ci: fix the bug of pr-cancel and Autobuild

[317787106]

What does this PR do?

Why are these changes required?

This PR has been tested by:

• Unit Tests
• Manual Testing

Follow up

Extra details

---

Summary by cubic

Fixes PR cancellation, stabilizes CodeQL with a manual Gradle build on JDK 8, and repairs coverage upload PR detection. Prevents stuck analyses and ensures coverage and CodeQL runs map to the correct PRs.

• Bug Fixes
  • CodeQL: set build-mode: manual, install JDK 8 via actions/setup-java@v5, and run ./gradlew build -x test --no-daemon instead of github/codeql-action/autobuild@v4.
  • pr-cancel: add codeql.yml and coverage-waiting.yml to the cancel list; treat runs with no pull_requests as the target PR when head_sha matches.
  • coverage: switch to actions/download-artifact@v7 and fix PR detection in coverage-upload.yml by listing pulls for head_owner:head_branch and selecting the one matching head_sha.

^{Written for commit b0d34f8. Summary will update on new commits.}

Summary by CodeRabbit

• Chores
  • CI/CD build step made explicit and set to manual, including a specific Java setup, to ensure a consistent build before analysis (tests skipped).
  • Workflow cancellation broadened to include additional workflows and refined matching logic to reduce redundant runs.
  • Coverage pipeline updated to use the newer artifact download action and improved PR lookup to more reliably associate commits with pull requests.

[coderabbitai]

📝 Walkthrough

Walkthrough

CI workflow updates: CodeQL init switched to manual build-mode with explicit JDK 8 setup and an added Gradle build step; pr-cancel broadened cancelled workflows and adjusted PR-match logic for runs missing pull_requests; coverage workflows updated artifact action versions and PR lookup logic.

Changes

Cohort / File(s)	Summary
CodeQL workflow .github/workflows/codeql.yml	Changed init to build-mode: manual, added actions/setup-java@v5 (JDK 8) and an explicit Build step running ./gradlew build -x test --no-daemon before CodeQL analyze.
PR cancellation .github/workflows/pr-cancel.yml	Expanded target workflows to include codeql.yml and coverage-waiting.yml. Updated isTargetPr logic to treat runs with missing/empty pull_requests as targets (!run.pull_requests?.length) while keeping run.head_sha === headSha check.
Coverage baseline download .github/workflows/coverage-update-baseline.yml	Bumped actions/download-artifact from v6 to v7 for the upload-base-coverage job.
Coverage upload & PR lookup .github/workflows/coverage-upload.yml	Bumped actions/download-artifact to v7. Replaced listPullRequestsAssociatedWithCommit with github.rest.pulls.list (filtered by head ref) and select PR by matching p.head.sha === headSha; outputs set only when PR found.

Sequence Diagram(s)

sequenceDiagram
    participant GH as GitHub event
    participant Runner as Actions runner
    participant SetupJava as actions/setup-java@v5
    participant Gradle as Gradle (`./gradlew`)
    participant CodeQL as github/codeql-action/analyze@v4

    GH->>Runner: push / workflow dispatch
    Runner->>SetupJava: setup JDK 8
    Runner->>Gradle: ./gradlew build -x test --no-daemon
    Gradle-->>Runner: build artifacts
    Runner->>CodeQL: init (build-mode: manual) & analyze
    CodeQL-->>Runner: analysis results

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• ci: fix the bug of No open pull request found #53 — Modifies the same "Get PR details" logic in .github/workflows/coverage-upload.yml; closely related to the PR lookup changes.
• ci: add coverage check workflow #48 — Prior changes to CodeQL/coverage workflows; overlaps with artifact action version and workflow adjustments.
• ci: upgrade upload-artifac from v5 to v6 #54 — Edits to .github/workflows/pr-cancel.yml; directly related to the cancellation logic updates.

Poem

🐰
I hopped through YAML, neat and light,
Set Java, built, then slept at night.
I nudged cancellations, found each PR,
CodeQL hummed beneath the star,
Carrots for CI — a rabbit's delight! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: fix the bug of pr-cancel and Autobuild' directly addresses the two main objectives: fixing pr-cancel workflow behavior and addressing CodeQL autobuild issues. It accurately summarizes the primary changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

Migrating from UI to YAML configuration.

Use the @coderabbitai configuration command in a PR comment to get a dump of all your UI settings in YAML format. You can then edit this YAML file and upload it to the root of your repository to configure CodeRabbit programmatically.

[cubic-dev-ai]

No issues found across 2 files

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/pr-cancel.yml:
- Around line 39-40: The fallback when run.pull_requests is empty is too
permissive: update the isTargetPr logic so that when there are no pull_requests
you also verify the run's head ref matches the PR head ref (avoid relying on
head_sha alone). Specifically, change the check around
isTargetPr/run.pull_requests to: if run.pull_requests has items, keep the
existing some(pr => pr.number === prNumber); otherwise require the run's head
ref (e.g., run.head_branch or run.head_ref) to equal the target PR head ref
(obtainable from the PR context or from run.pull_requests[0].head.ref when
available) in addition to matching headSha; reference isTargetPr,
run.pull_requests, run.head_sha, headSha and prNumber when making the change.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b8c80237-0fce-4aad-b3ab-a2d5620ccee8

📥 Commits

Reviewing files that changed from the base of the PR and between 0509ea0 and 7a2c629.

📒 Files selected for processing (2)

• .github/workflows/codeql.yml
• .github/workflows/pr-cancel.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Line 39 fallback is too broad and may cancel the wrong PR run.

When run.pull_requests is empty, isTargetPr becomes true, so any run sharing the same head_sha can be canceled. Tighten the fallback by also matching the PR head ref (or other PR-unique signal).

🔧 Suggested fix

-                  const isTargetPr = !run.pull_requests?.length || run.pull_requests.some((pr) => pr.number === prNumber);
-                  if (run.head_sha === headSha && isTargetPr) {
+                  const isTargetPr = run.pull_requests?.length
+                    ? run.pull_requests.some((pr) => pr.number === prNumber)
+                    : (run.head_sha === headSha &&
+                       run.head_branch === context.payload.pull_request.head.ref);
+                  if (isTargetPr) {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pr-cancel.yml around lines 39 - 40, The fallback when
run.pull_requests is empty is too permissive: update the isTargetPr logic so
that when there are no pull_requests you also verify the run's head ref matches
the PR head ref (avoid relying on head_sha alone). Specifically, change the
check around isTargetPr/run.pull_requests to: if run.pull_requests has items,
keep the existing some(pr => pr.number === prNumber); otherwise require the
run's head ref (e.g., run.head_branch or run.head_ref) to equal the target PR
head ref (obtainable from the PR context or from run.pull_requests[0].head.ref
when available) in addition to matching headSha; reference isTargetPr,
run.pull_requests, run.head_sha, headSha and prNumber when making the change.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/coverage-upload.yml (1)

48-54: Consider pagination for robustness.

The pulls.list API returns paginated results (default 30 items), and .find() only searches the first page. While it's extremely unlikely to have 30+ PRs from the same owner:branch combination, using the paginator would make this more robust.

♻️ Optional: Use paginator for complete coverage

-            const { data: pulls } = await github.rest.pulls.list({
+            const pulls = await github.paginate(github.rest.pulls.list, {
               owner: context.repo.owner,
               repo: context.repo.repo,
               state: 'all',
               head: `${headOwner}:${headBranch}`,
+              per_page: 100,
             });
-            const pr = pulls.find((p) => p.head.sha === headSha);
+            const pr = pulls.find((p) => p.head.sha === headSha);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/coverage-upload.yml around lines 48 - 54, The current code
calls github.rest.pulls.list and then uses pulls.find to search only the first
page; replace that with the Octokit paginator to fetch all pages before
searching: call github.paginate(github.rest.pulls.list, { owner:
context.repo.owner, repo: context.repo.repo, state: 'all', head:
`${headOwner}:${headBranch}` }) to obtain the full pulls array, then run the
find for pr where p.head.sha === headSha; update the variables around
github.rest.pulls.list, pulls, and pr accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/coverage-upload.yml:
- Line 33: The workflow uses actions/download-artifact@v7 which requires Node.js
24 and Actions Runner >= 2.327.1; confirm any self-hosted runners meet those
minimums or change the action to a compatible release (e.g., pin to an earlier
v3/v4 tag) to avoid breaking changes. Locate the reference to
actions/download-artifact@v7 in the workflow and either (a) add
documentation/checks and upgrade your self-hosted runners to Node.js 24 and
Runner 2.327.1+, or (b) replace the action version with a prior compatible
release to maintain backward compatibility for existing self-hosted runners.

---

Nitpick comments:
In @.github/workflows/coverage-upload.yml:
- Around line 48-54: The current code calls github.rest.pulls.list and then uses
pulls.find to search only the first page; replace that with the Octokit
paginator to fetch all pages before searching: call
github.paginate(github.rest.pulls.list, { owner: context.repo.owner, repo:
context.repo.repo, state: 'all', head: `${headOwner}:${headBranch}` }) to obtain
the full pulls array, then run the find for pr where p.head.sha === headSha;
update the variables around github.rest.pulls.list, pulls, and pr accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1fbaf6fe-5c65-4ab1-9633-b05f3652bd79

📥 Commits

Reviewing files that changed from the base of the PR and between 12174e5 and b0d34f8.

📒 Files selected for processing (2)

• .github/workflows/coverage-update-baseline.yml
• .github/workflows/coverage-upload.yml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/coverage-update-baseline.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

actions/download-artifact v7 release notes

💡 Result:

actions/download-artifact@v7.0.0 release notes (highlights)

• Runtime update (important): now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version 2.327.1 (update self-hosted runners before upgrading). [1]
• What changed:
  • Updated GHES guidance to reference a Node 20 version. [1]
  • Added Node 24 support. [1]
  • Updated @actions/artifact to address a Node.js 24 punycode deprecation. [1]
  • Release prep for Node 24 support. [1]

Source: GitHub release page for v7.0.0. [1]

---

Verify self-hosted runner compatibility with actions/download-artifact@v7.

v7 is valid and released, but introduces breaking changes: it requires Node.js 24 runtime and Actions Runner version 2.327.1 or later. If this repository uses self-hosted runners, confirm they meet the minimum version requirement before merging, as workflows will fail otherwise. GitHub-hosted runners are auto-updated and compatible. The run-id and github-token parameters remain compatible.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/coverage-upload.yml at line 33, The workflow uses
actions/download-artifact@v7 which requires Node.js 24 and Actions Runner >=
2.327.1; confirm any self-hosted runners meet those minimums or change the
action to a compatible release (e.g., pin to an earlier v3/v4 tag) to avoid
breaking changes. Locate the reference to actions/download-artifact@v7 in the
workflow and either (a) add documentation/checks and upgrade your self-hosted
runners to Node.js 24 and Runner 2.327.1+, or (b) replace the action version
with a prior compatible release to maintain backward compatibility for existing
self-hosted runners.