Skip to content

feat: implement issue #313 — SonarCloud: S7635 secrets-inherit caller stubs#314

Open
don-petry wants to merge 1 commit into
mainfrom
dev-lead/issue-313-20260707-1918
Open

feat: implement issue #313 — SonarCloud: S7635 secrets-inherit caller stubs#314
don-petry wants to merge 1 commit into
mainfrom
dev-lead/issue-313-20260707-1918

Conversation

@don-petry

Copy link
Copy Markdown
Contributor

Closes #313

Implemented by dev-lead agent. Please review.

Copilot AI review requested due to automatic review settings July 7, 2026 19:23
@don-petry don-petry requested a review from a team as a code owner July 7, 2026 19:23
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@gemini-code-assist

Copy link
Copy Markdown

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@don-petry, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 55 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9758fb47-15bd-46f6-9172-8871a836e758

📥 Commits

Reviewing files that changed from the base of the PR and between 14b2b3e and e75accc.

📒 Files selected for processing (5)
  • .github/workflows/auto-rebase.yml
  • .github/workflows/dependabot-automerge.yml
  • .github/workflows/dev-lead.yml
  • .github/workflows/pr-review-mention.yml
  • .github/workflows/pr-review.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dev-lead/issue-313-20260707-1918

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@sonarqubecloud

sonarqubecloud Bot commented Jul 7, 2026

Copy link
Copy Markdown

@don-petry

Copy link
Copy Markdown
Contributor Author

Dev-Lead — review-changes (no-changes)

No changes were needed for this PR.

@don-petry don-petry enabled auto-merge (squash) July 7, 2026 19:24
@donpetry-bot

Copy link
Copy Markdown
Contributor

Advisory bots were rate-limited; auto-approval is withheld until they recover. pr-review-sweep will re-review this PR after 2026-07-07T20:24:59Z.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses SonarCloud rule githubactions:S7635 by removing secrets: inherit from Markets’ thin GitHub Actions workflow caller stubs and replacing it with explicit secrets: mappings that pass only the secrets declared by each reusable workflow (no functional workflow logic changes intended).

Changes:

  • Replaced secrets: inherit with explicit secret mappings in five caller workflows to satisfy S7635.
  • Updated inline documentation/comments in the caller stubs to reflect the new explicit secret-passing approach and required/optional secrets.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
.github/workflows/pr-review.yml Passes only the reusable PR review agent’s declared secrets via explicit mapping.
.github/workflows/pr-review-mention.yml Replaces inherited secrets with explicit GH_PAT_WORKFLOWS + DON_PETRY_BOT_GH_PAT mapping for the mention trigger reusable.
.github/workflows/dev-lead.yml Replaces inherited secrets with explicit mapping matching the dev-lead reusable’s declared secrets.
.github/workflows/dependabot-automerge.yml Replaces inherited secrets with explicit APP_ID + APP_PRIVATE_KEY mapping for the Dependabot automerge reusable.
.github/workflows/auto-rebase.yml Replaces inherited secrets with explicit (optional) GH_PAT_WORKFLOWS mapping for the auto-rebase reusable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

SonarCloud: S7635 secrets-inherit caller stubs

3 participants