fix(ci): drop environment gate and id-token from publish workflow#53
Conversation
The v0.3.0 publish run hit startup_failure with 0 jobs and no logs, which typically indicates GitHub rejected the workflow at the orchestrator layer before any job started. The most likely cause on this org is the combination of environment: pypi plus id-token: write (which triggers OIDC provisioning) against an environment that is not configured for trusted publishing. Since we publish with the PYPI_API_TOKEN secret, not OIDC, we do not need id-token: write, and removing the environment gate lets the workflow start. The PYPI_API_TOKEN secret is still used and still scoped to the repo. We can re-enable the environment later once Trusted Publishing is set up on PyPI.
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 55 minutes and 45 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
Note
|
Fixes the startup_failure on the v0.3.0 publish run. Removes the environment: pypi gate and id-token: write permission since we publish via PYPI_API_TOKEN secret, not OIDC trusted publishing.