PR assessment workflow

[rouzwelt]

Motivation

Solution

Checks

By submitting this for review, I'm confirming I've done the following:

• made this PR as small as possible
• unit-tested any new functionality
• linked any relevant issues or PRs
• included screenshots (if this involves a front-end change)

Summary by CodeRabbit

• Chores
  • Introduced a GitHub Actions workflow that runs when pull requests are closed. It assesses PR size by invoking a shared workflow with the PR number, repository, owner, and merge status as inputs. This enhances maintainability and review insights for merged PRs. No user-facing changes.

[coderabbitai]

Walkthrough

Adds a new GitHub Actions workflow “GitHub PR Size Assessment” triggered on pull_request closed. It runs job assess-pr-size-on-merge that reuses rainlanguage/github-chore/.github/workflows/pr-assessment.yml@main, passing pr_number, repo, owner, and merged from the event context.

Changes

Cohort / File(s)	Summary
CI Workflow .github/workflows/pr-assessment.yaml	Introduces a workflow triggered on PR close that invokes a reusable workflow (rainlanguage/github-chore/.../pr-assessment.yml@main) with inputs: pr_number, repo, owner, merged.

Sequence Diagram(s)

sequenceDiagram
    participant GH as GitHub (PR Closed)
    participant WF as Repo Workflow (pr-assessment.yaml)
    participant RW as Reusable Workflow (rainlanguage/github-chore/pr-assessment.yml)

    GH->>WF: Trigger on pull_request (closed)
    WF->>RW: Reuse workflow with inputs (pr_number, repo, owner, merged)
    RW-->>WF: Assess PR size, return result/status
    WF-->>GH: Job completion status

Loading

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 2025-08-15-pr-assessment

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6b32c8d and 0f69e41.

📒 Files selected for processing (1)

• .github/workflows/pr-assessment.yaml (1 hunks)

🔇 Additional comments (1)

.github/workflows/pr-assessment.yaml (1)

9-9: Pin the reusable workflow to an immutable ref
Referencing @main is susceptible to supply-chain drift and can break if the file isn’t present on main. Instead, pin to a specific commit SHA or a vetted tag:

-    uses: rainlanguage/github-chore/.github/workflows/pr-assessment.yml@main
+    uses: rainlanguage/github-chore/.github/workflows/pr-assessment.yml@<commit-sha-or-tag>

You can fetch the current head SHA of the workflow repo with:

gh api repos/rainlanguage/github-chore/git/refs/heads/main -q .object.sha

If this workflow file is new to main, please create a tag in the rainlanguage/github-chore repo or look up the desired commit SHA in your local clone before pinning.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Set explicit, least-privilege GITHUB_TOKEN permissions

Reusable workflows can’t elevate permissions; the caller must declare them. Be explicit to avoid surprises if defaults change and to ensure the called workflow has what it needs.

 name: GitHub PR Size Assessment
 on:
   pull_request:
     types:
       - closed
+
+permissions:
+  contents: read
+  pull-requests: read

If the called workflow needs additional scopes (e.g., actions: read/write, checks: write), adjust accordingly after verifying its requirements.

---

🏁 Script executed:

#!/bin/bash
# Check for reusable workflow calls and actions usage in pr-assessment workflow
grep -R -nE 'uses:|workflow_call' .github/workflows/pr-assessment.yaml || true

Length of output: 151

---

🏁 Script executed:

#!/bin/bash
set -e

echo "=== Checking for existing permissions in pr-assessment.yaml ==="
rg -n 'permissions:' -C3 .github/workflows/pr-assessment.yaml || echo "No permissions block found"

echo
echo "=== Context around reusable workflow call ==="
rg -n 'uses: rainlanguage/github-chore' -C5 .github/workflows/pr-assessment.yaml || true

echo
echo "=== Full workflow header ==="
sed -n '1,50p' .github/workflows/pr-assessment.yaml

Length of output: 1368

---

Add explicit, least-privilege GITHUB_TOKEN permissions

Your workflow currently inherits default token scopes, which may change or be overly permissive. Since you’re calling a reusable workflow, you must declare its required permissions upfront. At minimum, grant read-only on repository contents and pull requests:

File: .github/workflows/pr-assessment.yaml

 name: GitHub PR Size Assessment
 on:
   pull_request:
     types:
       - closed
+  permissions:
+    contents: read
+    pull-requests: read

 jobs:
   assess-pr-size-on-merge:
     uses: rainlanguage/github-chore/.github/workflows/pr-assessment.yml@main
     …

After reviewing the reusable workflow’s needs, add any additional scopes (e.g. checks: write, actions: read/write) as required.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	name: GitHub PR Size Assessment
	on:
	pull_request:
	types:
	- closed
	name: GitHub PR Size Assessment
	on:
	pull_request:
	types:
	- closed
	permissions:
	contents: read
	pull-requests: read
	jobs:
	assess-pr-size-on-merge:
	uses: rainlanguage/github-chore/.github/workflows/pr-assessment.yml@main
	…

🤖 Prompt for AI Agents

In .github/workflows/pr-assessment.yaml around lines 1 to 6, the workflow relies
on the default GITHUB_TOKEN scope; add an explicit least-privilege permissions
block declaring at minimum permissions: contents: read and pull-requests: read,
and then add any additional specific scopes required by the reusable workflow
(for example checks: write or actions: read/write) so the workflow only has the
needed token permissions.

[coderabbitai]

🛠️ Refactor suggestion

Gate the job to only run when the PR is merged

Triggering on pull_request.closed also fires on “closed without merge.” Add a job-level condition to avoid unnecessary runs and potential noise.

 jobs:
   assess-pr-size-on-merge:
+    if: ${{ github.event.pull_request.merged == true }}
     uses: rainlanguage/github-chore/.github/workflows/pr-assessment.yml@main
     with:
       pr_number: ${{ github.event.pull_request.number }}
       repo: ${{ github.event.repository.name }}
       owner: ${{ github.repository_owner }}
       merged: ${{ github.event.pull_request.merged }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	assess-pr-size-on-merge:
	uses: rainlanguage/github-chore/.github/workflows/pr-assessment.yml@main
	with:
	pr_number: ${{ github.event.pull_request.number }}
	repo: ${{ github.event.repository.name }}
	owner: ${{ github.repository_owner }}
	merged: ${{ github.event.pull_request.merged }}
	jobs:
	assess-pr-size-on-merge:
	if: ${{ github.event.pull_request.merged == true }}
	uses: rainlanguage/github-chore/.github/workflows/pr-assessment.yml@main
	with:
	pr_number: ${{ github.event.pull_request.number }}
	repo: ${{ github.event.repository.name }}
	owner: ${{ github.repository_owner }}
	merged: ${{ github.event.pull_request.merged }}

🤖 Prompt for AI Agents

.github/workflows/pr-assessment.yaml around lines 8-14: the job currently runs
for pull_request.closed which also triggers on non-merged closes; add a
job-level conditional to run only when the PR was merged by adding an if
condition that checks github.event.pull_request.merged (for example: if:
github.event.pull_request.merged == true) on the assess-pr-size-on-merge job so
the job is skipped for closed-but-not-merged events.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Confirm the called workflow supports workflow_call and input types; add secrets: inherit if needed

Ensure rainlanguage/github-chore/.github/workflows/pr-assessment.yml defines on: workflow_call with inputs pr_number, repo, owner, and merged (preferably typed, e.g., boolean for merged). If it requires any secrets beyond GITHUB_TOKEN, forward them with secrets: inherit or explicit mappings.

If secrets are required, update:

   assess-pr-size-on-merge:
     if: ${{ github.event.pull_request.merged == true }}
-    uses: rainlanguage/github-chore/.github/workflows/pr-assessment.yml@main
+    uses: rainlanguage/github-chore/.github/workflows/pr-assessment.yml@main
+    secrets: inherit
     with:
       pr_number: ${{ github.event.pull_request.number }}
       repo: ${{ github.event.repository.name }}
       owner: ${{ github.repository_owner }}
       merged: ${{ github.event.pull_request.merged }}

Script to verify the called workflow accepts these inputs:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Fetch the reusable workflow content
content=$(gh api repos/rainlanguage/github-chore/contents/.github/workflows/pr-assessment.yml \
  -f ref='main' | jq -r '.content' | base64 --decode)

# Show workflow_call section and inputs
printf '%s\n' "$content" | awk '
  /workflow_call:/,0 { print }
' | sed -n '1,150p'

Length of output: 288

---

I couldn’t fetch the workflow via gh api—let’s pull it directly and inspect the workflow_call inputs:

---

🏁 Script executed:

#!/usr/bin/env bash
set -euo pipefail

# Download the reusable workflow
curl -fsSL \
  https://raw.githubusercontent.com/rainlanguage/github-chore/main/.github/workflows/pr-assessment.yml \
  -o pr-assessment.yml

echo "===== on: section ====="
grep -n 'on:' -A5 pr-assessment.yml || echo "no on: block found"

echo
echo "===== workflow_call inputs ====="
grep -n 'workflow_call:' -A20 pr-assessment.yml || echo "no workflow_call found"

Length of output: 1054

---

Let’s verify whether pr-assessment.yml references any secrets beyond the default GITHUB_TOKEN:

---

🏁 Script executed:

#!/usr/bin/env bash
set -euo pipefail

# Check for explicit secrets mappings
echo "=== secrets: sections ==="
grep -n 'secrets:' pr-assessment.yml || echo "No 'secrets:' sections found"

echo
# Check for any use of secrets.* in action inputs
echo "=== secrets.* usage ==="
grep -n '\${{ *secrets\.' pr-assessment.yml || echo "No secrets referenced in workflow"

Length of output: 349

---

Add secrets: inherit to the reusable‐workflow call

The downstream workflow defines on: workflow_call with typed inputs (pr_number, repo, owner, merged)—that part is correct. However, it also uses ${{ secrets.GITHUB_TOKEN }} inside its steps, and secrets are not forwarded by default. You need to pass them via secrets: inherit.

• In your .github/workflows/pr-assessment.yaml invocation (e.g. under assess-pr-size-on-merge), update:

   uses: rainlanguage/github-chore/.github/workflows/pr-assessment.yml@main
+  secrets: inherit
   with:
     pr_number: ${{ github.event.pull_request.number }}
     repo:       ${{ github.event.repository.name }}
     owner:      ${{ github.repository_owner }}
     merged:     ${{ github.event.pull_request.merged }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	uses: rainlanguage/github-chore/.github/workflows/pr-assessment.yml@main
	with:
	pr_number: ${{ github.event.pull_request.number }}
	repo: ${{ github.event.repository.name }}
	owner: ${{ github.repository_owner }}
	merged: ${{ github.event.pull_request.merged }}
	uses: rainlanguage/github-chore/.github/workflows/pr-assessment.yml@main
	secrets: inherit
	with:
	pr_number: ${{ github.event.pull_request.number }}
	repo: ${{ github.event.repository.name }}
	owner: ${{ github.repository_owner }}
	merged: ${{ github.event.pull_request.merged }}

🤖 Prompt for AI Agents

.github/workflows/pr-assessment.yaml around lines 9 to 14: the reusable workflow
is invoked with inputs under "with" but does not forward repository secrets, so
any use of secrets.GITHUB_TOKEN inside the called workflow will be empty; add a
"secrets: inherit" mapping at the same level as "with" for the reusable-workflow
call (i.e., under the job/step that has "uses:
rainlanguage/github-chore/...@main") so the caller forwards its secrets to the
reusable workflow.

[github-actions]

@coderabbitai assess this PR size classification for the totality of the PR with the following criterias and report it in your comment:

S/M/L PR Classification Guidelines:

This guide helps classify merged pull requests by effort and complexity rather than just line count. The goal is to assess the difficulty and scope of changes after they have been completed.

Small (S)

Characteristics:

• Simple bug fixes, typos, or minor refactoring
• Single-purpose changes affecting 1-2 files
• Documentation updates
• Configuration tweaks
• Changes that require minimal context to review

Review Effort: Would have taken 5-10 minutes

Examples:

• Fix typo in variable name
• Update README with new instructions
• Adjust configuration values
• Simple one-line bug fixes
• Import statement cleanup

Medium (M)

Characteristics:

• Feature additions or enhancements
• Refactoring that touches multiple files but maintains existing behavior
• Breaking changes with backward compatibility
• Changes requiring some domain knowledge to review

Review Effort: Would have taken 15-30 minutes

Examples:

• Add new feature or component
• Refactor common utility functions
• Update dependencies with minor breaking changes
• Add new component with tests
• Performance optimizations
• More complex bug fixes

Large (L)

Characteristics:

• Major feature implementations
• Breaking changes or API redesigns
• Complex refactoring across multiple modules
• New architectural patterns or significant design changes
• Changes requiring deep context and multiple review rounds

Review Effort: Would have taken 45+ minutes

Examples:

• Complete new feature with frontend/backend changes
• Protocol upgrades or breaking changes
• Major architectural refactoring
• Framework or technology upgrades

Additional Factors to Consider

When deciding between sizes, also consider:

• Test coverage impact: More comprehensive test changes lean toward larger classification
• Risk level: Changes to critical systems bump up a size category
• Team familiarity: Novel patterns or technologies increase complexity

Notes:

• the assessment must be for the totality of the PR, that means comparing the base branch to the last commit of the PR
• the assessment output must be exactly one of: S, M or L (single-line comment) in format of: SIZE={S/M/L}
• do not include any additional text, only the size classification
• your assessment comment must not include tips or additional sections
• do NOT tag me or anyone else on your comment

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Get the PR diff to see all changes
git log --oneline -n 20

# Look at what files were changed in this PR
git diff --name-only HEAD~5..HEAD

# Get the content of the workflow file that was added
find . -name "pr-assessment.yaml" -o -name "pr-assessment.yml" | head -5

Length of output: 338

---

🏁 Script executed:

#!/bin/bash
# Read the content of the workflow file
cat ./.github/workflows/pr-assessment.yaml

# Also check if there are any other files that might be related to this PR
ls -la .github/workflows/

Length of output: 784

---

SIZE=S