[build] dynamically add and remove rulesets for release

[titusfortner]

💥 What does this PR do?

The rulesets we were using to lock trunk during release were deleted, demonstrating that relying on hard coded ids was brittle. This new process uses committed json files to dynamically create and delete rulesets during the release.

Also this fixes nightly

Implementation

Note that I'm not using pagination in gh api call because we won't have 30 rulesets and the code gets weird quickly.

🤖 AI assistance

• No substantial AI assistance used
• AI assisted (complete below)
  • Tool(s): Claude
  • What was generated: syntax
  • I reviewed all AI output and can explain the change

🔄 Types of changes

• New feature (non-breaking change which adds functionality and tests!)

[qodo-code-review]

Review Summary by Qodo

Dynamically manage rulesets for release using JSON configuration

✨ Enhancement

Walkthroughs

Description

• Replace hardcoded ruleset IDs with dynamic JSON-based configuration
• Create and delete rulesets programmatically during release workflow
• Add CI success verification job to validate all required checks
• Improve release process robustness and maintainability

Diagram

flowchart LR
  A["Ruleset JSON Files"] -->|"Define rules"| B["restrict-trunk.yml"]
  B -->|"Create on restrict"| C["GitHub Rulesets API"]
  B -->|"Delete on unrestrict"| C
  D["CI Workflow"] -->|"Add verification"| E["CI Success Job"]
  E -->|"Validates all checks"| F["Release Ready"]

Loading

File Changes

1. .github/rulesets/release-require-passing.json ⚙️ Configuration changes +41/-0

Release passing checks ruleset configuration

• New ruleset configuration file for release phase
• Enforces required status checks on default branch
• Prevents deletion and non-fast-forward pushes
• Specifies four required CI checks: RBE tests, CI Success, workflow validation, and format check

.github/rulesets/release-require-passing.json

---

2. .github/rulesets/release-restrict-trunk.json ⚙️ Configuration changes +28/-0

Release trunk restriction ruleset configuration

• New ruleset configuration file for release phase
• Restricts trunk branch updates during release
• Prevents deletion and non-fast-forward pushes
• Allows release team to bypass restrictions

.github/rulesets/release-restrict-trunk.json

---

3. .github/workflows/ci.yml ✨ Enhancement +13/-0

Add CI success verification job

• Add new ci-success job that runs after all other CI jobs
• Verifies that no required jobs failed or were cancelled
• Exits with error code if any job failed, blocking release

.github/workflows/ci.yml

---

View more (1)

4. .github/workflows/restrict-trunk.yml ✨ Enhancement +22/-15

Replace hardcoded rulesets with dynamic management

• Replace hardcoded ruleset IDs with dynamic JSON-based approach
• Remove matrix strategy iterating over static ruleset IDs
• Add checkout step to retrieve ruleset JSON definitions
• Implement bash scripts to create/delete rulesets using GitHub CLI
• Use jq to parse ruleset names and query ruleset IDs from API

.github/workflows/restrict-trunk.yml

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (3) 📘 Rule violations (2) 📎 Requirement gaps (0)

1. Release check not fail-safe ✓ Resolved 🐞 Bug ☼ Reliability

Description

The nightly workflow only sets release-in-progress=true when the rulesets query succeeds and
returns true; if gh api fails (e.g., auth/API error), the condition evaluates false and the output
is left unset, so nightly releases proceed despite an unknown release state. This can cause the
nightly pipeline to run during an active release or when the ruleset check is unavailable.

Code

.github/workflows/nightly.yml[R55-59]

+          GH_TOKEN: ${{ secrets.SELENIUM_CI_TOKEN }}
+          GH_REPO: ${{ github.repository }}
        run: |
          set -euo pipefail
-          if ! ENFORCEMENT=$(gh api /repos/${{ github.repository }}/rulesets/11911909 --jq '.enforcement' 2>/dev/null); then
-            echo "::warning::Failed to check release ruleset, assuming release in progress"
+          if gh api "repos/$GH_REPO/rulesets" --jq 'any(.[]; .name | startswith("Release:"))' | grep -q true; then

Evidence

The release-in-progress workflow output is consumed to decide whether to run nightly releases, but
the check step only sets it in the then branch and has no else/fallback, so errors or non-matches
leave it unset and the nightly-release job runs.

.github/workflows/nightly.yml[35-40]
.github/workflows/nightly.yml[52-61]
.github/workflows/nightly.yml[63-67]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The `prepare` job’s “Check if release ruleset is active” step only writes `release-in-progress=true` in the success path. If the `gh api` call fails, the step produces no output, and downstream logic treats it as not in progress.

### Issue Context
`needs.prepare.outputs.release-in-progress` gates the nightly release job. An unset output is not equal to `'true'`, so the nightly release will run even when the ruleset check failed.

### Fix Focus Areas
- .github/workflows/nightly.yml[52-61]

### Suggested fix
Update the step to be fail-safe and to always write an explicit output value.

For example:
- Call `gh api` and check its exit status.
- If the API call fails, emit a warning and set `release-in-progress=true` (safe default).
- Otherwise set `release-in-progress=true|false` based on the jq result.

(Any equivalent approach that distinguishes “false” from “error” and always sets the output is fine.)

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. gh api missing pagination 📘 Rule violation ☼ Reliability

Description

The nightly release gate checks for "Release:" rulesets using gh api "repos/$GH_REPO/rulesets"
without pagination, so it may miss matching rulesets beyond the first page and incorrectly proceed
with nightly releases during an active release. This makes the workflow’s behavior non-deterministic
based on ruleset count/order, violating the script hardening requirement.

Code

.github/workflows/nightly.yml[59]

+          if gh api "repos/$GH_REPO/rulesets" --jq 'any(.[]; .name | startswith("Release:"))' | grep -q true; then

Evidence

PR Compliance ID 13 requires hardened scripts with deterministic behavior. The new check uses `gh
api to list rulesets but does not use --paginate`, so the jq/grep test can miss matches when
results span multiple pages.

.github/workflows/nightly.yml[55-60]
Best Practice: Learned patterns

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The workflow queries `repos/$GH_REPO/rulesets` without pagination, so the "release in progress" detection can be incomplete and non-deterministic.

## Issue Context
GitHub API list endpoints can paginate; if the target rulesets are not returned on the first page, the check may incorrectly return `false` and allow nightly jobs to run.

## Fix Focus Areas
- .github/workflows/nightly.yml[55-60]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. jq any(.[]) assumes array ✓ Resolved 📘 Rule violation ☼ Reliability

Description

The ruleset existence check uses jq -e any(.[]; .name == $n) against $existing without ensuring
$existing is a single JSON array, so API errors or multi-document output (e.g., from `gh api
--paginate) can cause parse/iteration failures or make jq` decide based only on the last page,
potentially missing an existing ruleset and creating a duplicate that breaks or complicates the
trunk restrict/unrestrict workflow.

Code

.github/workflows/restrict-trunk.yml[66]

+            if jq -e --arg n "$name" 'any(.[]; .name == $n)' <<<"$existing" >/dev/null; then

Evidence

PR Compliance ID 13 requires robust handling of external inputs, but the workflow captures the `gh
api ... --paginate response into existing and then runs jq -e --arg n "$name" 'any(.[]; .name ==
$n)' without first slurping/merging paginated pages into a single array. Because --paginate` can
emit multiple JSON documents (one per page) or non-array/error output, iterating .[] assumes a
single array and can fail to parse/iterate, and even when it parses as multiple documents, jq -e’s
exit status is determined by the last document so a ruleset present on an earlier page can be missed
and a duplicate created.

.github/workflows/restrict-trunk.yml[66-66]
.github/workflows/restrict-trunk.yml[61-71]
Best Practice: Learned patterns

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The workflow’s ruleset existence check uses `jq -e --arg n "$name" 'any(.[]; .name == $n)' <<<"$existing"`, which assumes `$existing` is a single valid JSON array. When `gh api ... --paginate` emits multiple JSON documents (one per page), or when the API returns unexpected/error output, this can cause parse/iteration failures or make the check effectively depend on only the last page, potentially missing an existing ruleset and creating a duplicate, disrupting trunk restrict/unrestrict behavior.

## Issue Context
This job locks/unlocks trunk during release; failures can block releases or leave trunk in the wrong state. Missing an existing ruleset due to pagination can create duplicate rulesets with the same `.name`, making subsequent deletion/unlock behavior ambiguous or incomplete.

## Fix Focus Areas
- .github/workflows/restrict-trunk.yml[61-67]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

View more (2)

4. Unvalidated $id in delete ✓ Resolved 📘 Rule violation ☼ Reliability

Description

The workflow deletes rulesets by using a $id derived from gh api name matching without
validating that exactly one ruleset ID was found, so empty or multiple matches can yield an invalid
DELETE URL and non-deterministic failures that can block trunk unlock. This violates the requirement
to harden scripts by validating preconditions and handling external/config inputs deterministically.

Code

.github/workflows/restrict-trunk.yml[R69-72]

+          for f in .github/rulesets/release-*.json; do
+            name=$(jq -r .name "$f")
+            id=$(gh api "repos/$GH_REPO/rulesets" --jq ".[] | select(.name==\"$name\") | .id")
+            gh api -X DELETE "repos/$GH_REPO/rulesets/$id"

Evidence

Rule 13 calls for validating preconditions instead of relying on brittle command output, and Rule 11
requires deterministic validation of config/external inputs; here, the workflow obtains id from an
external gh api call based on name matching and immediately uses it to construct a `DELETE
.../rulesets/$id` request with no checks for empty output or multiple newline-separated IDs, which
makes behavior unclear and potentially non-deterministic. This deletion path runs during unlock
because unlock-trunk.yml invokes the workflow with restrict: false, so any failure or invalid
URL directly prevents trunk unlock and impacts release operations, especially since reruns can
recreate rulesets and lead to duplicate matches.

.github/workflows/restrict-trunk.yml[69-72]
.github/workflows/restrict-trunk.yml[65-73]
.github/workflows/unlock-trunk.yml[8-16]
.github/workflows/restrict-trunk.yml[58-64]
Best Practice: Learned patterns
Best Practice: Learned patterns

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Harden the ruleset deletion logic so it does not blindly construct and call `DELETE .../rulesets/$id` from `gh api` output; instead, it must validate that the name lookup yields a safe, deterministic set of IDs (and handle empty/multiple matches explicitly) to avoid invalid URLs and non-deterministic failures during unlock.

## Issue Context
This is release automation: the unlock path (`Delete release rulesets`) runs when `unlock-trunk.yml` calls the workflow with `restrict: false`. Rulesets are created via POST in a loop and can be recreated on reruns, so duplicate names/IDs are possible; if the lookup returns empty output (not found) or multiple newline-separated IDs (duplicates), the current deletion step can fail unpredictably, produce unclear errors, and block trunk unlock. Consider also validating that the glob `.github/rulesets/release-*.json` matches at least one file before looping, and fail with a clear message if none are found.

## Fix Focus Areas
- .github/workflows/restrict-trunk.yml[58-64]
- .github/workflows/restrict-trunk.yml[65-73]
- .github/workflows/unlock-trunk.yml[8-16]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

5. Ruleset creation duplicates ✓ Resolved 🐞 Bug ☼ Reliability

Description

The restrict path always POSTs new rulesets from JSON files without checking whether rulesets with
the same name already exist, so reruns can create duplicates and make later deletion-by-name
ambiguous.

Code

.github/workflows/restrict-trunk.yml[R58-64]

+      - name: Create release rulesets
+        if: inputs.restrict
+        shell: bash
+        run: |
+          for f in .github/rulesets/release-*.json; do
+            gh api -X POST "repos/$GH_REPO/rulesets" --input "$f"
+          done

Evidence

Creation uses POST in a loop with no existence check; deletion later selects by name, so duplicate
names are plausible and create ambiguity.

.github/workflows/restrict-trunk.yml[58-64]
.github/workflows/restrict-trunk.yml[69-72]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The `Create release rulesets` step uses `POST /rulesets` for every JSON file every time restriction is enabled. This can create duplicate rulesets on reruns and interacts badly with name-based deletion.

### Issue Context
The delete step selects by `.name`, so duplicates will either break deletion (multi-id) or leave extra rulesets behind.

### Fix Focus Areas
- .github/workflows/restrict-trunk.yml[58-64]
- .github/workflows/restrict-trunk.yml[65-73]

### Implementation notes
Choose one:
- **Upsert approach**: before POST, query existing rulesets by name; if found, `PATCH`/`PUT` that ID (or delete then recreate).
- **Delete-then-create approach**: on restrict, delete any existing matching rulesets by name first, then create exactly one.
In all cases, ensure the script handles 0/1/N matches deterministically.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

6. jq assumes .name string 📘 Rule violation ☼ Reliability

Description

The new nightly release gate assumes the GitHub API response is a JSON array and that every element
has a string .name, which can cause jq to error and fail the workflow rather than
deterministically handling an unexpected/invalid response. This violates the requirement to validate
external/protocol inputs early with actionable handling.

Code

.github/workflows/nightly.yml[R59-60]

+          rulesets=$(gh api "repos/$GH_REPO/rulesets" 2>/dev/null || echo '[{"name":"Release: api-error"}]')
+          if jq -e 'any(.[]; .name | startswith("Release:"))' <<<"$rulesets" >/dev/null; then

Evidence

Rule 12 requires validating external/protocol-derived inputs before use. The added code directly
iterates .[] and applies startswith() to .name without guarding for non-array responses or
missing/non-string .name, which can produce non-deterministic failures when the API response shape
is unexpected.

.github/workflows/nightly.yml[59-60]
Best Practice: Learned patterns

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The workflow parses `gh api` output with `jq -e 'any(.[]; .name | startswith("Release:"))'`, which assumes the response is a JSON array and `.name` is always a string. If the API ever returns an unexpected shape (or a page/object), `jq` can error and fail the job instead of handling the condition deterministically.

## Issue Context
This step controls whether `nightly-release` runs. Since the input comes from an external API, it should be validated/handled defensively.

## Fix Focus Areas
- .github/workflows/nightly.yml[59-60]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

7. Silent rulesets API failure 🐞 Bug ◔ Observability

Description

The nightly release gate suppresses gh api stderr and falls back to a synthetic ruleset name that
forces release-in-progress=true, so nightlies can be skipped with no visible indication that the
GitHub API call actually failed. This makes operational triage difficult (release vs auth/rate-limit
outage) and can lead to unexplained skipped nightlies.

Code

.github/workflows/nightly.yml[R59-60]

+          rulesets=$(gh api "repos/$GH_REPO/rulesets" 2>/dev/null || echo '[{"name":"Release: api-error"}]')
+          if jq -e 'any(.[]; .name | startswith("Release:"))' <<<"$rulesets" >/dev/null; then

Evidence

The gate hides API failures by discarding stderr and substituting a JSON payload that will match the
Release: prefix check, which then sets release-in-progress=true and causes nightly-release to
be skipped with no warning.

.github/workflows/nightly.yml[52-62]
.github/workflows/nightly.yml[64-68]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The nightly workflow suppresses `gh api` errors (`2>/dev/null`) and uses a fallback JSON that intentionally matches `startswith("Release:")`. That correctly fail-safes by skipping nightlies, but it provides no warning explaining the skip was due to an API/auth failure.

### Issue Context
This happens in the `prepare` job’s “Check if release ruleset is active” step. The `nightly-release` job is gated by `needs.prepare.outputs.release-in-progress != 'true'`, so the silent fallback can skip the main work without any signal as to why.

### Fix Focus Areas
- `.github/workflows/nightly.yml[59-60]`

### Suggested change
Refactor the command substitution to detect failure and emit a `::warning::` (or at minimum `echo` a message) before applying the fallback. For example:

```bash
if ! rulesets=$(gh api "repos/$GH_REPO/rulesets" 2>/dev/null); then
 echo "::warning::Failed to fetch rulesets via gh api; treating as release-in-progress"
 rulesets='[{"name":"Release: api-error"}]'
fi

if jq -e 'any(.[]; .name | startswith("Release:"))' <<<"$rulesets" >/dev/null; then
 echo "release-in-progress=true" >> "$GITHUB_OUTPUT"
fi
```

(Keep the current fail-safe behavior, but make the reason visible in logs.)

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

8. jq error triggers creation path 🐞 Bug ≡ Correctness

Description

The existence check is implemented as a jq command inside an if, so any non-zero jq exit code
(including parse/runtime errors) is treated the same as “not found” and falls through to create a
ruleset. This can cause the workflow to attempt POSTs when it cannot correctly interpret the current
ruleset state.

Code

.github/workflows/restrict-trunk.yml[R63-70]

+          existing=$(gh api "repos/$GH_REPO/rulesets")
+          for f in .github/rulesets/release-*.json; do
+            name=$(jq -r .name "$f")
+            if jq -e --arg n "$name" 'any(.[]; .name == $n)' <<<"$existing" >/dev/null; then
+              echo "Ruleset '$name' already exists; skipping"
+            else
+              echo "Creating ruleset: $name"
+              gh api -X POST "repos/$GH_REPO/rulesets" --input "$f"

Evidence

The current code runs jq ... directly in the if condition and uses else as the default path;
this means any jq non-zero exit status will take the creation path, regardless of why jq failed.

.github/workflows/restrict-trunk.yml[63-70]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`jq` is used as the `if` predicate for “already exists”; if `jq` fails for reasons other than “no match”, the script executes the `else` branch and attempts to create a ruleset.

### Issue Context
This makes API/JSON issues behave like a missing ruleset, which can lead to unintended POSTs and partial/incorrect state.

### Fix
Explicitly distinguish:
- exit 0: found
- exit 1: not found
- exit >1: error (fail the step)

Example:
```bash
jq -e --arg n "$name" 'any(.[]; .name == $n)' <<<"$existing" >/dev/null
rc=$?
if [ $rc -eq 0 ]; then
 echo "Ruleset '$name' already exists; skipping"
elif [ $rc -eq 1 ]; then
 echo "Creating ruleset: $name"
 gh api -X POST "repos/$GH_REPO/rulesets" --input "$f"
else
 echo "Failed to evaluate existing rulesets (jq rc=$rc)" >&2
 exit $rc
fi
```

### Fix Focus Areas
- .github/workflows/restrict-trunk.yml[63-70]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

View more (2)

9. gh api missing pagination ✓ Resolved 📘 Rule violation ☼ Reliability

Description

The workflow captures existing rulesets via gh api without --paginate, which can silently omit
rulesets beyond the first page. This can cause non-deterministic behavior (e.g., failing to detect
or delete some release rulesets), potentially leaving trunk incorrectly restricted/unrestricted.

Code

.github/workflows/restrict-trunk.yml[63]

+          existing=$(gh api "repos/$GH_REPO/rulesets")

Evidence

PR Compliance ID 16 requires hardening scripts for deterministic behavior. The new code uses the
results of gh api as the authoritative list of existing rulesets, but the list call is not
paginated, so the subsequent create/delete decisions can be based on incomplete data.

.github/workflows/restrict-trunk.yml[62-63]
.github/workflows/restrict-trunk.yml[77-78]
Best Practice: Learned patterns

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The workflow lists existing rulesets using `gh api "repos/$GH_REPO/rulesets"` but does not use `--paginate`, so it may only read the first page of results.

## Issue Context
The create/delete logic relies on the `existing` JSON to determine whether to POST new rulesets and which IDs to DELETE. If the repository has more rulesets than fit in one API page, some relevant rulesets may be missed.

## Fix Focus Areas
- .github/workflows/restrict-trunk.yml[62-63]
- .github/workflows/restrict-trunk.yml[77-78]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

10. Hard-coded GitHub IDs 🐞 Bug ⚙ Maintainability

Description

The committed ruleset JSON still hard-codes GitHub identifiers (team actor_id and
required_status_checks integration_id), so if those identifiers change, rule
creation/bypass/required-check binding can fail or no longer apply as intended.

Code

.github/rulesets/release-require-passing.json[R20-35]

+          {
+            "context": "Test / All RBE tests",
+            "integration_id": 15368
+          },
+          {
+            "context": "CI Success",
+            "integration_id": 15368
+          },
+          {
+            "context": "Validate workflows",
+            "integration_id": 15368
+          },
+          {
+            "context": "Format / Check Format",
+            "integration_id": 15368
+          }

Evidence

The ruleset definitions include literal numeric IDs for both required status check integration and
bypass team actor, which couples release automation to those specific GitHub entities.

.github/rulesets/release-require-passing.json[19-35]
.github/rulesets/release-restrict-trunk.json[21-27]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The new ruleset definitions hard-code `integration_id` and `actor_id`. This reintroduces brittleness (different from the old ruleset-id brittleness, but still an ID-coupling) and can break rule creation/bypass if the referenced entities change.

### Issue Context
- `integration_id` is repeated for each required status check.
- `actor_id` binds bypass to a specific team numeric ID.

### Fix Focus Areas
- .github/rulesets/release-require-passing.json[19-35]
- .github/rulesets/release-restrict-trunk.json[21-27]

### Implementation notes
- Prefer omitting `integration_id` if the API allows matching by context alone.
- For bypass team: consider resolving the team ID dynamically in the workflow (by slug) and templating the JSON before POST, or documenting the required team ID and adding a verification step that fails with a clear message if the team can’t be resolved.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[Copilot]

Pull request overview

This PR replaces hard-coded GitHub Ruleset IDs used to lock/unlock trunk during release with committed JSON ruleset definitions that are created/deleted dynamically, and adds a dedicated “CI Success” check to support a required-status-check rule during release.

Changes:

• Update restrict-trunk.yml to checkout committed ruleset JSON and create/delete rulesets via gh api.
• Add a CI Success job to ci.yml that aggregates results of the main CI jobs.
• Add two committed release ruleset definitions (Release: Restrict Trunk, Release: Require Passing).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
.github/workflows/restrict-trunk.yml	Switches from updating fixed ruleset IDs to creating/deleting rulesets from committed JSON via GitHub API.
.github/workflows/ci.yml	Adds a terminal “CI Success” job intended to be used as a required status check during releases.
.github/rulesets/release-restrict-trunk.json	Defines the release-only ruleset to prevent non-fast-forward/deletion/updates to the default branch except for a bypass team.
.github/rulesets/release-require-passing.json	Defines the release-only ruleset requiring specific checks (including “CI Success”) before updates to the default branch.

[qodo-code-review]

Persistent review updated to latest commit 236ef87

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

[qodo-code-review]

Persistent review updated to latest commit 68ca405

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

[qodo-code-review]

Persistent review updated to latest commit 3aea68b

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

[qodo-code-review]

Persistent review updated to latest commit 49ef327

[qodo-code-review]

Persistent review updated to latest commit ac25d48

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

[qodo-code-review]

Persistent review updated to latest commit 6b83248

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.