Fixing the drive action

[JulianTrommer]

Description

The drive action currently fails. This PR tries to fix the action.

Fixes #346

Type of change

• Bug fix (non-breaking change which fixes an issue)

Does this PR introduce a breaking change?

No.

Most important changes

Changes to the drive action drive.yml.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works (might be obsolete with CI later on)
• New and existing unit tests pass locally with my changes (might be obsolete with CI later on)

Summary by CodeRabbit

• Chores
  • Enhanced workflow configuration to facilitate downloading and unzipping artifacts related to pull requests.
  • Improved Docker image build process by capturing and uploading pull request identifiers.
  • Maintained existing control flow and cleanup steps for repository management.

[coderabbitai]

Walkthrough

The pull request updates the workflow configurations in .github/workflows/drive.yml and .github/workflows/build.yml. In drive.yml, new steps are added for downloading and unzipping a pull request artifact, enhancing the handling of Docker commands with inline environment variables. In build.yml, steps to save and upload the pull request ID as an artifact are introduced, improving tracking of pull requests. The overall structure and control flow of both workflows remain unchanged.

Changes

File	Change Summary
.github/workflows/drive.yml	Added steps to download and unzip an artifact related to the PR ID. Modified docker compose command to include environment variables and xhost +local:.
.github/workflows/build.yml	Introduced steps to save PR ID to a file and upload it as an artifact, conditional on pull request events.

Assessment against linked issues

Objective	Addressed	Explanation
Drive action should run without issue (#346)	✅

Possibly related PRs

• Reworked structure & added test build to PRs #345: The changes in .github/workflows/build.yml regarding the handling of pull request events and the introduction of new steps for saving and uploading the PR ID are directly related to the updates made in the main PR's .github/workflows/drive.yml, which also involves handling artifacts associated with pull requests.

🐇 In the garden where bunnies play,
We fixed the drive, hip-hip-hooray!
With Docker's charm and settings bright,
Now actions run both day and night.
Hopping high, we cheer and sing,
For smoother workflows, let joy take wing! 🌼

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)

.github/workflows/drive.yml (1)

24-26: Consider documenting the changes

Given that this fixes a specific issue (#346), it would be helpful to add a comment explaining why these changes were necessary, particularly regarding the environment variables and X11 setup.

Add a comment like:

 - name: Run docker-compose
   run: |
+    # Fix for issue #346: Ensure proper user permissions and X11 access
     xhost +local:
     USERNAME=$(whoami) USER_UID=$(id -u) USER_GID=$(id -g) docker compose up --quiet-pull --exit-code-from agent

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 96451c4 and f01db34.

📒 Files selected for processing (1)

• .github/workflows/drive.yml (1 hunks)

🧰 Additional context used

🔇 Additional comments (3)

.github/workflows/drive.yml (3)

26-26: Good improvements to docker compose command

The addition of --quiet-pull and --exit-code-from agent flags are good improvements:

• --quiet-pull reduces log noise
• --exit-code-from agent ensures proper error propagation from the agent container

---

26-26: Verify environment variable handling on self-hosted runner

While setting USERNAME, USER_UID, and USER_GID is a good practice for container permissions, ensure these variables are consistently available and set correctly on your self-hosted runner.

Let's verify the environment setup:

✅ Verification successful

Based on the shell script results, I can now provide a final response as there is sufficient evidence about how these environment variables are used in the codebase.

Environment variables are properly configured and utilized in the Docker setup

The codebase shows consistent and proper usage of USERNAME, USER_UID, and USER_GID variables across multiple Docker-related files:

• These variables are properly passed through in build/docker-compose.dev.yaml and build/agent_service.yaml
• The Dockerfiles (Dockerfile and Dockerfile_Submission) properly handle these variables to:
  • Create the user and group with correct permissions
  • Set up sudo access
  • Configure ownership of workspace directories
  • Set up Python paths and dependencies

The environment variable handling in the GitHub workflow is correctly implemented and aligns with how these variables are used throughout the Docker configuration.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if docker-compose file uses these environment variables
rg -A 5 'USERNAME|USER_UID|USER_GID' 

# Look for any user-related configurations in Dockerfile or compose files
ast-grep --pattern 'USER|GROUP'

Length of output: 15278

---

25-25: ⚠️ Potential issue

Security Warning: Avoid using xhost +local:

The xhost +local: command disables access control for the X server, which is a security risk. Additionally, this command is typically unnecessary in a CI/CD environment where GUI applications shouldn't be running.

Consider these alternatives:

1. If X11 forwarding is required, use the more secure xauth approach
2. If this is for testing GUI applications, consider using a virtual framebuffer like Xvfb

Let's verify if X11 is actually needed:

[ll7]

Thank you.

@JulianTrommer
Instead of just adding xhost +local, we could modifythe Carla-simulator container by extending its configuration to include the -RenderOffScreen option? I guess we still need to have x11 access for rviz?

You already suggested this change in #320

[coderabbitai]

Actionable comments posted: 3

🧹 Outside diff range and nitpick comments (3)

.github/workflows/build.yml (2)

88-88: Add newline at end of file

Add a newline character at the end of the file to follow YAML best practices.

Apply this change:

          name: pr_id
-         path: pr/
+         path: pr/
+

🧰 Tools

🪛 yamllint

[error] 88-88: no new line character at the end of file

(new-line-at-end-of-file)

---

76-88: Consider workflow documentation and reusability

The new PR ID handling functionality could benefit from:

1. Adding comments explaining the purpose and integration with drive.yml
2. Consider moving PR ID logic to a reusable composite action if this pattern is used across multiple workflows

Example documentation to add above the PR ID steps:

      # The following steps save the PR number as an artifact
      # This is used by the drive workflow to associate test results
      # with the correct pull request

🧰 Tools

🪛 actionlint

80-80: shellcheck reported issue in this script: SC2086:info:2:6: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

[error] 88-88: no new line character at the end of file

(new-line-at-end-of-file)

.github/workflows/drive.yml (1)

Line range hint 1-13: Document environment variables and runner requirements.

The workflow uses environment variables and requires a self-hosted runner with specific capabilities (Docker, X11), but these requirements aren't documented.

Add a comment block at the top of the file:

 name: Evaluate agent
+# Required environment setup:
+# - Self-hosted runner with:
+#   - Docker and Docker Compose installed
+#   - X11 server configured
+# Environment variables:
+# - AGENT_VERSION: Version tag for the agent image (default: latest)
+# - COMPOSE_FILE: Path to the Docker Compose file for CI/CD
 
 on:
   workflow_run:

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between f01db34 and 5aa49df.

📒 Files selected for processing (2)

• .github/workflows/build.yml (1 hunks)
• .github/workflows/drive.yml (2 hunks)

🧰 Additional context used

🪛 actionlint

.github/workflows/build.yml

80-80: shellcheck reported issue in this script: SC2086:info:2:6: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

.github/workflows/build.yml

[error] 88-88: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (1)

.github/workflows/drive.yml (1)

48-50: ⚠️ Potential issue

Security concern: Unrestricted X server access.

The xhost +local: command grants unrestricted access to the X server for all local users, which is a security risk. Consider using a more restrictive approach.

Apply this diff to implement a more secure solution:

-          xhost +local:
-          USERNAME=$(whoami) USER_UID=$(id -u) USER_GID=$(id -g) docker compose up --quiet-pull --exit-code-from agent
+          XSOCK=/tmp/.X11-unix
+          XAUTH=/tmp/.docker.xauth
+          touch $XAUTH
+          xauth nlist $DISPLAY | sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge -
+          USERNAME=$(whoami) USER_UID=$(id -u) USER_GID=$(id -g) \
+          XAUTH=$XAUTH DISPLAY=$DISPLAY \
+          docker compose up --quiet-pull --exit-code-from agent

Let's verify if the Docker Compose file is configured to use these X11 settings:

[coderabbitai]

⚠️ Potential issue

Add conditional and improve artifact handling

The PR ID steps should only run during pull request events, and the shell script can be improved for better reliability.

Apply these improvements:

      - name: Save PR ID
+       if: github.event_name == 'pull_request'
        env:
          PR_ID: ${{ github.event.number }}
        run: |
          mkdir -p ./pr
-         echo $PR_ID > ./pr/pr_id
+         echo "$PR_ID" > ./pr/pr_id

      - name: Upload PR ID
+       if: github.event_name == 'pull_request'
        uses: actions/upload-artifact@v4
        with:
          name: pr_id
          path: pr/
+         retention-days: 1

Changes:

1. Added if conditions to only run during pull requests
2. Added quotes around $PR_ID to prevent word splitting
3. Set retention period to 1 day since this is temporary data

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Save PR ID
	env:
	PR_ID: ${{ github.event.number }}
	run: |
	mkdir -p ./pr
	echo $PR_ID > ./pr/pr_id
	- name: Upload PR ID
	uses: actions/upload-artifact@v4
	with:
	name: pr_id
	path: pr/
	- name: Save PR ID
	if: github.event_name == 'pull_request'
	env:
	PR_ID: ${{ github.event.number }}
	run: |
	mkdir -p ./pr
	echo "$PR_ID" > ./pr/pr_id
	- name: Upload PR ID
	if: github.event_name == 'pull_request'
	uses: actions/upload-artifact@v4
	with:
	name: pr_id
	path: pr/
	retention-days: 1

🧰 Tools

🪛 actionlint

80-80: shellcheck reported issue in this script: SC2086:info:2:6: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint

[error] 88-88: no new line character at the end of file

(new-line-at-end-of-file)

[coderabbitai]

⚠️ Potential issue

Add validation for PR ID.

The PR ID is read from a file without validation, which could lead to errors if the file is empty or contains invalid data.

Apply this diff to add proper validation:

-            let issue_number = Number(fs.readFileSync('./pr_id'));
+            const prIdContent = fs.readFileSync('./pr_id', 'utf8').trim();
+            const issue_number = Number(prIdContent);
+            if (!prIdContent || isNaN(issue_number)) {
+              core.setFailed(`Invalid PR ID: ${prIdContent}`);
+              return;
+            }
             github.rest.issues.createComment({
               issue_number: issue_number,

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	let issue_number = Number(fs.readFileSync('./pr_id'));
	github.rest.issues.createComment({
	issue_number: context.issue.number,
	issue_number: issue_number,
	const prIdContent = fs.readFileSync('./pr_id', 'utf8').trim();
	const issue_number = Number(prIdContent);
	if (!prIdContent || isNaN(issue_number)) {
	core.setFailed(`Invalid PR ID: ${prIdContent}`);
	return;
	}
	github.rest.issues.createComment({
	issue_number: issue_number,

[coderabbitai]

⚠️ Potential issue

Add error handling for artifact operations.

The artifact download/unzip steps lack error handling for cases where the artifact might not exist or the download fails.

Apply this diff to add proper error handling:

 - name: 'Download artifact (PR ID)'
   uses: actions/github-script@v6
   with:
     script: |
       let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
          owner: context.repo.owner,
          repo: context.repo.repo,
          run_id: context.payload.workflow_run.id,
       });
       let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
         return artifact.name == "pr_id"
       })[0];
+      if (!matchArtifact) {
+        core.setFailed('No pr_id artifact found from the build workflow');
+        return;
+      }
       let download = await github.rest.actions.downloadArtifact({
          owner: context.repo.owner,
          repo: context.repo.repo,
          artifact_id: matchArtifact.id,
          archive_format: 'zip',
       });
       let fs = require('fs');
       fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_id.zip`, Buffer.from(download.data));

 - name: 'Unzip artifact (PR ID)'
-  run: unzip pr_id.zip
+  run: |
+    if [ ! -f pr_id.zip ]; then
+      echo "pr_id.zip not found"
+      exit 1
+    fi
+    unzip pr_id.zip

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: 'Download artifact (PR ID)'
	uses: actions/github-script@v6
	with:
	script: |
	let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
	owner: context.repo.owner,
	repo: context.repo.repo,
	run_id: context.payload.workflow_run.id,
	});
	let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
	return artifact.name == "pr_id"
	})[0];
	let download = await github.rest.actions.downloadArtifact({
	owner: context.repo.owner,
	repo: context.repo.repo,
	artifact_id: matchArtifact.id,
	archive_format: 'zip',
	});
	let fs = require('fs');
	fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_id.zip`, Buffer.from(download.data));
	- name: 'Unzip artifact (PR ID)'
	run: unzip pr_id.zip
	- name: 'Download artifact (PR ID)'
	uses: actions/github-script@v6
	with:
	script: |
	let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
	owner: context.repo.owner,
	repo: context.repo.repo,
	run_id: context.payload.workflow_run.id,
	});
	let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
	return artifact.name == "pr_id"
	})[0];
	if (!matchArtifact) {
	core.setFailed('No pr_id artifact found from the build workflow');
	return;
	}
	let download = await github.rest.actions.downloadArtifact({
	owner: context.repo.owner,
	repo: context.repo.repo,
	artifact_id: matchArtifact.id,
	archive_format: 'zip',
	});
	let fs = require('fs');
	fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_id.zip`, Buffer.from(download.data));
	- name: 'Unzip artifact (PR ID)'
	run: |
	if [ ! -f pr_id.zip ]; then
	echo "pr_id.zip not found"
	exit 1
	fi
	unzip pr_id.zip