feat: Removing adept to close label logic#84
Conversation
…s automatically once they disappear from AquaSec platform.
|
Warning Review limit reached
Next review available in: 18 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (4)
WalkthroughThe security workflow replaces deferred ChangesSecurity issue lifecycle
Estimated code review effort: 3 (Moderate) | ~20 minutes Possibly related issues
Possibly related PRs
Suggested labels: Suggested reviewers: Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 3❌ Failed checks (3 warnings)
✅ Passed checks (2 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/security/issues/sync.py (1)
743-785: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick winReplace en dash with hyphen-minus in debug message.
Ruff RUF001 flags the
–(U+2013 EN DASH) at line 761 as ambiguous. Use a standard-(HYPHEN-MINUS) to avoid confusion and silence the linter warning.🔧 Proposed fix
- logging.debug("No unmatched child issues – skipping resolved-alert closure") + logging.debug("No unmatched child issues - skipping resolved-alert closure")🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/security/issues/sync.py` around lines 743 - 785, In _close_resolved_child_issues, replace the en dash in the “No unmatched child issues” debug message with a standard hyphen-minus, leaving the message and surrounding logic unchanged.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/security/README.md`:
- Around line 41-42: Update the stale ready-to-close wording in the README
Overview section to state that findings are automatically closed when they
disappear, aligning the documentation with the current
_close_resolved_child_issues behavior and removing the obsolete
sec:adept-to-close workflow reference.
---
Outside diff comments:
In `@src/security/issues/sync.py`:
- Around line 743-785: In _close_resolved_child_issues, replace the en dash in
the “No unmatched child issues” debug message with a standard hyphen-minus,
leaving the message and surrounding logic unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 7ca33c1b-0fdf-4400-9096-c8a82d31f645
📒 Files selected for processing (10)
.github/workflows/aquasec-scan.ymldocs/security/security.mdsrc/core/github/issues.pysrc/security/README.mdsrc/security/constants.pysrc/security/issues/models.pysrc/security/issues/sync.pytests/core/github/test_issues.pytests/security/issues/test_sync.pytests/security/services/test_label_checker.py
💤 Files with no reviewable changes (2)
- src/security/constants.py
- src/core/github/issues.py
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/aquasec-scan.yml:
- Line 103: Update the checkout reference in the workflow to use the valid
reusable-workflow SHA context, replacing github.job_workflow_sha with
job.workflow_sha while preserving the existing pinning behavior.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: a2b270b1-1ad1-4440-96fb-34669725ebed
📒 Files selected for processing (3)
.github/workflows/aquasec-night-scan.yml.github/workflows/aquasec-scan.yml.github/workflows/check_python.yml
This reverts commit dd661bd.
Overview
This pull request makes significant changes to how resolved security findings are handled in the AquaSec GitHub integration. The main update is that child issues for resolved findings are now automatically closed instead of being labeled for manual closure. All code, documentation, and tests have been updated to reflect this new behavior. Additionally, the obsolete
sec:adept-to-closelabel and its handling have been removed, and new documentation has been added for manual waiver labels.Release Notes
Related
Closes #82
Summary by CodeRabbit