Closed
Conversation
- 새로 만들어진 워크스페이스에 맞게 jira key 변경 - issue 링크를 본문에 추가하는 대신 comment로 추가하도록 수정
📝 Walkthrough워크스루GitHub 워크플로우 파일이 업데이트되어 JIRA 이슈 키 패턴을 변경하고, PR 본문 수정 방식을 변경했습니다. 직접 API로 PR 본문을 수정하는 대신 이제 GitHub Action을 사용하여 JIRA 이슈 링크를 포함한 댓글을 게시합니다. 변경사항
시
🚥 Pre-merge checks | ✅ 1✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/pr-review-manager.yml (1)
23-25:⚠️ Potential issue | 🔴 Critical
add-jira-link잡에pull-requests: write권한이 누락되어 있습니다.
thollander/actions-comment-pull-request@v3액션이 PR에 코멘트를 작성하려면pull-requests: write권한이 필요합니다.assign잡에는 해당 권한이 선언되어 있지만,add-jira-link잡에는 없어서 코멘트 작성이 실패할 수 있습니다.🔧 제안하는 수정 방법
add-jira-link: runs-on: ubuntu-latest + permissions: + pull-requests: write if: github.event.action == 'opened'🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/pr-review-manager.yml around lines 23 - 25, The add-jira-link job is missing the required repository permission for writing PR comments; update the workflow to grant pull-requests: write for the add-jira-link job (where thollander/actions-comment-pull-request@v3 is used) by adding a permissions block (pull-requests: write) scoped to that job so the action can successfully post comments; mirror the same permission pattern you used in the assign job.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/pr-review-manager.yml:
- Line 30: The current workflow inserts `${{ github.head_ref }}` directly into a
shell pipeline which risks shell injection; change to pass the branch name via
an environment variable and use a quoted expansion when running grep.
Specifically, set an env var (e.g., BRANCH_NAME) from `${{ github.head_ref }}`
and then compute JIRA_KEY using the JIRA_KEY assignment (the line that currently
uses `JIRA_KEY=$(echo ${{ github.head_ref }} | grep -oE 'MD-[0-9]+' || echo
"")`) but replace the direct insertion with a quoted reference like
`"$BRANCH_NAME"` so the grep/echo operate on a safe, controlled variable.
- Around line 34-36: Remove the GitHub Actions step named "Install jq" (the step
block that runs "sudo apt-get update && sudo apt-get install -y jq" and uses the
condition "if: steps.extract-jira-key.outputs.jira_key != ''") since jq is no
longer used; delete that entire step from the workflow so the job no longer
installs jq and the workflow runtime is reduced.
---
Outside diff comments:
In @.github/workflows/pr-review-manager.yml:
- Around line 23-25: The add-jira-link job is missing the required repository
permission for writing PR comments; update the workflow to grant pull-requests:
write for the add-jira-link job (where
thollander/actions-comment-pull-request@v3 is used) by adding a permissions
block (pull-requests: write) scoped to that job so the action can successfully
post comments; mirror the same permission pattern you used in the assign job.
| id: extract-jira-key | ||
| run: | | ||
| JIRA_KEY=$(echo ${{ github.head_ref }} | grep -oE 'MOD-[0-9]+' || echo "") | ||
| JIRA_KEY=$(echo ${{ github.head_ref }} | grep -oE 'MD-[0-9]+' || echo "") |
There was a problem hiding this comment.
github.head_ref를 직접 셸에 삽입하면 인젝션 위험이 있습니다.
${{ github.head_ref }}는 사용자가 제어할 수 있는 값(브랜치 이름)이며, 따옴표 없이 셸 명령에 직접 삽입하면 특수 문자로 인한 셸 인젝션이 발생할 수 있습니다. 환경 변수를 통해 값을 전달하는 것이 안전합니다.
🔒 제안하는 수정 방법
- name: Extract JIRA issue key from branch name
id: extract-jira-key
run: |
- JIRA_KEY=$(echo ${{ github.head_ref }} | grep -oE 'MD-[0-9]+' || echo "")
+ JIRA_KEY=$(echo "$HEAD_REF" | grep -oE 'MD-[0-9]+' || echo "")
echo "jira_key=$JIRA_KEY" >> "$GITHUB_OUTPUT"
+ env:
+ HEAD_REF: ${{ github.head_ref }}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| JIRA_KEY=$(echo ${{ github.head_ref }} | grep -oE 'MD-[0-9]+' || echo "") | |
| - name: Extract JIRA issue key from branch name | |
| id: extract-jira-key | |
| run: | | |
| JIRA_KEY=$(echo "$HEAD_REF" | grep -oE 'MD-[0-9]+' || echo "") | |
| echo "jira_key=$JIRA_KEY" >> "$GITHUB_OUTPUT" | |
| env: | |
| HEAD_REF: ${{ github.head_ref }} |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/pr-review-manager.yml at line 30, The current workflow
inserts `${{ github.head_ref }}` directly into a shell pipeline which risks
shell injection; change to pass the branch name via an environment variable and
use a quoted expansion when running grep. Specifically, set an env var (e.g.,
BRANCH_NAME) from `${{ github.head_ref }}` and then compute JIRA_KEY using the
JIRA_KEY assignment (the line that currently uses `JIRA_KEY=$(echo ${{
github.head_ref }} | grep -oE 'MD-[0-9]+' || echo "")`) but replace the direct
insertion with a quoted reference like `"$BRANCH_NAME"` so the grep/echo operate
on a safe, controlled variable.
Comment on lines
34
to
36
| - name: Install jq | ||
| if: steps.extract-jira-key.outputs.jira_key != '' # JIRA 이슈 키가 없는 경우에는 실행하지 않음 | ||
| run: sudo apt-get update && sudo apt-get install -y jq |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
jq 설치 단계가 더 이상 필요하지 않습니다.
이전에 REST API PATCH 호출에서 JSON을 파싱하기 위해 jq를 설치했지만, 해당 로직이 thollander/actions-comment-pull-request@v3 액션으로 대체되면서 jq는 더 이상 사용되지 않습니다. 이 단계를 제거하면 워크플로우 실행 시간을 줄일 수 있습니다.
♻️ 제안하는 수정 방법
- # PR 본문을 JSON 형식으로 파싱하기 위한 jq 설치
- - name: Install jq
- if: steps.extract-jira-key.outputs.jira_key != '' # JIRA 이슈 키가 없는 경우에는 실행하지 않음
- run: sudo apt-get update && sudo apt-get install -y jq
-🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/pr-review-manager.yml around lines 34 - 36, Remove the
GitHub Actions step named "Install jq" (the step block that runs "sudo apt-get
update && sudo apt-get install -y jq" and uses the condition "if:
steps.extract-jira-key.outputs.jira_key != ''") since jq is no longer used;
delete that entire step from the workflow so the job no longer installs jq and
the workflow runtime is reduced.
Contributor
Author
|
comment 생성 과정을 확인해보고 싶어서,, PR 다시 생성하겠습니다;; |
yoouyeon
added a commit
that referenced
this pull request
Feb 17, 2026
yoouyeon
added a commit
that referenced
this pull request
Feb 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
💻 작업 내용
Summary by CodeRabbit
참고: 이번 변경사항은 내부 CI/CD 자동화 개선으로, 사용자에게 직접적인 영향이 없습니다.