Update based on jiaheng#2
Conversation
…erification (#10) * Initial plan * Fix failing CI: remove dangling image assertion in restore-cache verification --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
| datasource | package | from | to | | ---------- | ------------- | ------ | ----- | | npm | @actions/core | 1.11.1 | 3.0.1 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ---------- | -------------- | ----- | ----- | | npm | @actions/cache | 4.0.3 | 6.0.1 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Initial plan * fix: wait for Docker on Windows runners --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
| datasource | package | from | to | | ---------- | ------------- | ----- | ------ | | npm | @yarnpkg/sdks | 3.1.0 | 3.2.3 | | npm | @yarnpkg/cli | 4.1.1 | 4.15.0 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ---------- | ---------------- | ----- | ----- | | npm | @fast-check/jest | 1.8.2 | 2.2.0 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ---------- | ------------- | ------ | ----- | | npm | @types/eslint | 8.56.6 | 9.6.1 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ---------- | -------------------------------- | ------ | ------ | | docker | oxsecurity/megalinter-javascript | v7.7.0 | v9.4.0 | | npm | prettier | 3.1.1 | 3.8.3 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ---------- | -------------------------------- | ----- | ------ | | npm | @typescript-eslint/eslint-plugin | 7.3.1 | 8.60.0 | | npm | @typescript-eslint/parser | 7.3.1 | 8.60.0 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ---------- | ------- | ----- | ----- | | pypi | poetry | 1.8.2 | 2.4.1 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ---------- | ------------- | ------- | ------ | | npm | @jest/globals | 29.7.0 | 30.4.1 | | npm | @jest/types | 29.6.3 | 30.4.1 | | npm | @types/jest | 29.5.12 | 30.0.0 | | npm | jest | 29.7.0 | 30.4.2 | | npm | jest-mock | 29.7.0 | 30.4.1 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ---------- | ------- | ------ | ------ | | npm | eslint | 8.57.0 | 10.4.0 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ------------ | ------------ | ----- | ----- | | ruby-version | ruby-version | 3.3.0 | 4.0.5 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ---------- | ---------- | ----- | ----- | | npm | typescript | 5.4.3 | 6.0.3 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | --------------- | ----------------------------- | ------ | ------ | | github-tags | python/cpython | 3.12.2 | 3.14.5 | | github-releases | containerbase/python-prebuild | 3.12.2 | 3.14.5 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ---------- | ----------- | ----- | ----- | | pypi | poetry-core | 1.9.0 | 2.4.1 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ---------- | ---------- | ----- | ----- | | pypi | pre-commit | 3.6.2 | 4.6.0 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ----------- | --------------------------- | ------- | ------- | | pypi | commitizen | 3.18.4 | 4.16.3 | | github-tags | commitizen-tools/commitizen | v3.18.4 | v4.16.3 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ---------- | ---------------- | ------ | ------ | | npm | @tsconfig/node22 | 22.0.0 | 22.0.5 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ------------ | ------- | -------- | -------- | | node-version | node | v20.11.1 | v24.16.0 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from | to | | ---------- | ---------------- | ------ | ------ | | npm | @tsconfig/node24 | 24.0.0 | 24.0.4 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
📝 WalkthroughWalkthroughComprehensive version upgrade coordinating Node.js (20→24), Python (3.12→3.14.5), Ruby (3.3→4.0.5), Yarn (4.1.1→4.15.0), and Poetry (1.8→2.4.1) across runtimes, dependencies, and CI workflows. Introduces Docker readiness retry logic on Windows before cache operations. ChangesComplete Upgrade: Docker Windows, Runtimes, and Tooling
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
src/docker-windows.test.tsOops! Something went wrong! :( ESLint: 10.4.0 TypeError [ERR_UNKNOWN_FILE_EXTENSION]: Unknown file extension ".yaml" for /.eslintrc.yaml src/docker.tsOops! Something went wrong! :( ESLint: 10.4.0 TypeError [ERR_UNKNOWN_FILE_EXTENSION]: Unknown file extension ".yaml" for /.eslintrc.yaml Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 7
🧹 Nitpick comments (1)
src/docker-windows.test.ts (1)
54-92: ⚡ Quick winAdd a Windows coverage case for
saveDockerImages.The new readiness gate is used in both entrypoints, but this suite only exercises
loadDockerImages. A regression in the post-step Windows path would still pass here.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/docker-windows.test.ts` around lines 54 - 92, Add a Windows unit test for the saveDockerImages entrypoint mirroring the existing "waits for Docker before listing images on Windows" test: mock core.getInput, cache.restoreCache, have dockerReadyMock reject once then resolve, and mock util.execBashCommand; call docker.saveDockerImages("win32") and assert that dockerReadyMock was called twice with DOCKER_READY_COMMAND and WINDOWS_SHELL, timers.setTimeout was invoked, core.info was called with the same retry and ready messages, util.execBashCommand was called to perform the image save, and core.saveState was called with docker.DOCKER_IMAGES_LIST (or the appropriate DOCKER_IMAGES_* constant) to verify the post-step Windows behavior.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/test.yaml:
- Around line 126-127: The checkout step labeled "Check out repository." that
uses actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd should disable
credential persistence by adding persist-credentials: false to that step so the
workflow token is not written into git config; then ensure only the step that
actually requires the token receives it explicitly via token: ${{ github.token
}} (leave other checkouts without credentials).
- Around line 147-160: The current curl call unconditionally downgrades all
failures due to the trailing "|| echo ..." which hides auth/network/API errors;
modify the delete step so you run curl with --write-out "%{http_code}" and
capture the HTTP status (e.g., into a variable like resp and status), then treat
only 404 (cache not found) as non-fatal by echoing "Cache not found" and
continuing, while for any other non-2xx/3xx status print the response and exit
with non-zero. Locate the curl invocation using the key and url variables
(key='docker-cache-test-...';
url="$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/caches?key=$key") and
replace the trailing "|| echo ..." with logic that checks the HTTP status and
fails for anything other than 404 (or 204/2xx success).
In @.pre-commit-config.yaml:
- Line 10: The pre-commit config pins the interpreter to the exact binary name
"python3.14.5" which can break virtualenv creation; update the value of
default_language_version.python in .pre-commit-config.yaml (currently
"python3.14.5") to a broader spec such as "python3.14" or "3.14" so virtualenv
can find the installed interpreter (and keep this value consistent with
.tool-versions / pyproject.toml).
In @.tool-versions:
- Around line 1-4: Update the .tool-versions entry that currently pins "yarn
1.22.19" to match the repo’s Yarn 4 toolchain by changing it to "yarn 4.15.0" so
it aligns with package.json and .yarnrc.yml (or alternatively revert the Yarn 4
declarations if you intend to stay on Yarn 1); ensure the single line containing
"yarn 1.22.19" is replaced with "yarn 4.15.0" to avoid asdf/CI divergence.
In `@package.json`:
- Around line 18-49: The package.json devDependency "`@types/node`" is pinned to
Node 20 while engines.node is 24.16.0; update the "`@types/node`" entry in
package.json (devDependencies) to a Node-24-compatible version (for example
"^24.0.0") so TypeScript uses the Node 24 API surface, then reinstall/update the
lockfile (yarn) to persist the change.
In `@pyproject.toml`:
- Line 23: The pyproject.toml currently pins Python exactly with python =
"==3.14.5", which blocks 3.14 patch releases; change that constraint to allow
3.14.x patch updates (for example replace python = "==3.14.5" with python =
"~=3.14.5" or an equivalent range like ">=3.14.5,<3.15") so Poetry accepts
3.14.6+ while keeping the exact toolchain pin in .tool-versions.
In `@src/docker.ts`:
- Around line 55-56: The waitForDocker helper currently only logs "Docker did
not become ready on Windows before timeout." and returns, allowing callers to
continue; change this to fail fast by throwing a descriptive error (or exiting)
when the retry budget is exhausted so callers like docker load/image list/save
cannot proceed; locate the waitForDocker function and replace the final return
with a thrown Error (e.g., throw new Error("Docker readiness timeout: Docker did
not become ready on Windows")) or call process.exit(1) depending on the module's
error-handling pattern so the code path stops immediately.
---
Nitpick comments:
In `@src/docker-windows.test.ts`:
- Around line 54-92: Add a Windows unit test for the saveDockerImages entrypoint
mirroring the existing "waits for Docker before listing images on Windows" test:
mock core.getInput, cache.restoreCache, have dockerReadyMock reject once then
resolve, and mock util.execBashCommand; call docker.saveDockerImages("win32")
and assert that dockerReadyMock was called twice with DOCKER_READY_COMMAND and
WINDOWS_SHELL, timers.setTimeout was invoked, core.info was called with the same
retry and ready messages, util.execBashCommand was called to perform the image
save, and core.saveState was called with docker.DOCKER_IMAGES_LIST (or the
appropriate DOCKER_IMAGES_* constant) to verify the post-step Windows behavior.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 77a5683c-5efa-45c4-b5cb-9207d52539fb
⛔ Files ignored due to path filters (9)
.yarn/releases/yarn-4.1.1.cjsis excluded by!**/.yarn/**.yarn/releases/yarn-4.15.0.cjsis excluded by!**/.yarn/**.yarn/sdks/eslint/package.jsonis excluded by!**/.yarn/**.yarn/sdks/prettier/package.jsonis excluded by!**/.yarn/**.yarn/sdks/typescript/package.jsonis excluded by!**/.yarn/**dist/main/index.jsis excluded by!**/dist/**dist/post/index.jsis excluded by!**/dist/**poetry.lockis excluded by!**/*.lockyarn.lockis excluded by!**/yarn.lock,!**/*.lock
📒 Files selected for processing (13)
.github/workflows/notify-assignee.yaml.github/workflows/notify-reviewers.yaml.github/workflows/test.yaml.mega-linter.yaml.pre-commit-config.yaml.tool-versions.yarnrc.ymlaction.yamlpackage.jsonpyproject.tomlsrc/docker-windows.test.tssrc/docker.tstsconfig.json
| - name: Check out repository. | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
There was a problem hiding this comment.
Disable credential persistence on the restore-cache checkout.
This job grants actions: write and then executes repository-controlled code via uses: ./. With the default checkout behavior, that token is written into the local git config first, so PR code can read it before the cache-deletion step. Set persist-credentials: false here and only pass ${{ github.token }} to the step that actually needs it.
Suggested fix
- name: Check out repository.
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+ with:
+ persist-credentials: false📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Check out repository. | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Check out repository. | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false |
🧰 Tools
🪛 zizmor (1.25.2)
[warning] 126-127: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/test.yaml around lines 126 - 127, The checkout step
labeled "Check out repository." that uses
actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd should disable
credential persistence by adding persist-credentials: false to that step so the
workflow token is not written into git config; then ensure only the step that
actually requires the token receives it explicitly via token: ${{ github.token
}} (leave other checkouts without credentials).
| run: | | ||
| key='docker-cache-test-${{ matrix.os }}-${{ github.run_id }}-${{ github.run_attempt }}' | ||
| url="$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/caches?key=$key" | ||
| echo "Deleting cache key: $key" | ||
| echo "DELETE $url" | ||
| curl \ | ||
| --fail-with-body \ | ||
| --silent \ | ||
| --show-error \ | ||
| --request DELETE \ | ||
| --header 'Accept: application/vnd.github.v3+json' \ | ||
| --header 'Authorization: Bearer ${{ github.token }}' \ | ||
| "$url" \ | ||
| || echo "Cache not found (non-fatal)." |
There was a problem hiding this comment.
Only downgrade actual cache misses to non-fatal.
The trailing || echo "Cache not found" swallows every curl failure, not just 404s. That makes auth/API/network failures look like a normal miss and hides cleanup regressions.
Suggested fix
- curl \
- --fail-with-body \
- --silent \
- --show-error \
- --request DELETE \
- --header 'Accept: application/vnd.github.v3+json' \
- --header 'Authorization: Bearer ${{ github.token }}' \
- "$url" \
- || echo "Cache not found (non-fatal)."
+ status="$(
+ curl \
+ --output /tmp/cache-delete-response \
+ --write-out '%{http_code}' \
+ --silent \
+ --show-error \
+ --request DELETE \
+ --header 'Accept: application/vnd.github.v3+json' \
+ --header 'Authorization: Bearer ${{ github.token }}' \
+ "$url"
+ )"
+ if [[ "$status" == "404" ]]; then
+ echo "Cache not found (non-fatal)."
+ elif [[ "$status" != "200" && "$status" != "204" ]]; then
+ cat /tmp/cache-delete-response
+ exit 1
+ fi📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| run: | | |
| key='docker-cache-test-${{ matrix.os }}-${{ github.run_id }}-${{ github.run_attempt }}' | |
| url="$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/caches?key=$key" | |
| echo "Deleting cache key: $key" | |
| echo "DELETE $url" | |
| curl \ | |
| --fail-with-body \ | |
| --silent \ | |
| --show-error \ | |
| --request DELETE \ | |
| --header 'Accept: application/vnd.github.v3+json' \ | |
| --header 'Authorization: Bearer ${{ github.token }}' \ | |
| "$url" \ | |
| || echo "Cache not found (non-fatal)." | |
| run: | | |
| key='docker-cache-test-${{ matrix.os }}-${{ github.run_id }}-${{ github.run_attempt }}' | |
| url="$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/caches?key=$key" | |
| echo "Deleting cache key: $key" | |
| echo "DELETE $url" | |
| status="$( | |
| curl \ | |
| --output /tmp/cache-delete-response \ | |
| --write-out '%{http_code}' \ | |
| --silent \ | |
| --show-error \ | |
| --request DELETE \ | |
| --header 'Accept: application/vnd.github.v3+json' \ | |
| --header 'Authorization: Bearer ${{ github.token }}' \ | |
| "$url" | |
| )" | |
| if [[ "$status" == "404" ]]; then | |
| echo "Cache not found (non-fatal)." | |
| elif [[ "$status" != "200" && "$status" != "204" ]]; then | |
| cat /tmp/cache-delete-response | |
| exit 1 | |
| fi |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/test.yaml around lines 147 - 160, The current curl call
unconditionally downgrades all failures due to the trailing "|| echo ..." which
hides auth/network/API errors; modify the delete step so you run curl with
--write-out "%{http_code}" and capture the HTTP status (e.g., into a variable
like resp and status), then treat only 404 (cache not found) as non-fatal by
echoing "Cache not found" and continuing, while for any other non-2xx/3xx status
print the response and exit with non-zero. Locate the curl invocation using the
key and url variables (key='docker-cache-test-...';
url="$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/caches?key=$key") and
replace the trailing "|| echo ..." with logic that checks the HTTP status and
fails for anything other than 404 (or 204/2xx success).
| - pre-push | ||
| default_language_version: | ||
| python: python3.12.2 # Keep in sync with .tool-versions and pyproject.toml. | ||
| python: python3.14.5 # Keep in sync with .tool-versions and pyproject.toml. |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
Does pre-commit's default_language_versionfor Python expect an interpreter executable name likepython3.14, or can it reliably use a patch-level name like python3.14.5?
💡 Result:
Pre-commit's default_language_version (and language_version) for Python expects the name of a system-installed Python interpreter executable [1]. This value is passed directly as the -p argument to virtualenv [1], which uses the value to locate the Python executable on the system path [2]. While you can technically pass a full path or a specific executable name like python3.14.5, it is generally recommended to use broader version identifiers like python3.14 or python3 to ensure portability across different environments [1]. Using a highly specific patch-level name (e.g., python3.14.5) assumes that the exact executable python3.14.5 exists in the system's PATH [1], which is often not guaranteed across different developer machines or CI environments, potentially causing the hook to fail if that exact file name is not found [3]. In practice, the tool resolves the interpreter based on what is available in the environment [1][2]. If you require a specific Python version, using python3.14 is the standard and most reliable way to target that release series without coupling your configuration to a specific patch-level build [1][4].
Citations:
- 1: https://pre-commit.com/?featured_on=pythonbytes
- 2: Unable to use language_version to require a minimal python version pre-commit/pre-commit#1128
- 3: Respect
default_language_versionfor local python hooks pre-commit/pre-commit#3215 - 4: https://stackoverflow.com/questions/72888074/how-to-configure-pre-commit-config-yaml-to-work-with-poetry
Fix pre-commit Python interpreter pinning (python3.14.5)
In .pre-commit-config.yaml, default_language_version.python is set to python3.14.5. pre-commit passes this value directly to virtualenv to locate the interpreter executable on PATH, so hook environment creation can fail when the exact python3.14.5 binary isn’t available (even if 3.14.5 is installed under a different name like python3.14).
Suggested fix
- python: python3.14.5 # Keep in sync with .tool-versions and pyproject.toml.
+ python: python3.14 # Keep patch pinning in .tool-versions.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| python: python3.14.5 # Keep in sync with .tool-versions and pyproject.toml. | |
| python: python3.14 # Keep patch pinning in .tool-versions. |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.pre-commit-config.yaml at line 10, The pre-commit config pins the
interpreter to the exact binary name "python3.14.5" which can break virtualenv
creation; update the value of default_language_version.python in
.pre-commit-config.yaml (currently "python3.14.5") to a broader spec such as
"python3.14" or "3.14" so virtualenv can find the installed interpreter (and
keep this value consistent with .tool-versions / pyproject.toml).
| nodejs 24.16.0 # Keep in sync with package.json. | ||
| yarn 1.22.19 | ||
| python 3.12.2 # Keep in sync with .pre-commit-config.yaml and pyproject.toml. | ||
| poetry 1.8.2 | ||
| ruby 3.3.0 | ||
| python 3.14.5 # Keep in sync with .pre-commit-config.yaml and pyproject.toml. | ||
| poetry 2.4.1 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo ".tool-versions"
sed -n '1,20p' .tool-versions
echo
echo "package.json"
rg -n '"(engines|packageManager)"|yarn@|\"yarn\":' package.json
echo
echo ".yarnrc.yml (if present)"
fd -HI '^\.yarnrc\.yml$' -x sh -c 'echo "--- $1 ---"; sed -n "1,80p" "$1"' sh {}Repository: AndreKurait/docker-cache
Length of output: 421
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== .tool-versions ==="
cat .tool-versions || true
echo
echo "=== package.json (Yarn-related fields) ==="
if [ -f package.json ]; then
python3 - <<'PY'
import json
p="package.json"
with open(p,'r',encoding='utf-8') as f:
data=json.load(f)
print("packageManager:", data.get("packageManager"))
eng=data.get("engines") or {}
print("engines.yarn:", eng.get("yarn"))
print("engines keys:", sorted(list(eng.keys())))
PY
echo
echo "--- Raw matches (sanity) ---"
rg -n '"packageManager"' package.json || true
rg -n '"engines"' package.json || true
else
echo "package.json not found"
fi
echo
echo "=== Yarn config files ==="
# List likely Yarn config files without dumping huge content
fd -t f -HI '\.yarnrc\.yml$|\.yarnrc$|yarn\.lock$|\.yarn\/releases\/' . || true
if [ -f .yarnrc.yml ]; then
sed -n '1,120p' .yarnrc.yml
fi
if [ -f .yarnrc ]; then
sed -n '1,120p' .yarnrc
fiRepository: AndreKurait/docker-cache
Length of output: 1356
Align .tool-versions with the repo’s Yarn 4 toolchain (yarn@4.15.0).
.tool-versions pins yarn 1.22.19, but package.json declares yarn@4.15.0 and .yarnrc.yml points yarnPath to yarn-4.15.0.cjs. This can cause local asdf-based installs to diverge from CI (lock/config behavior). Update .tool-versions to yarn 4.15.0 (or revert the Yarn 4 declarations/config if staying on Yarn 1).
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.tool-versions around lines 1 - 4, Update the .tool-versions entry that
currently pins "yarn 1.22.19" to match the repo’s Yarn 4 toolchain by changing
it to "yarn 4.15.0" so it aligns with package.json and .yarnrc.yml (or
alternatively revert the Yarn 4 declarations if you intend to stay on Yarn 1);
ensure the single line containing "yarn 1.22.19" is replaced with "yarn 4.15.0"
to avoid asdf/CI divergence.
| "engines": { | ||
| "node": "20.11.1", | ||
| "yarn": "4.1.1" | ||
| "node": "24.16.0", | ||
| "yarn": "4.15.0" | ||
| }, | ||
| "packageManager": "yarn@4.1.1", | ||
| "packageManager": "yarn@4.15.0", | ||
| "dependencies": { | ||
| "@actions/cache": "4.0.3", | ||
| "@actions/core": "1.11.1" | ||
| "@actions/cache": "6.0.1", | ||
| "@actions/core": "3.0.1" | ||
| }, | ||
| "devDependencies": { | ||
| "@cspell/dict-win32": "2.0.3", | ||
| "@fast-check/jest": "1.8.2", | ||
| "@jest/globals": "29.7.0", | ||
| "@jest/types": "29.6.3", | ||
| "@tsconfig/node20": "20.1.2", | ||
| "@tsconfig/strictest": "2.0.3", | ||
| "@types/eslint": "8.56.6", | ||
| "@types/jest": "29.5.12", | ||
| "@cspell/dict-win32": "2.0.10", | ||
| "@fast-check/jest": "2.2.0", | ||
| "@jest/globals": "30.4.1", | ||
| "@jest/types": "30.4.1", | ||
| "@tsconfig/node24": "24.0.4", | ||
| "@tsconfig/strictest": "2.0.8", | ||
| "@types/eslint": "9.6.1", | ||
| "@types/jest": "30.0.0", | ||
| "@types/node": "20.11.30", | ||
| "@typescript-eslint/eslint-plugin": "7.3.1", | ||
| "@typescript-eslint/parser": "7.3.1", | ||
| "@vercel/ncc": "0.38.1", | ||
| "@yarnpkg/sdks": "3.1.0", | ||
| "eslint": "8.57.0", | ||
| "eslint-config-prettier": "9.1.0", | ||
| "fast-check": "3.23.2", | ||
| "jest": "29.7.0", | ||
| "jest-junit": "16.0.0", | ||
| "jest-mock": "29.7.0", | ||
| "prettier": "3.1.1", | ||
| "ts-jest": "29.1.2", | ||
| "typescript": "5.4.3" | ||
| "@typescript-eslint/eslint-plugin": "8.60.0", | ||
| "@typescript-eslint/parser": "8.60.0", | ||
| "@vercel/ncc": "0.38.4", | ||
| "@yarnpkg/sdks": "3.2.3", | ||
| "eslint": "10.4.0", | ||
| "eslint-config-prettier": "10.1.8", | ||
| "fast-check": "4.8.0", | ||
| "jest": "30.4.2", | ||
| "jest-junit": "17.0.0", | ||
| "jest-mock": "30.4.1", | ||
| "prettier": "3.8.3", | ||
| "ts-jest": "29.4.11", | ||
| "typescript": "6.0.3" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "package.json"
rg -n '"node"|`@types/node`|packageManager' package.json
echo
echo "tsconfig.json"
sed -n '1,20p' tsconfig.json
echo
echo "action.yaml"
rg -n 'using:\s*node' action.yamlRepository: AndreKurait/docker-cache
Length of output: 530
Align @types/node with the Node 24 baseline.
package.json sets engines.node to 24.16.0, tsconfig.json extends @tsconfig/node24, and action.yaml runs with using: node24, but @types/node is still pinned to 20.11.30. Update @types/node to the Node 24 line as well so TypeScript checks against the same Node API surface.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` around lines 18 - 49, The package.json devDependency
"`@types/node`" is pinned to Node 20 while engines.node is 24.16.0; update the
"`@types/node`" entry in package.json (devDependencies) to a Node-24-compatible
version (for example "^24.0.0") so TypeScript uses the Node 24 API surface, then
reinstall/update the lockfile (yarn) to persist the change.
| [tool.poetry.dependencies] | ||
| # Keep in sync with .pre-commit-config.yaml and .tool-versions. | ||
| python = "==3.12.2" | ||
| python = "==3.14.5" |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
Does Poetry's python = "==3.14.5" constraint allow Python 3.14.6, or only exactly 3.14.5? What version constraint is recommended if a project wants to accept any Python 3.14 patch release?
💡 Result:
In Poetry, the constraint python = "==3.14.5" is an exact version specification [1][2]. It requires Python 3.14.5 and will not accept Python 3.14.6 [2][3]. If you want to accept any Python 3.14 patch release, the recommended approach is to use a tilde requirement or an inequality range that covers the desired patch-level flexibility. For example: python = "~3.14.5" This constraint allows any 3.14.x version where x >= 5 (i.e., it allows 3.14.5, 3.14.6, etc., but remains within the 3.14.x series) [2][3]. Alternatively, you can use inequality requirements if you prefer to be explicit about the range: python = ">=3.14.5,<3.15" This explicitly allows any version starting from 3.14.5 up to, but not including, 3.15.0 [1][4].
Citations:
- 1: https://python-poetry.org/docs/dependency-specification
- 2: https://python-poetry.org/docs/main/dependency-specification
- 3: https://github.com/python-poetry/poetry/blob/main/docs/dependency-specification.md
- 4: https://python-poetry.org/docs/basic-usage
Relax the Poetry Python constraint in pyproject.toml
Poetry’s python = "==3.14.5" is an exact version requirement, so it will reject Python 3.14.6+. Keep the exact toolchain pin in .tool-versions, but loosen this to allow 3.14 patch updates.
Suggested fix
- python = "==3.14.5"
+ python = ">=3.14.5,<3.15"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| python = "==3.14.5" | |
| python = ">=3.14.5,<3.15" |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@pyproject.toml` at line 23, The pyproject.toml currently pins Python exactly
with python = "==3.14.5", which blocks 3.14 patch releases; change that
constraint to allow 3.14.x patch updates (for example replace python =
"==3.14.5" with python = "~=3.14.5" or an equivalent range like
">=3.14.5,<3.15") so Poetry accepts 3.14.6+ while keeping the exact toolchain
pin in .tool-versions.
| info("Docker did not become ready on Windows before timeout."); | ||
| }; |
There was a problem hiding this comment.
Fail fast when the Docker readiness timeout is exhausted.
After the retry budget is spent, waitForDocker only logs and returns, so both callers still proceed into docker load/docker image list/docker save. That means the Windows startup race this helper is meant to prevent can still happen after the timeout window, just with a less obvious failure point.
Suggested fix
- info("Docker did not become ready on Windows before timeout.");
+ throw new Error("Docker did not become ready on Windows before timeout.");
};📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| info("Docker did not become ready on Windows before timeout."); | |
| }; | |
| throw new Error("Docker did not become ready on Windows before timeout."); | |
| }; |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/docker.ts` around lines 55 - 56, The waitForDocker helper currently only
logs "Docker did not become ready on Windows before timeout." and returns,
allowing callers to continue; change this to fail fast by throwing a descriptive
error (or exiting) when the retry budget is exhausted so callers like docker
load/image list/save cannot proceed; locate the waitForDocker function and
replace the final return with a thrown Error (e.g., throw new Error("Docker
readiness timeout: Docker did not become ready on Windows")) or call
process.exit(1) depending on the module's error-handling pattern so the code
path stops immediately.
Update based on jiaheng
Summary by CodeRabbit
Bug Fixes
Chores