Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds and manages pic-sure-api-model in root and module POMs, updates repository and compiler settings and CI JDKs, migrates PicSureStatus imports and tidies tests, and removes GA4GH DOS and visualization service modules and implementations. ChangesDependency integration & build updates
PicSureStatus Migration & Code Tidy
Module and Service Removals
🎯 4 (Complex) | ⏱️ ~45 minutes
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pic-sure-api-data/pom.xml`:
- Around line 23-27: Remove the hard-coded version from the pic-sure-api-model
dependency in pic-sure-api-data's POM so it uses the parent-managed version:
locate the dependency block with groupId "edu.harvard.hms.dbmi.avillach" and
artifactId "pic-sure-api-model" and delete the <version> element (leave the
dependency entry intact) so Maven picks up the version from the root
<dependencyManagement>.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: f103951d-96d3-4cc8-a0f4-73eff9c53cac
📒 Files selected for processing (18)
pic-sure-api-data/pom.xmlpic-sure-api-data/src/main/java/edu/harvard/dbmi/avillach/data/entity/Query.javapic-sure-api-war/pom.xmlpic-sure-api-war/src/test/java/edu/harvard/dbmi/avillach/PicsureQueryServiceTest.javapic-sure-resources/pic-sure-ga4gh-dos/README.mdpic-sure-resources/pic-sure-ga4gh-dos/pom.xmlpic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.javapic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/HttpClientUtil.javapic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/JAXRSConfiguration.javapic-sure-resources/pic-sure-ga4gh-dos/src/main/resources/webapp/META-INF/context.xmlpic-sure-resources/pic-sure-ga4gh-dos/src/main/resources/webapp/WEB-INF/beans.xmlpic-sure-resources/pic-sure-passthrough-resource/src/test/java/edu/harvard/hms/dbmi/avillach/resource/passthru/PassThroughResourceRSTest.javapic-sure-resources/pic-sure-resource-api/src/main/java/edu/harvard/dbmi/avillach/domain/QueryStatus.javapic-sure-resources/pic-sure-resource-api/src/test/java/edu/harvard/dbmi/avillach/service/ResourceWebClientTest.javapic-sure-resources/pom.xmlpic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/PicSureStatus.javapic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/UUIDv5.javapom.xml
💤 Files with no reviewable changes (11)
- pic-sure-resources/pom.xml
- pic-sure-resources/pic-sure-ga4gh-dos/src/main/resources/webapp/META-INF/context.xml
- pic-sure-resources/pic-sure-ga4gh-dos/src/main/resources/webapp/WEB-INF/beans.xml
- pic-sure-resources/pic-sure-ga4gh-dos/README.md
- pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/JAXRSConfiguration.java
- pic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/PicSureStatus.java
- pic-sure-util/src/main/java/edu/harvard/dbmi/avillach/util/UUIDv5.java
- pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/HttpClientUtil.java
- pic-sure-resources/pic-sure-resource-api/src/test/java/edu/harvard/dbmi/avillach/service/ResourceWebClientTest.java
- pic-sure-resources/pic-sure-ga4gh-dos/src/main/java/edu/harvard/hms/dbmi/avillach/GA4GHResourceRS.java
- pic-sure-resources/pic-sure-ga4gh-dos/pom.xml
|
Actionable comments posted: 0 |
|
Actionable comments posted: 0 |
|
Actionable comments posted: 0 |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/github-actions-deploy-snapshots.yml:
- Around line 14-18: The workflow uses mutable tags actions/checkout@v3 and
actions/setup-java@v3 which can change; replace those references with their
current immutable commit SHAs (or the latest stable pinned tag) and update
setup-java to a supported version that matches Java 24 (ensure java-version:
'24' remains), e.g. pin actions/checkout and actions/setup-java to their
respective commit SHAs from GitHub Actions' repos so the CI uses exact immutable
revisions.
In @.github/workflows/github-actions-test.yml:
- Line 10: The checkout step using "uses:
actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" is missing the
security setting to disable credential persistence; update that step to include
"persist-credentials: false" under the step inputs so the action does not leave
credentials in the workspace (i.e., locate the checkout step with uses:
actions/checkout@de0fac2e... and add the persist-credentials: false key/value).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: bbb6178c-c162-4403-a7d7-5674f4d2de39
📒 Files selected for processing (2)
.github/workflows/github-actions-deploy-snapshots.yml.github/workflows/github-actions-test.yml
| - uses: actions/checkout@v3 | ||
| - name: Set up JDK 11 | ||
| uses: actions/setup-java@v3 | ||
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE=".github/workflows/github-actions-test.yml"
echo "== File = $FILE =="
ls -la "$FILE" || true
echo
echo "== Lines 1-80 (for context) =="
nl -ba "$FILE" | sed -n '1,120p'
echo
echo "== Search for persist-credentials / actions/checkout =="
rg -n "actions/checkout|persist-credentials" "$FILE" || trueRepository: hms-dbmi/pic-sure
Length of output: 300
🏁 Script executed:
#!/bin/bash
set -euo pipefail
FILE=".github/workflows/github-actions-test.yml"
echo "== File = $FILE =="
ls -la "$FILE" || true
echo
echo "== Lines 1-200 (for context) =="
awk '{printf "%4d\t%s\n", NR, $0}' "$FILE" | sed -n '1,200p'
echo
echo "== Search for persist-credentials / actions/checkout =="
rg -n "actions/checkout|persist-credentials" "$FILE" || true
echo
echo "== Extract checkout steps block(s) =="
rg -n "uses:\s*actions/checkout@" -n "$FILE" || true
# Show nearby lines around any checkout usage
rg -n "uses:\s*actions/checkout@" -n -C 6 "$FILE" || trueRepository: hms-dbmi/pic-sure
Length of output: 1467
Disable credential persistence in checkout step.
The actions/checkout step (line 10) is pinned but missing persist-credentials: false, so checkout’s default behavior may persist credentials in the repo workspace.
Suggested fix
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd `#v6.0.2`
+ with:
+ persist-credentials: false📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd `#v6.0.2` | |
| with: | |
| persist-credentials: false |
🧰 Tools
🪛 zizmor (1.25.2)
[warning] 10-10: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/github-actions-test.yml at line 10, The checkout step
using "uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" is
missing the security setting to disable credential persistence; update that step
to include "persist-credentials: false" under the step inputs so the action does
not leave credentials in the workspace (i.e., locate the checkout step with
uses: actions/checkout@de0fac2e... and add the persist-credentials: false
key/value).
|
New Issues (15)Checkmarx found the following issues in this Pull Request
Fixed Issues (45)Great job! The following issues were fixed in this Pull Request
Use @Checkmarx to interact with Checkmarx PR Assistant. |





Summary by CodeRabbit
Chores
Refactor
Documentation