Conversation
📝 WalkthroughSummary by CodeRabbit
WalkthroughThis PR adds Burrito cross-compilation and single-binary support across build, CI, Docker, and runtime. It updates multiple GitHub workflows to use useblacksmith/cache and adds multi-arch prod build jobs and a build-burrito Docker job. Dockerfile, docker-compose.burrito.yml, Makefile, mix.exs, and run.sh gain BURRITO_TARGET/Zig/cross-compile logic. Config adds dev_mode and api_url and live views use compile-time timers. Signal handling and tests are adjusted, a rustler upgrade hook is added, and static asset manifests and .gitignore entries for burrito_out are introduced. Sequence Diagram(s)sequenceDiagram
actor Dev as Developer
participant CI as GitHub Actions
participant Builder as Docker Builder (useblacksmith)
participant Registry as Docker Cache/Images
participant Burrito as Burrito/Zig/cargo-zigbuild
participant Release as GitHub Release
Dev->>CI: push/tag
CI->>Builder: start build-burrito (matrix: BURRITO_TARGET)
Builder->>Registry: restore/pull docker cache
Builder->>Burrito: install Zig/rustup -> cargo zigbuild (if cross)
Burrito->>Builder: produce burrito_out/realtime_<target>
Builder->>Release: upload binary artifact
Release->>Dev: artifacts available
sequenceDiagram
participant Compose as docker-compose.burrito.yml
participant DB as Postgres container
participant Realtime as Realtime container
participant Entrypoint as run.sh inside container
Compose->>DB: start DB (POSTGRES_IMAGE)
DB-->>Compose: report healthy (pg_isready)
Compose->>Realtime: build/start (depends_on service_healthy)
Realtime->>Entrypoint: container starts -> run.sh
Entrypoint->>Entrypoint: test /app/bin/realtime exists?
alt Burrito single-binary present
Entrypoint->>Realtime: run /app/realtime (migrate, start)
else Traditional Mix release
Entrypoint->>Realtime: run /app/bin/realtime (migrate, exec)
end
Realtime->>DB: connect using env vars
Realtime->>Compose: respond to /healthcheck
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/beacon_tests.yml:
- Line 37: Replace the mutable tag useblacksmith/cache@v5 with an immutable
40-character commit SHA (e.g., useblacksmith/cache@<full-commit-sha>) to
eliminate supply-chain risk; update the same pin in all other workflow files
that reference useblacksmith/cache (tests.yml, prod_linter.yml, rust.yml,
lint.yml) so every workflow uses the exact same full commit SHA rather than a
short tag.
In @.github/workflows/prod_build.yml:
- Line 74: The workflow uses unregistered runner labels (runs-on: arm-runner and
the matrix entry blacksmith-4vcpu-ubuntu-2404-arm) which causes actionlint to
fail; either add those labels to the repository's actionlint configuration
(register the self-hosted labels) or change the workflows to use existing
registered labels (e.g., blacksmith-4vcpu-ubuntu-2404 or
blacksmith-8vcpu-ubuntu-2404) wherever you see runs-on: arm-runner and
blacksmith-4vcpu-ubuntu-2404-arm in the affected workflow files.
In `@Dockerfile`:
- Around line 70-77: The Dockerfile places the Burrito binary at
/app/release/realtime but runtime/startup expects /app/realtime, causing missing
file errors; update the RUN block that builds for BURRITO_TARGET (the
BURRITO_TARGET branch that runs mix release and cp
burrito_out/realtime_${BURRITO_TARGET}) to copy the produced binary to
/app/realtime (or create a symlink from /app/release/realtime to /app/realtime)
so the runtime path matches, ensuring the cp invocation after mix release writes
to /app/realtime instead of /app/release/realtime.
In `@mix.exs`:
- Around line 156-158: The destination path hardcodes
"prometheus_remote_write.so" causing wrong filenames on non-Linux targets;
update the logic that builds dst to use the existing src_filename variable
instead of the hardcoded name (i.e., construct dst from release.path, "lib",
"realtime-#{release.version}", "priv", "native", and src_filename) so the copied
NIF keeps the target-specific filename; modify the code around dst and the copy
step where src_filename is defined to reference src_filename for the destination
filename.
ℹ️ Review info
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Cache: Disabled due to Reviews > Disable Cache setting
Disabled knowledge base sources:
- Linear integration is disabled
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (1)
mix.lockis excluded by!**/*.lock
📒 Files selected for processing (22)
.github/workflows/beacon_tests.yml.github/workflows/docker-build.yml.github/workflows/integration_tests.yml.github/workflows/lint.yml.github/workflows/prod_build.yml.github/workflows/prod_linter.yml.github/workflows/rust.yml.github/workflows/tests.ymlDockerfileMakefileconfig/config.exsconfig/dev.exsdocker-compose.burrito.ymllib/realtime/monitoring/os_metrics.exlib/realtime_web/api_spec.exlib/realtime_web/live/ping_live.exlib/realtime_web/live/time_live.exmix.exsnative/prometheus_remote_write/src/lib.rsrun.shtest/realtime/metrics_pusher_test.exstest/realtime/monitoring/gen_rpc_metrics_test.exs
💤 Files with no reviewable changes (2)
- .github/workflows/integration_tests.yml
- test/realtime/metrics_pusher_test.exs
| elixir-version: 1.18.x # Define the elixir version [required] | ||
| - name: Cache Mix | ||
| uses: actions/cache@v5 | ||
| uses: useblacksmith/cache@v5 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# First, check if the file exists and examine line 37
if [ -f ".github/workflows/beacon_tests.yml" ]; then
echo "=== File exists. Checking line 37 context ==="
sed -n '30,45p' .github/workflows/beacon_tests.yml
else
echo "File not found"
fi
# List all workflow files for reference
echo ""
echo "=== All workflow files ==="
fd -e yml -e yaml .github/workflowsRepository: supabase/realtime
Length of output: 1267
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Now search for all third-party GitHub Actions with non-SHA pinning
# This will help identify if useblacksmith/cache@v5 appears and if there are similar issues
echo "=== Searching for non-SHA-pinned third-party actions ==="
mapfile -t WORKFLOWS < <(fd -e yml -e yaml .github/workflows)
if [ ${`#WORKFLOWS`[@]} -gt 0 ]; then
rg -nP '^\s*-?\s*uses:\s+' "${WORKFLOWS[@]}" | head -50
else
echo "No workflow files found"
fiRepository: supabase/realtime
Length of output: 191
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# More specifically, search for useblacksmith/cache usage
echo "=== Searching for useblacksmith/cache usage ==="
rg -rn "useblacksmith/cache" .github/workflows/Repository: supabase/realtime
Length of output: 453
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Get all workflow files correctly
echo "=== All workflow files ==="
fd . .github/workflows -e yml -e yaml | sort
echo ""
echo "=== Search for all 'uses' statements in workflows ==="
rg "uses:" .github/workflows/ --no-heading -o | sort | uniqRepository: supabase/realtime
Length of output: 858
🌐 Web query:
useblacksmith/cache GitHub Action security risk mutable tags
💡 Result:
Using useblacksmith/cache@v5 (or any @vN/@main) carries the standard GitHub Actions supply-chain risk of mutable refs: the tag can be force-moved to a different commit, so a repo compromise (or malicious maintainer action) can make your workflow run new code without any change in your workflow file. Blacksmith’s own docs show migration via useblacksmith/cache@v5, which is a mutable major tag by design. [1][2]
This isn’t theoretical: in the tj-actions/changed-files incident (CVE-2025-30066), attackers updated the action and moved version tags to point at a malicious commit, exposing secrets in workflow logs. [3]
Mitigation (best practice):
- Pin the action to an immutable commit SHA, not
@v5/@main. (You can still keep a human-readable comment like# v5.x.yand periodically bump the SHA in a controlled PR.) This avoids silent tag retargeting. [4]
Sources
[1] Blacksmith docs – “Actions” (shows useblacksmith/cache@v5 usage) (docs.blacksmith.sh)
[2] GitHub Docs – tags can be force-moved (git tag -f …, git push -f --tags) (docs.github.com)
[3] Report on tj-actions compromise + tag retargeting (CVE-2025-30066) (safetydetectives.com)
[4] Discussion of mutable refs vs commit-SHA pinning risk in GitHub Actions (orca.security)
Citations:
- 1: https://docs.blacksmith.sh/blacksmith-caching/dependencies-actions
- 2: https://docs.github.com/en/actions/how-tos/create-and-publish-actions/using-immutable-releases-and-tags-to-manage-your-actions-releases
- 3: https://www.safetydetectives.com/news/github-action-compromised-leaking-sensitive-secrets/?utm_source=openai
- 4: https://orca.security/resources/blog/github-actions-security-risks/?utm_source=openai
Pin useblacksmith/cache to an immutable commit SHA before merge.
Line 37 uses useblacksmith/cache@v5 (mutable tag). This is a CI supply-chain risk; a retag can change executed code without PR changes (precedent: CVE-2025-30066 with tj-actions/changed-files). Please pin to a full 40-char commit SHA here and in other workflows (tests.yml, prod_linter.yml, rust.yml, lint.yml).
🔒 Minimal fix pattern
- uses: useblacksmith/cache@v5
+ uses: useblacksmith/cache@<verified-40-char-commit-sha>🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/beacon_tests.yml at line 37, Replace the mutable tag
useblacksmith/cache@v5 with an immutable 40-character commit SHA (e.g.,
useblacksmith/cache@<full-commit-sha>) to eliminate supply-chain risk; update
the same pin in all other workflow files that reference useblacksmith/cache
(tests.yml, prod_linter.yml, rust.yml, lint.yml) so every workflow uses the
exact same full commit SHA rather than a short tag.
|
|
||
| binary_linux_arm64: | ||
| needs: release | ||
| runs-on: arm-runner |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Find actionlint configuration files
echo "=== Actionlint config files ==="
fd -HI 'actionlint' . --type f
fd -HI 'actionlint\.ya?ml$' .
# Check GitHub Actions workflows directory structure
echo -e "\n=== Workflow files in .github/workflows ==="
ls -la .github/workflows/ 2>/dev/null || echo "No .github/workflows found"
# Find all runs-on declarations in workflows
echo -e "\n=== All runs-on declarations ==="
rg -n 'runs-on:' .github/workflows --color=never -A 1 -B 1
# Check for any runner configuration files
echo -e "\n=== Files mentioning runner configuration ==="
rg -l 'runner' .github/ --type yml --type yaml 2>/dev/null | head -20
# Search for arm-runner and blacksmith definitions
echo -e "\n=== Search for arm-runner and blacksmith labels ==="
rg 'arm-runner|blacksmith' . --type yml --type yaml --color=neverRepository: supabase/realtime
Length of output: 5286
🏁 Script executed:
#!/bin/bash
# Check if these are standard GitHub-hosted runners
echo "=== Standard GitHub runners documentation check ==="
rg 'ubuntu|macos|windows' .github/workflows --type yml | head -20
# Look for any GitHub runner setup or configuration
echo -e "\n=== Check for runner setup/registration ==="
rg 'runs-on' .github/workflows -A 2 -B 2 --type yml | grep -E '(runs-on|self-hosted|labels)' | head -30
# Check if there's a .github/actionlint.yaml file or similar
echo -e "\n=== Check .github directory contents ==="
find .github -type f -name '*actionlint*' -o -name '*runner*' 2>/dev/nullRepository: supabase/realtime
Length of output: 296
🏁 Script executed:
#!/bin/bash
# Read the actionlint.yaml configuration
cat .github/actionlint.yamlRepository: supabase/realtime
Length of output: 160
🏁 Script executed:
#!/bin/bash
# Check the docker-build.yml to see what the matrix.runner variable contains
echo "=== docker-build.yml content around matrix.runner ==="
cat .github/workflows/docker-build.yml | grep -A 10 -B 5 'matrix.runner'Repository: supabase/realtime
Length of output: 513
Unregistered runner labels will cause actionlint validation to fail.
arm-runner (prod_build.yml lines 74, 177 and manual_prod_build.yml line 44) and blacksmith-4vcpu-ubuntu-2404-arm (docker-build.yml matrix) are not declared in .github/actionlint.yaml, which registers only blacksmith-4vcpu-ubuntu-2404 and blacksmith-8vcpu-ubuntu-2404. Either add these labels to actionlint config if they are self-hosted runners, or use registered labels.
🧰 Tools
🪛 actionlint (1.7.11)
[error] 74-74: label "arm-runner" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2025-vs2026", "windows-2022", "windows-11-arm", "ubuntu-slim", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26-large", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xlarge", "macos-14-large", "macos-14", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows", "blacksmith-4vcpu-ubuntu-2404", "blacksmith-8vcpu-ubuntu-2404". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file
(runner-label)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/prod_build.yml at line 74, The workflow uses unregistered
runner labels (runs-on: arm-runner and the matrix entry
blacksmith-4vcpu-ubuntu-2404-arm) which causes actionlint to fail; either add
those labels to the repository's actionlint configuration (register the
self-hosted labels) or change the workflows to use existing registered labels
(e.g., blacksmith-4vcpu-ubuntu-2404 or blacksmith-8vcpu-ubuntu-2404) wherever
you see runs-on: arm-runner and blacksmith-4vcpu-ubuntu-2404-arm in the affected
workflow files.
| RUN mkdir -p /app/release && \ | ||
| if [ -n "${BURRITO_TARGET}" ]; then \ | ||
| BURRITO_TARGET=${BURRITO_TARGET} mix release && \ | ||
| cp burrito_out/realtime_${BURRITO_TARGET} /app/release/realtime; \ | ||
| else \ | ||
| mix release && \ | ||
| cp -r _build/prod/rel/realtime/. /app/release/; \ | ||
| fi |
There was a problem hiding this comment.
Burrito binary path in image does not match startup path.
The image currently places the binary under /app/release/realtime, but startup expects /app/realtime (Burrito mode). This causes migration/start commands to fail with missing file.
Proposed minimal fix
-COPY --from=builder --chown=nobody:root /app/release ./
+COPY --from=builder --chown=nobody:root /app/release/ ./As per coding guidelines, "Comment only when the issue must be resolved before merge."
Also applies to: 101-101
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@Dockerfile` around lines 70 - 77, The Dockerfile places the Burrito binary at
/app/release/realtime but runtime/startup expects /app/realtime, causing missing
file errors; update the RUN block that builds for BURRITO_TARGET (the
BURRITO_TARGET branch that runs mix release and cp
burrito_out/realtime_${BURRITO_TARGET}) to copy the produced binary to
/app/realtime (or create a symlink from /app/release/realtime to /app/realtime)
so the runtime path matches, ensuring the cp invocation after mix release writes
to /app/realtime instead of /app/release/realtime.
filipecabaco
force-pushed
the
feat/package-into-binary
branch
from
c254850 to
8468d5e
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
.github/workflows/prod_build.yml (1)
74-74:⚠️ Potential issue | 🔴 CriticalUnknown runner label blocks CI/release validation
At Line 74,
runs-on: arm-runneris not a registered label in actionlint, and the same pattern exists in.github/workflows/docker-build.yml(matrix runnerblacksmith-4vcpu-ubuntu-2404-arm). This will fail workflow lint/validation unless these labels are registered as self-hosted labels in.github/actionlint.yaml(or replaced with registered labels).#!/bin/bash set -euo pipefail echo "Configured actionlint runner labels:" cat .github/actionlint.yaml echo echo "Runner labels used by updated workflows:" rg -n 'runs-on:\s*(arm-runner|blacksmith-4vcpu-ubuntu-2404-arm)' .github/workflows -SAs per coding guidelines, "Comment only when the issue must be resolved before merge."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/prod_build.yml at line 74, The workflow uses unregistered runner labels (runs-on: arm-runner in the touched workflow and blacksmith-4vcpu-ubuntu-2404-arm in .github/workflows/docker-build.yml) which actionlint will flag; either add these labels to the actionlint allowed list in .github/actionlint.yaml (register "arm-runner" and "blacksmith-4vcpu-ubuntu-2404-arm") or change the workflows to use existing registered labels — update the action files referencing runs-on or the actionlint config accordingly so actionlint validation passes.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@Dockerfile`:
- Around line 37-41: The Dockerfile's Zig download URL is using the wrong
filename pattern causing 404s when BURRITO_TARGET is set; update the curl URL
inside the RUN block that sets ARCH (uname -m) so it requests the correct
release filename format (zig-linux-<ARCH>-<ZIG_VERSION>.tar.xz) instead of
zig-<ARCH>-linux-<ZIG_VERSION>.tar.xz, leaving the rest of the extraction/move
steps (mv /usr/local/zig-<...> /usr/local/zig) consistent with the renamed
archive.
---
Duplicate comments:
In @.github/workflows/prod_build.yml:
- Line 74: The workflow uses unregistered runner labels (runs-on: arm-runner in
the touched workflow and blacksmith-4vcpu-ubuntu-2404-arm in
.github/workflows/docker-build.yml) which actionlint will flag; either add these
labels to the actionlint allowed list in .github/actionlint.yaml (register
"arm-runner" and "blacksmith-4vcpu-ubuntu-2404-arm") or change the workflows to
use existing registered labels — update the action files referencing runs-on or
the actionlint config accordingly so actionlint validation passes.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: 8ccb31ad-e829-46e2-b526-a946174f94e2
⛔ Files ignored due to path filters (1)
mix.lockis excluded by!**/*.lock
📒 Files selected for processing (23)
.actionlint.yml.github/workflows/beacon_tests.yml.github/workflows/docker-build.yml.github/workflows/integration_tests.yml.github/workflows/lint.yml.github/workflows/prod_build.yml.github/workflows/prod_linter.yml.github/workflows/rust.yml.github/workflows/tests.ymlDockerfileMakefileconfig/config.exsconfig/dev.exsdocker-compose.burrito.ymllib/realtime/monitoring/os_metrics.exlib/realtime_web/api_spec.exlib/realtime_web/live/ping_live.exlib/realtime_web/live/time_live.exmix.exsnative/prometheus_remote_write/src/lib.rsrun.shtest/realtime/metrics_pusher_test.exstest/realtime/monitoring/gen_rpc_metrics_test.exs
💤 Files with no reviewable changes (2)
- .github/workflows/integration_tests.yml
- test/realtime/metrics_pusher_test.exs
🚧 Files skipped from review as they are similar to previous changes (9)
- lib/realtime_web/live/ping_live.ex
- docker-compose.burrito.yml
- native/prometheus_remote_write/src/lib.rs
- lib/realtime_web/api_spec.ex
- Makefile
- test/realtime/monitoring/gen_rpc_metrics_test.exs
- .github/workflows/prod_linter.yml
- .github/workflows/lint.yml
- .github/workflows/rust.yml
This comment has been minimized.
This comment has been minimized.
To make it easier to use Realtime, we package it with Burrito and provide a binary to be ran by users more easily. Also added some improvements to our CI/CD pipeline
filipecabaco
force-pushed
the
feat/package-into-binary
branch
from
8468d5e to
ab6485a
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (2)
.github/workflows/beacon_tests.yml (1)
37-37:⚠️ Potential issue | 🟠 MajorPin
useblacksmith/cacheto an immutable SHA before merge.Line 37 still uses
useblacksmith/cache@v5(mutable tag). This is a supply-chain blocker. The same non-SHA pin also appears in.github/workflows/rust.yml(Line 35) and.github/workflows/prod_linter.yml(Line 21 and Line 39). Please pin all to a verified 40-character commit SHA.#!/bin/bash set -euo pipefail echo "All useblacksmith/cache references:" rg -nP --glob '*.yml' --glob '*.yaml' 'uses:\s*useblacksmith/cache@' .github/workflows -C1 echo echo "Non-SHA pins (should be empty after fix):" rg -nP --glob '*.yml' --glob '*.yaml' 'uses:\s*useblacksmith/cache@(?![0-9a-f]{40}\b)' .github/workflows -C1As per coding guidelines, "Comment only when the issue must be resolved before merge — otherwise remain silent."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/beacon_tests.yml at line 37, Replace the mutable tag usage of the action (e.g. occurrences of "useblacksmith/cache@v5") with an immutable 40-character commit SHA in all workflow files where it appears (references found as the same "useblacksmith/cache@..." string in the workflows). Locate the uses: lines that reference useblacksmith/cache (e.g., in the beacon workflow, rust workflow, and prod_linter workflow) and update each to "useblacksmith/cache@<40-char-sha>" using the verified commit SHA; ensure every non-SHA pin is replaced so the regex 'uses: useblacksmith/cache@' no longer matches a non-SHA tag..github/workflows/prod_build.yml (1)
72-75:⚠️ Potential issue | 🟠 MajorUnregistered runner label will keep CI lint red.
Line 74 uses
runs-on: arm-runner, which is not in the actionlint allowlist; this causes workflow lint failure before execution. The same runner-label pattern also appears in.github/workflows/docker-build.yml(Line 36), so fix once consistently (register labels in.github/actionlint.yamlor switch to an allowed label).Expected result: the grep finds these labels in workflows, but they are absent from
.github/actionlint.yaml.#!/bin/bash set -euo pipefail cat .github/actionlint.yaml rg -n 'runs-on:\s*(arm-runner|blacksmith-4vcpu-ubuntu-2404-arm)' .github/workflowsAs per coding guidelines, "Comment only when the issue must be resolved before merge."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/prod_build.yml around lines 72 - 75, The workflow uses an unregistered runner label (runs-on: arm-runner) in the job named binary_linux_arm64 (and similarly blacksmith-4vcpu-ubuntu-2404-arm in docker-build.yml), causing actionlint failures; either add these labels to the actionlint allowlist in .github/actionlint.yaml or replace the runs-on values with an approved label so actionlint stops flagging them—update .github/actionlint.yaml to include "arm-runner" and "blacksmith-4vcpu-ubuntu-2404-arm" under allowed runner_labels, or change the runs-on entries in the jobs (binary_linux_arm64 and the docker build job) to existing approved labels.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@test/realtime/signal_handler_test.exs`:
- Around line 49-52: The file test/realtime/signal_handler_test.exs is not
formatted and fails mix format --check-formatted; run the formatter (e.g., mix
format test/realtime/signal_handler_test.exs) to fix formatting around the test
"sigint sets shutdown_in_progress, logs, returns state, does not delegate" and
the SignalHandler.init call (which references FakeHandler and the shutdown_fn)
so the test file matches project formatting rules before merging.
---
Duplicate comments:
In @.github/workflows/beacon_tests.yml:
- Line 37: Replace the mutable tag usage of the action (e.g. occurrences of
"useblacksmith/cache@v5") with an immutable 40-character commit SHA in all
workflow files where it appears (references found as the same
"useblacksmith/cache@..." string in the workflows). Locate the uses: lines that
reference useblacksmith/cache (e.g., in the beacon workflow, rust workflow, and
prod_linter workflow) and update each to "useblacksmith/cache@<40-char-sha>"
using the verified commit SHA; ensure every non-SHA pin is replaced so the regex
'uses: useblacksmith/cache@' no longer matches a non-SHA tag.
In @.github/workflows/prod_build.yml:
- Around line 72-75: The workflow uses an unregistered runner label (runs-on:
arm-runner) in the job named binary_linux_arm64 (and similarly
blacksmith-4vcpu-ubuntu-2404-arm in docker-build.yml), causing actionlint
failures; either add these labels to the actionlint allowlist in
.github/actionlint.yaml or replace the runs-on values with an approved label so
actionlint stops flagging them—update .github/actionlint.yaml to include
"arm-runner" and "blacksmith-4vcpu-ubuntu-2404-arm" under allowed runner_labels,
or change the runs-on entries in the jobs (binary_linux_arm64 and the docker
build job) to existing approved labels.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: f9a32a68-b8d1-4e8e-bba6-829a608aca5f
⛔ Files ignored due to path filters (9)
assets/package-lock.jsonis excluded by!**/package-lock.jsonmix.lockis excluded by!**/*.lockpriv/static/favicon-357c209cd8c6fa1c20761fe5486aac22.svgis excluded by!**/*.svgpriv/static/favicon-357c209cd8c6fa1c20761fe5486aac22.svg.gzis excluded by!**/*.gzpriv/static/favicon.svg.gzis excluded by!**/*.gzpriv/static/robots-9e2c81b0855bbff2baa8371bc4a78186.txt.gzis excluded by!**/*.gzpriv/static/robots.txt.gzis excluded by!**/*.gzpriv/static/worker-800f90ec3bbf81e19ce35042e7690c7c.js.gzis excluded by!**/*.gzpriv/static/worker.js.gzis excluded by!**/*.gz
📒 Files selected for processing (29)
.actionlint.yml.github/workflows/beacon_tests.yml.github/workflows/docker-build.yml.github/workflows/integration_tests.yml.github/workflows/lint.yml.github/workflows/prod_build.yml.github/workflows/prod_linter.yml.github/workflows/rust.yml.github/workflows/tests.yml.gitignoreDockerfileMakefileconfig/config.exsconfig/dev.exsdocker-compose.burrito.ymllib/realtime/monitoring/os_metrics.exlib/realtime/signal_handler.exlib/realtime_web/api_spec.exlib/realtime_web/live/ping_live.exlib/realtime_web/live/time_live.exmix.exsnative/prometheus_remote_write/src/lib.rspriv/static/cache_manifest.jsonpriv/static/robots-9e2c81b0855bbff2baa8371bc4a78186.txtpriv/static/worker-800f90ec3bbf81e19ce35042e7690c7c.jsrun.shtest/realtime/metrics_pusher_test.exstest/realtime/monitoring/gen_rpc_metrics_test.exstest/realtime/signal_handler_test.exs
💤 Files with no reviewable changes (2)
- test/realtime/metrics_pusher_test.exs
- .github/workflows/integration_tests.yml
✅ Files skipped from review due to trivial changes (2)
- priv/static/cache_manifest.json
- priv/static/robots-9e2c81b0855bbff2baa8371bc4a78186.txt
🚧 Files skipped from review as they are similar to previous changes (8)
- native/prometheus_remote_write/src/lib.rs
- .github/workflows/tests.yml
- lib/realtime_web/live/ping_live.ex
- .github/workflows/lint.yml
- run.sh
- lib/realtime/monitoring/os_metrics.ex
- lib/realtime_web/live/time_live.ex
- .actionlint.yml
| test "sigint sets shutdown_in_progress, logs, returns state, does not delegate" do | ||
| shutdown_called = self() | ||
| {:ok, state} = SignalHandler.init({%{handler_mod: FakeHandler, shutdown_fn: fn -> send(shutdown_called, :shutdown_called) end}, :ok}) | ||
|
|
There was a problem hiding this comment.
CI is blocked by formatting failure in this file.
Line 49 onward is part of test/realtime/signal_handler_test.exs, and the pipeline currently fails mix format --check-formatted for this file. Please format it before merge (e.g., mix format test/realtime/signal_handler_test.exs).
As per coding guidelines, "Comment only when the issue must be resolved before merge — otherwise remain silent."
🧰 Tools
🪛 GitHub Actions: Lint
[error] 49-55: mix format failed due to --check-formatted. The following files are not formatted: /home/runner/_work/realtime/realtime/test/realtime/signal_handler_test.exs
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@test/realtime/signal_handler_test.exs` around lines 49 - 52, The file
test/realtime/signal_handler_test.exs is not formatted and fails mix format
--check-formatted; run the formatter (e.g., mix format
test/realtime/signal_handler_test.exs) to fix formatting around the test "sigint
sets shutdown_in_progress, logs, returns state, does not delegate" and the
SignalHandler.init call (which references FakeHandler and the shutdown_fn) so
the test file matches project formatting rules before merging.
1 participant
What kind of change does this PR introduce?
To make it easier to use Realtime, we package it with Burrito and provide a binary to be ran by users more easily. Also added some improvements to our CI/CD pipeline