Skip to content

added extra logs#27

Open
hemusimple wants to merge 15 commits into
tejpratap46:mainfrom
hemusimple:chore/add-logs
Open

added extra logs#27
hemusimple wants to merge 15 commits into
tejpratap46:mainfrom
hemusimple:chore/add-logs

Conversation

@hemusimple

@hemusimple hemusimple commented Apr 16, 2026

Copy link
Copy Markdown
Collaborator

Summary by CodeRabbit

  • Chores
    • Added lightweight debug logging to aid troubleshooting during app startup and activity setup.
    • Introduced an automated PR review workflow that runs on pull requests, executes review tooling, and uploads review logs for retention.

@coderabbitai

coderabbitai Bot commented Apr 16, 2026

Copy link
Copy Markdown
Contributor

Warning

Rate limit exceeded

@hemusimple has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 38 minutes and 33 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 38 minutes and 33 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7c9a481f-bd6a-4622-9540-4be2ca8e9e1a

📥 Commits

Reviewing files that changed from the base of the PR and between 571eb7e and c5c17e8.

📒 Files selected for processing (1)
  • .github/workflows/kotlin-review.yml
📝 Walkthrough

Walkthrough

Added debug logging and a new public getData() method to LyricsActivity, and introduced a new GitHub Actions workflow (.github/workflows/kotlin-review.yml) that runs a Python-based Kotlin PR review agent and uploads its logs as an artifact.

Changes

Cohort / File(s) Summary
Activity Logging
modules/lyrics-maker/src/main/java/com/tejpratapsingh/lyricsmaker/presentation/activity/LyricsActivity.kt
Added android.util.Log debug calls in Companion.start() and onCreate(). Added local val data = getdata() in onCreate() and a new public fun getData(): String returning "user data".toString().
GitHub Actions Workflow
.github/workflows/kotlin-review.yml
New workflow triggered on PR events (opened, reopened, synchronize). Runs a kotlin_review job on code-review runner, checks out repo, installs Python deps, runs review_ci.py with mapped CI_* env vars, and uploads review_output.log as review-output artifact (7-day retention, if: always()).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested labels

enhancement

Poem

🐰 I hopped in logs both bright and spry,

Debug whispers as methods fly,
A workflow hums to check each line,
getData returns a little sign,
Hooray — the repo’s feeling fine!

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Title check ⚠️ Warning The pull request title 'added extra logs' is only partially related to the changeset. While logging is added to LyricsActivity.kt, the main change in this PR is the addition of a comprehensive GitHub Actions workflow for Kotlin code review, which is a more significant and structural change than just adding debug logs. Update the title to better reflect the primary changes, such as 'Add Kotlin review workflow and debug logging' or 'Implement CI workflow for Kotlin code review' to accurately represent both major components of this changeset.
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (1 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@amazon-q-developer amazon-q-developer Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I attempted to review this PR but encountered technical difficulties accessing the repository content and diff details. The standard file content and diff retrieval tools are not functioning properly for this repository.

PR Summary:

  • Title: "added extra logs"
  • Changes: 3 additions, 1 deletion in LyricsActivity.kt
  • No PR description provided

Unable to Complete Review:
Without access to the actual code changes, I cannot provide specific feedback on:

  • What is being logged and whether it's appropriate
  • Whether any sensitive information might be exposed
  • The log level being used
  • Performance implications

Recommendation:
Please ensure the following for logging changes:

  • Use appropriate log levels (DEBUG, INFO, WARN, ERROR)
  • Avoid logging sensitive information (PII, credentials, tokens)
  • Consider performance impact in frequently executed code
  • Add a meaningful PR description explaining what is being logged and why

A manual review by a team member with repository access is recommended to verify these logging changes are safe and appropriate.


You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces logging to LyricsActivity to track its initialization and lifecycle. The review feedback suggests using the TAG constant for consistency, improving log formatting, and critically, adding a safety check for the lyrics list to prevent a potential crash when the list is empty.

override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)

Log.d("LyricsActivity","onCreate")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

  1. Use the TAG constant instead of a hardcoded string for consistency.
  2. Add a space after the comma in the Log.d call.
  3. Potential Crash: The lyrics list can be empty if the intent extra is missing. Calling minBy and maxBy on the subsequent lines (77-78) will throw a NoSuchElementException on an empty list. Added a safety check to finish the activity if no lyrics are provided.
Suggested change
Log.d("LyricsActivity","onCreate")
Log.d(TAG, "onCreate")
if (lyrics.isEmpty()) {
finish()
return
}

lyrics: ArrayList<SyncedLyricFrame>,
socialMeta: SocialMeta? = null,
) {
Log.d(TAG,"start")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Add a space after the comma in the Log.d call to adhere to standard Kotlin style conventions and improve readability.

Suggested change
Log.d(TAG,"start")
Log.d(TAG, "start")

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
kotlin-review.yml (1)

34-35: Hard-coded absolute paths tightly couple this workflow to one runner image.

This is brittle and will break if the runner directory layout changes. Prefer a configurable base path (repo var/env) and python -m pip for interpreter consistency.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@kotlin-review.yml` around lines 34 - 35, Replace hard-coded absolute paths in
the workflow steps (the two shell commands installing requirements and running
review_ci.py) with a configurable base path variable (e.g., an env/input like
REPO_DIR or WORKSPACE) and reference files relative to that variable instead of
/home/rntbci/…; also use interpreter-consistent installation by running pip via
the Python module (python -m pip install -q -r <path>) and invoke the script
with the same python (python -m <module> or python <path>) to avoid relying on a
specific runner layout.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@kotlin-review.yml`:
- Line 1: The workflow file kotlin-review.yml is placed at the repository root
so GitHub Actions won't discover it; move the file into the repository's GitHub
Actions workflows directory (e.g., .github/workflows) so the workflow will be
detected and run, and ensure the filename remains kotlin-review.yml and the YAML
remains valid after the move.
- Around line 4-5: The workflow currently triggers on pull_request events which
run without repo secrets for forked PRs; update the job(s) that require secrets
by adding a conditional guard like using the GitHub context (e.g. put an if: ${{
github.event.pull_request == null || !github.event.pull_request.head.repo.fork
}} at the job level) so the job skips when
github.event.pull_request.head.repo.fork is true; keep the pull_request trigger
but ensure any secret-dependent job (the job(s) referencing secrets) has this
if-check to avoid running for forked PRs.

---

Nitpick comments:
In `@kotlin-review.yml`:
- Around line 34-35: Replace hard-coded absolute paths in the workflow steps
(the two shell commands installing requirements and running review_ci.py) with a
configurable base path variable (e.g., an env/input like REPO_DIR or WORKSPACE)
and reference files relative to that variable instead of /home/rntbci/…; also
use interpreter-consistent installation by running pip via the Python module
(python -m pip install -q -r <path>) and invoke the script with the same python
(python -m <module> or python <path>) to avoid relying on a specific runner
layout.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3da30965-f06d-4cc0-a2ff-e9b136ea1053

📥 Commits

Reviewing files that changed from the base of the PR and between a3a88c7 and 56f603a.

📒 Files selected for processing (1)
  • kotlin-review.yml

Comment thread kotlin-review.yml
@@ -0,0 +1,43 @@
name: Kotlin PR Review

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Found kotlin-review.yml at:"
fd -a '^kotlin-review\.yml$'

echo
echo "All workflows under .github/workflows:"
fd -a '.ya?ml' .github/workflows || true

Repository: tejpratap46/AndroidVideoMotion

Length of output: 511


Move this workflow file to .github/workflows/kotlin-review.yml.

This file is currently at the repository root. GitHub Actions only discovers workflow YAML files inside .github/workflows/, so this workflow will never run in its current location.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@kotlin-review.yml` at line 1, The workflow file kotlin-review.yml is placed
at the repository root so GitHub Actions won't discover it; move the file into
the repository's GitHub Actions workflows directory (e.g., .github/workflows) so
the workflow will be detected and run, and ensure the filename remains
kotlin-review.yml and the YAML remains valid after the move.

Comment thread kotlin-review.yml
Comment on lines +4 to +5
pull_request:
types: [opened, reopened, synchronize]

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

In GitHub Actions, are repository secrets available to workflows triggered by pull_request events from forked repositories?

💡 Result:

No, repository secrets are not available to workflows triggered by pull_request events from forked repositories.

Citations:


🏁 Script executed:

#!/bin/bash
# Find and examine the kotlin-review.yml file
fd -name "kotlin-review.yml" -type f

Repository: tejpratap46/AndroidVideoMotion

Length of output: 304


🏁 Script executed:

#!/bin/bash
# Find the kotlin-review.yml file
fd "kotlin-review.yml"

Repository: tejpratap46/AndroidVideoMotion

Length of output: 91


🏁 Script executed:

#!/bin/bash
# Read the kotlin-review.yml file to verify the workflow structure
cat -n kotlin-review.yml

Repository: tejpratap46/AndroidVideoMotion

Length of output: 1972


Fork PRs will fail because this job requires secrets on pull_request events.

Repository secrets are not available to workflows triggered by pull_request events from forked repositories. Add a guard to skip this step cleanly when running from a fork.

Suggested fix
 jobs:
   kotlin_review:
     steps:
       - name: Run Kotlin Review Agent
+        if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
         env:
           PLATFORM: github
           REVIEWER_TOKEN: ${{ secrets.REVIEWER_TOKEN }}
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@kotlin-review.yml` around lines 4 - 5, The workflow currently triggers on
pull_request events which run without repo secrets for forked PRs; update the
job(s) that require secrets by adding a conditional guard like using the GitHub
context (e.g. put an if: ${{ github.event.pull_request == null ||
!github.event.pull_request.head.repo.fork }} at the job level) so the job skips
when github.event.pull_request.head.repo.fork is true; keep the pull_request
trigger but ensure any secret-dependent job (the job(s) referencing secrets) has
this if-check to avoid running for forked PRs.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
.github/workflows/kotlin-review.yml (1)

33-35: Add error handling for the review script execution.

The workflow doesn't validate that dependencies installed successfully or that the review script exists before attempting to run it. This could lead to cryptic failures.

🛡️ Add validation and error handling
         run: |
-          pip3 install -q httpx python-dotenv pydantic pydantic-settings ollama loguru tenacity
-          python3 /home/rntbci/AIML/code-reviewer/review_ci.py 2>&1 | tee review_output.log
+          # Install dependencies
+          if ! pip3 install -q httpx python-dotenv pydantic pydantic-settings ollama loguru tenacity; then
+            echo "ERROR: Failed to install Python dependencies"
+            exit 1
+          fi
+          
+          # Verify script exists
+          SCRIPT_PATH="/home/rntbci/AIML/code-reviewer/review_ci.py"
+          if [ ! -f "$SCRIPT_PATH" ]; then
+            echo "ERROR: Review script not found at $SCRIPT_PATH"
+            exit 1
+          fi
+          
+          # Run review
+          python3 "$SCRIPT_PATH" 2>&1 | tee review_output.log
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/kotlin-review.yml around lines 33 - 35, The workflow run
step currently installs dependencies and executes the review script without
validating success; update the run block to check that pip3 install completed
and that the review script file (python3 .../review_ci.py) exists and is
executable before running it, and fail fast on errors (e.g., use set -e or check
exit codes and test -f/-x for the script) so failures produce clear errors;
reference the pip3 install command and the python3
/home/rntbci/AIML/code-reviewer/review_ci.py invocation when adding these checks
and error messages.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/kotlin-review.yml:
- Line 35: The workflow hardcodes an absolute script path
(/home/rntbci/AIML/code-reviewer/review_ci.py) which breaks portability; update
the step that runs python3 to reference a repository-relative or configurable
path instead (e.g., move the script into the repo such as
.github/scripts/review_ci.py and call that), or read the path from an
environment variable/secret (e.g., REVIEW_SCRIPT) and use that in the python3
invocation, and add a pre-run existence check for the script to fail fast if the
file is missing; look for the python3 ... review_ci.py command in the
kotlin-review.yml step and change it to use the new relative path or env var
plus a file-exists guard.
- Line 34: The workflow step that runs the pip3 install command currently
installs packages without pinned versions (the line containing "pip3 install -q
httpx python-dotenv pydantic pydantic-settings ollama loguru tenacity"); update
that step to pin each package to a specific, reviewed version (or replace the
inline install with a reference to a committed requirements file like
".github/requirements.txt") so installs are reproducible and mitigate
supply-chain/security risks—ensure the packages listed (httpx, python-dotenv,
pydantic, pydantic-settings, ollama, loguru, tenacity) are either suffixed with
exact versions or moved to and installed from requirements.txt.

In
`@modules/lyrics-maker/src/main/java/com/tejpratapsingh/lyricsmaker/presentation/activity/LyricsActivity.kt`:
- Around line 76-77: In LyricsActivity onCreate you're calling a non-existent
getdata() which causes an unresolved reference; change the call to the
correctly-cased method getData() so replace getdata() with getData() in the
onCreate method to match the defined getData() function in the class.

---

Nitpick comments:
In @.github/workflows/kotlin-review.yml:
- Around line 33-35: The workflow run step currently installs dependencies and
executes the review script without validating success; update the run block to
check that pip3 install completed and that the review script file (python3
.../review_ci.py) exists and is executable before running it, and fail fast on
errors (e.g., use set -e or check exit codes and test -f/-x for the script) so
failures produce clear errors; reference the pip3 install command and the
python3 /home/rntbci/AIML/code-reviewer/review_ci.py invocation when adding
these checks and error messages.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 24a4d2dd-034b-4032-a474-9091101d3f15

📥 Commits

Reviewing files that changed from the base of the PR and between 56f603a and 49e27b6.

📒 Files selected for processing (2)
  • .github/workflows/kotlin-review.yml
  • modules/lyrics-maker/src/main/java/com/tejpratapsingh/lyricsmaker/presentation/activity/LyricsActivity.kt

Comment thread .github/workflows/kotlin-review.yml Outdated
CI_MERGE_REQUEST_TITLE: ${{ github.event.pull_request.title }}
CI_COMMIT_AUTHOR: ${{ github.event.pull_request.user.login }}
run: |
pip3 install -q httpx python-dotenv pydantic pydantic-settings ollama loguru tenacity

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

What are the latest stable versions of these Python packages: httpx, python-dotenv, pydantic, pydantic-settings, ollama, loguru, tenacity?

💡 Result:

httpx: 0.28.1 python-dotenv: 1.2.2 pydantic: 2.13.1 pydantic-settings: 2.13.1 ollama: 0.6.1 loguru: 0.7.3 tenacity: 9.1.4

Citations:


Pin Python dependency versions for security and reproducibility.

Installing packages without version constraints exposes the workflow to:

  • Security risk: A compromised or malicious package version could be pulled
  • Reproducibility issues: Different runs may use different versions with breaking changes
  • Supply chain attacks: Typosquatting or dependency confusion attacks
📌 Proposed fix with version pinning
-          pip3 install -q httpx python-dotenv pydantic pydantic-settings ollama loguru tenacity
+          pip3 install -q \
+            httpx==0.28.1 \
+            python-dotenv==1.2.2 \
+            pydantic==2.13.1 \
+            pydantic-settings==2.13.1 \
+            ollama==0.6.1 \
+            loguru==0.7.3 \
+            tenacity==9.1.4

Alternatively, use a requirements.txt file:

         run: |
-          pip3 install -q httpx python-dotenv pydantic pydantic-settings ollama loguru tenacity
+          pip3 install -q -r .github/requirements.txt
           python3 /home/rntbci/AIML/code-reviewer/review_ci.py 2>&1 | tee review_output.log

Then create .github/requirements.txt:

httpx==0.28.1
python-dotenv==1.2.2
pydantic==2.13.1
pydantic-settings==2.13.1
ollama==0.6.1
loguru==0.7.3
tenacity==9.1.4
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
pip3 install -q httpx python-dotenv pydantic pydantic-settings ollama loguru tenacity
pip3 install -q \
httpx==0.28.1 \
python-dotenv==1.2.2 \
pydantic==2.13.1 \
pydantic-settings==2.13.1 \
ollama==0.6.1 \
loguru==0.7.3 \
tenacity==9.1.4
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/kotlin-review.yml at line 34, The workflow step that runs
the pip3 install command currently installs packages without pinned versions
(the line containing "pip3 install -q httpx python-dotenv pydantic
pydantic-settings ollama loguru tenacity"); update that step to pin each package
to a specific, reviewed version (or replace the inline install with a reference
to a committed requirements file like ".github/requirements.txt") so installs
are reproducible and mitigate supply-chain/security risks—ensure the packages
listed (httpx, python-dotenv, pydantic, pydantic-settings, ollama, loguru,
tenacity) are either suffixed with exact versions or moved to and installed from
requirements.txt.

Comment thread .github/workflows/kotlin-review.yml Outdated
CI_COMMIT_AUTHOR: ${{ github.event.pull_request.user.login }}
run: |
pip3 install -q httpx python-dotenv pydantic pydantic-settings ollama loguru tenacity
python3 /home/rntbci/AIML/code-reviewer/review_ci.py 2>&1 | tee review_output.log

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Hardcoded absolute path breaks portability.

The script path /home/rntbci/AIML/code-reviewer/review_ci.py is hardcoded and assumes a specific directory structure on the self-hosted runner. If the runner changes, is rebuilt, or if this workflow runs on a different runner, it will fail.

📦 Recommended solutions

Option 1: Include the script in the repository

Move review_ci.py into the repository (e.g., .github/scripts/review_ci.py) and reference it relatively:

-          python3 /home/rntbci/AIML/code-reviewer/review_ci.py 2>&1 | tee review_output.log
+          python3 .github/scripts/review_ci.py 2>&1 | tee review_output.log

Option 2: Use an environment variable

Define the script path as a repository variable or secret:

+          REVIEW_SCRIPT_PATH: ${{ vars.REVIEW_SCRIPT_PATH || '/home/rntbci/AIML/code-reviewer/review_ci.py' }}
         run: |
           pip3 install -q httpx python-dotenv pydantic pydantic-settings ollama loguru tenacity
-          python3 /home/rntbci/AIML/code-reviewer/review_ci.py 2>&1 | tee review_output.log
+          python3 "$REVIEW_SCRIPT_PATH" 2>&1 | tee review_output.log

Option 3: Add path validation

At minimum, verify the file exists before attempting to run it:

         run: |
+          if [ ! -f "/home/rntbci/AIML/code-reviewer/review_ci.py" ]; then
+            echo "ERROR: Review script not found"
+            exit 1
+          fi
           pip3 install -q httpx python-dotenv pydantic pydantic-settings ollama loguru tenacity
           python3 /home/rntbci/AIML/code-reviewer/review_ci.py 2>&1 | tee review_output.log
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/kotlin-review.yml at line 35, The workflow hardcodes an
absolute script path (/home/rntbci/AIML/code-reviewer/review_ci.py) which breaks
portability; update the step that runs python3 to reference a
repository-relative or configurable path instead (e.g., move the script into the
repo such as .github/scripts/review_ci.py and call that), or read the path from
an environment variable/secret (e.g., REVIEW_SCRIPT) and use that in the python3
invocation, and add a pre-run existence check for the script to fail fast if the
file is missing; look for the python3 ... review_ci.py command in the
kotlin-review.yml step and change it to use the new relative path or env var
plus a file-exists guard.

Comment on lines +76 to +77
Log.d("LyricsActivity","onCreate")
val data = getdata()

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether `getdata()` actually exists anywhere and compare with `getData()`.
# Expected:
# - call-site(s) for getdata(...)
# - no definition for fun getdata(...) (if mismatch is real)
# - definition for fun getData(...)

rg -nP --type=kt '\bgetdata\s*\('
rg -nP --type=kt '\bfun\s+getdata\s*\('
rg -nP --type=kt '\bfun\s+getData\s*\('

Repository: tejpratap46/AndroidVideoMotion

Length of output: 154


🏁 Script executed:

#!/bin/bash
# Search for both method variants using glob patterns
echo "=== Searching for getdata() calls ==="
rg -nP '\.getdata\s*\(' --glob='*.kt'

echo -e "\n=== Searching for getData() calls ==="
rg -nP '\.getData\s*\(' --glob='*.kt'

echo -e "\n=== Searching for getdata() definitions ==="
rg -nP 'fun\s+getdata\s*\(' --glob='*.kt'

echo -e "\n=== Searching for getData() definitions ==="
rg -nP 'fun\s+getData\s*\(' --glob='*.kt'

echo -e "\n=== Reading LyricsActivity.kt to check line 77 and 105 ==="
if [ -f "modules/lyrics-maker/src/main/java/com/tejpratapsingh/lyricsmaker/presentation/activity/LyricsActivity.kt" ]; then
  echo "File found. Showing lines 70-110:"
  sed -n '70,110p' "modules/lyrics-maker/src/main/java/com/tejpratapsingh/lyricsmaker/presentation/activity/LyricsActivity.kt" | cat -n
else
  echo "File not found at expected path. Searching for LyricsActivity.kt..."
  fd -e kt -i 'lyricsactivity' 
fi

Repository: tejpratap46/AndroidVideoMotion

Length of output: 2058


Fix method name mismatch: getdata() does not exist. The method is defined as getData().

Line 77 calls getdata(), which will result in an unresolved reference. The class defines getData() at line 105. This will prevent compilation.

✅ Suggested fix
-        Log.d("LyricsActivity","onCreate")
-        val data = getdata()
+        Log.d(TAG, "onCreate")
+        val data = getData()
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In
`@modules/lyrics-maker/src/main/java/com/tejpratapsingh/lyricsmaker/presentation/activity/LyricsActivity.kt`
around lines 76 - 77, In LyricsActivity onCreate you're calling a non-existent
getdata() which causes an unresolved reference; change the call to the
correctly-cased method getData() so replace getdata() with getData() in the
onCreate method to match the defined getData() function in the class.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (3)
modules/lyrics-maker/src/main/java/com/tejpratapsingh/lyricsmaker/presentation/activity/LyricsActivity.kt (1)

77-78: ⚠️ Potential issue | 🔴 Critical

Unresolved reference getdata() will break compilation.

Line 78 calls getdata() but the defined method is getData() (line 106) — Kotlin is case-sensitive, so this will fail to compile. Also, data is assigned but never used, and line 77 should reuse the TAG constant instead of the hardcoded string.

🔧 Proposed fix
-        Log.d("LyricsActivity","onCreate")
-        val data = getdata()
+        Log.d(TAG, "onCreate")

If the data value is actually needed for something, replace with val data = getData() and use it; otherwise drop the line entirely (along with getData() — see comment on line 106).

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In
`@modules/lyrics-maker/src/main/java/com/tejpratapsingh/lyricsmaker/presentation/activity/LyricsActivity.kt`
around lines 77 - 78, In LyricsActivity.onCreate the call to getdata() is a
case-sensitive typo and will not compile; replace the call with getData() (or
remove the entire val data = ... line and the getData() method if the returned
data is unused), and update the Log.d call to use the existing TAG constant
instead of the hardcoded "LyricsActivity" string to keep logging consistent.
.github/workflows/kotlin-review.yml (2)

36-36: ⚠️ Potential issue | 🟠 Major

Avoid the hardcoded runner-local script path.

Line 36 still depends on D:\AIML\code-reviewer\review_ci.py, which makes the workflow fragile outside that exact self-hosted runner image. Move the script into the repo or read the path from a configured variable and validate it before execution.

🛠️ Suggested configurable path
         env:
+          REVIEW_SCRIPT_PATH: ${{ vars.REVIEW_SCRIPT_PATH }}
           PLATFORM: github
           REVIEWER_TOKEN: ${{ secrets.REVIEWER_TOKEN }}
           OLLAMA_HOST: ${{ secrets.OLLAMA_HOST }}
           OLLAMA_MODEL: ${{ secrets.OLLAMA_MODEL }}
@@
         run: |
           pip install -q httpx python-dotenv pydantic pydantic-settings ollama loguru tenacity
-          python D:\AIML\code-reviewer\review_ci.py 2>&1 | Tee-Object -FilePath review_output.log
+          if ([string]::IsNullOrWhiteSpace($env:REVIEW_SCRIPT_PATH) -or -not (Test-Path -LiteralPath $env:REVIEW_SCRIPT_PATH)) {
+            throw "REVIEW_SCRIPT_PATH is not configured or does not exist"
+          }
+          python "$env:REVIEW_SCRIPT_PATH" 2>&1 | Tee-Object -FilePath review_output.log
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/kotlin-review.yml at line 36, The workflow currently
hardcodes the runner-local path "D:\AIML\code-reviewer\review_ci.py" in the step
that runs the Python script; instead, either add the script to the repository
and invoke it relative to the workspace (e.g., using the repo path) or read the
path from a workflow input/env var (e.g., REVIEW_SCRIPT_PATH) and validate the
file exists before executing; update the step that runs the command (the
invocation of review_ci.py) to use the configurable path/variable and include a
pre-check that fails the job with a clear message if the script file is missing.

35-35: ⚠️ Potential issue | 🟠 Major

Pin the review-agent dependencies.

Line 35 still installs packages without version constraints, so workflow behavior can change across runs as PyPI releases change. Prefer a committed requirements/constraints file with reviewed exact versions.

📌 Suggested direction
-          pip install -q httpx python-dotenv pydantic pydantic-settings ollama loguru tenacity
+          python -m pip install -q -r .github/review-agent-requirements.txt
#!/bin/bash
# Verify whether the workflow still installs unpinned Python packages.
rg -n -C2 'pip(3)?\s+install.*\b(httpx|python-dotenv|pydantic|pydantic-settings|ollama|loguru|tenacity)\b' .github || true
fd -i 'requirements.*|constraints.*' .github --exec sed -n '1,120p' {} || true
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/kotlin-review.yml at line 35, The workflow currently runs
a pip install of unpinned packages (httpx, python-dotenv, pydantic,
pydantic-settings, ollama, loguru, tenacity); replace this with deterministic
dependency management by adding a committed requirements.txt or constraints.txt
that pins exact versions for those packages and update the pip install step to
use pip install -r requirements.txt (or pip install --constraint
constraints.txt) so the workflow installs reviewed, locked versions; ensure the
new requirements/constraints file is committed alongside the workflow change.
🧹 Nitpick comments (1)
.github/workflows/kotlin-review.yml (1)

9-9: Configure the custom runner label for linting and dispatch clarity.

Line 9 uses code-review, which is not recognized by actionlint (no .github/actionlint.yaml exists). Either register the label in .github/actionlint.yaml or make the selector explicit, e.g. [self-hosted, windows, x64, code-review], to document the Windows requirement and prevent linting warnings.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/kotlin-review.yml at line 9, The workflow's runs-on
selector uses the unregistered label "code-review" (seen in the runs-on:
code-review line) which triggers actionlint warnings; fix by either registering
that custom runner label in .github/actionlint.yaml (add an entry for
"code-review") or change the selector in the workflow to an explicit array like
[self-hosted, windows, x64, code-review] to document the Windows requirement and
satisfy actionlint.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/kotlin-review.yml:
- Around line 20-24: The workflow currently exposes secrets (REVIEWER_TOKEN,
OLLAMA_HOST, OLLAMA_MODEL) into the environment and uploads raw
review_output.log; add a sanitization step that redacts those env values before
the artifact upload: either run review_ci.py with sensitive envs unset (or
scoped only to the process) and then run a scrubber that replaces the literal
values of REVIEWER_TOKEN/OLLAMA_HOST/OLLAMA_MODEL in review_output.log (e.g.,
using a short bash/python step that reads the three env vars and
sed/regex-replaces them with "[REDACTED]") and only upload the sanitized
review_output.log in the upload-artifact step (the one with if: always());
reference the env block, review_ci.py, and review_output.log to locate where to
add the scrubber/unset logic.

---

Duplicate comments:
In @.github/workflows/kotlin-review.yml:
- Line 36: The workflow currently hardcodes the runner-local path
"D:\AIML\code-reviewer\review_ci.py" in the step that runs the Python script;
instead, either add the script to the repository and invoke it relative to the
workspace (e.g., using the repo path) or read the path from a workflow input/env
var (e.g., REVIEW_SCRIPT_PATH) and validate the file exists before executing;
update the step that runs the command (the invocation of review_ci.py) to use
the configurable path/variable and include a pre-check that fails the job with a
clear message if the script file is missing.
- Line 35: The workflow currently runs a pip install of unpinned packages
(httpx, python-dotenv, pydantic, pydantic-settings, ollama, loguru, tenacity);
replace this with deterministic dependency management by adding a committed
requirements.txt or constraints.txt that pins exact versions for those packages
and update the pip install step to use pip install -r requirements.txt (or pip
install --constraint constraints.txt) so the workflow installs reviewed, locked
versions; ensure the new requirements/constraints file is committed alongside
the workflow change.

In
`@modules/lyrics-maker/src/main/java/com/tejpratapsingh/lyricsmaker/presentation/activity/LyricsActivity.kt`:
- Around line 77-78: In LyricsActivity.onCreate the call to getdata() is a
case-sensitive typo and will not compile; replace the call with getData() (or
remove the entire val data = ... line and the getData() method if the returned
data is unused), and update the Log.d call to use the existing TAG constant
instead of the hardcoded "LyricsActivity" string to keep logging consistent.

---

Nitpick comments:
In @.github/workflows/kotlin-review.yml:
- Line 9: The workflow's runs-on selector uses the unregistered label
"code-review" (seen in the runs-on: code-review line) which triggers actionlint
warnings; fix by either registering that custom runner label in
.github/actionlint.yaml (add an entry for "code-review") or change the selector
in the workflow to an explicit array like [self-hosted, windows, x64,
code-review] to document the Windows requirement and satisfy actionlint.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3d1eac9f-c549-4429-a564-aeb6a4cd15f3

📥 Commits

Reviewing files that changed from the base of the PR and between 49e27b6 and 571eb7e.

📒 Files selected for processing (2)
  • .github/workflows/kotlin-review.yml
  • modules/lyrics-maker/src/main/java/com/tejpratapsingh/lyricsmaker/presentation/activity/LyricsActivity.kt

Comment on lines +20 to +24
env:
PLATFORM: github
REVIEWER_TOKEN: ${{ secrets.REVIEWER_TOKEN }}
OLLAMA_HOST: ${{ secrets.OLLAMA_HOST }}
OLLAMA_MODEL: ${{ secrets.OLLAMA_MODEL }}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Inspect the review workflow and any committed review scripts for risky secret logging patterns.
rg -n -C3 'REVIEWER_TOKEN|OLLAMA_HOST|OLLAMA_MODEL|os\.environ|print\(|logger\.|loguru' .github || true

Repository: tejpratap46/AndroidVideoMotion

Length of output: 1461


🏁 Script executed:

# Get the full kotlin-review.yml to see artifact upload section (lines 40-46)
cat .github/workflows/kotlin-review.yml

Repository: tejpratap46/AndroidVideoMotion

Length of output: 1724


🏁 Script executed:

# Search for review_ci.py in the repository
fd review_ci.py

Repository: tejpratap46/AndroidVideoMotion

Length of output: 56


Redact secret-bearing output before uploading the log artifact.

The workflow passes secrets (REVIEWER_TOKEN, OLLAMA_HOST, OLLAMA_MODEL) into the review process environment, then pipes raw stdout/stderr to review_output.log and uploads it with if: always() (lines 40-46). GitHub's console log masking does not protect artifact files. Since the external review_ci.py script (not in this repository) could print environment variables, configuration, or HTTP headers, the artifact can persist values that would otherwise be masked in console logs.

🔒 Suggested hardening
         run: |
           pip install -q httpx python-dotenv pydantic pydantic-settings ollama loguru tenacity
-          python D:\AIML\code-reviewer\review_ci.py 2>&1 | Tee-Object -FilePath review_output.log
+          $output = & python D:\AIML\code-reviewer\review_ci.py 2>&1
+          $exitCode = $LASTEXITCODE
+          $secrets = @($env:REVIEWER_TOKEN, $env:OLLAMA_HOST, $env:OLLAMA_MODEL) |
+            Where-Object { -not [string]::IsNullOrWhiteSpace($_) }
+          $output |
+            ForEach-Object {
+              $line = [string]$_
+              foreach ($secret in $secrets) {
+                $line = $line.Replace($secret, '***')
+              }
+              $line
+            } |
+            Tee-Object -FilePath review_output.log
+          exit $exitCode
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/kotlin-review.yml around lines 20 - 24, The workflow
currently exposes secrets (REVIEWER_TOKEN, OLLAMA_HOST, OLLAMA_MODEL) into the
environment and uploads raw review_output.log; add a sanitization step that
redacts those env values before the artifact upload: either run review_ci.py
with sensitive envs unset (or scoped only to the process) and then run a
scrubber that replaces the literal values of
REVIEWER_TOKEN/OLLAMA_HOST/OLLAMA_MODEL in review_output.log (e.g., using a
short bash/python step that reads the three env vars and sed/regex-replaces them
with "[REDACTED]") and only upload the sanitized review_output.log in the
upload-artifact step (the one with if: always()); reference the env block,
review_ci.py, and review_output.log to locate where to add the scrubber/unset
logic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant