Test/fk pk constraints#40
Conversation
|
Warning Review limit reached
Next review available in: 23 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughAdds a new E2E journey story, ChangesFK Constraint Journey Story
Estimated code review effort: 2 (Simple) | ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Up to standards ✅🟢 Issues
|
There was a problem hiding this comment.
🧹 Nitpick comments (1)
ci/journey.sh (1)
1616-1633: 🔒 Security & Privacy | 🔵 Trivial | 💤 Low valueHardcoded
/tmppaths for config/log files.Static analysis flags the fixed paths (
/tmp/journey-archiver.yaml,/tmp/journey-fk-reg.log,/tmp/journey-fk.yaml,/tmp/journey-fk-arch.log) as predictable temp files (CWE-377). Real-world risk is low in an isolated CI container, but usingmktempwould harden against symlink/TOCTOU issues and avoid collisions if stories ever run in parallel.♻️ Example using mktemp
- if "$ARCHIVER" register --config /tmp/journey-archiver.yaml \ + local reg_log; reg_log=$(mktemp) + if "$ARCHIVER" register --config /tmp/journey-archiver.yaml \ --table fk_events --period monthly \ --hot-period "${ret_days} days" \ - >/tmp/journey-fk-reg.log 2>&1; then + >"$reg_log" 2>&1; then pass "fk_events registered (FK constraint does not block registration)" else - fail "fk_events register failed unexpectedly"; tail -5 /tmp/journey-fk-reg.log + fail "fk_events register failed unexpectedly"; tail -5 "$reg_log" fi🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@ci/journey.sh` around lines 1616 - 1633, The fk_events journey step uses hardcoded /tmp paths for both config and log files, which creates predictable temp-file risks and potential collisions. Update the shell logic around the ARCHIVER register/run flow to create these files with mktemp instead of fixed names, and use the generated variables consistently in the cat, register, and log redirection commands. Keep the existing behavior in ci/journey.sh but replace the static /tmp/journey-fk-*.{yaml,log} references with unique temp paths.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@ci/journey.sh`:
- Around line 1616-1633: The fk_events journey step uses hardcoded /tmp paths
for both config and log files, which creates predictable temp-file risks and
potential collisions. Update the shell logic around the ARCHIVER register/run
flow to create these files with mktemp instead of fixed names, and use the
generated variables consistently in the cat, register, and log redirection
commands. Keep the existing behavior in ci/journey.sh but replace the static
/tmp/journey-fk-*.{yaml,log} references with unique temp paths.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 1be5f799-5971-4d8e-a32b-e26bd8af4f18
📒 Files selected for processing (1)
ci/journey.sh
|
Good test to have. One note: the branches that pass in both the |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
ci/journey.sh (1)
1598-1615: 🔒 Security & Privacy | 🔵 Trivial | 💤 Low valuePredictable
/tmppaths flagged by static analysis (CWE-377).Hardcoded, predictable filenames under
/tmpare susceptible to symlink/TOCTOU pre-creation by a co-resident local process. This matches the pre-existing convention used throughout the rest of the file (e.g.story_register_cli), so fixing only this new function would be inconsistent; consider a follow-up sweep tomktempacross the whole script if this risk matters in your CI environment.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@ci/journey.sh` around lines 1598 - 1615, The new FK story in ci/journey.sh uses predictable /tmp filenames for its log and YAML files, which can be pre-created or raced by another local process. Update this block around the fk_events registration and archiver run to create those temp artifacts with mktemp (or another secure temp-file helper) and reuse the generated paths for the register and archiver commands. Keep the change scoped to the fk_events setup, and ensure any cleanup/trap handling matches the existing journey.sh temp-file patterns.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@ci/journey.sh`:
- Around line 1598-1615: The new FK story in ci/journey.sh uses predictable /tmp
filenames for its log and YAML files, which can be pre-created or raced by
another local process. Update this block around the fk_events registration and
archiver run to create those temp artifacts with mktemp (or another secure
temp-file helper) and reuse the generated paths for the register and archiver
commands. Keep the change scoped to the fk_events setup, and ensure any
cleanup/trap handling matches the existing journey.sh temp-file patterns.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 2782709f-6dbc-4281-8bef-9f6850461ca6
📒 Files selected for processing (1)
ci/journey.sh
224e53a to
b067576
Compare
Tests FK constraint enforcement (outbound + inbound) on a tiered partitioned table before and after the ColdFront view swap. Verified on PG16, PG17, PG18