feat: add pre-build-targets for running lint/test before final build

[z-mastylo]

Summary by CodeRabbit

• New Features
  • Added a pre-build-targets input parameter to specify comma-separated build targets to run before the primary build.
  • Auto-detection of pre-build targets from the Dockerfile when pre-build-targets is not provided.
  • Conditional execution of detected/configured pre-build targets when credentials are present; these run sequentially before the main build-and-push step.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a pre-build-targets input and a conditional pre-build step to action.yml; the step runs before the main Depot build/push and either uses provided comma-separated targets or auto-detects lint/test stages from the Dockerfile when pre-build-targets is empty and a depot-token is present.

Changes

Cohort / File(s)	Summary
Depot action configuration action.yml	Added new input pre-build-targets (comma-separated list). Added auto-detection logic for lint/test stages when the input is empty. Added conditional "Run pre-build targets with Depot" step that executes only when depot-token is provided and auto-targets or explicit targets exist; iterates targets and runs depot build for each prior to the main Build and push with Depot step.

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant GHAction as GitHub Action (workflow)
    participant Depot

    User->>GHAction: Trigger workflow
    activate GHAction

    opt depot-token present
        alt pre-build-targets provided
            GHAction->>GHAction: parse `pre-build-targets` (comma-separated)
            loop per target
                GHAction->>Depot: depot build [target]
                Depot-->>GHAction: result
            end
        else no pre-build-targets
            GHAction->>GHAction: auto-detect targets from Dockerfile (lint/test)
            opt auto-targets found
                loop per auto-target
                    GHAction->>Depot: depot build [auto-target]
                    Depot-->>GHAction: result
                end
            end
        end
    end

    GHAction->>Depot: depot build [main build & push]
    Depot-->>GHAction: build/push result

    GHAction-->>User: Workflow complete
    deactivate GHAction

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Single-file change but introduces conditional control flow and auto-detection logic to action.yml.
• Review notes:
  • Verify input schema and defaults for pre-build-targets.
  • Validate conditional expressions that gate the pre-build step (presence of depot-token and detected/explicit targets).
  • Inspect shell/script logic for parsing targets and Dockerfile auto-detection edge cases (quoting, splitting, empty values).

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "feat: add pre-build-targets for running lint/test before final build" directly and accurately describes the primary change in the changeset. The PR adds a new pre-build-targets input to action.yml that enables running lint and test stages before the final build, along with supporting auto-detection and conditional execution logic. The title is specific, concise, and clearly communicates the feature addition without vague language or unnecessary noise.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch multi-target-build

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between de346b4 and ad71a2f.

📒 Files selected for processing (1)

• action.yml (2 hunks)

🔇 Additional comments (2)

action.yml (2)

61-64: Input definition looks good.

The new pre-build-targets input follows the existing pattern—optional, well-described, and defaults to empty. This integrates cleanly with the existing action interface.

---

151-159: No changes needed — the --platform flag syntax is correct.

The depot build command supports the --platform flag with comma-separated formats like --platform linux/amd64,linux/arm64. The code on line 154 correctly uses --platform ${{ inputs.platforms }} and is fully compatible with the Depot CLI.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Missing error handling and whitespace trimming in target parsing.

The pre-build step has two issues:

1. No error handling: If a depot build command fails for any target, the loop continues silently and the main build proceeds. This defeats the purpose of validation stages (lint, test, etc.). You likely want to fail the workflow if any pre-build target fails.

2. Whitespace not trimmed: If users provide "lint, test" (with spaces), the parsed target becomes " test" with a leading space, which won't match the actual target name "test".

Apply this diff to add error handling and trim whitespace:

     - name: Run pre-build targets with Depot
       if: ${{ inputs.depot-token != '' && inputs.pre-build-targets != '' }}
       shell: bash
       run: |
         IFS=',' read -ra TARGETS <<< "${{ inputs.pre-build-targets }}"
         for target in "${TARGETS[@]}"; do
+          target="${target#"${target%%[![:space:]]*}"}"
+          target="${target%"${target##*[![:space:]]}"}"
           echo "Building target: $target"
           depot build \
             --project ${{ inputs.depot-project }} \
             --token ${{ inputs.depot-token }} \
             --platform ${{ inputs.platforms }} \
             --target "$target" \
             --secret id=pipconf,src=/tmp/build-secrets/pipconf \
             --secret id=uvconfig,src=/tmp/build-secrets/uvconfig.toml \
             --file ${{ inputs.dockerfile }} \
-            ${{ inputs.docker-build-context }}
+            ${{ inputs.docker-build-context }} || exit 1
         done

Alternatively, use a cleaner approach with xargs:

     - name: Run pre-build targets with Depot
       if: ${{ inputs.depot-token != '' && inputs.pre-build-targets != '' }}
       shell: bash
       run: |
         echo "${{ inputs.pre-build-targets }}" | tr ',' '\n' | while read -r target; do
           target="${target#"${target%%[![:space:]]*}"}"
           target="${target%"${target##*[![:space:]]}"}"
           [ -z "$target" ] && continue
           echo "Building target: $target"
           depot build \
             --project ${{ inputs.depot-project }} \
             --token ${{ inputs.depot-token }} \
             --platform ${{ inputs.platforms }} \
             --target "$target" \
             --secret id=pipconf,src=/tmp/build-secrets/pipconf \
             --secret id=uvconfig,src=/tmp/build-secrets/uvconfig.toml \
             --file ${{ inputs.dockerfile }} \
             ${{ inputs.docker-build-context }} || exit 1
         done

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Run pre-build targets with Depot
	if: ${{ inputs.depot-token != '' && inputs.pre-build-targets != '' }}
	shell: bash
	run: |
	IFS=',' read -ra TARGETS <<< "${{ inputs.pre-build-targets }}"
	for target in "${TARGETS[@]}"; do
	echo "Building target: $target"
	depot build \
	--project ${{ inputs.depot-project }} \
	--token ${{ inputs.depot-token }} \
	--platform ${{ inputs.platforms }} \
	--target "$target" \
	--secret id=pipconf,src=/tmp/build-secrets/pipconf \
	--secret id=uvconfig,src=/tmp/build-secrets/uvconfig.toml \
	--file ${{ inputs.dockerfile }} \
	${{ inputs.docker-build-context }}
	done
	- name: Run pre-build targets with Depot
	if: ${{ inputs.depot-token != '' && inputs.pre-build-targets != '' }}
	shell: bash
	run: |
	IFS=',' read -ra TARGETS <<< "${{ inputs.pre-build-targets }}"
	for target in "${TARGETS[@]}"; do
	target="${target#"${target%%[![:space:]]*}"}"
	target="${target%"${target##*[![:space:]]}"}"
	echo "Building target: $target"
	depot build \
	--project ${{ inputs.depot-project }} \
	--token ${{ inputs.depot-token }} \
	--platform ${{ inputs.platforms }} \
	--target "$target" \
	--secret id=pipconf,src=/tmp/build-secrets/pipconf \
	--secret id=uvconfig,src=/tmp/build-secrets/uvconfig.toml \
	--file ${{ inputs.dockerfile }} \
	${{ inputs.docker-build-context }} || exit 1
	done

🤖 Prompt for AI Agents

In action.yml around lines 144 to 160, the pre-build loop neither trims
whitespace from comma-separated targets nor fails the workflow when a depot
build fails; update the shell block to (1) make the script fail fast by enabling
strict mode (e.g. set -euo pipefail) or by testing each depot build's exit
status and exiting with that status on failure, and (2) trim whitespace from
each parsed target before use (e.g. trim with xargs or shell parameter
expansion) and ensure inputs are properly quoted when passed to depot so targets
like "lint, test" become "lint" and "test" and any failed depot build aborts the
workflow.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

action.yml (1)

175-191: Address critical issues from previous review: error handling and whitespace trimming.

This review comment duplicates concerns from the previous code review. The pre-build loop has two unresolved critical issues:

1. No error handling: If any depot build fails, the loop continues silently and the workflow proceeds to the main build step (line 192). This defeats the purpose of validation stages. The workflow should fail immediately.

2. Whitespace not trimmed: If users provide targets like "lint, test" (with spaces), parsing produces ["lint", " test"]. The leading space in " test" won't match the actual target name "test", causing silent failures.

Apply this diff to fix both issues:

    - name: Run pre-build targets with Depot
      if: ${{ inputs.depot-token != '' && steps.detect-stages.outputs.auto-targets != '' }}
      shell: bash
      run: |
-       IFS=',' read -ra TARGETS <<< "${{ steps.detect-stages.outputs.auto-targets }}"
+       set -euo pipefail
+       echo "${{ steps.detect-stages.outputs.auto-targets }}" | tr ',' '\n' | while read -r target; do
+         target=$(echo "$target" | xargs)  # Trim leading/trailing whitespace
+         [ -z "$target" ] && continue
-       for target in "${TARGETS[@]}"; do
          echo "Building target: $target"
          depot build \
            --project ${{ inputs.depot-project }} \
            --token ${{ inputs.depot-token }} \
            --platform ${{ inputs.platforms }} \
            --target "$target" \
            --secret id=pipconf,src=/tmp/build-secrets/pipconf \
            --secret id=uvconfig,src=/tmp/build-secrets/uvconfig.toml \
            --file ${{ inputs.dockerfile }} \
-           ${{ inputs.docker-build-context }}
+           ${{ inputs.docker-build-context }} || exit 1
         done

Key changes:

• set -euo pipefail enables strict mode to fail on errors
• tr ',' '\n' splits by comma, then xargs trims whitespace from each target
• [ -z "$target" ] && continue skips empty targets
• || exit 1 ensures the workflow fails if any pre-build target fails

🧹 Nitpick comments (1)

action.yml (1)

144-174: Consider making stage detection regex more robust.

The grep patterns (^FROM .* AS lint) are restrictive and won't match Dockerfile variations like extra spaces (FROM ubuntu AS lint). While the Dockerfile spec requires FROM at the line start, a more flexible pattern would be safer:

grep -qi "^FROM .* AS lint" "$DOCKERFILE"  # Add -i for case-insensitive matching

This is optional if your Dockerfiles follow strict formatting conventions.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between ad71a2f and b12ee81.

📒 Files selected for processing (1)

• action.yml (2 hunks)

🔇 Additional comments (1)

action.yml (1)

61-64: Input definition looks good.

Clear description and sensible defaults.