Add step to run main.py in workflow#611
Conversation
|
Ready to act? Review this PR in Change Stack to turn feedback into patch suggestions you can inspect and refine. 📝 WalkthroughWalkthroughThe CI workflow now includes an additional job step that executes ChangesCI Build Step
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment Warning |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/main.yml:
- Around line 47-48: The workflow step "Run main.py" currently hardcodes
credentials as command-line flags (-u and -p); remove these literal values and
instead load them from GitHub Secrets by adding environment variables (e.g.,
USERNAME and PASSWORD) to that job/step and passing them into the python call or
letting main.py read from env; update the step that invokes "python main.py" to
use environment injection (e.g., ${{ secrets.YOUR_USER_SECRET }} and ${{
secrets.YOUR_PASS_SECRET }}) rather than embedding values inline, and ensure
main.py uses os.environ.get('USERNAME')/os.environ.get('PASSWORD') or reads
provided flags populated from those env vars.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 20941d5f-842d-4804-9749-de1a095dbd33
📒 Files selected for processing (1)
.github/workflows/main.yml
| - name: Run main.py | ||
| run: python main.py -u 17805840302 -p MJK/200607247712 -l 261789273 |
There was a problem hiding this comment.
Remove hardcoded credentials from workflow step immediately.
-u/-p currently embed real credential-like values in versioned YAML and CI logs. This is a direct secret/PII leakage risk. Move them to GitHub Secrets and inject via env.
Suggested fix
- uses: actions/upload-artifact@v4
with:
name: ${{ matrix.name }}
path: 'release/chaoxing.zip'
- name: Run main.py
- run: python main.py -u 17805840302 -p MJK/200607247712 -l 261789273
+ env:
+ CX_USERNAME: ${{ secrets.CX_USERNAME }}
+ CX_PASSWORD: ${{ secrets.CX_PASSWORD }}
+ CX_COURSE_LIST: ${{ secrets.CX_COURSE_LIST }}
+ run: python main.py -u "$env:CX_USERNAME" -p "$env:CX_PASSWORD" -l "$env:CX_COURSE_LIST"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Run main.py | |
| run: python main.py -u 17805840302 -p MJK/200607247712 -l 261789273 | |
| - name: Run main.py | |
| env: | |
| CX_USERNAME: ${{ secrets.CX_USERNAME }} | |
| CX_PASSWORD: ${{ secrets.CX_PASSWORD }} | |
| CX_COURSE_LIST: ${{ secrets.CX_COURSE_LIST }} | |
| run: python main.py -u "$CX_USERNAME" -p "$CX_PASSWORD" -l "$CX_COURSE_LIST" |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/main.yml around lines 47 - 48, The workflow step "Run
main.py" currently hardcodes credentials as command-line flags (-u and -p);
remove these literal values and instead load them from GitHub Secrets by adding
environment variables (e.g., USERNAME and PASSWORD) to that job/step and passing
them into the python call or letting main.py read from env; update the step that
invokes "python main.py" to use environment injection (e.g., ${{
secrets.YOUR_USER_SECRET }} and ${{ secrets.YOUR_PASS_SECRET }}) rather than
embedding values inline, and ensure main.py uses
os.environ.get('USERNAME')/os.environ.get('PASSWORD') or reads provided flags
populated from those env vars.
Summary by CodeRabbit
Note: This release contains internal infrastructure updates with no direct end-user impact.