Moving env vars to org

[blockiosaurus]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
mpl-core-js-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 11, 2025 2:33pm

[coderabbitai]

Summary by CodeRabbit

• Chores
  • Updated workflow configurations to consistently export version-related environment variables for use in all workflow steps.
  • Improved formatting and style across multiple workflow files for better consistency.
  • Adjusted logic to ensure workflow steps behave correctly for automated Dependabot updates.
  • Simplified environment variable management by removing redundant entries.

Summary by CodeRabbit

• Chores

  • Improved consistency and reliability of environment variable management across all workflows by explicitly exporting repository-level variables for use in subsequent steps.
  • Updated workflow formatting and style for better readability and consistency.
  • Cleaned up and simplified environment configuration files, removing unused variables.

• Chores

  • Updated workflows to export the Node.js version from repository variables into the environment for all relevant GitHub Actions jobs.
  • Removed the Node.js version from the environment configuration file.
  • Improved workflow formatting and consistency, including minor whitespace and style adjustments.
  • Updated Node.js version matrix in tests to use dynamic variables.

Walkthrough

The changes remove the hardcoded NODE_VERSION value from the .github/.env file and update all GitHub Actions workflows to export the NODE_VERSION environment variable from repository-level GitHub variables into the workflow environment using a new step. Minor formatting and whitespace adjustments were also made in some workflow files.

Changes

Files/Group	Change Summary
.github/.env	Removed the NODE_VERSION=20.x line and three other unused environment variable lines.
.github/workflows/benchmark-summary.yml .github/workflows/benchmark.yml .github/workflows/build-rust-client.yml .github/workflows/test-programs.yml .github/workflows/test-rust-client.yml	Added a step after checkout to export NODE_VERSION (and other relevant vars) from GitHub vars to GITHUB_ENV.
.github/workflows/build-programs.yml	Added export step for NODE_VERSION, RUST_VERSION, and SOLANA_VERSION after checkout; minor whitespace cleanup.
.github/workflows/deploy-program.yml	Added export step for NODE_VERSION, RUST_VERSION, and DEPLOY_SOLANA_VERSION; changed quotes from single to double; indentation and whitespace cleanup.
.github/workflows/main.yml	Added NODE_VERSION export step in changes and generate_clients jobs after checkout and before env load; added condition forcing outputs true for Dependabot runs.
.github/workflows/publish-js-client.yml	Added export step for NODE_VERSION after checkout in both publish_js and deploy_js_docs jobs.
.github/workflows/publish-rust-client.yml	Added export step for NODE_VERSION and RUST_VERSION after checkout; updated Git user config to use repo vars.
.github/workflows/test-js-client.yml	Changed Node.js matrix to use variables; added export step for NODE_VERSION and SOLANA_VERSION in "test" and "lint" jobs.

Sequence Diagram(s)

sequenceDiagram
    participant GitHub Actions Workflow
    participant GitHub Repository Variables

    GitHub Actions Workflow->>GitHub Repository Variables: Retrieve NODE_VERSION
    GitHub Actions Workflow->>GitHub Actions Workflow: Export NODE_VERSION to GITHUB_ENV
    GitHub Actions Workflow->>GitHub Actions Workflow: Run subsequent steps with NODE_VERSION in environment

Loading

sequenceDiagram
    participant Workflow Step
    participant .github/.env (before)
    participant GITHUB_ENV (after)

    Note over Workflow Step: Previous approach
    Workflow Step->>.github/.env: Read NODE_VERSION from file
    Workflow Step->>GITHUB_ENV: Append NODE_VERSION

    Note over Workflow Step: New approach
    Workflow Step->>GitHub Repository Variables: Read NODE_VERSION variable
    Workflow Step->>GITHUB_ENV: Write NODE_VERSION directly

Loading

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Benchmark

Benchmark suite	Current: 1f379df	Previous: a1460e5	Ratio
CU: create a new, empty asset	9812 Compute Units	9812 Compute Units	1
Space: create a new, empty asset	91 Bytes	91 Bytes	1
CU: create a new, empty asset with empty collection	21290 Compute Units	21290 Compute Units	1
Space: create a new, empty asset with empty collection	91 Bytes	91 Bytes	1
CU: create a new asset with plugins	30995 Compute Units	30995 Compute Units	1
Space: create a new asset with plugins	194 Bytes	194 Bytes	1
CU: create a new asset with plugins and empty collection	36646 Compute Units	36646 Compute Units	1
Space: create a new asset with plugins and empty collection	194 Bytes	194 Bytes	1
CU: list an asset	27400 Compute Units	27400 Compute Units	1
CU: sell an asset	41754 Compute Units	41754 Compute Units	1
CU: list an asset with empty collection	35555 Compute Units	35555 Compute Units	1
CU: sell an asset with empty collection	55030 Compute Units	55030 Compute Units	1
CU: list an asset with collection royalties	36863 Compute Units	36863 Compute Units	1
CU: sell an asset with collection royalties	60804 Compute Units	60804 Compute Units	1
CU: transfer an empty asset	5262 Compute Units	5262 Compute Units	1
CU: transfer an empty asset with empty collection	8036 Compute Units	8036 Compute Units	1
CU: transfer an asset with plugins	11479 Compute Units	11479 Compute Units	1
CU: transfer an asset with plugins and empty collection	14253 Compute Units	14253 Compute Units	1

This comment was automatically generated by workflow using github-action-benchmark.

[coderabbitai]

Actionable comments posted: 8

♻️ Duplicate comments (4)

.github/workflows/benchmark-summary.yml (1)

29-33: 🧹 Nitpick (assertive)

Duplicate: Standardize exporting repository-level vars
This mirrors the export step in benchmark.yml. Consolidating this logic into a shared composite action will keep all workflows in sync and simplify maintenance.

.github/workflows/test-programs.yml (1)

27-32: 🧹 Nitpick (assertive)

Duplicate: Standardize exporting repository-level vars
Same export block appears here – reinforcing the case for a DRY composite step to handle all version variables in one place.

.github/workflows/test-rust-client.yml (1)

24-29: 🧹 Nitpick (assertive)

Duplicate: Standardize exporting repository-level vars
Identical export logic added here as well. A reusable action would reduce boilerplate and ensure consistency across workflows.

.github/workflows/build-rust-client.yml (1)

38-43: 🧹 Nitpick (assertive)

Duplicate: Standardize exporting repository-level vars
This export step is repeated in several workflows. Extracting it to a central composite action would improve maintainability and make version bumps easier.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 87b2198 and 0f6adf4.

📒 Files selected for processing (11)

• .github/.env (0 hunks)
• .github/workflows/benchmark-summary.yml (1 hunks)
• .github/workflows/benchmark.yml (1 hunks)
• .github/workflows/build-programs.yml (2 hunks)
• .github/workflows/build-rust-client.yml (1 hunks)
• .github/workflows/deploy-program.yml (7 hunks)
• .github/workflows/main.yml (2 hunks)
• .github/workflows/publish-rust-client.yml (2 hunks)
• .github/workflows/test-js-client.yml (2 hunks)
• .github/workflows/test-programs.yml (1 hunks)
• .github/workflows/test-rust-client.yml (2 hunks)

💤 Files with no reviewable changes (1)

• .github/.env

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Programs / Build
• GitHub Check: Programs / Test (mpl-core)

🔇 Additional comments (4)

.github/workflows/main.yml (1)

74-76: Confirm variable sourcing strategy in generate_clients.

Here you only export NODE_VERSION (relying on .env for Rust/Solana). Double-check that .env still defines RUST_VERSION and SOLANA_VERSION defaults, or export them explicitly here for consistency and clarity.

.github/workflows/test-js-client.yml (1)

18-18: Verify that NEXT_VERSION vars exist.

You’ve switched the Node matrix to ["${{ vars.NEXT_VERSION }}","${{ vars.NEXT_VERSION_NEXT }}"]. Ensure both vars.NEXT_VERSION and vars.NEXT_VERSION_NEXT are defined in repository settings and reflect the intended versions.

.github/workflows/deploy-program.yml (2)

42-56: Consistent quoting and indentation in check_tag.

Switching to double quotes for job/step names and realigning indentation is purely stylistic and improves readability without altering behavior.

---

112-117:

❓ Verification inconclusive

Validate exports order and avoid overrides.

You’ve added an export of NODE_VERSION, RUST_VERSION, and DEPLOY_SOLANA_VERSION. Make sure .github/.env no longer contains these keys so they aren’t overwritten. Optionally guard against unset vars.*.

---

#!/bin/bash
set -e

echo "=== .env files found ==="
find . -type f \( -name ".env" -o -name "*.env" \) -print || echo "No .env files in repo."

echo ""
echo "=== Occurrences of NODE_VERSION, RUST_VERSION, DEPLOY_SOLANA_VERSION ==="
grep -R -nE "NODE_VERSION|RUST_VERSION|DEPLOY_SOLANA_VERSION" --exclude-dir=".git" . || echo "No occurrences outside workflows."

---

#!/bin/bash
set -e

echo "=== Listing all .env files ==="
find . -type f -name ".env" -print

echo ""
echo "=== Searching for NODE_VERSION, RUST_VERSION, DEPLOY_SOLANA_VERSION in .env files ==="
grep -R -nE "NODE_VERSION|RUST_VERSION|DEPLOY_SOLANA_VERSION" --exclude-dir=".git" ./*.env || echo "No matches found in .env files."

---

#!/bin/bash
set -e

echo "=== Checking for .github/.env ==="
if [ -f .github/.env ]; then
  echo ".github/.env exists. Searching for relevant keys:"
  grep -nE '^(NODE_VERSION|RUST_VERSION|DEPLOY_SOLANA_VERSION)=' .github/.env || echo "  No matching keys in .github/.env"
else
  echo "No .github/.env file found."
fi

echo ""
echo "=== Searching all .env files for these variables ==="
find . -type f -name "*.env" ! -path "./.git/*" -print | while read file; do
  echo "File: $file"
  grep -nE '^(NODE_VERSION|RUST_VERSION|DEPLOY_SOLANA_VERSION)=' "$file" || echo "  No matches"
done

---

Ensure .github/.env doesn’t override your new exports

• Confirm that the file at .github/.env (if it exists) no longer defines NODE_VERSION, RUST_VERSION or DEPLOY_SOLANA_VERSION.
• To guard against missing values, you can fail early if any vars.* is unset. For example:

      - name: Export GitHub vars to GITHUB_ENV
        run: |
          #– fail if any var is unset
          for V in NODE_VERSION RUST_VERSION DEPLOY_SOLANA_VERSION; do
            VAL="${{ vars[${V}] }}"
            if [ -z "$VAL" ]; then
              echo "Error: $V is unset" >&2
              exit 1
            fi
            echo "$V=$VAL" >> $GITHUB_ENV
          done

[coderabbitai]

🧹 Nitpick (assertive)

Standardize exporting repository-level vars
The new “Export GitHub vars to GITHUB_ENV” step correctly surfaces NODE_VERSION and SOLANA_VERSION for downstream steps. As this pattern is repeated across multiple workflows, consider extracting it into a reusable composite action or workflow call to reduce duplication and ease future updates.

🤖 Prompt for AI Agents

In .github/workflows/benchmark.yml around lines 25 to 29, the step exporting
NODE_VERSION and SOLANA_VERSION to GITHUB_ENV is duplicated in multiple
workflows. Refactor by extracting this export logic into a reusable composite
action or a separate workflow that can be called from other workflows. Replace
the inline export commands with a call to this reusable component to reduce
duplication and simplify future maintenance.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Validate exports order and avoid duplicates.

You’ve correctly added a step to source repo-level vars into GITHUB_ENV. Please confirm that .github/.env no longer defines NODE_VERSION, RUST_VERSION, or SOLANA_VERSION, otherwise the subsequent cat .env will override these exports. Optionally, fail fast if any of these vars.* are unset to catch missing org variables early.

---

🏁 Script executed:

#!/bin/bash
# Check if .github/.env exists and whether it defines the versions in question
if [ -f .github/.env ]; then
  echo "Scanning .github/.env for version definitions..."
  rg -n '^(NODE_VERSION|RUST_VERSION|SOLANA_VERSION)=' .github/.env || echo "✔ No matching definitions found in .github/.env"
else
  echo "✔ .github/.env does not exist"
fi

# Verify if any workflow step later re-cats .env into GITHUB_ENV
echo "Searching workflows for any 'cat .env' usage..."
rg -n 'cat .*\.env' .github/workflows || echo "✔ No 'cat .env' steps found in workflows"

Length of output: 1583

---

Validate exports order and avoid duplicates

The .github/.env file still defines RUST_VERSION and SOLANA_VERSION, and the cat .github/.env >> $GITHUB_ENV step at line 45 of build-programs.yml will override the repo-level vars.* exports. To fix:

• Remove RUST_VERSION and SOLANA_VERSION from .github/.env.

• In .github/workflows/build-programs.yml (line 45), either remove the cat .github/.env >> $GITHUB_ENV step or move it before the echo "…vars.*" exports.

• Optionally add a fail-fast check for unset variables, e.g.:

  run: |
    set -u
    : "${{ vars.NODE_VERSION:?NODE_VERSION is not set}}"
    : "${{ vars.RUST_VERSION:?RUST_VERSION is not set}}"
    : "${{ vars.SOLANA_VERSION:?SOLANA_VERSION is not set}}"
    echo "NODE_VERSION=${{ vars.NODE_VERSION }}" >> $GITHUB_ENV
    …

🤖 Prompt for AI Agents

In .github/workflows/build-programs.yml around lines 38 to 43, the environment
variables RUST_VERSION and SOLANA_VERSION are still defined in .github/.env,
causing the later step at line 45 that cats .github/.env into GITHUB_ENV to
override the repo-level vars exports. To fix this, remove RUST_VERSION and
SOLANA_VERSION definitions from .github/.env, then either delete the cat
.github/.env >> $GITHUB_ENV step at line 45 or move it before the echo commands
that export vars.*. Additionally, add a fail-fast check before exporting to
ensure NODE_VERSION, RUST_VERSION, and SOLANA_VERSION are set in vars, using
shell parameter expansion with set -u to catch missing variables early.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Ensure .env won’t override your exports.

You’ve exported NODE_VERSION, RUST_VERSION, and SOLANA_VERSION from repo vars. Verify that .github/.env no longer redeclares these keys—otherwise your values will be shadowed. Consider erroring out if any vars.* is empty to avoid silent misconfigurations.

---

🏁 Script executed:

#!/bin/bash
echo "Checking for .github/.env file..."
if [ -f .github/.env ]; then
  echo "Found .github/.env; checking for redeclaration of vars:"
  grep -E '^(NODE_VERSION|RUST_VERSION|SOLANA_VERSION)=' .github/.env || echo "No NODE_VERSION, RUST_VERSION or SOLANA_VERSION lines found."
else
  echo ".github/.env file not found."
fi

Length of output: 336

---

Remove conflicting .github/.env entries

I noticed that .github/.env still redeclares two of your workflow vars, which will override the values you export in main.yml:

• File: .github/.env
  • Lines containing RUST_VERSION=1.79.0 and SOLANA_VERSION=1.18.19

To fix this:

• Remove or rename these entries in .github/.env, so your workflow’s
echo "…${{ vars.* }}" >> $GITHUB_ENV lines take effect.
• (Optional) Add a validation step in your workflow to fail early if any of the repo vars is empty:

- name: Validate required vars
  run: |
    for var in NODE_VERSION RUST_VERSION SOLANA_VERSION; do
      if [ -z "${{ vars[$var] }}" ]; then
        echo "Error: $var is not set" >&2
        exit 1
      fi
    done

This prevents silent misconfiguration and ensures your exports aren’t inadvertently shadowed.

🤖 Prompt for AI Agents

In .github/workflows/main.yml around lines 26 to 31, the environment variables
NODE_VERSION, RUST_VERSION, and SOLANA_VERSION are exported from repo vars, but
the .github/.env file still redeclares RUST_VERSION and SOLANA_VERSION, causing
conflicts and shadowing. To fix this, remove or rename the RUST_VERSION and
SOLANA_VERSION entries in .github/.env so the exported values from the workflow
take effect. Additionally, add a validation step in the workflow to check if any
of these vars are empty and fail early with an error message to prevent silent
misconfigurations.

[blockiosaurus]

Shadowing by setting an overriding value in the repo .env file is the intended behavior

[coderabbitai]

@blockiosaurus Got it—thanks for clarifying. I’ll keep in mind that the values in .github/.env are meant to take precedence over the repository-level variables, so no changes are needed here. Let me know if you’d like any further tweaks.

---

✏️ Learnings added

Learnt from: blockiosaurus
PR: metaplex-foundation/mpl-core#233
File: .github/workflows/main.yml:26-31
Timestamp: 2025-06-11T15:08:45.869Z
Learning: In this repository, the `.github/.env` file is intentionally allowed to override environment variables that are first exported from GitHub repository-level variables in workflows.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[coderabbitai]

🧹 Nitpick (assertive)

Quote Git config values to handle spaces.

Wrap the user name/email expansions in quotes to avoid splitting on spaces:

- git config user.name ${{ vars.COMMIT_USER_NAME }}
+ git config user.name "${{ vars.COMMIT_USER_NAME }}"
- git config user.email ${{ vars.COMMIT_USER_EMAIL }}
+ git config user.email "${{ vars.COMMIT_USER_EMAIL }}"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	git config user.name ${{ vars.COMMIT_USER_NAME }}
	git config user.email ${{ vars.COMMIT_USER_EMAIL }}
	fi
	git config user.name "${{ vars.COMMIT_USER_NAME }}"
	git config user.email "${{ vars.COMMIT_USER_EMAIL }}"
	fi

🤖 Prompt for AI Agents

In .github/workflows/publish-rust-client.yml around lines 89 to 91, the git
config commands for user.name and user.email do not quote the variable
expansions, which can cause issues if the values contain spaces. Fix this by
wrapping the variable expansions ${{ vars.COMMIT_USER_NAME }} and ${{
vars.COMMIT_USER_EMAIL }} in double quotes to ensure the entire value is treated
as a single argument.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Validate exports order and avoid overrides.

This step correctly pulls NODE_VERSION and RUST_VERSION from repo vars. Confirm .github/.env no longer includes these keys so your exports persist. Optionally, add a guard to fail if any vars.* is missing.

---

#!/bin/bash
# Check for existence of .github/.env and search for NODE_VERSION and RUST_VERSION
if [ -f .github/.env ]; then
  echo "Found .github/.env"
  grep -n "NODE_VERSION" .github/.env || echo "NODE_VERSION not found in .github/.env"
  grep -n "RUST_VERSION" .github/.env || echo "RUST_VERSION not found in .github/.env"
else
  echo ".github/.env not found"
fi

---

#!/bin/bash
# List top-level files in .github/
echo "=== .github directory contents ==="
find .github -maxdepth 1 -type f -print

# Search for any .env files in .github and project root
echo -e "\n=== .env files found ==="
find .github . -type f \( -name ".env" -o -name "*.env" \) -print

# Inspect each .env file for NODE_VERSION and RUST_VERSION
echo -e "\n=== Checking for NODE_VERSION and RUST_VERSION in .env files ==="
while IFS= read -r file; do
  echo "---- $file ----"
  grep -nE "NODE_VERSION|RUST_VERSION" "$file" && echo || echo "No matches in $file"
done < <(find .github . -type f \( -name ".env" -o -name "*.env" \))

---

🏁 Script executed:

#!/bin/bash
set -e

# Check for .github/.env overrides
echo "==> Checking .github/.env"
if [[ -f .github/.env ]]; then
  echo ".github/.env found"
  grep -En "^(NODE_VERSION|RUST_VERSION)=" .github/.env || echo "No NODE_VERSION or RUST_VERSION entries in .github/.env"
else
  echo ".github/.env not found"
fi

# Search for other .env files in repo
echo -e "\n==> Searching for other .env files"
find . -maxdepth 2 -type f \( -name ".env" -o -name "*.env" \) | while read -r file; do
  echo "Inspecting $file"
  grep -En "^(NODE_VERSION|RUST_VERSION)=" "$file" || echo "  No NODE_VERSION or RUST_VERSION in $file"
done

Length of output: 539

---

Remove version overrides from .github/.env to prevent conflicts

The .github/.env file still contains an entry for RUST_VERSION (line 2), which will override the value you’re exporting. Please:

• Delete any NODE_VERSION= and RUST_VERSION= lines from .github/.env
• Optionally, add a guard in your workflow to fail early if either var is unset:

- name: Export GitHub vars to GITHUB_ENV
  run: |
    for v in NODE_VERSION RUST_VERSION; do
      if [ -z "${{ vars[$v] }}" ]; then
        echo "ERROR: $v is undefined" >&2
        exit 1
      fi
    done
    echo "NODE_VERSION=${{ vars.NODE_VERSION }}" >> $GITHUB_ENV
    echo "RUST_VERSION=${{ vars.RUST_VERSION }}" >> $GITHUB_ENV

🤖 Prompt for AI Agents

In .github/workflows/publish-rust-client.yml around lines 60 to 64, the
.github/.env file still contains NODE_VERSION and RUST_VERSION entries that
override the exported GitHub vars. Remove any lines defining NODE_VERSION= or
RUST_VERSION= from .github/.env to prevent conflicts. Additionally, update the
workflow step to include a guard that checks if these vars are set and fails
early with an error message if either is missing before exporting them to
GITHUB_ENV.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Avoid .env shadowing in lint job.

Same as above: you export SOLANA_VERSION then cat .env. Verify .env doesn’t accidentally redefine it.

---

🏁 Script executed:

#!/bin/bash
# Locate any usage of .env in the test-js-client workflow
grep -R "cat .*\.env" -n .github/workflows/test-js-client.yml

# Confirm where SOLANA_VERSION is exported
grep -R "SOLANA_VERSION" -n .github/workflows/test-js-client.yml

Length of output: 425

---

🏁 Script executed:

#!/bin/bash
# Verify if .github/.env redefines NODE_VERSION or SOLANA_VERSION
grep -En '^(NODE_VERSION|SOLANA_VERSION)=' .github/.env || echo "No redefinitions found in .env"

Length of output: 82

---

Prevent .env from overriding exported vars
The .github/.env file defines SOLANA_VERSION (and may define NODE_VERSION in future), which will shadow the values you explicitly export above. To avoid this, you should either import .env before exporting these vars or filter out those keys from .env.

• File: .github/workflows/test-js-client.yml
– Line 31 & Line 80: run: cat .github/.env >> $GITHUB_ENV
– Line 74–78: exporting NODE_VERSION and SOLANA_VERSION

Suggested fixes:

• Move the cat .github/.env >> $GITHUB_ENV step so it runs before the export block.
• Or change the .env import to exclude NODE_VERSION/SOLANA_VERSION.
• Or re-export the correct versions after sourcing .env.

🤖 Prompt for AI Agents

In .github/workflows/test-js-client.yml around lines 74 to 78, the exported
environment variables NODE_VERSION and SOLANA_VERSION are being overridden by
values from the .github/.env file imported later at line 80. To fix this, either
move the step that imports .github/.env to run before exporting these variables,
or modify the import command to exclude NODE_VERSION and SOLANA_VERSION from
being overwritten, or re-export NODE_VERSION and SOLANA_VERSION after importing
.env to ensure the correct values persist.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Avoid .env shadowing of Solana.

You export SOLANA_VERSION here before loading .env. Confirm that .env no longer defines SOLANA_VERSION (or else this export will be overridden). Consider failing on an unset vars.SOLANA_VERSION.

---

🏁 Script executed:

#!/bin/bash
# Search for explicit .env usage in the workflow
rg -n ".env" -A3 .github/workflows/test-js-client.yml || echo "No .env references in test-js-client.yml"

# List any .env files in the repo root
find . -maxdepth 2 -type f -name ".env*" -print

# Check for SOLANA_VERSION in any .env files
grep -H "SOLANA_VERSION" .env* || echo "No SOLANA_VERSION definitions found in .env files"

Length of output: 1255

---

🏁 Script executed:

#!/bin/bash
# Check for SOLANA_VERSION definition in the GitHub Actions .env file
grep -n "SOLANA_VERSION" .github/.env || echo "No SOLANA_VERSION definitions found in .github/.env"

Length of output: 94

---

Prevent .env from overriding SOLANA_VERSION

The .github/.env file still defines SOLANA_VERSION, which will override the earlier export. You’ll need to either remove that entry or adjust the workflow so that your vars.SOLANA_VERSION export takes precedence (and fail fast if it’s unset).

• In .github/.env – remove or rename the SOLANA_VERSION=… line.
• In .github/workflows/test-js-client.yml – move the “Export GitHub vars” step to after you load .env, or vice versa:

  - name: Export GitHub vars to GITHUB_ENV
    run: |
      echo "NODE_VERSION=${{ vars.NODE_VERSION }}" >> $GITHUB_ENV
-       echo "SOLANA_VERSION=${{ vars.SOLANA_VERSION }}" >> $GITHUB_ENV

  - name: Load environment variables
    run: cat .github/.env >> $GITHUB_ENV

+   - name: Export Solana version
+     run: |
+       : "${{ vars.SOLANA_VERSION }:?vars.SOLANA_VERSION is required}"
+       echo "SOLANA_VERSION=${{ vars.SOLANA_VERSION }}" >> $GITHUB_ENV

This ensures your declared vars.SOLANA_VERSION isn’t silently overridden and the workflow fails if it’s missing.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Export GitHub vars to GITHUB_ENV
	run: |
	echo "NODE_VERSION=${{ vars.NODE_VERSION }}" >> $GITHUB_ENV
	echo "SOLANA_VERSION=${{ vars.SOLANA_VERSION }}" >> $GITHUB_ENV
	- name: Export GitHub vars to GITHUB_ENV
	run: |
	echo "NODE_VERSION=${{ vars.NODE_VERSION }}" >> $GITHUB_ENV
	- name: Load environment variables
	run: |
	cat .github/.env >> $GITHUB_ENV
	- name: Export Solana version
	run: |
	: "${{ vars.SOLANA_VERSION }:?vars.SOLANA_VERSION is required}"
	echo "SOLANA_VERSION=${{ vars.SOLANA_VERSION }}" >> $GITHUB_ENV

🤖 Prompt for AI Agents

In .github/workflows/test-js-client.yml around lines 25 to 29, the workflow
exports SOLANA_VERSION from vars before loading the .env file, but .github/.env
still defines SOLANA_VERSION which overrides this export. To fix this, either
remove or rename the SOLANA_VERSION entry in .github/.env, or adjust the
workflow to export SOLANA_VERSION after loading .env, and add a check to fail
the workflow if vars.SOLANA_VERSION is unset to prevent silent overrides.

[coderabbitai]

🧹 Nitpick (assertive)

Parameterize static values; consider centralizing addresses.

Using env.SQUADS_MULTISIG, env.BUFFER, and a hardcoded spill-address is fine, but extracting the static spill address into a repo variable or secret could simplify updates if it ever changes.

🤖 Prompt for AI Agents

In .github/workflows/deploy-program.yml around lines 275 to 279, the hardcoded
spill-address value should be parameterized by moving it to a centralized
repository variable or secret. Replace the static spill-address string with a
reference to this new environment variable to make future updates easier and
maintain consistency across the codebase.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

.github/workflows/main.yml (1)

26-31: Prevent env var shadowing by .github/.env
The Load environment variables step runs after you export repo-level vars, which means any keys still declared in .github/.env will override your exports. Confirm that .github/.env no longer redeclares NODE_VERSION, RUST_VERSION, or SOLANA_VERSION, or consider cat-ing .env before your export step.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0f6adf4 and 1f379df.

📒 Files selected for processing (1)

• .github/workflows/main.yml (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Programs / Build
• GitHub Check: Programs / Test (mpl-core)

[coderabbitai]

⚠️ Potential issue

Logical error: Dependabot override never applied due to string truthiness
Using steps.changes.outputs.any || github.actor == 'dependabot[bot]' always returns the non-empty string output (even when it’s "false"), so Dependabot runs won’t be forced to true.

Consider switching to a boolean comparison, for example:

any: ${{ steps.changes.outputs.any == 'true' || github.actor == 'dependabot[bot]' }}
programs: ${{ steps.changes.outputs.programs == 'true' || github.actor == 'dependabot[bot]' }}
js_client: ${{ steps.changes.outputs.js_client == 'true' || github.actor == 'dependabot[bot]' }}
rust_client: ${{ steps.changes.outputs.rust_client == 'true' || github.actor == 'dependabot[bot]' }}

Ensure your downstream if: needs.changes.outputs.* == 'true' checks still align with this boolean logic.

🤖 Prompt for AI Agents

In .github/workflows/main.yml around lines 17 to 21, the current use of logical
OR with string outputs like steps.changes.outputs.any || github.actor ==
'dependabot[bot]' always evaluates to the string value, causing Dependabot
overrides to never apply correctly. Fix this by explicitly comparing the output
strings to 'true' using equality checks (e.g., steps.changes.outputs.any ==
'true' || github.actor == 'dependabot[bot]') to ensure proper boolean logic.
Also verify that any downstream conditional checks using these outputs remain
consistent with this boolean comparison approach.

[coderabbitai]

⚠️ Potential issue

Missing Rust/Solana version exports in Generate clients job
The generate_clients job only echoes NODE_VERSION but later installs Rust and Solana using env.RUST_VERSION and env.SOLANA_VERSION. Add those exports here:

-      - name: Export GitHub vars to GITHUB_ENV
-        run: echo "NODE_VERSION=${{ vars.NODE_VERSION }}" >> $GITHUB_ENV
+      - name: Export GitHub vars to GITHUB_ENV
+        run: |
+          echo "NODE_VERSION=${{ vars.NODE_VERSION }}" >> $GITHUB_ENV
+          echo "RUST_VERSION=${{ vars.RUST_VERSION }}" >> $GITHUB_ENV
+          echo "SOLANA_VERSION=${{ vars.SOLANA_VERSION }}" >> $GITHUB_ENV

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Export GitHub vars to GITHUB_ENV
	run: echo "NODE_VERSION=${{ vars.NODE_VERSION }}" >> $GITHUB_ENV
	- name: Export GitHub vars to GITHUB_ENV
	run: |
	echo "NODE_VERSION=${{ vars.NODE_VERSION }}" >> $GITHUB_ENV
	echo "RUST_VERSION=${{ vars.RUST_VERSION }}" >> $GITHUB_ENV
	echo "SOLANA_VERSION=${{ vars.SOLANA_VERSION }}" >> $GITHUB_ENV

🤖 Prompt for AI Agents

In .github/workflows/main.yml around lines 74 to 76, the generate_clients job
exports only NODE_VERSION to GITHUB_ENV but uses RUST_VERSION and SOLANA_VERSION
later. Add echo commands to export RUST_VERSION and SOLANA_VERSION to GITHUB_ENV
alongside NODE_VERSION to ensure these environment variables are available
during the job execution.