Skip to content

Update based on jiaheng#2

Merged
AndreKurait merged 50 commits into
AndreKurait:mainfrom
jiaheng:main
Jun 3, 2026
Merged

Update based on jiaheng#2
AndreKurait merged 50 commits into
AndreKurait:mainfrom
jiaheng:main

Conversation

@AndreKurait

@AndreKurait AndreKurait commented Jun 2, 2026

Copy link
Copy Markdown
Owner

Update based on jiaheng

Summary by CodeRabbit

  • Bug Fixes

    • Improved Docker readiness verification on Windows before cache operations.
  • Chores

    • Upgraded to newer runtime versions: Node.js 24, Python 3.14.5, Ruby 4.0.5, and Poetry 2.4.1.
    • Updated GitHub Actions workflows, development tools, and linting dependencies.

Copilot AI and others added 30 commits May 30, 2026 05:36
…erification (#10)

* Initial plan

* Fix failing CI: remove dangling image assertion in restore-cache verification

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
| datasource | package       | from   | to    |
| ---------- | ------------- | ------ | ----- |
| npm        | @actions/core | 1.11.1 | 3.0.1 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package        | from  | to    |
| ---------- | -------------- | ----- | ----- |
| npm        | @actions/cache | 4.0.3 | 6.0.1 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Initial plan

* fix: wait for Docker on Windows runners

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
)

| datasource | package                | from  | to     |
| ---------- | ---------------------- | ----- | ------ |
| npm        | eslint-config-prettier | 9.1.0 | 10.1.8 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package       | from  | to     |
| ---------- | ------------- | ----- | ------ |
| npm        | @yarnpkg/sdks | 3.1.0 | 3.2.3  |
| npm        | @yarnpkg/cli  | 4.1.1 | 4.15.0 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package          | from  | to    |
| ---------- | ---------------- | ----- | ----- |
| npm        | @fast-check/jest | 1.8.2 | 2.2.0 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate Bot and others added 20 commits May 31, 2026 04:01
| datasource | package       | from   | to    |
| ---------- | ------------- | ------ | ----- |
| npm        | @types/eslint | 8.56.6 | 9.6.1 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package                          | from   | to     |
| ---------- | -------------------------------- | ------ | ------ |
| docker     | oxsecurity/megalinter-javascript | v7.7.0 | v9.4.0 |
| npm        | prettier                         | 3.1.1  | 3.8.3  |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package                          | from  | to     |
| ---------- | -------------------------------- | ----- | ------ |
| npm        | @typescript-eslint/eslint-plugin | 7.3.1 | 8.60.0 |
| npm        | @typescript-eslint/parser        | 7.3.1 | 8.60.0 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from  | to    |
| ---------- | ------- | ----- | ----- |
| pypi       | poetry  | 1.8.2 | 2.4.1 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package       | from    | to     |
| ---------- | ------------- | ------- | ------ |
| npm        | @jest/globals | 29.7.0  | 30.4.1 |
| npm        | @jest/types   | 29.6.3  | 30.4.1 |
| npm        | @types/jest   | 29.5.12 | 30.0.0 |
| npm        | jest          | 29.7.0  | 30.4.2 |
| npm        | jest-mock     | 29.7.0  | 30.4.1 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| npm        | eslint  | 8.57.0 | 10.4.0 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource   | package      | from  | to    |
| ------------ | ------------ | ----- | ----- |
| ruby-version | ruby-version | 3.3.0 | 4.0.5 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package    | from  | to    |
| ---------- | ---------- | ----- | ----- |
| npm        | typescript | 5.4.3 | 6.0.3 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource      | package                       | from   | to     |
| --------------- | ----------------------------- | ------ | ------ |
| github-tags     | python/cpython                | 3.12.2 | 3.14.5 |
| github-releases | containerbase/python-prebuild | 3.12.2 | 3.14.5 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package     | from  | to    |
| ---------- | ----------- | ----- | ----- |
| pypi       | poetry-core | 1.9.0 | 2.4.1 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package    | from  | to    |
| ---------- | ---------- | ----- | ----- |
| pypi       | pre-commit | 3.6.2 | 4.6.0 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource  | package                     | from    | to      |
| ----------- | --------------------------- | ------- | ------- |
| pypi        | commitizen                  | 3.18.4  | 4.16.3  |
| github-tags | commitizen-tools/commitizen | v3.18.4 | v4.16.3 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package          | from   | to     |
| ---------- | ---------------- | ------ | ------ |
| npm        | @tsconfig/node22 | 22.0.0 | 22.0.5 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource   | package | from     | to       |
| ------------ | ------- | -------- | -------- |
| node-version | node    | v20.11.1 | v24.16.0 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
| datasource | package          | from   | to     |
| ---------- | ---------------- | ------ | ------ |
| npm        | @tsconfig/node24 | 24.0.0 | 24.0.4 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@coderabbitai

coderabbitai Bot commented Jun 2, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Comprehensive version upgrade coordinating Node.js (20→24), Python (3.12→3.14.5), Ruby (3.3→4.0.5), Yarn (4.1.1→4.15.0), and Poetry (1.8→2.4.1) across runtimes, dependencies, and CI workflows. Introduces Docker readiness retry logic on Windows before cache operations.

Changes

Complete Upgrade: Docker Windows, Runtimes, and Tooling

Layer / File(s) Summary
Docker Windows readiness: retry logic and platform detection
src/docker.ts, src/docker-windows.test.ts
loadDockerImages and saveDockerImages now accept optional platform parameter and call waitForDocker helper (Windows-only) that retries docker version with configurable timeout and delay. Tests verify Windows retry/success path with promisified exec, timeout scheduling, and logging, while Linux path skips readiness checks entirely.
Runtime versions: Node 24, Python 3.14.5, Ruby 4.0.5, Poetry 2.4.1
.tool-versions, action.yaml, package.json, pyproject.toml, tsconfig.json
Runtime pins and engine requirements bumped: .tool-versions updates Node.js, Python, Ruby, Poetry; action.yaml switches to node24; package.json engines and packageManager target Node 24.16.0 and Yarn 4.15.0; pyproject.toml requires Python 3.14.5 and Poetry 2.4.1; tsconfig.json extends @tsconfig/node24.
Yarn and linter configurations: Yarn 4.15.0, cspell, pre-commit hooks
.yarnrc.yml, .mega-linter.yaml, .pre-commit-config.yaml
.yarnrc.yml updates yarnPath to 4.15.0 and plugin-licenses to v0.15.1; .mega-linter.yaml updates ESLint CLI to use Yarn 4.15.0 and cspell dict to 2.0.10; .pre-commit-config.yaml bumps Python default version to 3.14.5 and updates hook revisions for md-toc (9.0.0), LicenseFinder (v7.2.1), blocklint (v0.3.0), commitizen (v4.16.3).
GitHub Actions and CI workflows: ubuntu-24.04, action versions, Docker cache verification
.github/workflows/test.yaml, .github/workflows/notify-assignee.yaml, .github/workflows/notify-reviewers.yaml
Test workflow upgrades runners from ubuntu-22.04 to ubuntu-24.04, adds windows-2025 to matrices, adds PowerShell Docker startup step on Windows, upgrades action versions (checkout v6.0.2, cache v5.0.5, publish-unit-test-result v2.23.0), simplifies Docker image verification from label checks to reference-based empty image check, and rewrites cache-deletion to use constructed curl key/url with non-fatal missing-cache handling. Notify workflows bump reusable action reference from v0.6.37 to v0.6.38.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A rabbit's ode to the grand upgrade
From Node twenty, to twenty-four we leap,
Python climbs to three-point-fourteen deep,
Docker wakes on Windows with patient care,
While Yarn spins faster through the upgrade air! 🧵✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Title check ❓ Inconclusive The title 'Update based on jiaheng' is vague and generic, providing no meaningful information about the substantive changes in this pull request, which include major dependency upgrades, Node.js/Python/Ruby version bumps, Docker Windows support fixes, and workflow updates. Revise the title to be more descriptive of the main changes, such as 'Update dependencies and runtimes (Node.js 24, Python 3.14, Ruby 4.0)' or 'Add Docker readiness handling for Windows and update dependencies'.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

src/docker-windows.test.ts

Oops! Something went wrong! :(

ESLint: 10.4.0

TypeError [ERR_UNKNOWN_FILE_EXTENSION]: Unknown file extension ".yaml" for /.eslintrc.yaml
at Object.getFileProtocolModuleFormat [as file:] (node:internal/modules/esm/get_format:236:9)
at defaultGetFormat (node:internal/modules/esm/get_format:262:36)
at defaultLoadSync (node:internal/modules/esm/load:158:16)
at #loadAndMaybeBlockOnLoaderThread (node:internal/modules/esm/loader:776:12)
at #loadSync (node:internal/modules/esm/loader:796:49)
at ModuleLoader.load (node:internal/modules/esm/loader:762:26)
at ModuleLoader.loadAndTranslate (node:internal/modules/esm/loader:504:31)
at #getOrCreateModuleJobAfterResolve (node:internal/modules/esm/loader:555:36)
at afterResolve (node:internal/modules/esm/loader:603:52)
at ModuleLoader.getOrCreateModuleJob (node:internal/modules/esm/loader:609:12)

src/docker.ts

Oops! Something went wrong! :(

ESLint: 10.4.0

TypeError [ERR_UNKNOWN_FILE_EXTENSION]: Unknown file extension ".yaml" for /.eslintrc.yaml
at Object.getFileProtocolModuleFormat [as file:] (node:internal/modules/esm/get_format:236:9)
at defaultGetFormat (node:internal/modules/esm/get_format:262:36)
at defaultLoadSync (node:internal/modules/esm/load:158:16)
at #loadAndMaybeBlockOnLoaderThread (node:internal/modules/esm/loader:776:12)
at #loadSync (node:internal/modules/esm/loader:796:49)
at ModuleLoader.load (node:internal/modules/esm/loader:762:26)
at ModuleLoader.loadAndTranslate (node:internal/modules/esm/loader:504:31)
at #getOrCreateModuleJobAfterResolve (node:internal/modules/esm/loader:555:36)
at afterResolve (node:internal/modules/esm/loader:603:52)
at ModuleLoader.getOrCreateModuleJob (node:internal/modules/esm/loader:609:12)


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

🧹 Nitpick comments (1)
src/docker-windows.test.ts (1)

54-92: ⚡ Quick win

Add a Windows coverage case for saveDockerImages.

The new readiness gate is used in both entrypoints, but this suite only exercises loadDockerImages. A regression in the post-step Windows path would still pass here.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/docker-windows.test.ts` around lines 54 - 92, Add a Windows unit test for
the saveDockerImages entrypoint mirroring the existing "waits for Docker before
listing images on Windows" test: mock core.getInput, cache.restoreCache, have
dockerReadyMock reject once then resolve, and mock util.execBashCommand; call
docker.saveDockerImages("win32") and assert that dockerReadyMock was called
twice with DOCKER_READY_COMMAND and WINDOWS_SHELL, timers.setTimeout was
invoked, core.info was called with the same retry and ready messages,
util.execBashCommand was called to perform the image save, and core.saveState
was called with docker.DOCKER_IMAGES_LIST (or the appropriate DOCKER_IMAGES_*
constant) to verify the post-step Windows behavior.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/test.yaml:
- Around line 126-127: The checkout step labeled "Check out repository." that
uses actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd should disable
credential persistence by adding persist-credentials: false to that step so the
workflow token is not written into git config; then ensure only the step that
actually requires the token receives it explicitly via token: ${{ github.token
}} (leave other checkouts without credentials).
- Around line 147-160: The current curl call unconditionally downgrades all
failures due to the trailing "|| echo ..." which hides auth/network/API errors;
modify the delete step so you run curl with --write-out "%{http_code}" and
capture the HTTP status (e.g., into a variable like resp and status), then treat
only 404 (cache not found) as non-fatal by echoing "Cache not found" and
continuing, while for any other non-2xx/3xx status print the response and exit
with non-zero. Locate the curl invocation using the key and url variables
(key='docker-cache-test-...';
url="$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/caches?key=$key") and
replace the trailing "|| echo ..." with logic that checks the HTTP status and
fails for anything other than 404 (or 204/2xx success).

In @.pre-commit-config.yaml:
- Line 10: The pre-commit config pins the interpreter to the exact binary name
"python3.14.5" which can break virtualenv creation; update the value of
default_language_version.python in .pre-commit-config.yaml (currently
"python3.14.5") to a broader spec such as "python3.14" or "3.14" so virtualenv
can find the installed interpreter (and keep this value consistent with
.tool-versions / pyproject.toml).

In @.tool-versions:
- Around line 1-4: Update the .tool-versions entry that currently pins "yarn
1.22.19" to match the repo’s Yarn 4 toolchain by changing it to "yarn 4.15.0" so
it aligns with package.json and .yarnrc.yml (or alternatively revert the Yarn 4
declarations if you intend to stay on Yarn 1); ensure the single line containing
"yarn 1.22.19" is replaced with "yarn 4.15.0" to avoid asdf/CI divergence.

In `@package.json`:
- Around line 18-49: The package.json devDependency "`@types/node`" is pinned to
Node 20 while engines.node is 24.16.0; update the "`@types/node`" entry in
package.json (devDependencies) to a Node-24-compatible version (for example
"^24.0.0") so TypeScript uses the Node 24 API surface, then reinstall/update the
lockfile (yarn) to persist the change.

In `@pyproject.toml`:
- Line 23: The pyproject.toml currently pins Python exactly with python =
"==3.14.5", which blocks 3.14 patch releases; change that constraint to allow
3.14.x patch updates (for example replace python = "==3.14.5" with python =
"~=3.14.5" or an equivalent range like ">=3.14.5,<3.15") so Poetry accepts
3.14.6+ while keeping the exact toolchain pin in .tool-versions.

In `@src/docker.ts`:
- Around line 55-56: The waitForDocker helper currently only logs "Docker did
not become ready on Windows before timeout." and returns, allowing callers to
continue; change this to fail fast by throwing a descriptive error (or exiting)
when the retry budget is exhausted so callers like docker load/image list/save
cannot proceed; locate the waitForDocker function and replace the final return
with a thrown Error (e.g., throw new Error("Docker readiness timeout: Docker did
not become ready on Windows")) or call process.exit(1) depending on the module's
error-handling pattern so the code path stops immediately.

---

Nitpick comments:
In `@src/docker-windows.test.ts`:
- Around line 54-92: Add a Windows unit test for the saveDockerImages entrypoint
mirroring the existing "waits for Docker before listing images on Windows" test:
mock core.getInput, cache.restoreCache, have dockerReadyMock reject once then
resolve, and mock util.execBashCommand; call docker.saveDockerImages("win32")
and assert that dockerReadyMock was called twice with DOCKER_READY_COMMAND and
WINDOWS_SHELL, timers.setTimeout was invoked, core.info was called with the same
retry and ready messages, util.execBashCommand was called to perform the image
save, and core.saveState was called with docker.DOCKER_IMAGES_LIST (or the
appropriate DOCKER_IMAGES_* constant) to verify the post-step Windows behavior.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 77a5683c-5efa-45c4-b5cb-9207d52539fb

📥 Commits

Reviewing files that changed from the base of the PR and between 0fe7670 and 7506b06.

⛔ Files ignored due to path filters (9)
  • .yarn/releases/yarn-4.1.1.cjs is excluded by !**/.yarn/**
  • .yarn/releases/yarn-4.15.0.cjs is excluded by !**/.yarn/**
  • .yarn/sdks/eslint/package.json is excluded by !**/.yarn/**
  • .yarn/sdks/prettier/package.json is excluded by !**/.yarn/**
  • .yarn/sdks/typescript/package.json is excluded by !**/.yarn/**
  • dist/main/index.js is excluded by !**/dist/**
  • dist/post/index.js is excluded by !**/dist/**
  • poetry.lock is excluded by !**/*.lock
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (13)
  • .github/workflows/notify-assignee.yaml
  • .github/workflows/notify-reviewers.yaml
  • .github/workflows/test.yaml
  • .mega-linter.yaml
  • .pre-commit-config.yaml
  • .tool-versions
  • .yarnrc.yml
  • action.yaml
  • package.json
  • pyproject.toml
  • src/docker-windows.test.ts
  • src/docker.ts
  • tsconfig.json

Comment on lines 126 to +127
- name: Check out repository.
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Disable credential persistence on the restore-cache checkout.

This job grants actions: write and then executes repository-controlled code via uses: ./. With the default checkout behavior, that token is written into the local git config first, so PR code can read it before the cache-deletion step. Set persist-credentials: false here and only pass ${{ github.token }} to the step that actually needs it.

Suggested fix
       - name: Check out repository.
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Check out repository.
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Check out repository.
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
🧰 Tools
🪛 zizmor (1.25.2)

[warning] 126-127: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/test.yaml around lines 126 - 127, The checkout step
labeled "Check out repository." that uses
actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd should disable
credential persistence by adding persist-credentials: false to that step so the
workflow token is not written into git config; then ensure only the step that
actually requires the token receives it explicitly via token: ${{ github.token
}} (leave other checkouts without credentials).

Comment on lines +147 to +160
run: |
key='docker-cache-test-${{ matrix.os }}-${{ github.run_id }}-${{ github.run_attempt }}'
url="$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/caches?key=$key"
echo "Deleting cache key: $key"
echo "DELETE $url"
curl \
--fail-with-body \
--silent \
--show-error \
--request DELETE \
--header 'Accept: application/vnd.github.v3+json' \
--header 'Authorization: Bearer ${{ github.token }}' \
"$url" \
|| echo "Cache not found (non-fatal)."

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Only downgrade actual cache misses to non-fatal.

The trailing || echo "Cache not found" swallows every curl failure, not just 404s. That makes auth/API/network failures look like a normal miss and hides cleanup regressions.

Suggested fix
-          curl \
-            --fail-with-body \
-            --silent \
-            --show-error \
-            --request DELETE \
-            --header 'Accept: application/vnd.github.v3+json' \
-            --header 'Authorization: Bearer ${{ github.token }}' \
-            "$url" \
-          || echo "Cache not found (non-fatal)."
+          status="$(
+            curl \
+              --output /tmp/cache-delete-response \
+              --write-out '%{http_code}' \
+              --silent \
+              --show-error \
+              --request DELETE \
+              --header 'Accept: application/vnd.github.v3+json' \
+              --header 'Authorization: Bearer ${{ github.token }}' \
+              "$url"
+          )"
+          if [[ "$status" == "404" ]]; then
+            echo "Cache not found (non-fatal)."
+          elif [[ "$status" != "200" && "$status" != "204" ]]; then
+            cat /tmp/cache-delete-response
+            exit 1
+          fi
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
run: |
key='docker-cache-test-${{ matrix.os }}-${{ github.run_id }}-${{ github.run_attempt }}'
url="$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/caches?key=$key"
echo "Deleting cache key: $key"
echo "DELETE $url"
curl \
--fail-with-body \
--silent \
--show-error \
--request DELETE \
--header 'Accept: application/vnd.github.v3+json' \
--header 'Authorization: Bearer ${{ github.token }}' \
"$url" \
|| echo "Cache not found (non-fatal)."
run: |
key='docker-cache-test-${{ matrix.os }}-${{ github.run_id }}-${{ github.run_attempt }}'
url="$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/caches?key=$key"
echo "Deleting cache key: $key"
echo "DELETE $url"
status="$(
curl \
--output /tmp/cache-delete-response \
--write-out '%{http_code}' \
--silent \
--show-error \
--request DELETE \
--header 'Accept: application/vnd.github.v3+json' \
--header 'Authorization: Bearer ${{ github.token }}' \
"$url"
)"
if [[ "$status" == "404" ]]; then
echo "Cache not found (non-fatal)."
elif [[ "$status" != "200" && "$status" != "204" ]]; then
cat /tmp/cache-delete-response
exit 1
fi
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/test.yaml around lines 147 - 160, The current curl call
unconditionally downgrades all failures due to the trailing "|| echo ..." which
hides auth/network/API errors; modify the delete step so you run curl with
--write-out "%{http_code}" and capture the HTTP status (e.g., into a variable
like resp and status), then treat only 404 (cache not found) as non-fatal by
echoing "Cache not found" and continuing, while for any other non-2xx/3xx status
print the response and exit with non-zero. Locate the curl invocation using the
key and url variables (key='docker-cache-test-...';
url="$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/actions/caches?key=$key") and
replace the trailing "|| echo ..." with logic that checks the HTTP status and
fails for anything other than 404 (or 204/2xx success).

Comment thread .pre-commit-config.yaml
- pre-push
default_language_version:
python: python3.12.2 # Keep in sync with .tool-versions and pyproject.toml.
python: python3.14.5 # Keep in sync with .tool-versions and pyproject.toml.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

Does pre-commit's default_language_versionfor Python expect an interpreter executable name likepython3.14, or can it reliably use a patch-level name like python3.14.5?

💡 Result:

Pre-commit's default_language_version (and language_version) for Python expects the name of a system-installed Python interpreter executable [1]. This value is passed directly as the -p argument to virtualenv [1], which uses the value to locate the Python executable on the system path [2]. While you can technically pass a full path or a specific executable name like python3.14.5, it is generally recommended to use broader version identifiers like python3.14 or python3 to ensure portability across different environments [1]. Using a highly specific patch-level name (e.g., python3.14.5) assumes that the exact executable python3.14.5 exists in the system's PATH [1], which is often not guaranteed across different developer machines or CI environments, potentially causing the hook to fail if that exact file name is not found [3]. In practice, the tool resolves the interpreter based on what is available in the environment [1][2]. If you require a specific Python version, using python3.14 is the standard and most reliable way to target that release series without coupling your configuration to a specific patch-level build [1][4].

Citations:


Fix pre-commit Python interpreter pinning (python3.14.5)

In .pre-commit-config.yaml, default_language_version.python is set to python3.14.5. pre-commit passes this value directly to virtualenv to locate the interpreter executable on PATH, so hook environment creation can fail when the exact python3.14.5 binary isn’t available (even if 3.14.5 is installed under a different name like python3.14).

Suggested fix
-  python: python3.14.5 # Keep in sync with .tool-versions and pyproject.toml.
+  python: python3.14 # Keep patch pinning in .tool-versions.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
python: python3.14.5 # Keep in sync with .tool-versions and pyproject.toml.
python: python3.14 # Keep patch pinning in .tool-versions.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.pre-commit-config.yaml at line 10, The pre-commit config pins the
interpreter to the exact binary name "python3.14.5" which can break virtualenv
creation; update the value of default_language_version.python in
.pre-commit-config.yaml (currently "python3.14.5") to a broader spec such as
"python3.14" or "3.14" so virtualenv can find the installed interpreter (and
keep this value consistent with .tool-versions / pyproject.toml).

Comment thread .tool-versions
Comment on lines +1 to +4
nodejs 24.16.0 # Keep in sync with package.json.
yarn 1.22.19
python 3.12.2 # Keep in sync with .pre-commit-config.yaml and pyproject.toml.
poetry 1.8.2
ruby 3.3.0
python 3.14.5 # Keep in sync with .pre-commit-config.yaml and pyproject.toml.
poetry 2.4.1

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo ".tool-versions"
sed -n '1,20p' .tool-versions

echo
echo "package.json"
rg -n '"(engines|packageManager)"|yarn@|\"yarn\":' package.json

echo
echo ".yarnrc.yml (if present)"
fd -HI '^\.yarnrc\.yml$' -x sh -c 'echo "--- $1 ---"; sed -n "1,80p" "$1"' sh {}

Repository: AndreKurait/docker-cache

Length of output: 421


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== .tool-versions ==="
cat .tool-versions || true

echo
echo "=== package.json (Yarn-related fields) ==="
if [ -f package.json ]; then
  python3 - <<'PY'
import json
p="package.json"
with open(p,'r',encoding='utf-8') as f:
    data=json.load(f)
print("packageManager:", data.get("packageManager"))
eng=data.get("engines") or {}
print("engines.yarn:", eng.get("yarn"))
print("engines keys:", sorted(list(eng.keys())))
PY

  echo
  echo "--- Raw matches (sanity) ---"
  rg -n '"packageManager"' package.json || true
  rg -n '"engines"' package.json || true
else
  echo "package.json not found"
fi

echo
echo "=== Yarn config files ==="
# List likely Yarn config files without dumping huge content
fd -t f -HI '\.yarnrc\.yml$|\.yarnrc$|yarn\.lock$|\.yarn\/releases\/' . || true
if [ -f .yarnrc.yml ]; then
  sed -n '1,120p' .yarnrc.yml
fi
if [ -f .yarnrc ]; then
  sed -n '1,120p' .yarnrc
fi

Repository: AndreKurait/docker-cache

Length of output: 1356


Align .tool-versions with the repo’s Yarn 4 toolchain (yarn@4.15.0).

.tool-versions pins yarn 1.22.19, but package.json declares yarn@4.15.0 and .yarnrc.yml points yarnPath to yarn-4.15.0.cjs. This can cause local asdf-based installs to diverge from CI (lock/config behavior). Update .tool-versions to yarn 4.15.0 (or revert the Yarn 4 declarations/config if staying on Yarn 1).

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.tool-versions around lines 1 - 4, Update the .tool-versions entry that
currently pins "yarn 1.22.19" to match the repo’s Yarn 4 toolchain by changing
it to "yarn 4.15.0" so it aligns with package.json and .yarnrc.yml (or
alternatively revert the Yarn 4 declarations if you intend to stay on Yarn 1);
ensure the single line containing "yarn 1.22.19" is replaced with "yarn 4.15.0"
to avoid asdf/CI divergence.

Comment thread package.json
Comment on lines 18 to +49
"engines": {
"node": "20.11.1",
"yarn": "4.1.1"
"node": "24.16.0",
"yarn": "4.15.0"
},
"packageManager": "yarn@4.1.1",
"packageManager": "yarn@4.15.0",
"dependencies": {
"@actions/cache": "4.0.3",
"@actions/core": "1.11.1"
"@actions/cache": "6.0.1",
"@actions/core": "3.0.1"
},
"devDependencies": {
"@cspell/dict-win32": "2.0.3",
"@fast-check/jest": "1.8.2",
"@jest/globals": "29.7.0",
"@jest/types": "29.6.3",
"@tsconfig/node20": "20.1.2",
"@tsconfig/strictest": "2.0.3",
"@types/eslint": "8.56.6",
"@types/jest": "29.5.12",
"@cspell/dict-win32": "2.0.10",
"@fast-check/jest": "2.2.0",
"@jest/globals": "30.4.1",
"@jest/types": "30.4.1",
"@tsconfig/node24": "24.0.4",
"@tsconfig/strictest": "2.0.8",
"@types/eslint": "9.6.1",
"@types/jest": "30.0.0",
"@types/node": "20.11.30",
"@typescript-eslint/eslint-plugin": "7.3.1",
"@typescript-eslint/parser": "7.3.1",
"@vercel/ncc": "0.38.1",
"@yarnpkg/sdks": "3.1.0",
"eslint": "8.57.0",
"eslint-config-prettier": "9.1.0",
"fast-check": "3.23.2",
"jest": "29.7.0",
"jest-junit": "16.0.0",
"jest-mock": "29.7.0",
"prettier": "3.1.1",
"ts-jest": "29.1.2",
"typescript": "5.4.3"
"@typescript-eslint/eslint-plugin": "8.60.0",
"@typescript-eslint/parser": "8.60.0",
"@vercel/ncc": "0.38.4",
"@yarnpkg/sdks": "3.2.3",
"eslint": "10.4.0",
"eslint-config-prettier": "10.1.8",
"fast-check": "4.8.0",
"jest": "30.4.2",
"jest-junit": "17.0.0",
"jest-mock": "30.4.1",
"prettier": "3.8.3",
"ts-jest": "29.4.11",
"typescript": "6.0.3"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "package.json"
rg -n '"node"|`@types/node`|packageManager' package.json

echo
echo "tsconfig.json"
sed -n '1,20p' tsconfig.json

echo
echo "action.yaml"
rg -n 'using:\s*node' action.yaml

Repository: AndreKurait/docker-cache

Length of output: 530


Align @types/node with the Node 24 baseline.

package.json sets engines.node to 24.16.0, tsconfig.json extends @tsconfig/node24, and action.yaml runs with using: node24, but @types/node is still pinned to 20.11.30. Update @types/node to the Node 24 line as well so TypeScript checks against the same Node API surface.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 18 - 49, The package.json devDependency
"`@types/node`" is pinned to Node 20 while engines.node is 24.16.0; update the
"`@types/node`" entry in package.json (devDependencies) to a Node-24-compatible
version (for example "^24.0.0") so TypeScript uses the Node 24 API surface, then
reinstall/update the lockfile (yarn) to persist the change.

Comment thread pyproject.toml
[tool.poetry.dependencies]
# Keep in sync with .pre-commit-config.yaml and .tool-versions.
python = "==3.12.2"
python = "==3.14.5"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

Does Poetry's python = "==3.14.5" constraint allow Python 3.14.6, or only exactly 3.14.5? What version constraint is recommended if a project wants to accept any Python 3.14 patch release?

💡 Result:

In Poetry, the constraint python = "==3.14.5" is an exact version specification [1][2]. It requires Python 3.14.5 and will not accept Python 3.14.6 [2][3]. If you want to accept any Python 3.14 patch release, the recommended approach is to use a tilde requirement or an inequality range that covers the desired patch-level flexibility. For example: python = "~3.14.5" This constraint allows any 3.14.x version where x >= 5 (i.e., it allows 3.14.5, 3.14.6, etc., but remains within the 3.14.x series) [2][3]. Alternatively, you can use inequality requirements if you prefer to be explicit about the range: python = ">=3.14.5,<3.15" This explicitly allows any version starting from 3.14.5 up to, but not including, 3.15.0 [1][4].

Citations:


Relax the Poetry Python constraint in pyproject.toml

Poetry’s python = "==3.14.5" is an exact version requirement, so it will reject Python 3.14.6+. Keep the exact toolchain pin in .tool-versions, but loosen this to allow 3.14 patch updates.

Suggested fix
-  python = "==3.14.5"
+  python = ">=3.14.5,<3.15"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
python = "==3.14.5"
python = ">=3.14.5,<3.15"
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pyproject.toml` at line 23, The pyproject.toml currently pins Python exactly
with python = "==3.14.5", which blocks 3.14 patch releases; change that
constraint to allow 3.14.x patch updates (for example replace python =
"==3.14.5" with python = "~=3.14.5" or an equivalent range like
">=3.14.5,<3.15") so Poetry accepts 3.14.6+ while keeping the exact toolchain
pin in .tool-versions.

Comment thread src/docker.ts
Comment on lines +55 to +56
info("Docker did not become ready on Windows before timeout.");
};

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Fail fast when the Docker readiness timeout is exhausted.

After the retry budget is spent, waitForDocker only logs and returns, so both callers still proceed into docker load/docker image list/docker save. That means the Windows startup race this helper is meant to prevent can still happen after the timeout window, just with a less obvious failure point.

Suggested fix
-  info("Docker did not become ready on Windows before timeout.");
+  throw new Error("Docker did not become ready on Windows before timeout.");
 };
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
info("Docker did not become ready on Windows before timeout.");
};
throw new Error("Docker did not become ready on Windows before timeout.");
};
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/docker.ts` around lines 55 - 56, The waitForDocker helper currently only
logs "Docker did not become ready on Windows before timeout." and returns,
allowing callers to continue; change this to fail fast by throwing a descriptive
error (or exiting) when the retry budget is exhausted so callers like docker
load/image list/save cannot proceed; locate the waitForDocker function and
replace the final return with a thrown Error (e.g., throw new Error("Docker
readiness timeout: Docker did not become ready on Windows")) or call
process.exit(1) depending on the module's error-handling pattern so the code
path stops immediately.

@AndreKurait AndreKurait merged commit d77b59a into AndreKurait:main Jun 3, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants