ci(gittensor): add impact card workflow and readme badge#408
Conversation
surfaces gittensor contributor-impact on the repo: a badge in the readme badge row (served by api.gittensor.io) and a scheduled workflow that runs matthewevans/gittensor-impact-action to render and publish the fuller dark/light impact cards as release assets. the third-party action is pinned to the v1.1.4 commit sha rather than a mutable tag, and the job opts into only contents: write with no ambient token scopes, so an upstream retag cannot change what runs in ci.
📝 WalkthroughWalkthroughAdds a new GitHub Actions workflow ( ChangesGittensor Impact Badge
Estimated code review effort: 1 (Trivial) | ~3 minutes PoemA rabbit hops with weekly cheer, 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/gittensor-impact.yml (1)
15-19: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick winConsider adding a job timeout.
No
timeout-minutesis set; a hang in the third-party action would consume runner minutes indefinitely.Proposed addition
update: runs-on: ubuntu-latest + timeout-minutes: 10 permissions: contents: write # publish the rendered svg cards to release assets🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/gittensor-impact.yml around lines 15 - 19, Add a timeout to the update job in the GitHub Actions workflow so a hung third-party step cannot run indefinitely. Update the job definition for the update job to include a sensible timeout-minutes value alongside runs-on, permissions, and steps, keeping the change localized to that workflow job.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In @.github/workflows/gittensor-impact.yml:
- Around line 15-19: Add a timeout to the update job in the GitHub Actions
workflow so a hung third-party step cannot run indefinitely. Update the job
definition for the update job to include a sensible timeout-minutes value
alongside runs-on, permissions, and steps, keeping the change localized to that
workflow job.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 9aed8363-80d9-40db-9045-b40047723982
📒 Files selected for processing (2)
.github/workflows/gittensor-impact.ymlREADME.md
adds gittensor contributor-impact visibility to the repo, in two parts:
(github proxies the image, so it refreshes every few hours rather than
in real time).
.github/workflows/gittensor-impact.ymlthat runsmatthewevans/gittensor-impact-action to render the fuller dark/light
impact cards and publish them as
gittensor-impactrelease assets.the workflow uses a third-party composite action, so it is pinned to the
v1.1.4 commit sha (
cc83f449) rather than a mutable@v1tag, and thejob grants only
contents: writewithpermissions: {}at the toplevel — no ambient token scopes. it triggers on a weekly schedule and
workflow_dispatch, with no untrusted event inputs.follow-up after the first run: once the workflow publishes the release
assets, the fuller card can be embedded in the readme via the
<picture>snippet pointing at the release-download urls.
Summary by CodeRabbit