Skip to content

Another update#150

Merged
omeritzics merged 6 commits intomainfrom
fix-gradle-filter-type
Feb 15, 2026
Merged

Another update#150
omeritzics merged 6 commits intomainfrom
fix-gradle-filter-type

Conversation

@omeritzics
Copy link
Owner

@omeritzics omeritzics commented Feb 15, 2026
edited by qodo-code-review bot
Loading

PR Type

Enhancement

Description

  • Add fallback PR creation when auto-commit fails

  • Apply changes across CI, nightly, and release workflows

  • Enable graceful handling of permission-restricted branches

  • Assign step IDs and error continuation for commit actions

Diagram Walkthrough

flowchart LR
  A["Auto-fix linting"] --> B["Commit and Push"]
  B --> C{Commit outcome}
  C -->|Success| D["Workflow continues"]
  C -->|Failure| E["Create Pull Request"]
  E --> F["Auto-fix PR created"]
Loading

File Walkthrough
Relevant files
Enhancement
ci.yml
Add PR fallback for CI workflow commit failures                   

.github/workflows/ci.yml

  • Add id: commit to the auto-commit step for outcome tracking
  • Add continue-on-error: true to allow workflow continuation on commit
    failure
  • Add new step to create PR when commit fails using
    peter-evans/create-pull-request@v6
  • Configure PR with auto-fix branch name and auto-deletion on merge
 +13/-0   
nightly.yml
Add PR fallback for nightly workflow commit failures         

.github/workflows/nightly.yml

  • Add id: commit to the auto-commit step for outcome tracking
  • Add continue-on-error: true to allow workflow continuation on commit
    failure
  • Add new step to create PR when commit fails using
    peter-evans/create-pull-request@v6
  • Configure PR with nightly-specific branch name and auto-deletion on
    merge
 +13/-0   
release.yml
Add PR fallback for release workflow commit failures         

.github/workflows/release.yml

  • Add id: commit to the auto-commit step for outcome tracking
  • Add continue-on-error: true to allow workflow continuation on commit
    failure
  • Add new step to create PR when commit fails using
    peter-evans/create-pull-request@v6
  • Configure PR with release-specific branch name and auto-deletion on
    merge
 +13/-0   

@gemini-code-assist
Copy link

gemini-code-assist bot commented Feb 15, 2026

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

@github-actions
Copy link

github-actions bot commented Feb 15, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/peter-evans/create-pull-request 6.*.* 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 3Found 4/11 approved changesets -- score normalized to 3
Maintained🟢 1017 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 91 existing vulnerabilities detected

Scanned Files

  • .github/workflows/release.yml

@qodo-code-review
Copy link

qodo-code-review bot commented Feb 15, 2026
edited
Loading

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
Workflow token permissions

Description: The workflow adds an automated PR-creation path using peter-evans/create-pull-request@v6
with ${{ secrets.GITHUB_TOKEN }}; if these workflows can be triggered in a context that
includes untrusted code (e.g., pull_request events or other attacker-influenced inputs),
this can enable unintended branch/PR creation or repository writes unless permissions: are
explicitly minimized and the step is restricted (similar new usage also appears in
.github/workflows/nightly.yml and .github/workflows/release.yml).
ci.yml [58-67]

Referred Code 
- name: Create Pull Request if push failed
  if: steps.commit.outcome == 'failure'
  uses: peter-evans/create-pull-request@v6
  with:
    token: ${{ secrets.GITHUB_TOKEN }}
    commit-message: "style: auto-fix linting and formatting issues"
    title: "Auto-fix linting and formatting issues"
    body: "Automated lint fixes applied by CI workflow"
    branch: auto-fix-lint-${{ github.run_number }}
    delete-branch: true
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

🔴
Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
Invalid YAML indentation: The newly added Create Pull Request if push failed step appears mis-indented relative to
the other steps, which can break the workflow and prevent the intended fallback behavior
from running.

Referred Code 
- name: Create Pull Request if push failed
  if: steps.commit.outcome == 'failure'
  uses: peter-evans/create-pull-request@v6
  with:
    token: ${{ secrets.GITHUB_TOKEN }}
    commit-message: "style: auto-fix linting and formatting issues"
    title: "Auto-fix linting and formatting issues"
    body: "Automated lint fixes applied by CI workflow"
    branch: auto-fix-lint-${{ github.run_number }}
    delete-branch: true

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
Workflow permissions unclear: The new peter-evans/create-pull-request@v6 step uses ${{ secrets.GITHUB_TOKEN }} and may
require explicit workflow permissions (e.g., contents: write, pull-requests: write) not
shown in the diff, so authorization behavior cannot be verified from the provided changes
alone.

Referred Code 
- name: Create Pull Request if push failed
  if: steps.commit.outcome == 'failure'
  uses: peter-evans/create-pull-request@v6
  with:
    token: ${{ secrets.GITHUB_TOKEN }}
    commit-message: "style: auto-fix linting and formatting issues"
    title: "Auto-fix linting and formatting issues"
    body: "Automated lint fixes applied by release workflow"
    branch: auto-fix-lint-release-${{ github.run_number }}
    delete-branch: true

Learn more about managing compliance generic rules or creating your own custom rules

  • Update
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-code-review
Copy link

qodo-code-review bot commented Feb 15, 2026
edited
Loading

PR Code Suggestions ✨

Latest suggestions up to c255754

CategorySuggestion                                                                                                                                    Impact
Incremental [*]
Use correct PR base branch

Set the base for the new pull request to github.event.pull_request.base.ref for
pull_request events, with a fallback to github.ref_name for other events.

.github/workflows/ci.yml [63]

-base: ${{ github.ref_name }}
+base: ${{ github.event.pull_request.base.ref || github.ref_name }}
  • Apply / Chat
Suggestion importance[1-10]: 9

__

Why: This suggestion correctly identifies a critical bug where an incorrect base branch is used for PR creation during pull_request events and provides a precise fix using github.event.pull_request.base.ref, making the workflow behave as intended.

High
Gate PR creation by event type

Modify the if condition to prevent the pull request creation step from running
on pull_request events. Also, add always() for clarity when checking a failed
step's outcome.

.github/workflows/ci.yml [59]

-if: steps.commit.outcome == 'failure' && steps.commit.outputs.changes_detected == 'true'
+if: always() && github.event_name != 'pull_request' && steps.commit.outcome == 'failure' && steps.commit.outputs.changes_detected == 'true'
  • Apply / Chat
Suggestion importance[1-10]: 8

__

Why: The suggestion correctly identifies that running this step on pull_request events is problematic due to github.ref_name pointing to a synthetic ref, and provides a valid condition to prevent this, which fixes a potential workflow failure.

Medium
Possible issue
Ensure PR targets valid base

Add an explicit base branch to the create-pull-request step in the release
workflow. This prevents potential failures when the workflow is triggered by a
tag, by falling back to the repository's default branch.

.github/workflows/release.yml [48-57]

 - name: Create Pull Request if push failed
   if: steps.commit.outcome == 'failure'
   uses: peter-evans/create-pull-request@v6
   with:
     token: ${{ secrets.GITHUB_TOKEN }}
+    base: ${{ github.ref_type == 'branch' && github.ref_name || github.event.repository.default_branch }}
     commit-message: "style: auto-fix linting and formatting issues"
     title: "Auto-fix linting and formatting issues"
     body: "Automated lint fixes applied by release workflow"
     branch: auto-fix-lint-release-${{ github.run_number }}
     delete-branch: true
  • Apply / Chat
Suggestion importance[1-10]: 8

__

Why: The suggestion correctly points out that not specifying a base branch in a release workflow (often triggered by tags) can lead to errors, and proposes a robust solution to dynamically set the base to the default branch, preventing potential workflow failures.

Medium
Remove duplicated branch configuration

Remove the duplicate branch key in the create-pull-request step to ensure the
correct, more specific branch name is used.

.github/workflows/ci.yml [58-68]

 - name: Create Pull Request if push failed
   if: steps.commit.outcome == 'failure' && steps.commit.outputs.changes_detected == 'true'
   uses: peter-evans/create-pull-request@v6
   with:
     token: ${{ secrets.GITHUB_TOKEN }}
     base: ${{ github.ref_name }}
     commit-message: "style: auto-fix linting and formatting issues"
     title: "Auto-fix linting and formatting issues"
     branch: ${{ github.ref_name }}-auto-fix-lint-${{ github.run_number }}
-    branch: auto-fix-lint-${{ github.run_number }}
     delete-branch: true
  • Apply / Chat
Suggestion importance[1-10]: 7

__

Why: The suggestion correctly identifies a duplicated branch key in the YAML configuration, which would cause the first, more specific branch name to be silently ignored, fixing a functional bug.

Medium
General
Set a deterministic PR base

Add an explicit base branch to the create-pull-request step in the nightly
workflow. This prevents potential failures by dynamically setting the base to
the current branch if it exists, or falling back to the repository's default
branch.

.github/workflows/nightly.yml [62-71]

 - name: Create Pull Request if push failed
   if: steps.commit.outcome == 'failure'
   uses: peter-evans/create-pull-request@v6
   with:
     token: ${{ secrets.GITHUB_TOKEN }}
+    base: ${{ github.ref_type == 'branch' && github.ref_name || github.event.repository.default_branch }}
     commit-message: "style: auto-fix linting and formatting issues"
     title: "Auto-fix linting and formatting issues"
     body: "Automated lint fixes applied by nightly workflow"
     branch: auto-fix-lint-nightly-${{ github.run_number }}
     delete-branch: true
  • Apply / Chat
Suggestion importance[1-10]: 8

__

Why: The suggestion correctly points out that not specifying a base branch can lead to errors if the workflow runs on a non-branch ref, and proposes a robust solution to dynamically set the base to the default branch, preventing potential workflow failures.

Medium
  • Update

Previous suggestions

✅ Suggestions up to commit 34b907b
CategorySuggestion                                                                                                                                    Impact
Possible issue
Fix broken pull request creation logic
Suggestion Impact:The PR-creation condition was adjusted to additionally require that changes were detected, refining when create-pull-request runs in the failure path.

code diff:

       - name: Create Pull Request if push failed
-        if: steps.commit.outcome == 'failure'
+        if: steps.commit.outcome == 'failure' && steps.commit.outputs.changes_detected == 'true'
         uses: peter-evans/create-pull-request@v6

Fix the workflow logic for creating a pull request. The create-pull-request
action will not find any changes to commit because the preceding
git-auto-commit-action step has already committed them.

.github/workflows/ci.yml [50-67]

 - name: Commit and Push changes
   id: commit
-  uses: stefanzweifel/git-auto-commit-action@v5
-  with:
-    commit_message: "style: auto-fix linting and formatting issues"
-    branch: ${{ github.ref_name }}
+  run: |
+    git config user.name "github-actions[bot]"
+    git config user.email "github-actions[bot]@users.noreply.github.com"
+    git add .
+    if git diff --staged --quiet; then
+      echo "No changes to commit"
+      exit 0
+    fi
+    git commit -m "style: auto-fix linting and formatting issues"
+    git push
   continue-on-error: true
 
 - name: Create Pull Request if push failed
   if: steps.commit.outcome == 'failure'
   uses: peter-evans/create-pull-request@v6
   with:
     token: ${{ secrets.GITHUB_TOKEN }}
     commit-message: "style: auto-fix linting and formatting issues"
     title: "Auto-fix linting and formatting issues"
     body: "Automated lint fixes applied by CI workflow"
     branch: auto-fix-lint-${{ github.run_number }}
     delete-branch: true

[Suggestion processed]

Suggestion importance[1-10]: 9

__

Why: This suggestion correctly identifies a critical flaw in the workflow logic where create-pull-request would fail because changes are already committed by the previous step, preventing the fallback PR from being created. Although the proposed code doesn't fully resolve the issue, identifying this fundamental bug is highly valuable.

High
Skip PR when no fixes
Suggestion Impact:Updated the PR creation step's if condition to include steps.commit.outputs.changes_detected == 'true', preventing empty pull requests.

code diff:

       - name: Create Pull Request if push failed
-        if: steps.commit.outcome == 'failure'
+        if: steps.commit.outcome == 'failure' && steps.commit.outputs.changes_detected == 'true'

Add a condition to the 'Create Pull Request' step to check if the commit step
detected any changes. Use steps.commit.outputs.changes_detected == 'true' to
avoid creating empty pull requests.

.github/workflows/ci.yml [58-67]

 - name: Create Pull Request if push failed
-  if: steps.commit.outcome == 'failure'
+  if: steps.commit.outcome == 'failure' && steps.commit.outputs.changes_detected == 'true'
   uses: peter-evans/create-pull-request@v6
   with:
     token: ${{ secrets.GITHUB_TOKEN }}
     commit-message: "style: auto-fix linting and formatting issues"
     title: "Auto-fix linting and formatting issues"
     body: "Automated lint fixes applied by CI workflow"
     branch: auto-fix-lint-${{ github.run_number }}
     delete-branch: true

[Suggestion processed]

Suggestion importance[1-10]: 7

__

Why: This is a good suggestion to prevent empty pull requests. It correctly uses the changes_detected output from the stefanzweifel/git-auto-commit-action to conditionally run the PR creation step, improving the workflow's robustness.

Medium
High-level
Use reusable workflows to avoid duplication

The PR adds duplicated logic for handling auto-commit failures to three separate
workflow files. This logic should be extracted into a reusable workflow or
composite action to centralize it and improve maintainability.

Examples:

.github/workflows/ci.yml [47-67] 
      - name: Auto-fix linting issues
        run: dart fix --apply

      - name: Commit and Push changes
        id: commit
        uses: stefanzweifel/git-auto-commit-action@v5
        with:
          commit_message: "style: auto-fix linting and formatting issues"
          branch: ${{ github.ref_name }}
        continue-on-error: true

 ... (clipped 11 lines)
.github/workflows/nightly.yml [51-71] 
      - name: Auto-fix linting issues
        run: dart fix --apply

      - name: Commit and Push changes
        id: commit
        uses: stefanzweifel/git-auto-commit-action@v5
        with:
          commit_message: "style: auto-fix linting and formatting issues"
          branch: ${{ github.ref_name }}
        continue-on-error: true

 ... (clipped 11 lines)

Solution Walkthrough:

Before:

# In .github/workflows/ci.yml
...
- name: Auto-fix linting issues
  run: dart fix --apply

- name: Commit and Push changes
  id: commit
  uses: stefanzweifel/git-auto-commit-action@v5
  with:
    branch: ${{ github.ref_name }}
  continue-on-error: true

- name: Create Pull Request if push failed
  if: steps.commit.outcome == 'failure'
  uses: peter-evans/create-pull-request@v6
  with:
    branch: auto-fix-lint-${{ github.run_number }}
    body: "Automated lint fixes applied by CI workflow"
# ... similar logic repeated in nightly.yml and release.yml

After:

# In .github/workflows/ci.yml (caller)
...
- name: Auto-fix and Create PR on Failure
  uses: ./.github/workflows/reusable-autofix.yml
  with:
    workflow_type: 'ci'
    github_token: ${{ secrets.GITHUB_TOKEN }}

# In ./.github/workflows/reusable-autofix.yml (new reusable workflow)
on:
  workflow_call:
    inputs:
      workflow_type:
        type: string
        required: true
jobs:
  autofix:
    steps:
      - name: Auto-fix linting issues
        run: dart fix --apply
      - name: Commit and Push changes
        id: commit
        ...
        continue-on-error: true
      - name: Create Pull Request if push failed
        if: steps.commit.outcome == 'failure'
        uses: peter-evans/create-pull-request@v6
        with:
          branch: "auto-fix-lint-${{ inputs.workflow_type }}-${{ github.run_number }}"
          body: "Automated lint fixes applied by ${{ inputs.workflow_type }} workflow"
Suggestion importance[1-10]: 8

__

Why: The suggestion correctly identifies significant code duplication across three workflow files, and proposing a reusable workflow is a best practice that would greatly improve the long-term maintainability of the CI configuration.

Medium
General
Explicitly set PR base
Suggestion Impact:Added `base: ${{ github.ref_name }}` to the create-pull-request action configuration to explicitly set the PR base branch.

code diff:

+        if: steps.commit.outcome == 'failure' && steps.commit.outputs.changes_detected == 'true'
         uses: peter-evans/create-pull-request@v6
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
+          base: ${{ github.ref_name }}
           commit-message: "style: auto-fix linting and formatting issues"
           title: "Auto-fix linting and formatting issues"
           body: "Automated lint fixes applied by CI workflow"

Explicitly set the base branch for the created pull request by adding base: ${{
github.ref_name }} to the with block of the create-pull-request action.

.github/workflows/ci.yml [61-67]

 with:
   token: ${{ secrets.GITHUB_TOKEN }}
+  base: ${{ github.ref_name }}
   commit-message: "style: auto-fix linting and formatting issues"
   title: "Auto-fix linting and formatting issues"
   body: "Automated lint fixes applied by CI workflow"
   branch: auto-fix-lint-${{ github.run_number }}
   delete-branch: true

[Suggestion processed]

Suggestion importance[1-10]: 5

__

Why: This suggestion improves the workflow's clarity and robustness by explicitly setting the base branch for the pull request. While the action might default to the correct branch, being explicit prevents potential issues.

Low
Use unique branch names
Suggestion Impact:The workflow was changed to use a branch name that prepends `${{ github.ref_name }}` to the auto-fix branch name (though the old `auto-fix-lint-${{ github.run_number }}` branch line still remains as well).

code diff:

+          branch: ${{ github.ref_name }}-auto-fix-lint-${{ github.run_number }}
           branch: auto-fix-lint-${{ github.run_number }}

Make the auto-fix branch name more descriptive by prepending the source branch
name. Change the branch parameter to branch: ${{ github.ref_name
}}-auto-fix-lint-${{ github.run_number }}.

.github/workflows/ci.yml [66]

-branch: auto-fix-lint-${{ github.run_number }}
+branch: ${{ github.ref_name }}-auto-fix-lint-${{ github.run_number }}

[Suggestion processed]

Suggestion importance[1-10]: 4

__

Why: This suggestion improves branch naming for better traceability by including the source branch name. While github.run_number likely ensures uniqueness, adding the ref name makes it easier to identify the origin of the auto-fix branch.

Low

qodo-code-review[bot]
qodo-code-review bot reviewed Feb 15, 2026
View reviewed changes
@omeritzics @qodo-code-review
Update .github/workflows/ci.yml
129b1f8 
Co-authored-by: qodo-code-review[bot] <151058649+qodo-code-review[bot]@users.noreply.github.com>
qodo-code-review[bot]
qodo-code-review bot reviewed Feb 15, 2026
View reviewed changes
@omeritzics @qodo-code-review
Update .github/workflows/ci.yml
2851b97 
Co-authored-by: qodo-code-review[bot] <151058649+qodo-code-review[bot]@users.noreply.github.com>
qodo-code-review[bot]
qodo-code-review bot reviewed Feb 15, 2026
View reviewed changes
omeritzics and others added 3 commits February 16, 2026 00:50
@omeritzics @qodo-code-review
Update .github/workflows/ci.yml
c255754 
Co-authored-by: qodo-code-review[bot] <151058649+qodo-code-review[bot]@users.noreply.github.com>
@omeritzics
Update ci.yml
5394e7b
@omeritzics
Update ci.yml
8faa719
@omeritzics omeritzics merged commit b32c30f into main Feb 15, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@qodo-code-review qodo-code-review[bot] qodo-code-review[bot] left review comments

Assignees

No one assigned

Labels

Review effort 2/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@omeritzics