Monorepo refactoring#619
Conversation
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
| if [ -f .control/cache/nx-server.log ]; then | ||
| cat .control/cache/nx-server.log >&2 | ||
| fi | ||
| exit 1 |
There was a problem hiding this comment.
Dead GITHUB_OUTPUT write without step id
Low Severity
The "Start Nx cache bridge" step writes server=${SERVER_URL} to GITHUB_OUTPUT but the step lacks an id: attribute, making this output inaccessible to any downstream step. The server URL is hardcoded as http://127.0.0.1:43191 in all other steps that need it, so this write is dead code that could confuse future maintainers into thinking the output is used somewhere.
Reviewed by Cursor Bugbot for commit 8ceb6a4. Configure here.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 5 total unresolved issues (including 4 from previous reviews).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit fa57ab4. Configure here.
| docker save \ | ||
| -o ".control/image-artifacts/${SERVICE}.tar" \ | ||
| "control/${SERVICE}:${IMAGE_TAG}" \ | ||
| "control/${SERVICE}-test:${IMAGE_TAG}" |
There was a problem hiding this comment.
Save image step fails without test runner image
Low Severity
The "Save image archive" step unconditionally runs docker tag "${IMAGE}-test:${IMAGE_TAG}" and includes it in docker save, but the -test image only exists when build_test_runner is true. There's no guard condition checking inputs.build_test_runner before attempting to tag/save the test image. If this reusable workflow is ever called with save_image_artifact: true but build_test_runner: false, the step will fail because the -test image doesn't exist.
Reviewed by Cursor Bugbot for commit fa57ab4. Configure here.
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>


Note
High Risk
Large CI architecture change affects how every service is built and tested on every push/PR; misconfiguration could block merges or miss regressions until the new matrix is validated.
Overview
This PR replaces many per-service GitHub Actions workflows (Ares, Cargo, Forge, Function Bay, Origin, Shuttle, Signal, Slates, Subspace, Synthesis, etc.) with a single
Controlpipeline that drives builds and tests throughbun run controland a newreusable-control.yml.The new flow warms an Nx remote cache, runs unit tests per service in a matrix, builds Docker images (including test-runner variants) and saves them as short-lived artifacts, then runs E2E jobs that download and load those prebuilt images instead of rebuilding in each job.
app-apigets a dedicated E2E job withmodules: all. Image names are standardized onghcr.io/metorial/mte-*(andmetorial-apifor app-api); pushes stay off in CI (push_image: false).test.ymldrops Turbo andbun i --linker=hoistedin favor of plainbun iandnx run-manyfor Prisma generate, build, and test, with a long exclude list so system apps are covered by Control instead..gitignoreswitches.turbo→.nx, adds exceptions so sharedcachepackage paths are not ignored, and ignores Rusttarget/for object-storage.Reviewed by Cursor Bugbot for commit 4b3e020. Bugbot is set up for automated code reviews on this repo. Configure here.