request_review workflow.
• Correct bundle install command.

Insight 📝

N/A

Proof Of Work 📹

Summary by CodeRabbit

• Chores
  • Reorganized PR review pipeline into distinct early and post-build stages for faster feedback.
  • Early stage adds quick repository checks: PR size and missing-label warnings, plus formatting and lint checks.
  • Post-build stage runs build/tests and performs Xcode-focused validations and coverage reporting after successful compilation.

[coderabbitai]

📝 Walkthrough

Walkthrough

The CI workflow is split into two jobs: early_review runs pre-build checks using a new template/EarlyDangerfile, and build_and_test (dependent on early_review) performs full checkout, build/test, cache restore, and a post-build Danger review using template/Dangerfile.

Changes

Cohort / File(s)	Summary
CICD Template — self-hosted workflow ./.cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml	Replaced single review_pull_request job with early_review (runs Danger with --dangerfile=template/EarlyDangerfile) and new build_and_test job (needs early_review); adjusted Bundler setup and step names.
CICD Template — workflow ./.cicdtemplate/.github/workflows/automatic_pull_request_review.yml	Mirrors split into early_review and build_and_test; build_and_test performs full checkout (fetch-depth: 0), cache restore, build/test (arkana/fastlane), and post-build bundle exec danger. Bundler install command standardized.
Danger configuration (post-build) template/Dangerfile	Removed pre-build guidance checks and SwiftFormat/SwiftLint steps; updated to focus on Xcode artifacts, filter xcode_summary by changed files, and run xcov.report for coverage markdown output.
Early Dangerfile (new) template/EarlyDangerfile	New file added: emits warnings for PRs >500 lines or missing labels; runs swiftformat.check_format (excludes generated files) and swiftlint.lint_files in strict/inline mode with a 20-violation cap.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub Actions
    participant Setup as ./ .github/actions/setup-ci-environment
    participant DangerEarly as Danger (EarlyDangerfile)
    participant Checkout as actions/checkout
    participant Cache as Cache
    participant Build as Build/Test (arkana/fastlane)
    participant DangerPost as Danger (Dangerfile)

    Dev->>GH: Push PR / open PR
    GH->>Setup: early_review -> setup CI env
    Setup-->>GH: CI env ready
    GH->>DangerEarly: run bundle exec danger --dangerfile=template/EarlyDangerfile
    DangerEarly-->>GH: early feedback (warnings/errors)

    GH->>Checkout: build_and_test (needs: early_review) -> full checkout
    GH->>Cache: restore vendor/bundle
    GH->>Setup: setup CI env
    Setup-->>GH: CI env ready
    GH->>Build: run build & tests (arkana / fastlane)
    Build-->>GH: build/test results, artifacts
    GH->>DangerPost: run bundle exec danger (post-build)
    DangerPost-->>GH: post-build PR review comments

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested reviewers

• suho
• patcharapon-j
• nmint8m
• Shayokh144
• Thieurom
• markgravity
• minhnimble
• dquangit
• vnntsu

Poem

🐰 I hopped into CI to split the review,
Early lint and labels now catch what’s askew.
I nibble on format, I sniff out mistakes,
Then build runs its course, and coverage awakes—
Tiny paws, big checks, a brighter PR view. 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding an initial Danger job to improve the workflow, which matches the primary objective.
Description check	✅ Passed	The description covers required sections (What happened, linked issue), clearly explains the changes made, and includes proof of work with a screenshot showing successful workflow execution.
Linked Issues check	✅ Passed	The pull request successfully implements issue #556 requirements by moving early Danger checks to EarlyDangerfile and running early_review job before build/test in both workflows.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with issue #556 objectives: moving early checks to EarlyDangerfile, adding early_review job, and correcting bundle install commands across both workflows.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/#556-add-initial-danger-job

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml (1)

62-71: ⚠️ Potential issue | 🟡 Minor

Remove the redundant Bundle install step — it duplicates setup-ci-environment.

setup-ci-environment at lines 56‑60 already executes bundle config set --local path 'vendor/bundle' && bundle install via its bundle-install-command input (see .cicdtemplate/.github/actions/setup-ci-environment/action.yml lines 43‑47). Running it again here is wasted time on every PR and is inconsistent with the GitHub-hosted workflow, which correctly omits this step.

🔧 Proposed fix

     - name: Setup ENV file
       env:
         ENV: ${{ secrets.ENV }}
       run: |
         touch .env
         echo $ENV | base64 --decode > .env

-    - name: Bundle install
-      run: bundle config set --local path 'vendor/bundle' && bundle install
-
     - name: Run Arkana
       run: bundle exec arkana

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
@.cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml
around lines 62 - 71, Remove the redundant "Bundle install" step from the
workflow: delete the job step whose name is "Bundle install" (the one running
"bundle config set --local path 'vendor/bundle' && bundle install") because
setup-ci-environment already runs bundler via its bundle-install-command input;
keep the preceding "Setup ENV file" step and rely on the existing
setup-ci-environment action instead of duplicating bundler installation.

🧹 Nitpick comments (2)

.cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml (1)

39-60: Same DRY opportunity as the hosted workflow.

The checkout + cache + setup-ci-environment prelude is duplicated across early_review and build_and_test. Consider sharing it via a composite action or reusable workflow alongside the equivalent change in .cicdtemplate/.github/workflows/automatic_pull_request_review.yml to keep both variants in sync.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
@.cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml
around lines 39 - 60, The checkout + cache + setup sequence is duplicated
between the early_review and build_and_test jobs (the actions/checkout step,
actions/cache with id bundlerCache, and the "Setup CI environment" step that
uses ./.github/actions/setup-ci-environment); extract these shared steps into a
single reusable unit (either a composite action or a reusable workflow) and
replace the duplicated blocks in both jobs with a call to that new reusable
action/workflow, ensuring the bundle-install-command and bundler-cache inputs
are forwarded so behavior remains identical; also update
.cicdtemplate/.github/workflows/automatic_pull_request_review.yml to use the
same reusable unit so hosted and self-hosted variants stay in sync.

.cicdtemplate/.github/workflows/automatic_pull_request_review.yml (1)

12-60: Optional: reduce duplication between early_review and build_and_test.

Both jobs repeat the same checkout, Bundler cache, and setup-ci-environment block. Consider wrapping the shared prelude in a small composite action (e.g., ./.github/actions/prepare-danger-env) or reusable workflow so any future change (pinning, cache key, input) only needs to happen in one place. Keeping the two jobs separate is still fine since they run sequentially via needs: — this is a maintainability nit, not a blocker.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.cicdtemplate/.github/workflows/automatic_pull_request_review.yml around
lines 12 - 60, The two jobs early_review and build_and_test duplicate the same
checkout, actions/cache, and uses: ./.github/actions/setup-ci-environment steps;
extract those shared steps into a small composite action (e.g.,
./.github/actions/prepare-ci or a reusable workflow) that performs the checkout,
Bundler cache setup, and calls the existing setup-ci-environment inputs, then
replace the duplicated blocks in both early_review and build_and_test with a
single step that calls the new composite action so future changes to checkout,
cache keys, or bundle-install-command are made in one place.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In
@.cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml:
- Around line 62-71: Remove the redundant "Bundle install" step from the
workflow: delete the job step whose name is "Bundle install" (the one running
"bundle config set --local path 'vendor/bundle' && bundle install") because
setup-ci-environment already runs bundler via its bundle-install-command input;
keep the preceding "Setup ENV file" step and rely on the existing
setup-ci-environment action instead of duplicating bundler installation.

---

Nitpick comments:
In
@.cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml:
- Around line 39-60: The checkout + cache + setup sequence is duplicated between
the early_review and build_and_test jobs (the actions/checkout step,
actions/cache with id bundlerCache, and the "Setup CI environment" step that
uses ./.github/actions/setup-ci-environment); extract these shared steps into a
single reusable unit (either a composite action or a reusable workflow) and
replace the duplicated blocks in both jobs with a call to that new reusable
action/workflow, ensuring the bundle-install-command and bundler-cache inputs
are forwarded so behavior remains identical; also update
.cicdtemplate/.github/workflows/automatic_pull_request_review.yml to use the
same reusable unit so hosted and self-hosted variants stay in sync.

In @.cicdtemplate/.github/workflows/automatic_pull_request_review.yml:
- Around line 12-60: The two jobs early_review and build_and_test duplicate the
same checkout, actions/cache, and uses: ./.github/actions/setup-ci-environment
steps; extract those shared steps into a small composite action (e.g.,
./.github/actions/prepare-ci or a reusable workflow) that performs the checkout,
Bundler cache setup, and calls the existing setup-ci-environment inputs, then
replace the duplicated blocks in both early_review and build_and_test with a
single step that calls the new composite action so future changes to checkout,
cache keys, or bundle-install-command are made in one place.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c2e95732-59cf-4357-a17f-0bedbf950fd4

📥 Commits

Reviewing files that changed from the base of the PR and between da5d9e5 and 87c8da6.

📒 Files selected for processing (4)

• .cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml
• .cicdtemplate/.github/workflows/automatic_pull_request_review.yml
• template/Dangerfile
• template/EarlyDangerfile

[ducbm051291]

LGTM

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

.cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml (2)

12-13: Job name and step name collide.

The job name on line 13 (Early PR review by Danger) is identical to the step name on line 34. In the GitHub Actions UI this renders as Early PR review by Danger / Early PR review by Danger, which is visually confusing. Consider renaming the job to something action-oriented (matching build_and_test style) or dropping the step name so the run step inherits its command.

♻️ Proposed fix

   early_review:
-    name: Early PR review by Danger
+    name: Early review
     runs-on: [self-hosted, macOS]

Also applies to: 34-34

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
@.cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml
around lines 12 - 13, The job name "early_review" currently sets the UI job
display to "Early PR review by Danger" which duplicates the step name "Early PR
review by Danger"; to fix, change the job's display name or the step name so
they don't collide—either rename the job display to an action-oriented
identifier (e.g., change the name value under the early_review job from "Early
PR review by Danger" to something like "run_early_review" or "early_pr_review")
or remove/rename the step's name so the run step inherits its command; update
the YAML entry for the early_review job and the step that currently uses the
same literal to ensure unique, non-duplicated display strings.

---

56-70: Redundant bundle install — Setup CI environment already runs it.

The Setup CI environment composite action at lines 56–60 is invoked with bundler-cache: "false" and an explicit bundle-install-command, so (per the action's run-bundle-install default of "true") it will already execute bundle config set --local path 'vendor/bundle' && bundle install. The standalone Bundle install step at lines 69–70 re-runs the exact same command on a self-hosted macOS runner, wasting CI time with no functional gain.

The same pattern exists in the new early_review job (lines 28–32) and doesn't have a duplicate step there, confirming the inconsistency.

♻️ Proposed fix — drop the duplicate step

-    - name: Bundle install
-      run: bundle config set --local path 'vendor/bundle' && bundle install
-
     - name: Run Arkana
       run: bundle exec arkana

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
@.cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml
around lines 56 - 70, Remove the redundant standalone "Bundle install" step that
repeats the bundle install command already executed by the "Setup CI
environment" composite action (invoked with bundler-cache: "false" and
bundle-install-command), and likewise remove any duplicate bundle install step
in the early_review job to avoid re-running the same command; locate the steps
named "Setup CI environment" and "Bundle install" in the workflow and delete the
explicit "Bundle install" step(s) so the composite action handles installation.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
@.cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml:
- Line 48: The two jobs use different pins for actions/cache causing
inconsistency; update the uses:
actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 in this job to match the
same commit used by the early_review job (the actions/cache commit starting with
27d5ce7… labeled v5.0.5) so both jobs pin the identical actions/cache revision;
locate the uses: actions/cache entry in this job and replace its commit SHA with
the same SHA used in the early_review job to ensure consistent caching behavior
and supply-chain guarantees.

---

Nitpick comments:
In
@.cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml:
- Around line 12-13: The job name "early_review" currently sets the UI job
display to "Early PR review by Danger" which duplicates the step name "Early PR
review by Danger"; to fix, change the job's display name or the step name so
they don't collide—either rename the job display to an action-oriented
identifier (e.g., change the name value under the early_review job from "Early
PR review by Danger" to something like "run_early_review" or "early_pr_review")
or remove/rename the step's name so the run step inherits its command; update
the YAML entry for the early_review job and the step that currently uses the
same literal to ensure unique, non-duplicated display strings.
- Around line 56-70: Remove the redundant standalone "Bundle install" step that
repeats the bundle install command already executed by the "Setup CI
environment" composite action (invoked with bundler-cache: "false" and
bundle-install-command), and likewise remove any duplicate bundle install step
in the early_review job to avoid re-running the same command; locate the steps
named "Setup CI environment" and "Bundle install" in the workflow and delete the
explicit "Bundle install" step(s) so the composite action handles installation.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: abcd5611-ca1d-47be-a418-0427236c5e4f

📥 Commits

Reviewing files that changed from the base of the PR and between 87c8da6 and cb0049f.

📒 Files selected for processing (4)

• .cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml
• .cicdtemplate/.github/workflows/automatic_pull_request_review.yml
• template/Dangerfile
• template/EarlyDangerfile

✅ Files skipped from review due to trivial changes (1)

• template/EarlyDangerfile

🚧 Files skipped from review as they are similar to previous changes (2)

• template/Dangerfile
• .cicdtemplate/.github/workflows/automatic_pull_request_review.yml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Inconsistent actions/cache pin between jobs.

The early_review job pins actions/cache to 27d5ce7… (labeled v5.0.5 on line 20), while this job pins it to 668228422… (labeled v5.0.4). Use the same version across both jobs to keep cache behavior and supply-chain guarantees consistent, and to avoid confusion when bumping versions later.

♻️ Proposed fix

-    - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # actions/cache@v5.0.4
+    - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # actions/cache@v5.0.5

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # actions/cache@v5.0.4
	- uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # actions/cache@v5.0.5

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
@.cicdtemplate/.github/self-hosted-workflows/automatic_pull_request_review.yml
at line 48, The two jobs use different pins for actions/cache causing
inconsistency; update the uses:
actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 in this job to match the
same commit used by the early_review job (the actions/cache commit starting with
27d5ce7… labeled v5.0.5) so both jobs pin the identical actions/cache revision;
locate the uses: actions/cache entry in this job and replace its commit SHA with
the same SHA used in the early_review job to ensure consistent caching behavior
and supply-chain guarantees.