Skip to content

[MOSIP-44260] Update xlsx-to-csv.yml#408

Merged
ckm007 merged 1 commit into
mosip:developfrom
abhishek8shankar:deve
Jun 15, 2026
Merged

[MOSIP-44260] Update xlsx-to-csv.yml#408
ckm007 merged 1 commit into
mosip:developfrom
abhishek8shankar:deve

Conversation

@abhishek8shankar

@abhishek8shankar abhishek8shankar commented Jun 11, 2026

Copy link
Copy Markdown
Member

Summary by CodeRabbit

  • Chores
    • Optimized the XLSX-to-CSV conversion workflow to skip unnecessary processing when no source file changes are detected, while maintaining manual trigger capability.

Signed-off-by: Abhishek S <127825992+abhishek8shankar@users.noreply.github.com>
@coderabbitai

coderabbitai Bot commented Jun 11, 2026

Copy link
Copy Markdown

Review Change Stack

Walkthrough

The workflow now detects XLSX file changes via GitHub API before running conversion steps. Repository cloning, setup, dependency installation, CSV conversion, and commit/push operations are all conditionally executed only when .xlsx files are modified or the job is manually triggered.

Changes

XLSX Change Detection and Conditional Execution

Layer / File(s) Summary
XLSX change detection and conditional gating
.github/workflows/xlsx-to-csv.yml
Workflow adds an initial step to query GitHub PR files API and count .xlsx changes, exposing the result as xlsx_changed output. All subsequent steps—repository cloning, Git setup, dependency installation, CSV conversion, and commit/push—are now gated by a condition that runs only when XLSX files are changed or the workflow is manually dispatched.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🐰 A workflow needs a break,
When no XLSX files awake,
GitHub API peeks,
Saves resources for weeks,
Smart skips make actions partake!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Title check ❓ Inconclusive The title references the MOSIP issue ticket but lacks specificity about the actual change; it merely states 'Update xlsx-to-csv.yml' without conveying the key improvement of adding conditional XLSX file detection. Consider a more descriptive title such as 'Optimize xlsx-to-csv workflow with conditional XLSX file detection' to better communicate the main change.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/xlsx-to-csv.yml:
- Around line 23-24: The current FILES fetch only reads the default first page
of the PR files API, so XLSX_CHANGED can be zero for large PRs; update the logic
that sets FILES and XLSX_CHANGED to paginate through the GitHub PR files
endpoint (use per_page=100 and loop over page=1..N until an empty page) and
concatenate/append results into FILES before running the jq count; ensure the
same curl/authorization usage is applied per page and then compute XLSX_CHANGED
from the aggregated FILES array.
- Around line 17-25: The check_xlsx step (id: check_xlsx) assumes a PR payload
by unconditionally using github.event.number and calling the PR files API;
update this step to be event-aware: first detect event via github.event_name (or
check github.event.pull_request) and only set PR_NUMBER and call the GitHub PR
files API when the event is a pull_request; for non-PR runs (workflow_dispatch)
set XLSX_CHANGED to 0 (or skip the curl call) so downstream steps that use the
xlsx_changed output and any PR-derived variables won't break; apply the same
event-aware guard to the other places you reference PR fields (the other
occurrences noted) so they either short-circuit or emit safe defaults when no PR
exists.
- Around line 20-23: The workflow is expanding attacker-controlled
github.event.* values (e.g., the inline PR_NUMBER and FILES curl invocation)
directly inside a run step under pull_request_target, which can exfiltrate
secrets; change the flow so you do not interpolate github.event.pull_request.*
into shell commands: instead add a separate, safe step that reads the event
payload via actions/github-script (octokit) or by parsing GITHUB_EVENT_PATH with
jq to extract and validate the PR number (and any other pull_request fields),
set those as step outputs or sanitized env vars, and then use those outputs (not
raw github.event expressions) in the subsequent run/curl step (or perform the
API call with octokit directly) to eliminate direct untrusted expansion in the
shell; update usages of PR_NUMBER, FILES, and the curl call accordingly and
remove any direct ${ { github.event.* } } interpolations in run steps when using
pull_request_target.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7a7ba7c0-90a7-4000-bc59-603ebe01060e

📥 Commits

Reviewing files that changed from the base of the PR and between 39455d5 and 863d68c.

📒 Files selected for processing (1)
  • .github/workflows/xlsx-to-csv.yml

Comment thread .github/workflows/xlsx-to-csv.yml
Comment thread .github/workflows/xlsx-to-csv.yml
Comment thread .github/workflows/xlsx-to-csv.yml
@ckm007 ckm007 merged commit 4adf16e into mosip:develop Jun 15, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants