fix: EduID for QA environment, transactional emails based on DB templates, misc fixes

[rschlaefli]

No description provided.

[aviator-app]

Current Aviator status

Aviator will automatically update this comment as the status of the PR changes.
Comment /aviator refresh to force Aviator to re-examine your PR (or learn about other /aviator commands).

This PR was merged manually (without Aviator). Merging manually can negatively impact the performance of the queue. Consider using Aviator next time.

---

See the real-time status of this PR on the Aviator webapp.

Use the Aviator Chrome Extension to see the status of your PR within GitHub.

[coderabbitai]

Walkthrough

Walkthrough

The recent changes involve updates to multiple GitHub Actions workflow files, primarily removing the paths filter from the push event triggers across various services. This adjustment allows workflows to trigger on any relevant push events related to specified tags or branches. Additionally, modifications were made to various source files, including logging enhancements, configuration updates, and restructuring of database schemas, particularly for managing email templates.

Changes

Files	Change Summary
.github/workflows/v3_*	Removed paths filter from push triggers, allowing workflows to trigger on any push matching specified tags or branches instead of specific file paths.
apps/auth/src/pages/api/auth/[...nextauth].ts	Added logging statement in the signIn callback to log parameters for debugging purposes.
apps/backend-docker/{package.json, tsup.config.ts}	Removed dependency on @klicker-uzh/transactional; modified build and dev scripts to streamline processes; removed publicDir property from config.
apps/frontend-pwa/.env.qa	Updated NEXT_PUBLIC_API_URL_SSR to point to a new backend URL.
apps/frontend-pwa/src/lib/getParticipantToken.ts	Added logging statements for cookies and participantToken for better traceability.
apps/frontend-pwa/src/pages/createAccount.tsx	Changed redirection path from /login to /editProfile, enhancing user flow; added logs for token handling.
apps/lti/src/index.ts	Updated devMode condition to check process.env.LTI_DEV_MODE; added ltiaas property for LTI configuration.
deploy/charts/klicker-uzh-v2/templates/{cm-lti.yaml,deployment-app.yaml,values.yaml}	Introduced LTI_DEV_MODE and LTI_AAS_MODE parameters for configurability; changed image specification for dynamic referencing; added devMode and ltiaas.
deploy/env-qa-v3/helmfile.yaml	Added eduId and lti.image with required environment variables for secure handling of sensitive information.
packages/graphql/src/services/{accounts.ts,email.ts}	Modified functions to include ctx parameter for email template hydration; updated hydrateTemplate to query templates from a database instead of file system.
packages/prisma/src/prisma/migrations/20240823205930_email_templates/migration.sql	Dropped magicLinkExpiresAt and magicLinkToken columns from Participant table; created new EmailTemplate table for better email management.
packages/prisma/src/prisma/schema/other.prisma	Introduced new EmailTemplate model with fields for managing email templates.
packages/transactional/package.json	Introduced new scripts for managing email templates; updated dependencies and versions for compatibility.
packages/transactional/src/scripts/deploy.ts	New script for upserting email templates into the database, including reading from specified HTML files.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[cypress]

klicker-uzh    Run #2683

Run Properties:   Failed #2683  •  c7e5daba6c: fix: EduID for QA environment, transactional emails based on DB templates, misc ...

Project	klicker-uzh
Branch Review	v3
Run status	Failed #2683
Run duration	08m 05s
Commit	c7e5daba6c: fix: EduID for QA environment, transactional emails based on DB templates, misc ...
Committer	Roland Schläfli
View all properties for this run ↗︎

---

Test results
Failures	1
Flaky	1
Pending	0
Skipped	0
Passing	37
View all changes introduced in this branch ↗︎

---

Tests for review

  cypress/e2e/K-group-activity-workflow.cy.ts • 1 failed test

View Output

Test		Artifacts
Create and solve a group activity > create a group activity and edit it		Screenshots

  cypress/e2e/G-microlearning-workflow.cy.ts • 1 flaky test

View Output

Test		Artifacts
Different microlearning workflows > converts a seeded past microlearning into a practice quiz		Test Replay Screenshots

[coderabbitai]

Actionable comments posted: 3

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 4c949f3 and 46bbdcf.

Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

Files selected for processing (30)

• .github/workflows/v3_analytics-prod.yml (1 hunks)
• .github/workflows/v3_analytics-qa.yml (1 hunks)
• .github/workflows/v3_auth-prod.yml (1 hunks)
• .github/workflows/v3_auth-qa.yml (1 hunks)
• .github/workflows/v3_backend-docker.yml (1 hunks)
• .github/workflows/v3_frontend-control-docker-prod.yml (1 hunks)
• .github/workflows/v3_frontend-control-docker-qa.yml (1 hunks)
• .github/workflows/v3_frontend-manage-docker-prod.yml (1 hunks)
• .github/workflows/v3_frontend-manage-docker-qa.yml (1 hunks)
• .github/workflows/v3_frontend-pwa-docker-prod.yml (1 hunks)
• .github/workflows/v3_frontend-pwa-docker-qa.yml (1 hunks)
• .github/workflows/v3_lti-prod.yml (1 hunks)
• .github/workflows/v3_lti-qa.yml (1 hunks)
• apps/auth/src/pages/api/auth/[...nextauth].ts (1 hunks)
• apps/backend-docker/package.json (2 hunks)
• apps/backend-docker/tsup.config.ts (1 hunks)
• apps/frontend-pwa/.env.qa (1 hunks)
• apps/frontend-pwa/src/lib/getParticipantToken.ts (1 hunks)
• apps/frontend-pwa/src/pages/createAccount.tsx (2 hunks)
• apps/lti/src/index.ts (1 hunks)
• deploy/charts/klicker-uzh-v2/templates/cm-lti.yaml (1 hunks)
• deploy/charts/klicker-uzh-v2/templates/deployment-app.yaml (1 hunks)
• deploy/charts/klicker-uzh-v2/values.yaml (1 hunks)
• deploy/env-qa-v3/helmfile.yaml (2 hunks)
• packages/graphql/src/services/accounts.ts (3 hunks)
• packages/graphql/src/services/email.ts (2 hunks)
• packages/prisma/src/prisma/migrations/20240823205930_email_templates/migration.sql (1 hunks)
• packages/prisma/src/prisma/schema/other.prisma (1 hunks)
• packages/transactional/package.json (1 hunks)
• packages/transactional/src/scripts/deploy.ts (1 hunks)

Files skipped from review due to trivial changes (5)

• .github/workflows/v3_frontend-control-docker-qa.yml
• .github/workflows/v3_lti-qa.yml
• apps/auth/src/pages/api/auth/[...nextauth].ts
• apps/backend-docker/package.json
• apps/backend-docker/tsup.config.ts

Additional comments not posted (27)

packages/prisma/src/prisma/schema/other.prisma (1)

7-14: LGTM! The EmailTemplate model is well-structured.

The addition of the EmailTemplate model with fields for name, html, createdAt, and updatedAt is appropriate for managing email templates. The use of @id, @default(now()), and @updatedAt is correct and aligns with best practices.

packages/prisma/src/prisma/migrations/20240823205930_email_templates/migration.sql (2)

4-5: Verify the impact of dropping columns from Participant.

Dropping magicLinkExpiresAt and magicLinkToken will result in data loss. Ensure that this change is intentional and that any necessary data has been backed up or migrated.

---

12-20: LGTM! The EmailTemplate table creation is consistent with the schema.

The creation of the EmailTemplate table with fields name, html, createdAt, and updatedAt is consistent with the schema changes in other.prisma.

apps/frontend-pwa/.env.qa (1)

8-8: Verify the new SSR API endpoint URL.

The NEXT_PUBLIC_API_URL_SSR has been updated to a new backend URL. Ensure that this URL is correct and that the backend service is operational.

packages/transactional/package.json (2)

14-17: Scripts for updating templates look good.

The new scripts for updating templates in different environments are well-formed and use the doppler command with the correct configurations.

---

20-27: Dependency updates are appropriate.

The addition of @klicker-uzh/prisma and tsx, along with the updates to @types/node and @types/react, enhance the project's functionality and maintainability.

deploy/charts/klicker-uzh-v2/templates/cm-lti.yaml (1)

23-24: New LTI configuration parameters are correctly added.

The parameters LTI_DEV_MODE and LTI_AAS_MODE are properly sourced from the Helm chart values, enhancing configurability.

.github/workflows/v3_lti-prod.yml (1)

3-5: Removal of paths filter is appropriate.

The removal of the paths filter aligns with the objective to broaden the conditions under which the workflow is executed, allowing for more inclusive builds.

.github/workflows/v3_auth-prod.yml (1)

3-5: LGTM! Broadened workflow trigger conditions.

The removal of the paths filter from the push event trigger allows the workflow to trigger on any push event with a matching tag, enhancing automation and ensuring comprehensive builds.

.github/workflows/v3_frontend-pwa-docker-prod.yml (1)

3-5: LGTM! Broadened workflow trigger conditions.

The removal of the paths filter from the push event trigger allows the workflow to trigger on any push event with a matching tag, enhancing deployment flexibility and ensuring comprehensive builds.

.github/workflows/v3_frontend-manage-docker-prod.yml (1)

3-5: LGTM! Broadened workflow trigger conditions.

The removal of the paths filter from the push event trigger allows the workflow to trigger on any push event with a matching tag, improving the deployment process and ensuring comprehensive builds.

.github/workflows/v3_frontend-control-docker-prod.yml (1)

4-5: Approved: Broadened workflow trigger conditions.

The removal of the paths filter from the push event trigger allows the workflow to trigger on any push event matching the specified tag pattern. This change aligns with the PR objectives to enhance automation.

.github/workflows/v3_analytics-prod.yml (1)

4-5: Approved: Broadened workflow trigger conditions.

The removal of the paths filter from the push event trigger allows the workflow to trigger on any push event matching the specified tag pattern. This change aligns with the PR objectives to enhance automation.

.github/workflows/v3_analytics-qa.yml (1)

Line range hint 4-8: Consider the implications of removing the paths filter.

The removal of the paths filter under the push event trigger will cause the workflow to run on any changes to the specified branches. While this broadens the scope for testing, it may lead to unnecessary workflow executions for unrelated changes.

Ensure that this change aligns with your intended workflow execution strategy.

.github/workflows/v3_backend-docker.yml (1)

Line range hint 4-9: Evaluate the impact of removing the paths filter.

The removal of the paths filter under the push event trigger expands the workflow's execution scope to any changes on the specified branches. This may result in additional workflow runs for changes that do not affect the backend-docker.

Verify that this change is intentional and aligns with your workflow execution goals.

.github/workflows/v3_auth-qa.yml (1)

Line range hint 4-8: Assess the consequences of removing the paths filter.

By removing the paths filter under the push event trigger, the workflow will now execute on any changes to the specified branches. This could lead to more comprehensive testing but may also result in unnecessary workflow executions.

Ensure that this change is consistent with your desired workflow execution strategy.

.github/workflows/v3_frontend-pwa-docker-qa.yml (1)

Line range hint 5-11: Verify the impact of removing path filters.

The removal of path filters under the push event trigger will cause the workflow to trigger on any push to the specified branches. Ensure this aligns with the intended CI/CD process to avoid unnecessary workflow runs.

.github/workflows/v3_frontend-manage-docker-qa.yml (1)

Line range hint 5-11: Verify the impact of removing path filters.

The removal of path filters under the push event trigger will cause the workflow to trigger on any push to the specified branches. Ensure this aligns with the intended CI/CD process to avoid unnecessary workflow runs.

packages/graphql/src/services/email.ts (1)

49-68: LGTM! But verify the function usage in the codebase.

The changes to hydrateTemplate improve flexibility and scalability. Ensure all function calls to hydrateTemplate match the new signature with the ctx parameter.

Run the following script to verify the function usage:

Verification successful

---

Function Usage Verified: All calls to hydrateTemplate match the new signature.

The function hydrateTemplate is used correctly with the ctx parameter in the codebase. No further action is required.

• packages/graphql/src/services/accounts.ts: Both occurrences of hydrateTemplate include the ctx parameter.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify all function calls to `hydrateTemplate` match the new signature.

# Test: Search for the function usage. Expect: Only occurrences of the new signature.
rg --type js -A 5 $'hydrateTemplate'

Length of output: 35

---

Script:

#!/bin/bash
# Description: Verify all function calls to `hydrateTemplate` match the new signature.

# Search for the function usage in the entire codebase, including TypeScript files.
rg --type-add 'ts:*.{ts,tsx}' --type ts --type js -A 5 'hydrateTemplate'

Length of output: 1285

apps/lti/src/index.ts (1)

14-15: LGTM! Verify the environment variables.

The changes to use process.env.LTI_DEV_MODE and process.env.LTI_AAS_MODE provide more granular control over the environment settings.

Ensure that these environment variables are correctly set in all relevant environments.

deploy/env-qa-v3/helmfile.yaml (1)

29-31: LGTM! Verify the environment variables.

The use of requiredEnv for EDUID_CLIENT_SECRET and APP_VERSION enhances security and ensures deployment consistency.

Ensure that these environment variables are correctly set in all relevant environments.

Also applies to: 96-98

apps/frontend-pwa/src/pages/createAccount.tsx (1)

65-66: Verify the redirection path change.

The redirection path has been changed from /login to /editProfile. Ensure this change aligns with the intended user flow and does not introduce any unintended behavior.

deploy/charts/klicker-uzh-v2/values.yaml (1)

279-281: Verify new configuration options.

The devMode and ltiaas options have been added. Ensure these configurations are documented and align with the application's environment management strategy.

deploy/charts/klicker-uzh-v2/templates/deployment-app.yaml (1)

433-433: Verify dynamic image tag configuration.

The image tag for the lti container now uses a dynamic reference. Ensure that the image tag is correctly configured in the Helm chart values to prevent deployment issues.

packages/graphql/src/services/accounts.ts (3)

596-615: LGTM! Verify logging practices.

The added logging statements provide useful debugging information.

Ensure that sensitive information is not logged and that logs are appropriately managed.

Run the following script to verify the logging practices:

---

239-245: LGTM! Verify rate limiting logic.

The addition of the ctx parameter for email template hydration is a good improvement for context handling.

Ensure that the rate limiting logic is functioning as expected and is not prone to bypass.

Run the following script to verify the rate limiting logic:

Verification successful

---

Rate Limiting Logic Verified

The rate limiting logic in the sendMagicLink function is correctly implemented. It ensures that users cannot exceed 5 requests per hour, effectively preventing abuse.

• The rateLimitStore tracks request counts and timestamps.
• The logic correctly resets counts after the time window.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the rate limiting logic in `sendMagicLink`.

# Test: Search for rate limiting logic. Expect: Correct implementation without bypass.
rg --type javascript -A 5 'rateLimitStore'

Length of output: 77

---

Script:

#!/bin/bash
# Description: Verify the rate limiting logic in `sendMagicLink`.

# Test: Search for rate limiting logic. Expect: Correct implementation without bypass.
rg --type ts -A 5 'rateLimitStore'

Length of output: 1901

---

540-554: LGTM! Verify activation link generation logic.

The addition of the ctx parameter for email template hydration and the improved construction of the activationLink enhance context handling and readability.

Ensure that the activation link generation logic is secure and functioning as expected.

Run the following script to verify the activation link generation logic:

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 46bbdcf and f5da377.

Files selected for processing (1)

• packages/transactional/src/scripts/deploy.ts (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• packages/transactional/src/scripts/deploy.ts

[sjschlapbach]

LGTM :)

[cypress]

klicker-uzh    Run #2682

Run Properties:   Failed #2682  •  c4f1a37b35 ℹ️: Merge b203877f540c10f8e85a6d3261d2b73136c5cced into d98c3ef11f88095d6abcf8a44f81...

Project	klicker-uzh
Branch Review	v3-lti
Run status	Failed #2682
Run duration	08m 24s
Commit	c4f1a37b35 ℹ️: Merge b203877f540c10f8e85a6d3261d2b73136c5cced into d98c3ef11f88095d6abcf8a44f81...
Committer	Roland Schläfli
View all properties for this run ↗︎

---

Test results
Failures	1
Flaky	1
Pending	0
Skipped	0
Passing	37
View all changes introduced in this branch ↗︎

---

Tests for review

  cypress/e2e/F-live-quiz-workflow.cy.ts • 1 failed test

View Output

Test		Artifacts
Different live-quiz workflows > creates a live quiz without questions and tests the feedback mechanisms and deletes the completed live session		Test Replay Screenshots

  cypress/e2e/K-group-activity-workflow.cy.ts • 1 flaky test

View Output

Test		Artifacts
Create and solve a group activity > create a group activity and edit it		Screenshots

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud