Flatten workspace to single crate, split spatree out#27
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (4)
💤 Files with no reviewable changes (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughSummary by CodeRabbit
WalkthroughRoot Cargo.toml is converted from a workspace manifest to a single crate manifest for rectree; example crates switch from workspace inheritance to explicit package/dependency declarations; example code uses a local vello_winit module; CI workflow removes workspace flags and system library installation and narrows cargo commands. ChangesWorkspace to Single-Crate Migration
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/rust.yml (1)
2-7:⚠️ Potential issue | 🟠 MajorHarden CI workflow: pin actions, restrict token permissions, and disable checkout credential persistence.
- No top-level
permissions:block in.github/workflows/rust.yml.- Unpinned (non-SHA)
uses:entries at lines 11-13, 20-22, 28-30, 36-38, 45-47, 55-57, 64-66 (actions/checkout@v4,dtolnay/rust-toolchain@stable,Swatinem/rust-cache@v2).- Each
actions/checkout@v4step at lines 11, 20, 28, 36, 45, 55, 64 is missingwith: persist-credentials: false, increasing token exposure risk.Suggested hardening pattern
+permissions: + contents: read + jobs: format: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@<full_commit_sha> + with: + persist-credentials: false - - uses: dtolnay/rust-toolchain@stable + - uses: dtolnay/rust-toolchain@<full_commit_sha> - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@<full_commit_sha>🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/rust.yml around lines 2 - 7, Add a top-level permissions block and harden all external actions: add a minimal permissions block (e.g., permissions: contents: read) at the top of the workflow; pin every unpinned action reference (actions/checkout@v4, dtolnay/rust-toolchain@stable, Swatinem/rust-cache@v2, etc.) to an immutable commit SHA instead of a tag; and for every actions/checkout step add with: persist-credentials: false to stop checkout from persisting the GITHUB_TOKEN. These three changes together (top-level permissions, pinning to SHAs, and persist-credentials: false on each checkout) are the required fixes.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/rust.yml:
- Line 23: CI currently runs commands like "run: cargo check --all-features
--all-targets" only against the root crate, leaving
examples/vello_winit_examples outside validation; update each affected CI run
step that invokes cargo (the ones using "cargo check", "cargo build", or similar
run commands) to also run the same command against the standalone example crate
by either adding a separate step or appending a second command that uses
--manifest-path examples/vello_winit_examples/Cargo.toml (e.g., run: cargo check
--all-features --all-targets && cargo check --manifest-path
examples/vello_winit_examples/Cargo.toml --all-features --all-targets) so the
example crate is validated in the workflow.
---
Outside diff comments:
In @.github/workflows/rust.yml:
- Around line 2-7: Add a top-level permissions block and harden all external
actions: add a minimal permissions block (e.g., permissions: contents: read) at
the top of the workflow; pin every unpinned action reference
(actions/checkout@v4, dtolnay/rust-toolchain@stable, Swatinem/rust-cache@v2,
etc.) to an immutable commit SHA instead of a tag; and for every
actions/checkout step add with: persist-credentials: false to stop checkout from
persisting the GITHUB_TOKEN. These three changes together (top-level
permissions, pinning to SHAs, and persist-credentials: false on each checkout)
are the required fixes.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 74f8ecb3-d1d6-4b41-93f0-ab763c517391
⛔ Files ignored due to path filters (1)
Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (14)
.github/workflows/rust.ymlCargo.tomlREADME.mdREADME.mdcrates/rectree/Cargo.tomlcrates/rectree/README.mdcrates/spatree/Cargo.tomlcrates/spatree/README.mdcrates/spatree/src/lib.rscrates/spatree/src/morton.rsexamples/vello_winit_examples/Cargo.tomlsrc/geom.rssrc/lib.rssrc/node.rs
💤 Files with no reviewable changes (6)
- crates/rectree/Cargo.toml
- crates/spatree/Cargo.toml
- crates/spatree/README.md
- crates/rectree/README.md
- crates/spatree/src/morton.rs
- crates/spatree/src/lib.rs
spatreeis now at https://github.com/voxell-tech/spatree