Skip to content

test: demo actionable prompts on failure #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
jordanpartridge wants to merge 2 commits into from
Closed

test: demo actionable prompts on failure #41

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0eff98d
test: add broken file to trigger actionable prompt
jordanpartridge Jan 11, 2026
03dee78
fix: add GITHUB_TOKEN for actionable prompts
jordanpartridge Jan 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .github/workflows/gate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,11 @@ on:
pull_request:
branches: [master]

permissions:
checks: write
pull-requests: write
contents: read

Comment on lines +9 to +13
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Scope permissions to the job (least privilege), not workflow-wide.
Workflow-level checks: write and pull-requests: write grants write access to every job/step in this workflow.

Proposed change 
 permissions:
-  checks: write
-  pull-requests: write
   contents: read

 jobs:
   gate:
     runs-on: ubuntu-latest
+    permissions:
+      checks: write
+      pull-requests: write
+      contents: read
     steps:
🤖 Prompt for AI Agents 
In @.github/workflows/gate.yml around lines 9 - 13, The workflow-level
permissions block currently grants checks: write and pull-requests: write to the
entire workflow; change this to least-privilege by removing or tightening the
workflow-level permissions and instead add a job-level permissions block for
only the jobs that need write access. Specifically, update the top-level
permissions to the minimum (e.g., contents: read and remove checks/pull-requests
write), then in the job(s) that require creating checks or updating PRs add a
permissions mapping under that job with checks: write and/or pull-requests:
write as needed; reference the existing permissions block and the job
definitions to add the job-level permissions.

jobs:
gate:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -34,6 +39,8 @@ jobs:

- name: Run Gate on itself
run: php gate certify --coverage=100
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Upload coverage artifact
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
Expand Down
1 change: 1 addition & 0 deletions app/Broken.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
<?php function broken(): int { return "string"; }
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Don’t merge an intentionally broken app/ PHP file to master.
If this is purely for demoing the “actionable prompt,” move it under a non-shipped location (e.g., tests/fixtures/) or remove it before merge.

Example fix (if you want `app/` to stay buildable) 
-<?php function broken(): int { return "string"; }
+<?php function broken(): int { return 0; }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<?php function broken(): int { return "string"; }
<?php function broken(): int { return 0; }
🤖 Prompt for AI Agents 
In @app/Broken.php at line 1, The file app/Broken.php contains an intentionally
broken function broken() that declares an int return but returns a string;
either remove or move this demo file out of app/ (e.g., to tests/fixtures/) so
it isn't shipped, or fix the function in app/Broken.php by making the return
type and returned value consistent (update the broken() signature or return
value accordingly) so the app/ directory remains buildable.

Loading