[REFACTOR] ssm+oidc 세팅#230
Conversation
|
Warning Review limit reached
More reviews will be available in 52 minutes and 20 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses rolling per-developer review limits. Reviews become available again as older review attempts age out of the rolling limit window. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughCD 워크플로( ChangesSSM 기반 CD 파이프라인 전환
Sequence Diagram(s)sequenceDiagram
participant GHA as GitHub Actions
participant OIDC as GitHub OIDC Provider
participant STS as AWS STS
participant SSM as AWS SSM
participant EC2 as EC2 Instance
rect rgba(135, 206, 250, 0.5)
note over GHA,STS: OIDC 자격증명 취득
GHA->>OIDC: ID 토큰 요청
OIDC-->>GHA: ID 토큰 반환
GHA->>STS: AssumeRoleWithWebIdentity
STS-->>GHA: 임시 자격증명 발급
end
rect rgba(144, 238, 144, 0.5)
note over GHA,EC2: SSM 원격 명령 실행
GHA->>SSM: send-command (docker-compose pull/up/ps/prune)
SSM->>EC2: 쉘 명령 전달
EC2-->>SSM: 명령 실행 완료
GHA->>SSM: wait command-executed
GHA->>SSM: get-command-invocation
SSM-->>GHA: stdout 반환
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
✅ Action performedReview finished.
|
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/cd.yml:
- Around line 86-94: The aws ssm wait command-executed waiter times out after
approximately 100 seconds, which can cause false deployment failures when
docker-compose operations exceed this timeout despite the remote command still
executing successfully. Additionally, when the waiter fails, the subsequent
get-command-invocation calls in the step are never executed due to the shell's
pipefail setting, and the current implementation only retrieves
StandardOutputContent while missing StandardErrorContent and Status for proper
diagnostics. Replace the aws ssm wait command-executed waiter with a custom
polling loop that properly handles longer-running operations, and modify the aws
ssm get-command-invocation call to query StandardOutputContent,
StandardErrorContent, and Status together, ensuring these diagnostic outputs are
always retrieved regardless of command success or failure status.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
Run ID: 34482d7c-b6b2-46c7-98d7-9613758de1e5
📒 Files selected for processing (1)
.github/workflows/cd.yml
|
✅ Action performedReview finished.
|
📌 PR 개요
🔗 관련 이슈
🛠 변경 사항
✅ 체크리스트
Summary by CodeRabbit
릴리스 노트