feat(ci): poll merged locale-fix PRs and auto-refresh data#213
feat(ci): poll merged locale-fix PRs and auto-refresh data#213JarbasAl wants to merge 2 commits into
Conversation
Adds a lightweight workflow that runs every 30 minutes, checks if any locale-fix or translation PRs were merged since the last data update, and triggers a data refresh if so. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
📝 WalkthroughWalkthroughAdds a scheduled and manually triggered workflow that detects merged locale-fix PRs and dispatches data refreshes. Documentation and FAQs now describe refresh triggers, the issues route, and the tracked-skill submission process. ChangesReactive refresh and workflow documentation
Estimated code review effort: 2 (Simple) | ~10 minutes Sequence Diagram(s)sequenceDiagram
participant GitHubActions
participant GitHubSearch
participant UpdateDataWorkflow
GitHubActions->>GitHubSearch: Search recently merged locale-fix and translation PRs
GitHubSearch-->>GitHubActions: Return matching PR count
GitHubActions->>UpdateDataWorkflow: Dispatch data refresh on dev when matches exist
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (1)
.github/workflows/poll_merged_fixes.yml (1)
12-15: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winDisable unnecessary checkout credential persistence.
This job authenticates
ghexplicitly throughGH_TOKEN, so it does not need checkout to persist credentials. Setpersist-credentials: falseto reduce token exposure to later processes. (github.com)Proposed hardening
with: ref: dev fetch-depth: 10 + persist-credentials: false🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/poll_merged_fixes.yml around lines 12 - 15, Update the actions/checkout configuration in the poll merged fixes job to set persist-credentials to false, while preserving the existing ref and fetch-depth settings.Sources: MCP tools, Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/poll_merged_fixes.yml:
- Around line 32-43: Update the COUNT and TX_COUNT gh search commands in the
workflow to stop converting command failures into zero matches; remove the
fallback that echoes “0” and allow authentication, rate-limit, or API errors to
fail the job or be surfaced separately, while preserving zero for successful
searches with no results.
- Around line 48-58: Prevent duplicate dispatches from the “Trigger data update”
step by adding a shared concurrency policy covering both this poller and
update_data.yml, or by checking for an existing queued or in-progress dev run
before invoking gh workflow run. Ensure at most one update_data.yml run for dev
can be queued or running.
- Around line 54-58: Add a job-level permissions block for the job containing
the “Trigger data update” step, granting actions: write and retaining contents:
read for checkout. Keep the existing workflow dispatch command unchanged.
In `@docs/whitepaper.md`:
- Line 104: Update the pipeline trigger description in the whitepaper to include
changes under scripts/** and ovos_localize/** on the dev branch alongside
skills.txt, matching the triggers documented in update_data.yml and
docs/index.md.
In `@FAQ.md`:
- Around line 69-70: Update the “How do I add a new skill to the tracked list?”
section in FAQ.md to clarify that the add_skill workflow reads the
ADD_SKILL_META block from the issue body, while duplicate-submission validation
is performed by the frontend in index.html before submission. Keep the remaining
submission and pull-request flow unchanged.
---
Nitpick comments:
In @.github/workflows/poll_merged_fixes.yml:
- Around line 12-15: Update the actions/checkout configuration in the poll
merged fixes job to set persist-credentials to false, while preserving the
existing ref and fetch-depth settings.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: b9a14ec5-1d3e-42c9-86cd-e0dcaf4b8c13
📒 Files selected for processing (4)
.github/workflows/poll_merged_fixes.ymlFAQ.mddocs/index.mddocs/whitepaper.md
| COUNT=$(gh search prs \ | ||
| "fix: rename bare lang code" \ | ||
| org:OpenVoiceOS \ | ||
| --merged-at ">=$LAST_UPDATE" \ | ||
| --json url --jq 'length' 2>/dev/null || echo "0") | ||
|
|
||
| # Also check for merged translation submissions | ||
| TX_COUNT=$(gh search prs \ | ||
| "OVOS Localize" \ | ||
| org:OpenVoiceOS \ | ||
| --merged-at ">=$LAST_UPDATE" \ | ||
| --json url --jq 'length' 2>/dev/null || echo "0") |
There was a problem hiding this comment.
🩺 Stability & Availability | 🟠 Major | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
git ls-files .github/workflows/poll_merged_fixes.yml
echo '---'
cat -n .github/workflows/poll_merged_fixes.yml | sed -n '1,220p'Repository: OpenVoiceOS/ovos-localize
Length of output: 2528
Do not treat gh search failures as zero matches. 2>/dev/null || echo "0" turns auth, rate-limit, and API errors into COUNT=0, so the workflow can silently skip updates and leave generated data stale. Let the job fail or surface a separate error state.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/poll_merged_fixes.yml around lines 32 - 43, Update the
COUNT and TX_COUNT gh search commands in the workflow to stop converting command
failures into zero matches; remove the fallback that echoes “0” and allow
authentication, rate-limit, or API errors to fail the job or be surfaced
separately, while preserving zero for successful searches with no results.
| if [ "$TOTAL" -gt 0 ]; then | ||
| echo "should_update=true" >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "should_update=false" >> "$GITHUB_OUTPUT" | ||
| fi | ||
|
|
||
| - name: Trigger data update | ||
| if: steps.poll.outputs.should_update == 'true' | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: gh workflow run update_data.yml --ref dev |
There was a problem hiding this comment.
🩺 Stability & Availability | 🟠 Major | 🏗️ Heavy lift
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== workflow files =="
git ls-files '.github/workflows/*.yml' '.github/workflows/*.yaml'
echo
echo "== poll_merged_fixes.yml (outline/lines) =="
wc -l .github/workflows/poll_merged_fixes.yml
cat -n .github/workflows/poll_merged_fixes.yml | sed -n '1,220p'
echo
echo "== update_data.yml (outline/lines) =="
wc -l .github/workflows/update_data.yml
cat -n .github/workflows/update_data.yml | sed -n '1,260p'
echo
echo "== search for concurrency / workflow run / marker commit =="
rg -n --hidden --glob '.github/workflows/*' -e '^ *concurrency:' -e 'workflow run update_data\.yml' -e 'marker' -e 'GITHUB_OUTPUT' -e 'git commit' -e 'gh workflow run' .github/workflowsRepository: OpenVoiceOS/ovos-localize
Length of output: 6605
Prevent duplicate update_data.yml runs. The poller can enqueue another refresh while a previous one is still queued or running, and update_data.yml has no concurrency guard. Add a shared concurrency policy or skip dispatch when a run for dev is already queued/in progress.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/poll_merged_fixes.yml around lines 48 - 58, Prevent
duplicate dispatches from the “Trigger data update” step by adding a shared
concurrency policy covering both this poller and update_data.yml, or by checking
for an existing queued or in-progress dev run before invoking gh workflow run.
Ensure at most one update_data.yml run for dev can be queued or running.
| - name: Trigger data update | ||
| if: steps.poll.outputs.should_update == 'true' | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: gh workflow run update_data.yml --ref dev |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '%s\n' '--- .github/workflows/poll_merged_fixes.yml ---'
cat -n .github/workflows/poll_merged_fixes.yml
printf '\n%s\n' '--- permissions occurrences in .github/workflows ---'
rg -n "^\s*permissions\s*:|workflow run|gh workflow run|GITHUB_TOKEN" .github/workflows || trueRepository: OpenVoiceOS/ovos-localize
Length of output: 3337
🌐 Web query:
GitHub Actions workflow dispatch GITHUB_TOKEN actions:write permissions workflow run gh workflow run repository write permission docs
💡 Result:
To trigger a workflow dispatch event within a GitHub Actions workflow using the GITHUB_TOKEN, you must configure the appropriate permissions and make an API call to the GitHub REST API [1][2]. Permissions Requirement When using the GITHUB_TOKEN to trigger a workflow via workflow_dispatch, the job requires the actions:write permission [3]. You must explicitly define this in your workflow YAML file [4][5]: permissions: actions: write Without this explicit permission, the GITHUB_TOKEN will typically not have sufficient access to create a workflow dispatch event [3][5]. Executing the Dispatch You can trigger the workflow dispatch by making a POST request to the GitHub REST API endpoint POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches [6][7]. This is commonly done using the actions/github-script action or the gh command-line tool [2][3]. Example using actions/github-script: jobs: trigger-workflow: runs-on: ubuntu-latest permissions: actions: write steps: - uses: actions/github-script@v7 with: script: | github.rest.actions.createWorkflowDispatch({ owner: context.repo.owner, repo: context.repo.repo, workflow_id: 'your-workflow-file.yml', ref: 'main' }) Key Considerations - Event Triggering: Since September 2022, GITHUB_TOKEN is permitted to trigger workflow_dispatch and repository_dispatch events to help prevent unintended recursive workflow loops [2]. - Default Branch: The workflow file being triggered must exist on the repository's default branch for the dispatch to succeed [1][8]. - Security: Always grant the least amount of permission necessary [4][9]. If your workflow requires broader access, consider using a fine-grained personal access token (PAT) or a GitHub App token instead of the GITHUB_TOKEN [3][9].
Citations:
- 1: https://docs.github.com/en/actions/how-tos/write-workflows/choose-when-workflows-run/trigger-a-workflow
- 2: https://github.blog/changelog/2022-09-08-github-actions-use-github_token-with-workflow_dispatch-and-repository_dispatch/
- 3: https://github.com/step-security/dispatch-workflow
- 4: https://docs.github.com/actions/reference/authentication-in-a-workflow
- 5: https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax
- 6: https://docs.github.com/en/rest/actions/workflows
- 7: https://docs.github.com/en/rest/authentication/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=2022-11-28
- 8: https://github.com/peter-evans/repository-dispatch?tab=readme-ov-file
- 9: https://docs.github.com/en/enterprise-cloud@latest/actions/tutorials/authenticate-with-github_token
Add a job-level permissions block
Grant actions: write so gh workflow run update_data.yml --ref dev can dispatch the refresh workflow, and keep contents: read for actions/checkout; otherwise this job depends on the repo’s default token scope and will fail under read-only defaults.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/poll_merged_fixes.yml around lines 54 - 58, Add a
job-level permissions block for the job containing the “Trigger data update”
step, granting actions: write and retaining contents: read for checkout. Keep
the existing workflow dispatch command unchanged.
Source: MCP tools
| ``` | ||
|
|
||
| The pipeline runs daily at 02:00 UTC, on manual dispatch, and whenever `skills.txt` changes. All output is committed back to the `dev` branch and served immediately via Pages. | ||
| The pipeline runs daily at 02:00 UTC, on manual dispatch, and whenever `skills.txt` changes. Additionally, a lightweight polling workflow (`poll_merged_fixes.yml`) runs every 30 minutes and triggers a data refresh if any locale-fix or translation PRs were merged across the org since the last data commit — ensuring the UI reflects upstream fixes within 30 minutes instead of waiting for the next daily run. All output is committed back to the `dev` branch and served immediately via Pages. |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Document all push-triggered refresh paths.
update_data.yml also runs when scripts/** or ovos_localize/** changes on dev; this sentence mentions only skills.txt. Align it with the workflow and docs/index.md.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/whitepaper.md` at line 104, Update the pipeline trigger description in
the whitepaper to include changes under scripts/** and ovos_localize/** on the
dev branch alongside skills.txt, matching the triggers documented in
update_data.yml and docs/index.md.
| ### How do I add a new skill to the tracked list? | ||
| Click the "Submit a skill" button in the UI. Enter the GitHub repository URL. This opens a GitHub issue with a machine-readable `ADD_SKILL_META` block. The `add_skill` workflow parses the URL, appends it to `skills.txt`, and opens a PR. The UI checks for duplicate submissions before allowing a new one. |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '\n== FAQ.md context ==\n'
nl -ba FAQ.md | sed -n '60,85p'
printf '\n== Workflow context ==\n'
nl -ba .github/workflows/add_skill.yml | sed -n '1,240p'
printf '\n== Search for UI and duplicate-check references ==\n'
rg -n --hidden --glob '!**/.git/**' -e 'Submit a skill|ADD_SKILL_META|duplicate|skills\.txt|add_skill' .Repository: OpenVoiceOS/ovos-localize
Length of output: 225
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '\n== FAQ.md context ==\n'
sed -n '60,85p' FAQ.md | cat -n
printf '\n== Workflow context ==\n'
sed -n '1,240p' .github/workflows/add_skill.yml | cat -n
printf '\n== Search for UI and duplicate-check references ==\n'
rg -n --hidden --glob '!**/.git/**' -e 'Submit a skill|ADD_SKILL_META|duplicate|skills\.txt|add_skill' .Repository: OpenVoiceOS/ovos-localize
Length of output: 50383
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '\n== Files mentioning submit-skill UI or duplicate checks ==\n'
rg -n --hidden --glob '!**/.git/**' \
-e 'Submit a skill|duplicate submission|already tracked|ADD_SKILL_META|skill-submission|add_skill' \
. \
| head -n 300
printf '\n== Candidate UI/templates/docs files ==\n'
fd -HI -t f 'add_skill|faq|issue|submit|skill' .Repository: OpenVoiceOS/ovos-localize
Length of output: 4271
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '\n== index.html add-skill flow ==\n'
sed -n '3090,3215p' index.html | cat -n
printf '\n== issue template ==\n'
sed -n '1,220p' .github/ISSUE_TEMPLATE/add_skill.yml | cat -nRepository: OpenVoiceOS/ovos-localize
Length of output: 7021
Update the add-skill FAQ wording. The workflow reads ADD_SKILL_META from the issue body; the pre-submit duplicate check happens in the frontend (index.html), not in .github/workflows/add_skill.yml. Keep the description aligned with that split.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@FAQ.md` around lines 69 - 70, Update the “How do I add a new skill to the
tracked list?” section in FAQ.md to clarify that the add_skill workflow reads
the ADD_SKILL_META block from the issue body, while duplicate-submission
validation is performed by the frontend in index.html before submission. Keep
the remaining submission and pull-request flow unchanged.
Adds
poll_merged_fixes.yml: when a locale-fix PR is merged, refresh the generated browse data so the SPA reflects it. Documents the polling + skill-submission flow in FAQ/docs.Scope: one workflow + its docs. No data, no unrelated files.
Split out of the previously-tangled PR stack (was leaking into #210/#211/#212).
Summary by CodeRabbit
New Features
#/issuesroute.Documentation