README.md

[nirtal85]

Description

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.

Summary by CodeRabbit

• Chores

  • Updated CI workflows: tightened and clarified permissions, restructured jobs and steps, and separated report deployment into its own job for more reliable Pages publishing.
  • Improved Allure reporting flow: consolidated HTML generation and PR summary steps, refined artifact handling and deployment.

• Documentation

  • Simplified Results & Reporting instructions to a cross-platform command for generating and opening Allure reports locally.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

The PR updates GitHub Actions workflows (.github/workflows/devRun.yml, .github/workflows/nightly.yml) to normalize strings/quotes, expand permissions (add id-token and adjust pages/checks/pull-requests access), replace inline Allure report generation with an npx Allure CLI plus an allure-action summary step, restructure artifact upload/download steps, introduce a separate deploy_pages job using actions/deploy-pages@v4, and simplifies README reporting instructions to use npx Allure.

Changes

Cohort / File(s)	Summary
Dev workflow \.github/workflows/devRun.yml	Normalized quote usage, expanded permissions (added id-token, adjusted pages, checks, pull-requests), renamed and adjusted environment/steps for Allure results, replaced previous Allure report action with an npx Allure CLI step and an allure-action PR summary step, switched to actions/upload-pages-artifact@v4, and factored out a new deploy_pages job that runs actions/deploy-pages@v4.
Nightly workflow \.github/workflows/nightly.yml	Similar normalization and permission changes, renamed/restructured jobs (e.g., merge-reports → build-report), added artifact upload/download/merge steps for shard results, generates Allure HTML via npx, and adds a deploy_pages job for Pages deployment.
Docs / Usage README.md	Replaced platform-specific Allure install/serve instructions with a cross-platform npx allure generate ... --open guidance (removed Scoop/Brew platform steps).

Sequence Diagram(s)

sequenceDiagram
    participant Runner as "GitHub Actions Runner\n(ubuntu-latest)"
    participant Tests as "Test Job(s)\n(pytest shards)"
    participant ArtifactStore as "GitHub Artifact Storage"
    participant AllureCLI as "npx Allure CLI + allure-action"
    participant PagesDeploy as "actions/deploy-pages\n(GitHub Pages)"

    Runner->>Tests: run tests & produce `allure-results` shards
    Tests->>ArtifactStore: upload shards (actions/upload-artifact)
    Runner->>Runner: build-report job downloads shards (actions/download-artifact)
    Runner->>AllureCLI: merge results & generate `allure-report` (npx allure generate)
    AllureCLI->>ArtifactStore: upload `allure-report` (upload-pages-artifact)
    PagesDeploy->>ArtifactStore: download `allure-report` artifact
    PagesDeploy->>PagesDeploy: deploy to GitHub Pages (actions/deploy-pages)
    PagesDeploy->>Runner: expose page URL via environment output

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• updates-3 #389 — Modifies the same workflow and renames/adjusts Allure report/deploy steps.
• sec #464 — Overlaps in permissions and Allure generation changes in both devRun and nightly workflows.
• upload-fix #386 — Related changes to GitHub Pages deployment configuration and artifact handling.

Suggested reviewers

• elias-shoursoh

Poem

🐰
With nimble hops I tweak the flow,
Tests tumble in and artifacts grow,
npx lights the Allure night so fair,
Pages bloom from runner's care,
Carrot cheers — deploy with flair! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title 'README.md' does not match the actual changes. The changeset modifies .github/workflows/devRun.yml (GitHub Actions workflow), not README.md.	Update the PR title to reflect the actual changes, such as 'Update devRun workflow to use Allure 3 CLI and GitHub Pages deployment' or similar.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Allure Report Summary

	Name	Duration	Stats	New	Flaky	Retry	Report
	Allure Report – Pull request #477	5ms	1    0    0    0    0	1	0	0

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @.github/workflows/devRun.yml:
- Around line 45-47: The workflow step named "Link Git Information And Browser
Version To Allure Results" uses working-directory: allure-results and if:
always(), which causes failures when the allure-results folder doesn't exist;
add a prior step (or incorporate into the job setup) that ensures the directory
exists (e.g., run a mkdir -p allure-results or equivalent) before the named step
runs so that the working-directory is valid even when tests fail early,
referencing the step label "Link Git Information And Browser Version To Allure
Results" and the working-directory value "allure-results" when updating the
YAML.
- Around line 50-52: Avoid expanding `${{ github.head_ref }}` directly in the
shell; instead set GIT_BRANCH via the job/step env (e.g., env: GIT_BRANCH: ${{
github.head_ref || github.ref_name }}) and then reference the safe environment
variable in the script with quoting (echo GIT_BRANCH="$GIT_BRANCH"); do
similarly for any other interpolated values if needed (BUILD_URL and
GIT_COMMIT_ID can be set via env and echoed as "$BUILD_URL" and
"$GIT_COMMIT_ID") to prevent branch-name injection.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Prevent failures when allure-results is missing.

With working-directory: allure-results and if: always(), this step fails if tests didn’t create the folder (e.g., early failure), which then blocks report generation/deploy. Consider creating the directory beforehand.

🛠️ Suggested hardening

       - name: Auto-assign reviewers
         uses: kentaro-m/auto-assign-action@v2.0.0
         if: success()
+      - name: Ensure Allure results directory exists
+        if: always()
+        run: mkdir -p allure-results
       - name: Link Git Information And Browser Version To Allure Results
         if: always()
         working-directory: allure-results

🤖 Prompt for AI Agents

In @.github/workflows/devRun.yml around lines 45 - 47, The workflow step named
"Link Git Information And Browser Version To Allure Results" uses
working-directory: allure-results and if: always(), which causes failures when
the allure-results folder doesn't exist; add a prior step (or incorporate into
the job setup) that ensures the directory exists (e.g., run a mkdir -p
allure-results or equivalent) before the named step runs so that the
working-directory is valid even when tests fail early, referencing the step
label "Link Git Information And Browser Version To Allure Results" and the
working-directory value "allure-results" when updating the YAML.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Avoid untrusted github.head_ref expansion in shell.

Line 51 interpolates ${{ github.head_ref }} directly into the script, which can allow PR branch-name injection. Pass it via env and quote in the shell.

🔒 Proposed fix

       - name: Link Git Information And Browser Version To Allure Results
         if: always()
         working-directory: allure-results
+        env:
+          GIT_BRANCH: ${{ github.head_ref || github.ref_name }}
         run: |
           {
             echo BUILD_URL=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
-            echo GIT_BRANCH=${{ github.head_ref || github.ref_name }}
+            echo "GIT_BRANCH=$GIT_BRANCH"
             echo GIT_COMMIT_ID=${{ github.sha }}
             echo GIT_COMMIT_MESSAGE="$(git show -s --format=%s HEAD)"

🤖 Prompt for AI Agents

In @.github/workflows/devRun.yml around lines 50 - 52, Avoid expanding `${{
github.head_ref }}` directly in the shell; instead set GIT_BRANCH via the
job/step env (e.g., env: GIT_BRANCH: ${{ github.head_ref || github.ref_name }})
and then reference the safe environment variable in the script with quoting
(echo GIT_BRANCH="$GIT_BRANCH"); do similarly for any other interpolated values
if needed (BUILD_URL and GIT_COMMIT_ID can be set via env and echoed as
"$BUILD_URL" and "$GIT_COMMIT_ID") to prevent branch-name injection.