#49 chore: Github Actions CI/CD 파이프라인 구축#50
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
JiiminHa
force-pushed
the
chore/49-setup-cicd
branch
from
3f70593 to
ba049f8
Compare
📝 WalkthroughSummary by CodeRabbit릴리스 노트
WalkthroughGitHub Actions 기반 CI/CD 및 Release Drafter 워크플로우 추가, UI 컴포넌트의 export 정리, 타입 재내보내기 제거 및 일부 import 경로/포맷 정리. 주로 구성·리팩토링 변경입니다. (50단어 이내) Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested reviewers
📝 추가 검토 권장사항
짧고 깔끔한 변화네요 — 좋은 자동화 추가입니다. 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (3)
.github/workflows/ci-cd.yml (3)
48-48:pnpm install에--frozen-lockfile명시를 고려해 보세요.pnpm의
--frozen-lockfile옵션은 CI 환경에서 기본적으로true로 설정됩니다. GitHub Actions는CI=true환경 변수를 자동으로 제공하므로, 현재 설정으로도 동일하게 동작합니다. 다만, 의도를 명확히 표현하고 이후 실수 방지를 위해 명시적으로 플래그를 추가하는 것을 권장합니다.🛠️ 수정 제안
- run: pnpm install + run: pnpm install --frozen-lockfile🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci-cd.yml at line 48, The CI step currently runs "pnpm install" without explicit lockfile enforcement; update the workflow step (the run command that contains pnpm install) to include the --frozen-lockfile flag so the job fails if package-lock changes (e.g., replace "pnpm install" with "pnpm install --frozen-lockfile") to make the intent explicit and prevent accidental lockfile drift in CI.
50-58: TypeScript 타입 체크 step 추가를 고려해 보세요.Vite의
pnpm build는 TypeScript를 트랜스파일만 수행하고 타입 오류를 검증하지 않습니다. CI에서 타입 오류를 잡으려면 별도tsc --noEmitstep이 필요합니다.🛠️ 수정 제안
- name: Lint run: pnpm lint + - name: Type check + run: pnpm tsc --noEmit - name: Build run: pnpm build🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci-cd.yml around lines 50 - 58, Add a dedicated TypeScript type-check step to the CI workflow because "pnpm build" only transpiles; insert a new job step (e.g., name: Type Check) after the Lint step (or before Build) that runs the TypeScript compiler with no emit (pnpm exec tsc --noEmit or npm run tsc --noEmit) to fail the job on type errors; reference the existing step names "Lint" and "Build" and the command "pnpm build" when locating where to add the new step.
15-15: Job 이름build-and-deploy에 배포(deploy) 단계가 없습니다.워크플로의 실제 동작(lint + build)과 이름이 불일치합니다. 배포 로직이 아직 구현되지 않았다면
build또는ci로 이름을 변경하는 편이 더 명확합니다.🛠️ 수정 제안
- build-and-deploy: + build:🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci-cd.yml at line 15, Job 이름 'build-and-deploy'가 실제로는 배포 단계가 없어 혼동을 일으키므로, 워크플로의 동작과 이름을 일치시키도록 수정하세요: (1) 간단한 해결책으로 워크플로 내 job key 'build-and-deploy'를 'build' 또는 'ci'로 이름 변경하여 의미를 맞추거나, (2) 배포가 의도된 경우 현재 'build-and-deploy' job에 배포 단계를 추가(예: 배포용 action/step)하여 이름과 동작을 일치시키세요; 변경 대상 식별자: job 이름 'build-and-deploy' 및 관련 steps 블록.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/models/assignment.ts`:
- Line 1: Update the import in src/models/assignment.ts to use the project's
absolute alias instead of a relative path: replace the relative import of
SubmissionStatus with an absolute import using "@/shared/model/common" so the
file imports SubmissionStatus from the absolute path; ensure you update the
import statement that references SubmissionStatus accordingly and keep the
type-only import style (import type { SubmissionStatus } ...).
- Around line 6-10: Remove the duplicate Assignment interface from
src/models/assignment.ts and switch all imports to the single source in
src/entities/assignment/model/types.ts; specifically, delete the Assignment
definition in the models layer, ensure src/entities/assignment/model/types.ts
exports the Assignment and SubmissionStatus types, then update any files that
currently import Assignment from src/models/assignment.ts (e.g.,
src/models/course.ts and any other usages) to import from
src/entities/assignment/model/types.ts so all layers use the same type
definition.
In `@src/models/course.ts`:
- Around line 1-3: Change the three relative import statements to use absolute
path imports (starting with '@/') so they follow the project guideline: replace
the import for Assignment (currently from './assignment') and the imports for
ApiResponse and SemesterCode (currently from '../shared/model/common') and the
export of SubmissionStatus to use '@/models/assignment' or the appropriate
'@/shared/model/common' absolute module paths respectively; update the
import/export module specifiers while keeping the symbol names (Assignment,
ApiResponse, SemesterCode, SubmissionStatus) unchanged.
- Around line 23-69: The file contains unused type/interface definitions (Unit,
BaseCourse, CourseOverview, DashboardCourse, AssignmentSelectCourse and related
response types) which are duplicated in the canonical definitions under the
project; remove this file entirely to avoid confusion and rely on the single
source of truth (the existing types in the entities/course model), ensuring no
imports reference these interfaces before deletion and updating any accidental
imports to use the canonical types.
---
Nitpick comments:
In @.github/workflows/ci-cd.yml:
- Line 48: The CI step currently runs "pnpm install" without explicit lockfile
enforcement; update the workflow step (the run command that contains pnpm
install) to include the --frozen-lockfile flag so the job fails if package-lock
changes (e.g., replace "pnpm install" with "pnpm install --frozen-lockfile") to
make the intent explicit and prevent accidental lockfile drift in CI.
- Around line 50-58: Add a dedicated TypeScript type-check step to the CI
workflow because "pnpm build" only transpiles; insert a new job step (e.g.,
name: Type Check) after the Lint step (or before Build) that runs the TypeScript
compiler with no emit (pnpm exec tsc --noEmit or npm run tsc --noEmit) to fail
the job on type errors; reference the existing step names "Lint" and "Build" and
the command "pnpm build" when locating where to add the new step.
- Line 15: Job 이름 'build-and-deploy'가 실제로는 배포 단계가 없어 혼동을 일으키므로, 워크플로의 동작과 이름을
일치시키도록 수정하세요: (1) 간단한 해결책으로 워크플로 내 job key 'build-and-deploy'를 'build' 또는 'ci'로
이름 변경하여 의미를 맞추거나, (2) 배포가 의도된 경우 현재 'build-and-deploy' job에 배포 단계를 추가(예: 배포용
action/step)하여 이름과 동작을 일치시키세요; 변경 대상 식별자: job 이름 'build-and-deploy' 및 관련 steps
블록.
There was a problem hiding this comment.
🧹 Nitpick comments (5)
.github/workflows/release-drafter.yml (4)
3-7: 향후 autolabeler 활용을 위한pull_request트리거 추가 고려
pull_request이벤트는 autolabeler 기능을 사용할 때 필요하며,types: [opened, reopened, synchronize]와 함께 설정합니다. 현재 autolabeler를 사용하지 않으므로 필수는 아니지만, 나중에 PR 자동 레이블링을 추가할 경우 트리거도 함께 추가해야 합니다. 미리 구조를 갖춰두면 확장이 용이합니다.➕ 제안 수정 (선택 사항)
on: push: branches: - release/* - main + pull_request: + types: [opened, reopened, synchronize]🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/release-drafter.yml around lines 3 - 7, Add a pull_request trigger to the workflow by updating the top-level on: block to include pull_request with types: [opened, reopened, synchronize]; specifically add a new key 'pull_request' alongside 'push' so the workflow reacts to PR events (use the exact symbol names pull_request and types: [opened, reopened, synchronize]) to enable future autolabeler usage and PR-based release-drafter runs.
17-18:Checkout단계는 release-drafter에 불필요합니다 🗑️release-drafter는 설정 파일을 포함한 모든 데이터를 GitHub API를 통해 읽으며, 로컬 파일시스템에 직접 접근하지 않습니다. 공식 release-drafter 예제 워크플로우에서도 checkout 단계 없이 바로
release-drafter액션을 실행합니다. 불필요한 단계를 제거하면 워크플로우 실행 시간을 단축할 수 있습니다.✂️ 제안 수정
steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Update Draft Release🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/release-drafter.yml around lines 17 - 18, Remove the unnecessary "Checkout" step (the step with name: Checkout and uses: actions/checkout@v4) from the workflow since release-drafter reads repo data via the GitHub API and does not need a local checkout; delete that step block and leave the release-drafter action intact so the job runs without the checkout step.
28-36:id: drafter가 사용되지 않음 (dead config)release-drafter는
id,html_url,upload_url등의 출력값을 제공하며, 이를 이후 단계의 입력으로 활용할 수 있습니다. 그러나 현재 워크플로우에는steps.drafter.outputs.*를 참조하는 후속 단계가 없으므로id: drafter는 불필요합니다. 향후 출력값 활용 계획이 없다면 제거하는 것이 깔끔합니다.✂️ 제안 수정
- name: Publish Release if: github.ref == 'refs/heads/main' - id: drafter uses: release-drafter/release-drafter@v6🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/release-drafter.yml around lines 28 - 36, 현재 "Publish Release" workflow step에 선언된 id: drafter가 후속 단계에서 사용되지 않으므로 불필요합니다; 수정 방법은 간단히 해당 step의 id: drafter 라인만 제거하거나, 만약 release-drafter의 출력값(html_url, upload_url 등)을 쓸 계획이면 후속 step에서 steps.drafter.outputs.*를 참조하도록 추가로 구현하는 것입니다 — 변경 대상 식별자: "Publish Release" step, id: drafter, uses: release-drafter/release-drafter@v6, outputs 참조용 steps.drafter.outputs.*.
22-26: GitHub Actions는 커밋 SHA로 고정하기
release-drafter/release-drafter@v6는 가변(mutable) 태그입니다. 업스트림에서 동일 태그를 다른 커밋으로 옮기거나 악성 코드를 push할 수 있으므로, 공급망 공격(supply chain attack)으로부터 보호하기 위해 GitHub는 서드파티 액션을 전체 커밋 SHA(40자)로 고정할 것을 권장합니다.권장 방식: 전체 SHA + 버전 태그를 주석으로 기록하면 가독성이 좋고 나중에 업그레이드할 때도 용이합니다.
🔒 제안 수정
- name: Update Draft Release if: startsWith(github.ref, 'refs/heads/release/') - uses: release-drafter/release-drafter@v6 + uses: release-drafter/release-drafter@6db134d15f3909ccc9eefd369f02bd1e9cffdf97 # v6.2.0 with: config-name: template/release-drafter.yml env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Publish Release if: github.ref == 'refs/heads/main' id: drafter - uses: release-drafter/release-drafter@v6 + uses: release-drafter/release-drafter@6db134d15f3909ccc9eefd369f02bd1e9cffdf97 # v6.2.0 with: config-name: template/release-drafter.yml publish: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}참고: GitHub 보안 강화 가이드 - Actions 보호에서 더 자세한 내용과 자동화 방법을 확인하실 수 있습니다.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/release-drafter.yml around lines 22 - 26, 현재 사용 중인 release-drafter/release-drafter@v6 같은 가변 태그를 전체 커밋 SHA(40자)로 고정해야 합니다; 변경 대상은 리포지토에서 사용 중인 액션 식별자 release-drafter/release-drafter@v6를 찾아서 이를 upstream 릴리스의 전체 커밋 SHA로 교체하고(예: release-drafter/release-drafter@<40-char-sha>) 기존 버전 태그(v6)는 주석으로 남겨 가독성을 유지하도록 합니다..github/template/release-drafter.yml (1)
9-11: 카테고리 제목 '⚙️ 기능 개선'과 라벨 'Refactor' 사이의 의미 불일치 💡
Refactor는 기능 추가나 개선이 아닌 코드 구조 변경을 의미합니다.'⚙️ 기능 개선'으로 명명하면 릴리스 노트 독자에게 혼란을 줄 수 있습니다.'♻️ 리팩토링'처럼 실제 의미를 반영하는 제목을 사용하는 것이 더 명확합니다.✏️ 제안 수정
- - title: '⚙️ 기능 개선' + - title: '♻️ 리팩토링' labels: - 'Refactor'🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/template/release-drafter.yml around lines 9 - 11, The release-drafter category title "⚙️ 기능 개선" conflicts with the label "Refactor"; update the category title to match the intent of the Refactor label (e.g., change "⚙️ 기능 개선" to "♻️ 리팩토링" or similar) so the title accurately reflects code-structure changes, keeping the existing labels section (label: 'Refactor') and only modifying the title string.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.github/template/release-drafter.yml:
- Around line 9-11: The release-drafter category title "⚙️ 기능 개선" conflicts with
the label "Refactor"; update the category title to match the intent of the
Refactor label (e.g., change "⚙️ 기능 개선" to "♻️ 리팩토링" or similar) so the title
accurately reflects code-structure changes, keeping the existing labels section
(label: 'Refactor') and only modifying the title string.
In @.github/workflows/release-drafter.yml:
- Around line 3-7: Add a pull_request trigger to the workflow by updating the
top-level on: block to include pull_request with types: [opened, reopened,
synchronize]; specifically add a new key 'pull_request' alongside 'push' so the
workflow reacts to PR events (use the exact symbol names pull_request and types:
[opened, reopened, synchronize]) to enable future autolabeler usage and PR-based
release-drafter runs.
- Around line 17-18: Remove the unnecessary "Checkout" step (the step with name:
Checkout and uses: actions/checkout@v4) from the workflow since release-drafter
reads repo data via the GitHub API and does not need a local checkout; delete
that step block and leave the release-drafter action intact so the job runs
without the checkout step.
- Around line 28-36: 현재 "Publish Release" workflow step에 선언된 id: drafter가 후속
단계에서 사용되지 않으므로 불필요합니다; 수정 방법은 간단히 해당 step의 id: drafter 라인만 제거하거나, 만약
release-drafter의 출력값(html_url, upload_url 등)을 쓸 계획이면 후속 step에서
steps.drafter.outputs.*를 참조하도록 추가로 구현하는 것입니다 — 변경 대상 식별자: "Publish Release"
step, id: drafter, uses: release-drafter/release-drafter@v6, outputs 참조용
steps.drafter.outputs.*.
- Around line 22-26: 현재 사용 중인 release-drafter/release-drafter@v6 같은 가변 태그를 전체 커밋
SHA(40자)로 고정해야 합니다; 변경 대상은 리포지토에서 사용 중인 액션 식별자
release-drafter/release-drafter@v6를 찾아서 이를 upstream 릴리스의 전체 커밋 SHA로 교체하고(예:
release-drafter/release-drafter@<40-char-sha>) 기존 버전 태그(v6)는 주석으로 남겨 가독성을 유지하도록
합니다.
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
.github/workflows/release-drafter.yml (1)
29-36:main푸시 시 드래프트 검토 없이 즉시 릴리스 발행됨
publish: true설정으로 인해main에 코드가 푸시되는 순간 릴리스가 자동으로 공개됩니다. 릴리스 노트를 팀에서 검토하거나 수정할 기회가 없습니다.팀의 릴리스 프로세스에 따라 두 가지 방향을 고려해보세요:
- 현재 방식 유지 (완전 자동화): 모든 PR 라벨이 정확히 관리되어야 하며, 릴리스 노트 오류 시 수동 수정이 필요합니다.
- 반자동화 권장:
main푸시 시에도 드래프트만 업데이트하고, 팀이 직접 GitHub Releases에서 검토 후 발행하는 방식.💡 반자동화 방식으로 변경 시
- name: Publish Release if: github.ref == 'refs/heads/main' && github.event_name == 'push' uses: release-drafter/release-drafter@v6 with: config-name: template/release-drafter.yml - publish: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/release-drafter.yml around lines 29 - 36, The workflow currently auto-publishes releases because the "Publish Release" job sets the release-drafter input publish: true; change this to publish: false (or remove the publish input) in the Publish Release step so main pushes only update the draft, and optionally implement a separate manual or protected "Publish Release" workflow/job that calls release-drafter with publish: true when the team approves; look for the step named "Publish Release" and the inputs config-name and publish to make this change.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/release-drafter.yml:
- Around line 3-10: Replace the current pull_request trigger with
pull_request_target and add a branches filter to it (e.g., branches: [release/*,
main]) so the workflow only runs for PRs targeting those base branches and
executes with write permissions; update the workflow permissions to grant
contents: write for the job that performs "Update Draft Release" and confirm no
step checks out or runs untrusted PR code (the safety note references the
absence of a checkout), keeping the triggers: on.pull_request_target and the
branches filter in sync.
- Line 23: The workflow references the third-party action
release-drafter/release-drafter@v6; replace this mutable tag with a specific
commit SHA to pin the action and prevent unexpected updates. Locate every
occurrence of the string "release-drafter/release-drafter@v6" (there are two
occurrences) and change each to "release-drafter/release-drafter@<commit-sha>"
using the exact commit SHA from the v6 release you trust, making sure both
occurrences use the same SHA.
---
Nitpick comments:
In @.github/workflows/release-drafter.yml:
- Around line 29-36: The workflow currently auto-publishes releases because the
"Publish Release" job sets the release-drafter input publish: true; change this
to publish: false (or remove the publish input) in the Publish Release step so
main pushes only update the draft, and optionally implement a separate manual or
protected "Publish Release" workflow/job that calls release-drafter with
publish: true when the team approves; look for the step named "Publish Release"
and the inputs config-name and publish to make this change.
Comment on lines
+3
to
+10
| on: | ||
| push: | ||
| branches: | ||
| - release/* | ||
| - main | ||
| # PR 이벤트 추가로 자동화 범위 확대 | ||
| pull_request: | ||
| types: [opened, reopened, synchronize] |
There was a problem hiding this comment.
pull_request 트리거에 브랜치 필터 없음 + 포크 PR 권한 문제
두 가지 연관된 문제가 있습니다:
-
브랜치 필터 미지정:
pull_request이벤트에branches필터가 없어, 기능 브랜치(예:feature/* → feature/*) 대상 PR 포함 모든 PR에서 워크플로우가 실행됩니다. 불필요한 실행을 줄이려면 대상 브랜치를 명시하는 것이 좋습니다. -
포크 PR 권한 부족:
pull_request이벤트는 포크에서 생성된 PR에 대해GITHUB_TOKEN이 읽기 전용으로 제한됩니다. "Update Draft Release" 스텝은contents: write권한이 필요하므로, 외부 기여자의 포크 PR에서 실패할 수 있습니다.pull_request_target이벤트를 사용하면 포크 PR에서도 쓰기 권한이 유지됩니다. 단, 이 이벤트는 PR 브랜치가 아닌 베이스 브랜치에서 실행됩니다.
✨ 개선 제안
on:
push:
branches:
- release/*
- main
- # PR 이벤트 추가로 자동화 범위 확대
- pull_request:
- types: [opened, reopened, synchronize]
+ # pull_request_target: 포크 PR에서도 write 권한 유지
+ pull_request_target:
+ types: [opened, reopened, synchronize]
+ branches:
+ - develop
+ - main
+ - release/*
⚠️ pull_request_target사용 시, 신뢰할 수 없는 코드를 checkout 후 빌드하는 스텝이 없어야 합니다. 현재 워크플로우는 checkout 단계가 없으므로 안전합니다.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/release-drafter.yml around lines 3 - 10, Replace the
current pull_request trigger with pull_request_target and add a branches filter
to it (e.g., branches: [release/*, main]) so the workflow only runs for PRs
targeting those base branches and executes with write permissions; update the
workflow permissions to grant contents: write for the job that performs "Update
Draft Release" and confirm no step checks out or runs untrusted PR code (the
safety note references the absence of a checkout), keeping the triggers:
on.pull_request_target and the branches filter in sync.
| # Checkout 단계 제거 (불필요한 작업 생략) | ||
| - name: Update Draft Release | ||
| if: startsWith(github.ref, 'refs/heads/release/') || github.event_name == 'pull_request' | ||
| uses: release-drafter/release-drafter@v6 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# Check if the workflow file exists and verify lines 23 and 31
fd -g "release-drafter.yml" -x cat -n {} | head -40Repository: 2025-snowCode/snowCode-Client
Length of output: 55
🌐 Web query:
release-drafter v6 latest commit SHA github
💡 Result:
The release-drafter/release-drafter@v6 tag currently points to the same commit as the latest v6.x release (v6.2.0): 6db134d15f3909ccc9eefd369f02bd1e9cffdf97. [1][2]
🏁 Script executed:
# Find the workflow file
fd -name "release-drafter.yml" -type fRepository: 2025-snowCode/snowCode-Client
Length of output: 303
🏁 Script executed:
# Also check the workflow directory structure
find . -path "./.git" -prune -o -type f -name "*.yml" -print | grep -i workflow | head -20Repository: 2025-snowCode/snowCode-Client
Length of output: 301
🏁 Script executed:
# Read the workflow file to check lines 23 and 31
cat -n ./.github/workflows/release-drafter.yml | sed -n '20,35p'Repository: 2025-snowCode/snowCode-Client
Length of output: 790
써드파티 액션을 가변 태그 @v6로 참조 중 — 커밋 SHA로 고정 필요
release-drafter/release-drafter@v6는 가변 태그로, 태그가 악의적인 커밋으로 이동될 경우 워크플로우가 의도하지 않은 코드를 실행할 수 있습니다. GitHub의 보안 강화 가이드에 따라 특정 커밋 SHA로 고정하세요.
🔒 개선 방법 (현재 v6 커밋 SHA로 고정)
- uses: release-drafter/release-drafter@v6
+ uses: release-drafter/release-drafter@6db134d15f3909ccc9eefd369f02bd1e9cffdf97 # v6.2.023번 줄과 31번 줄 모두 동일하게 수정해주세요.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| uses: release-drafter/release-drafter@v6 | |
| uses: release-drafter/release-drafter@6db134d15f3909ccc9eefd369f02bd1e9cffdf97 # v6.2.0 |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/release-drafter.yml at line 23, The workflow references
the third-party action release-drafter/release-drafter@v6; replace this mutable
tag with a specific commit SHA to pin the action and prevent unexpected updates.
Locate every occurrence of the string "release-drafter/release-drafter@v6"
(there are two occurrences) and change each to
"release-drafter/release-drafter@<commit-sha>" using the exact commit SHA from
the v6 release you trust, making sure both occurrences use the same SHA.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
⚙️ Related ISSUE Number
close #49
📄 Work Description
CI/CD 및 릴리스 자동화
.github/workflows/ci-cd.yml파일을 추가하여develop및main브랜치에 대한 린트(Lint), 빌드, 의존성 캐싱을 자동화했습니다. 빌드 시 필요한 환경 변수 관리 기능도 포함되었습니다..github/workflows/release-drafter.yml을 통해 릴리스 브랜치나main브랜치로의 푸시 및 PR을 기반으로 릴리스 초안을 자동으로 작성하고 발행하도록 설정했습니다..github/template/release-drafter.yml파일을 추가하여 변경 사항의 카테고리 분류, 버전 계산 규칙, 릴리스 노트 포맷을 정의했습니다.코드베이스 일관성 및 리팩토링
SemesterCode와 같은 공통 타입의 경로를@/entities/course/model/types에서@/shared/model/common으로 일관되게 변경하여 유지보수성을 높였습니다.Badge,SelectableItem등 UI 컴포넌트 내에서 임포트 형식을 정리하고, switch-case 문의 스코프를 최적화하여 가독성을 개선했습니다.제안
이 PR이 머지된 후에는 Release Drafter가 정상적으로 작동하도록 각 PR에 **라벨(
feat,fix,refactor등)**을 꼭 달아야 합니다. 물론 저만 잘하면 될 것 같아요...📷 Screenshot
해당 없음
💬 To Reviewers
🔗 Reference