Conversation
📝 WalkthroughWalkthroughThis PR updates development tooling versions across the codebase, introduces a new Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 8
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.devcontainer/devcontainer.json (1)
16-23: Update CodeRabbit VS Code extension to an available version; 0.16.6 does not exist.Version 0.16.6 is not published on the VS Code Marketplace. The latest 0.16.x release is 0.16.0 (updated Nov 19, 2025). CodeRabbit also released v1.0 in August 2025. Update the extension pin to either 0.16.0 or 1.0 depending on compatibility with your target environment.
🤖 Fix all issues with AI agents
In @.devcontainer/Dockerfile:
- Around line 8-9: Replace the temporary removal of the Yarn APT source (the RUN
rm /etc/apt/sources.list.d/yarn.list || true line) with steps that install and
use the Yarn GPG keyring: create /etc/apt/keyrings, fetch and dearmor the Yarn
pubkey into /etc/apt/keyrings/yarn-archive-keyring.gpg, and write the Yarn APT
entry using the signed-by=/etc/apt/keyrings/yarn-archive-keyring.gpg option so
the repo can be used safely for installing/updating Yarn instead of deleting the
source list.
- Around line 11-13: The RUN line that pins "bash-completion=$(apt-cache madison
bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)'" should
include a defensive guard to fail fast with a clear message when the desired
version cannot be resolved; modify the Dockerfile RUN block to capture the
resolved version from apt-cache/madison into a variable, test if it's non-empty,
and if empty emit a descriptive error (e.g., echo "Desired bash-completion
1:2.11 not found" >&2 && exit 1) before calling apt-get install, so the build
fails with an explicit message rather than an opaque apt error.
In @.devcontainer/install-ci-tooling.py:
- Around line 10-14: Bump the copier pin from "==9.11.2" to "==9.11.3" by
updating the COPIER_VERSION constant; keep COPIER_TEMPLATE_EXTENSIONS_VERSION
("==0.3.3") unchanged for consistency and ensure any checksum/lock references
elsewhere that depend on COPIER_VERSION are updated accordingly (search for
COPIER_VERSION) so CI uses copier 9.11.3.
In `@copier.yml`:
- Around line 36-39: The YAML key pull_from_ecr currently uses the string
default "no" which trips yamllint's truthy rule; change its default to the
explicit boolean false (i.e., set default: false) so the value is a proper YAML
boolean for the pull_from_ecr entry and satisfies the linter.
- Around line 1-6: Remove the excessive leading blank lines at the top of
copier.yml so the file begins immediately with the first YAML content line (no
empty lines before the first token); simply delete the blank lines at the top of
the file to satisfy yamllint and CI.
In `@extensions/context.py`:
- Line 107: The context key context["debian_release_name"] was changed to
"trixie" but is not referenced anywhere; either remove this unused context entry
or document and wire it into downstream templates. If it's intended for future
generated code, add a brief inline comment next to
context["debian_release_name"] explaining its purpose and expected usage and
update any template/renderer code to consume this key (search for template
rendering functions that accept context to locate where to plug it in);
otherwise delete the context["debian_release_name"] assignment to avoid dead
configuration.
In `@template/.devcontainer/devcontainer.json.jinja`:
- Around line 29-33: Update the pinned CodeRabbit extension version: replace the
non-existent extension identifier "coderabbit.coderabbit-vscode@0.16.6" with the
available release "CodeRabbit.coderabbit-vscode@0.16.0" in the devcontainer
extensions list so the devcontainer can install the correct marketplace version.
In `@template/.devcontainer/Dockerfile`:
- Around line 8-9: Add a tracking reference to the temporary GPG key workaround
by updating the comment near the RUN rm /etc/apt/sources.list.d/yarn.list
command: include a short note with a link to the upstream Yarn issue or PR (or a
GitHub issue number) and a TODO with an expected review date or condition for
removal so reviewers know this is temporary and can remove the hack when the
yarn GPG key is updated.
| # temporary hack until yarn updates its GPG key | ||
| RUN rm /etc/apt/sources.list.d/yarn.list || true |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
Yarn APT repository GPG key issue Ubuntu noble 2025 2026 resolved fixed
💡 Result:
On Ubuntu 24.04 “noble” (and upgrades to it), the Yarn APT repo commonly fails with a GPG error like:
EXPKEYSIG 23E7166788B63E1E Yarn Packaging <yarn@dan.cx>(signature/key expired) when runningapt update. [1]
This isn’t a “noble-only” bug so much as an outdated/expired Yarn repo signing key on your system (often installed long ago via apt-key, which is now deprecated). The practical fix in 2025–2026 is to replace the old Yarn key with the current one and pin the repo to it via signed-by=. Yarn’s current official install instructions for Debian/Ubuntu are: [2]
sudo mkdir -p /etc/apt/keyrings
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg \
| gpg --dearmor \
| sudo tee /etc/apt/keyrings/yarn-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/etc/apt/keyrings/yarn-archive-keyring.gpg] https://dl.yarnpkg.com/debian/ stable main" \
| sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt updateIf you previously added Yarn with apt-key, also remove the old key (or legacy trusted.gpg entry) to avoid confusion, then re-run sudo apt update. (A real-world report of fixing the exact EXPKEYSIG ... Yarn Packaging error by re-installing the key and updating the signed-by config is shown here.) [1]
Sources: [1] [2]
Replace the temporary workaround with the proper Yarn GPG key fix.
The Yarn APT repository signing key issue persists in 2025–2026. Instead of removing the source entirely, install the current Yarn GPG key and configure the repo with the modern signed-by= approach:
mkdir -p /etc/apt/keyrings && \
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | tee /etc/apt/keyrings/yarn-archive-keyring.gpg >/dev/null && \
echo "deb [signed-by=/etc/apt/keyrings/yarn-archive-keyring.gpg] https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.listThis allows Yarn to be properly installed and updated in the container rather than masked by removing the repository.
🤖 Prompt for AI Agents
In @.devcontainer/Dockerfile around lines 8 - 9, Replace the temporary removal
of the Yarn APT source (the RUN rm /etc/apt/sources.list.d/yarn.list || true
line) with steps that install and use the Yarn GPG keyring: create
/etc/apt/keyrings, fetch and dearmor the Yarn pubkey into
/etc/apt/keyrings/yarn-archive-keyring.gpg, and write the Yarn APT entry using
the signed-by=/etc/apt/keyrings/yarn-archive-keyring.gpg option so the repo can
be used safely for installing/updating Yarn instead of deleting the source list.
| RUN apt-get update -y && apt-get install -y \ | ||
| "bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.10' | head -n 1)" --no-install-recommends \ | ||
| "bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)" --no-install-recommends \ | ||
| && apt-get clean \ |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
🧩 Analysis chain
🏁 Script executed:
find . -name Dockerfile -path "*/.devcontainer/*" -type fRepository: LabAutomationAndScreening/copier-aws-organization
Length of output: 155
🏁 Script executed:
cat -n .devcontainer/Dockerfile | head -30Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 1473
🌐 Web query:
bash-completion package versions Ubuntu noble jammy
💡 Result:
- Ubuntu 24.04 LTS (Noble Numbat):
bash-completion1:2.11-8. [1] - Ubuntu 22.04 LTS (Jammy Jellyfish):
bash-completion1:2.11-5ubuntu1. [2]
Sources: Ubuntu Packages for Noble [1] and Ubuntu Packages index for Jammy (shells subsection) showing bash-completion version [2].
Consider adding a guard for bash-completion version as defensive practice.
Ubuntu noble includes bash-completion 1:2.11-8, so the current pin will resolve correctly. However, the proposed refactor below is still recommended to fail fast with a clear message if the version becomes unavailable in future updates, rather than silently failing with an opaque apt error.
♻️ Proposed defensive guard
-RUN apt-get update -y && apt-get install -y \
- "bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)" --no-install-recommends \
+RUN apt-get update -y && \
+ bash_comp_ver="$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)" && \
+ [ -n "$bash_comp_ver" ] || { echo "bash-completion 1:2.11 not found"; exit 1; } && \
+ apt-get install -y "bash-completion=${bash_comp_ver}" --no-install-recommends \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| RUN apt-get update -y && apt-get install -y \ | |
| "bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.10' | head -n 1)" --no-install-recommends \ | |
| "bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)" --no-install-recommends \ | |
| && apt-get clean \ | |
| RUN apt-get update -y && \ | |
| bash_comp_ver="$(apt-cache madison bash-completion | awk '{print $3}' | grep '^1:2.11' | head -n 1)" && \ | |
| [ -n "$bash_comp_ver" ] || { echo "bash-completion 1:2.11 not found"; exit 1; } && \ | |
| apt-get install -y "bash-completion=${bash_comp_ver}" --no-install-recommends \ | |
| && apt-get clean \ |
🤖 Prompt for AI Agents
In @.devcontainer/Dockerfile around lines 11 - 13, The RUN line that pins
"bash-completion=$(apt-cache madison bash-completion | awk '{print $3}' | grep
'^1:2.11' | head -n 1)'" should include a defensive guard to fail fast with a
clear message when the desired version cannot be resolved; modify the Dockerfile
RUN block to capture the resolved version from apt-cache/madison into a
variable, test if it's non-empty, and if empty emit a descriptive error (e.g.,
echo "Desired bash-completion 1:2.11 not found" >&2 && exit 1) before calling
apt-get install, so the build fails with an explicit message rather than an
opaque apt error.
| UV_VERSION = "0.9.26" | ||
| PNPM_VERSION = "10.28.1" | ||
| COPIER_VERSION = "==9.11.2" | ||
| COPIER_TEMPLATE_EXTENSIONS_VERSION = "==0.3.3" | ||
| PRE_COMMIT_VERSION = "4.5.0" | ||
| PRE_COMMIT_VERSION = "4.5.1" |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
uv 0.9.26 release latest version January 2026
💡 Result:
As of January 26, 2026, the latest released version of Astral’s uv is 0.9.26, published on January 15, 2026. [1]
0.9.26 highlights include adding support for CPython 3.15.0a5 plus various enhancements and bug fixes. [2]
🌐 Web query:
pnpm 10.28.1 release latest version January 2026
💡 Result:
As of January 26, 2026, the latest stable pnpm release is 10.28.1, released on January 19, 2026 (marked “Latest” on the official GitHub releases page). [1] This matches the “latest” listed for pnpm v10 on endoflife.date as well. [2]
The preceding stable release was 10.28.0 (January 2026). [3]
Sources: [1], [2], [3]
🌐 Web query:
copier 9.11.2 Python package release latest version 2025
💡 Result:
- Copier 9.11.2 was released on January 20, 2026 (so it is not a 2025 release). [1]
- The latest Copier release in 2025 was 9.11.0, released November 20, 2025. [1]
- The current latest version (as of Jan 26, 2026) is 9.11.3, released January 23, 2026. [1]
Sources: [1]
🌐 Web query:
pre-commit 4.5.1 release latest version 2025
💡 Result:
pre-commit v4.5.1 was released on December 16, 2025, and it is the latest pre-commit version (as of late 2025 / into 2026 unless a newer release has appeared since). [1], [2]
Release notes highlight (v4.5.1): fixes language: python with repo: local when additional_dependencies is not set. [2]
Sources: PyPI release history / files for v4.5.1 [1]; GitHub Releases page showing v4.5.1 as “Latest” [2].
🌐 Web query:
copier-template-extensions 0.3.3 PyPI package latest version
💡 Result:
The latest released version of the copier-template-extensions PyPI package is 0.3.3 (released July 15, 2025). [1]
Update copier to 9.11.3 (released January 23, 2026).
Most versions are current: uv 0.9.26, pnpm 10.28.1, and pre-commit 4.5.1 are all latest stable releases with no breaking changes reported. However, copier 9.11.2 has a newer patch release (9.11.3) available. Since copier-template-extensions 0.3.3 is also current, update copier for consistency.
🤖 Prompt for AI Agents
In @.devcontainer/install-ci-tooling.py around lines 10 - 14, Bump the copier
pin from "==9.11.2" to "==9.11.3" by updating the COPIER_VERSION constant; keep
COPIER_TEMPLATE_EXTENSIONS_VERSION ("==0.3.3") unchanged for consistency and
ensure any checksum/lock references elsewhere that depend on COPIER_VERSION are
updated accordingly (search for COPIER_VERSION) so CI uses copier 9.11.3.
| # Questions specific to this template | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
There was a problem hiding this comment.
Remove excessive leading blank lines to satisfy yamllint.
This triggers a lint error and may block CI.
🧹 Proposed fix
-# Questions specific to this template
-
-
-
-
-
+# Questions specific to this template📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| # Questions specific to this template | |
| # Questions specific to this template |
🧰 Tools
🪛 YAMLlint (1.38.0)
[error] 6-6: too many blank lines (5 > 2)
(empty-lines)
🤖 Prompt for AI Agents
In `@copier.yml` around lines 1 - 6, Remove the excessive leading blank lines at
the top of copier.yml so the file begins immediately with the first YAML content
line (no empty lines before the first token); simply delete the blank lines at
the top of the file to satisfy yamllint and CI.
| pull_from_ecr: | ||
| type: bool | ||
| help: Will you need to pull images from a central AWS Elastic Container Registry? | ||
| default: no |
There was a problem hiding this comment.
YAML truthy rule: prefer explicit false for the new default.
default: no is flagged by yamllint’s truthy rule; use false or align the lint config.
✅ Proposed fix
-pull_from_ecr:
- type: bool
- help: Will you need to pull images from a central AWS Elastic Container Registry?
- default: no
+pull_from_ecr:
+ type: bool
+ help: Will you need to pull images from a central AWS Elastic Container Registry?
+ default: false🧰 Tools
🪛 YAMLlint (1.38.0)
[warning] 39-39: truthy value should be one of [false, true]
(truthy)
🤖 Prompt for AI Agents
In `@copier.yml` around lines 36 - 39, The YAML key pull_from_ecr currently uses
the string default "no" which trips yamllint's truthy rule; change its default
to the explicit boolean false (i.e., set default: false) so the value is a
proper YAML boolean for the pull_from_ecr entry and satisfies the linter.
| context["gha_xlong_timeout_minutes"] = "45" | ||
|
|
||
| context["debian_release_name"] = "bookworm" | ||
| context["debian_release_name"] = "trixie" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# First, let's check the current state of extensions/context.py around line 107
head -n 120 extensions/context.py | tail -n 20Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 904
🏁 Script executed:
# Check for any previous value references in git history or comments
rg "bookworm|trixie" extensions/context.py -B2 -A2Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 294
🏁 Script executed:
# Run the suggested verification script to find all uses of debian_release_name
rg -n "debian_release_name" --type-add 'jinja:*.jinja' --type-add 'jinja:*.j2' -t jinja -t yamlRepository: LabAutomationAndScreening/copier-aws-organization
Length of output: 75
🏁 Script executed:
# Also search for debian_release_name in all file types to be thorough
rg -n "debian_release_name"Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 168
🏁 Script executed:
# Check Dockerfile for the base image change mentioned
fd -name "Dockerfile*" -type f | head -20Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 323
🏁 Script executed:
# If Dockerfile exists, check the base image
find . -name "Dockerfile*" -type f -exec grep -l "focal\|noble" {} \;Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 155
🏁 Script executed:
# Check the Dockerfile files for focal/noble changes
cat .devcontainer/DockerfileRepository: LabAutomationAndScreening/copier-aws-organization
Length of output: 1298
🏁 Script executed:
# Check the template Dockerfile
cat template/.devcontainer/DockerfileRepository: LabAutomationAndScreening/copier-aws-organization
Length of output: 1298
🏁 Script executed:
# Broader search for debian_release_name in all files without type restrictions
rg "debian_release_name" -A2 -B2Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 404
🏁 Script executed:
# Search for bookworm references to understand the previous state
rg "bookworm" -A2 -B2Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 75
🏁 Script executed:
# Search more broadly for how debian_release_name might be used
rg "debian_release_name" --no-type-addRepository: LabAutomationAndScreening/copier-aws-organization
Length of output: 534
🏁 Script executed:
# Check git history to see if this was bookworm before
git log -p --follow -S "debian_release_name" -- extensions/context.py | head -100Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 75
🏁 Script executed:
# Search in template directory for any references to the variable
find template -type f \( -name "*.jinja" -o -name "*.j2" -o -name "*.yaml" -o -name "*.yml" -o -name "*.txt" \) | xargs grep -l "debian_release_name" 2>/dev/null || echo "No matches found"Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 109
🏁 Script executed:
# Let's also check if there are any references to trixie or bookworm in the template directory
find template -type f | xargs grep -l "trixie\|bookworm" 2>/dev/null | head -20Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 75
🏁 Script executed:
# Let's search more broadly across all files for any potential usages or references
rg "debian_release_name" . 2>/dev/nullRepository: LabAutomationAndScreening/copier-aws-organization
Length of output: 166
🏁 Script executed:
# Check if there are any .copierignore or similar files that might indicate which files are processed
find . -name ".copier*" -o -name "copier.yml" -o -name "copier.yaml" | head -10Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 164
🏁 Script executed:
# Check the repository structure to understand how this template is used
ls -la | head -30Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 1902
🏁 Script executed:
# Check the copier.yml to understand the template structure and how context is used
cat copier.ymlRepository: LabAutomationAndScreening/copier-aws-organization
Length of output: 5261
🏁 Script executed:
# Let's look at the template directory structure to see what templates exist
find template -type f -name "*.jinja" -o -name "*.j2" | head -20Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 840
🏁 Script executed:
# Search more broadly for any apt-get, package, or Debian-related operations in templates
rg "apt-get|apt-cache|debian|ubuntu|trixie|bookworm" template --type-add 'jinja:*.jinja' --type-add 'jinja:*.j2' | head -30Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 75
🏁 Script executed:
# Let's do a comprehensive search for debian_release_name across the entire repository
rg "debian_release_name" -r '$0' . 2>&1Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 166
🏁 Script executed:
# Check if there are any generated files or build artifacts that might use this value
find . -type f \( -name "*.txt" -o -name "*.md" -o -name "*.sh" \) | xargs grep -l "debian_release_name" 2>/dev/null || echo "No matches in text files"Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 117
🏁 Script executed:
# Let's check the git log more carefully to see what changed in this commit
git log --oneline -20Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 108
🏁 Script executed:
# Check git diff to see what was actually changed in this commit
git diff HEAD~1 HEAD extensions/context.py 2>/dev/null || git show HEAD:extensions/context.py | grep -A5 -B5 "debian_release_name"Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 498
🏁 Script executed:
# Let me check if debian_release_name appears in the git diff of this specific commit
git diff HEAD~1 HEAD -- extensions/context.py 2>/dev/null || echo "Git diff not available"Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 115
🏁 Script executed:
# Check what the previous value was by looking at git show with the parent commit
git show HEAD~1:extensions/context.py 2>/dev/null | grep -A2 -B2 "debian_release_name" || echo "Previous version not accessible"Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 124
🏁 Script executed:
# Let's also check if there's any documentation or README that mentions how these context variables are used
rg "context\[" template --type-add 'jinja:*.jinja' --type-add 'jinja:*.j2' | head -20Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 75
🏁 Script executed:
# Search for any usage of context variables in the templates to understand the pattern
rg "{{ " template -t jinja | head -30Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 171
🏁 Script executed:
# Let's check if the context variables are used in generated output or if this is just a value holder
cat extensions/context.pyRepository: LabAutomationAndScreening/copier-aws-organization
Length of output: 5655
🏁 Script executed:
# Search for how context variables are typically used in the Jinja templates
rg "{{ debian_release_name|{{ alpine_image_version|{{ nginx_image_version" template 2>/dev/null || echo "No direct template usage found"Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 123
🏁 Script executed:
# Check if there's any comment or documentation about these context variables
grep -n "debian_release_name" extensions/context.py -B10 -A10Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 1096
🏁 Script executed:
# Let's check if debian_release_name might be used in downstream generated code or documentation
find template -type f | xargs grep -l "trixie\|bookworm\|debian" 2>/dev/null | head -10Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 143
🏁 Script executed:
# Check if there's any usage pattern of context variables in the templates by looking at actual variable interpolation
grep -r '\{\{.*\}\}' template --include="*.jinja" | head -20Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 122
🏁 Script executed:
# Let's verify the Ubuntu/Debian mapping for the base images mentioned
# focal = Ubuntu 20.04 (based on Debian Bullseye)
# noble = Ubuntu 24.04 (based on Debian Trixie)
# Let's check if there's any documentation about this in the repo
rg "focal|noble|bullseye" . 2>/dev/nullRepository: LabAutomationAndScreening/copier-aws-organization
Length of output: 75
🏁 Script executed:
# Let's check the install-ci-tooling.py.jinja file to see if it uses debian_release_name
cat template/.devcontainer/install-ci-tooling.py.jinjaRepository: LabAutomationAndScreening/copier-aws-organization
Length of output: 6665
🏁 Script executed:
# Also check if there are any references to the context variable being passed to templates
grep -r "debian_release_name" template 2>/dev/null || echo "Not found in template"Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 114
🏁 Script executed:
# Let's search for any actual usage of this context variable by checking if it's rendered in any output
rg "trixie" . 2>/dev/nullRepository: LabAutomationAndScreening/copier-aws-organization
Length of output: 166
🏁 Script executed:
# Let's check if there are child templates or if this is meant to be used by downstream repositories
find . -name "*.md" -o -name "README*" | xargs grep -l "debian\|context\|template" 2>/dev/null | head -5Repository: LabAutomationAndScreening/copier-aws-organization
Length of output: 176
🏁 Script executed:
# Check the README to understand how this template is used
cat README.mdRepository: LabAutomationAndScreening/copier-aws-organization
Length of output: 2534
Update Debian release name to trixie.
This changes the Debian release from bookworm to trixie, aligning with the base image update to mcr.microsoft.com/devcontainers/universal:5.1.1-noble (Ubuntu 24.04, which is based on Debian trixie).
Note: This context variable is not currently referenced in any templates within the repository. Clarify whether it is intended for future use in generated downstream code, or remove it if unused.
🤖 Prompt for AI Agents
In `@extensions/context.py` at line 107, The context key
context["debian_release_name"] was changed to "trixie" but is not referenced
anywhere; either remove this unused context entry or document and wire it into
downstream templates. If it's intended for future generated code, add a brief
inline comment next to context["debian_release_name"] explaining its purpose and
expected usage and update any template/renderer code to consume this key (search
for template rendering functions that accept context to locate where to plug it
in); otherwise delete the context["debian_release_name"] assignment to avoid
dead configuration.
| // basic tooling | ||
| // "eamodio.gitlens@15.5.1", | ||
| "coderabbit.coderabbit-vscode@0.16.4", | ||
| "coderabbit.coderabbit-vscode@0.16.6", | ||
| "ms-vscode.live-server@0.5.2025051301", | ||
| "MS-vsliveshare.vsliveshare@1.0.5905", |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
coderabbit.coderabbit-vscode 0.16.6 VS Code marketplace
💡 Result:
The VS Code Marketplace listing for the CodeRabbit extension is “CodeRabbit” (publisher CodeRabbit Inc.) with identifier CodeRabbit.coderabbit-vscode. [1]
I couldn’t find any evidence that version 0.16.6 exists on the VS Code Marketplace for this extension; third‑party archives of the Marketplace package list the latest available Marketplace version as 0.16.0 (updated Nov 19, 2025). [2]
Sources: [1], [2]
Update CodeRabbit extension to version 0.16.0 (non-existent version pinned).
Version 0.16.6 does not exist on the VS Code Marketplace; the latest available version is 0.16.0 (released Nov 19, 2025). Update the pin from "CodeRabbit.coderabbit-vscode@0.16.6" to "CodeRabbit.coderabbit-vscode@0.16.0" to ensure the devcontainer builds successfully.
🤖 Prompt for AI Agents
In `@template/.devcontainer/devcontainer.json.jinja` around lines 29 - 33, Update
the pinned CodeRabbit extension version: replace the non-existent extension
identifier "coderabbit.coderabbit-vscode@0.16.6" with the available release
"CodeRabbit.coderabbit-vscode@0.16.0" in the devcontainer extensions list so the
devcontainer can install the correct marketplace version.
| # temporary hack until yarn updates its GPG key | ||
| RUN rm /etc/apt/sources.list.d/yarn.list || true |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Consider adding a tracking reference for the yarn GPG key workaround.
The comment indicates this is a temporary hack. Consider adding a link to a GitHub issue or upstream tracking reference so this can be removed when yarn updates its GPG key.
💡 Suggested improvement
-# temporary hack until yarn updates its GPG key
+# temporary hack until yarn updates its GPG key - see https://github.com/yarnpkg/yarn/issues/XXXX
RUN rm /etc/apt/sources.list.d/yarn.list || true🤖 Prompt for AI Agents
In `@template/.devcontainer/Dockerfile` around lines 8 - 9, Add a tracking
reference to the temporary GPG key workaround by updating the comment near the
RUN rm /etc/apt/sources.list.d/yarn.list command: include a short note with a
link to the upstream Yarn issue or PR (or a GitHub issue number) and a TODO with
an expected review date or condition for removal so reviewers know this is
temporary and can remove the hack when the yarn GPG key is updated.
There was a problem hiding this comment.
Pull request overview
This PR updates the Copier base template with the latest versions of dependencies, tools, and GitHub Actions. It also fixes workflow logic to properly skip duplicate CI runs and adds support for AWS ECR image pulling configuration.
Changes:
- Updated base Docker image from Ubuntu 20.04 Focal to Ubuntu 24.04 Noble
- Updated multiple dependencies including copier (9.11.0 → 9.11.2), pyright (1.1.407 → 1.1.408), ty (0.0.9 → 0.0.13), and various GitHub Actions
- Fixed CI workflow to properly skip lint and pulumi jobs when duplicates are detected, with appropriate status reporting to block merges
- Added pull_from_ecr configuration option for AWS ECR support
- Enhanced Pulumi preview messages to include stack names for better clarity
Reviewed changes
Copilot reviewed 20 out of 21 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| uv.lock | Updated Python package lock file with new versions of copier, jinja2, pyright, and ty |
| pyproject.toml | Updated Python dependencies to match lock file versions |
| extensions/context.py | Updated version constants for tools, libraries, and GitHub Actions used throughout templates |
| .devcontainer/Dockerfile | Updated base image to Ubuntu 24.04 Noble and fixed workspace directory path |
| template/.devcontainer/Dockerfile | Same base image update for template |
| .devcontainer/devcontainer.json | Updated CodeRabbit extension and devcontainer context hash |
| template/.devcontainer/devcontainer.json.jinja | Updated CodeRabbit extension in template |
| .devcontainer/install-ci-tooling.py | Updated tool versions to match context.py |
| .github/workflows/ci.yaml | Updated GitHub Actions cache from v4.3.0 to v5.0.2 |
| .github/workflows/pre-commit.yaml | Updated GitHub Actions cache from v4.3.0 to v5.0.2 |
| template/.github/workflows/pre-commit.yaml | Updated GitHub Actions cache from v4.3.0 to v5.0.2 |
| .github/actions/install_deps/action.yml | Updated setup-python and setup-node actions to v6.2.0 |
| template/.github/actions/install_deps/action.yml | Updated setup-python and setup-node actions to v6.2.0 |
| .github/reusable_workflows/build-docker-image.yaml | Updated upload-artifact from v5.0.0 to v6.0.0 |
| template/.github/workflows/pulumi-aws.yml | Updated download-artifact from v6.0.0 to v7.0.0 |
| template/.github/workflows/ci.yaml.jinja | Restructured workflow to properly handle duplicate detection with conditional job execution and status reporting |
| template/.github/actions/pulumi_ephemeral_deploy/action.yml | Added stack name to preview messages and comment tags for better multi-stack support |
| copier.yml | Added pull_from_ecr question and updated when conditions for AWS-related questions |
| tests/copier_data/data1.yaml | Added pull_from_ecr: false test data |
| tests/copier_data/data2.yaml | Added pull_from_ecr: true test data |
| .copier-answers.yml | Updated commit reference to v0.0.94 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
2 participants
Why is this change necessary?
Keep up to date
How does this change address the issue?
Pulls in latest changes
What side effects does this change have?
N/A
How is this change tested?
ejfine/aws-organization#30
Other
Also fixed issue where the check-duplicates wasn't preventing running the pulumi job. and required-check now marks the status as skipped if it is a duplicate, so that merging is prevented
Summary by CodeRabbit
New Features
Chores
✏️ Tip: You can customize this high-level summary in your review settings.