chore: enhance fuselage script with link-all and unlink-all options for batch processing#40701
Conversation
|
Looks like this PR is ready to merge! 🎉 |
|
|
/jira ARCH-2113 |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📜 Recent review details⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
WalkthroughExtended Batch linking for fuselage packages
🎯 2 (Simple) | ⏱️ ~8 minutes
Sequence Diagram(s) sequenceDiagram
participant User
participant fuselage_sh
participant fuselage_packages_dir
participant package_list
User->>fuselage_sh: run yarn fuselage -a link-all
fuselage_sh->>fuselage_packages_dir: check ../fuselage/packages exists
fuselage_packages_dir-->>fuselage_sh: return package directories
fuselage_sh->>package_list: build semicolon-separated list
fuselage_sh->>fuselage_sh: rewrite action to 'link' and set packages
fuselage_sh->>User: proceed with link action
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Warning Review ran into problems🔥 ProblemsErrors were encountered while retrieving linked issues. Errors (1)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
coderabbitai
Bot
added
the
type: feature
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
fuselage.sh (1)
84-103: ⚡ Quick winConsider clarifying the error message about repository location.
The error message at line 87 states "Make sure the fuselage repository is available at the project root," but the path
../fuselage/packagesindicates a sibling directory (one level up, then into fuselage). The message could be more precise about the expected location.📝 Suggested clarification
if [[ ! -d "../fuselage/packages" ]]; then echo "Could not find ../fuselage/packages" - echo "Make sure the fuselage repository is available at the project root" + echo "Make sure the fuselage repository is cloned as a sibling directory" exit 1 fi🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@fuselage.sh` around lines 84 - 103, The error message about repository location is vague: update the echo text in the fuselage.sh branch that checks ../fuselage/packages (the block that computes packages and sets action to "link"/"unlink") to state the exact expected path (e.g., "../fuselage/packages" or "a sibling directory named 'fuselage' one level up") so users know to place the fuselage repo at ../fuselage relative to the current project; modify the echo that currently reads "Make sure the fuselage repository is available at the project root" to a clearer sentence referencing "../fuselage/packages" or equivalent phrasing.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@fuselage.sh`:
- Line 10: Fix the typo in the help/usage string for the undo|unlink command:
replace "symbolic li nk" with "symbolic link" in the fuselage.sh help text
associated with the undo|unlink description so the displayed help reads "Removes
the symbolic link for the fuselage package".
- Around line 11-12: The help text for link-all and unlink-all mentions
./fuselage/packages but the runtime check uses ../fuselage/packages; make them
consistent by updating the help string to reference ../fuselage/packages (or
change the runtime check to ./fuselage/packages if you intend the repo to be in
the current directory). Locate the help block that documents "link-all" and
"unlink-all" and the path validation that references "../fuselage/packages" and
ensure both use the same path string so users and the code match.
---
Nitpick comments:
In `@fuselage.sh`:
- Around line 84-103: The error message about repository location is vague:
update the echo text in the fuselage.sh branch that checks ../fuselage/packages
(the block that computes packages and sets action to "link"/"unlink") to state
the exact expected path (e.g., "../fuselage/packages" or "a sibling directory
named 'fuselage' one level up") so users know to place the fuselage repo at
../fuselage relative to the current project; modify the echo that currently
reads "Make sure the fuselage repository is available at the project root" to a
clearer sentence referencing "../fuselage/packages" or equivalent phrasing.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: d6359771-b175-4504-bef2-0f5dc17d9431
📒 Files selected for processing (1)
fuselage.sh
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
- GitHub Check: 📦 Build Packages
- GitHub Check: cubic · AI code reviewer
- GitHub Check: CodeQL-Build
- GitHub Check: Hacktron Security Check
🔇 Additional comments (1)
fuselage.sh (1)
40-45: LGTM!
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 1 file
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## develop #40701 +/- ##
===========================================
- Coverage 69.82% 69.75% -0.07%
===========================================
Files 3327 3327
Lines 123134 123134
Branches 21915 22010 +95
===========================================
- Hits 85979 85898 -81
- Misses 33810 33877 +67
- Partials 3345 3359 +14
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
![hacktron-app[bot]](https://avatars.githubusercontent.com/in/1250513?s=60&v=4){kind=small}
There was a problem hiding this comment.
3 issues found across 3 files
| Severity | Count |
|---|---|
| 🟡 Medium | 2 |
| 🟢 Low | 1 |
Comments Outside Diff (3)
🟢 Low: User Enumeration via 2FA Email Code Request Timing Attack (Timing)
Location: apps/meteor/app/api/server/v1/users.ts:673-1612
The users.2fa.sendEmailCode endpoint allows an attacker to verify the existence of users by observing the response. Although the endpoint returns a success status regardless of whether the user exists, the underlying logic performs a database lookup (Users.findOneByEmailAddress or Users.findOneByUsername). An attacker can potentially use this to enumerate valid usernames or emails by measuring response times or observing other side-channel indicators, as the server performs a database operation for valid identifiers but not for invalid ones. This is a common pattern for user enumeration.
🟡 Medium: Insecure Direct Object Reference in Push Token Assignment
Location: apps/meteor/app/push/server/methods.ts:31
The 'raix:push-setuser' Meteor method allows any authenticated user to update the 'userId' field of an arbitrary 'PushToken' document to their own 'userId'. By providing the '_id' of a push token belonging to another user, an attacker can reassign that token to their own account. This could lead to information disclosure if push notifications or associated metadata contain sensitive information intended for the original owner of the token. The method fails to verify if the 'PushToken' document currently belongs to the caller.
🟡 Medium: Unauthorized User Addition in Discussion Creation
Location: apps/meteor/app/discussion/server/methods/createDiscussion.ts:89
The createDiscussion method allows users to create discussions in rooms they have access to. However, the createRoom function is called with invitedUsers derived from the replied message owner and the users parameter passed by the caller. While the createDiscussion method checks if the caller has permission to start a discussion, it does not explicitly verify if the current user has permission to add the specified users to the new room, potentially allowing an attacker to force-add users to a private discussion room they shouldn't be in.
tassoevan
added
the
stat: QA assured
dionisio-bot
Bot
added
the
stat: ready to merge
…or batch processing
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
coderabbitai
Bot
removed
the
type: feature
tassoevan
force-pushed
the
chore/fuselage-script
branch
from
cc72885 to
4f0c1b1
Compare
coderabbitai
Bot
added
the
type: feature
…or batch processing (#40701) Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
2 participants
Proposed changes (including videos or screenshots)
It adds convenience options for link and unlink all Fuselage packages from a sibling repository.
Issue(s)
Steps to test or reproduce
Further comments
Task: ARCH-2160
Summary by CodeRabbit
New Features
link-allandunlink-allactions to discover and operate on all local fuselage packages in a single command.Documentation