test: smoke-test GCS upload flow

[syntaxsdev]

Throwaway PR to test the GCS video upload pipeline. Delete after verifying.

Summary by CodeRabbit

• Documentation

  • Minor formatting adjustment to README (added trailing blank line).

• Chores

  • CI workflow updated to restrict a job to non-fork pull requests and to use Google Cloud storage inputs instead of previous S3-related settings; removed forwarding of S3 secrets.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added a trailing newline to README.md. Updated the pull-reviews GitHub Actions workflow to run a job-only when PR source is not a fork, replaced s3_bucket input with gcs_bucket, and removed S3-related secrets forwarded into the reusable workflow.

Changes

Cohort / File(s)	Summary
Documentation Formatting README.md	Added a trailing newline at end of file (+1 line).
CI / Workflow .github/workflows/pull-reviews.yml	Added job-level conditional to run preel only for non-fork PRs; replaced reusable workflow input s3_bucket: pull-reviews with gcs_bucket: ambient-code-pull-reviews; removed forwarding of S3-related secrets (S3_ENDPOINT, S3_ACCESS_KEY_ID, S3_SECRET_ACCESS_KEY) and CDN_BASE_URL, leaving only GCP-related inputs.

🚥 Pre-merge checks | ✅ 5 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	Title follows Conventional Commits format (test: scope), but describes a smoke test rather than the main changes (S3→GCS migration, fork PR skip logic).	Align title with primary changes: e.g., 'ci: switch pull-reviews from S3 to GCS, skip fork PRs' to match the actual commit message and changeset.

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Performance And Algorithmic Complexity	✅ Passed	PR contains only documentation and GitHub Actions workflow changes with no algorithmic code or performance-sensitive logic.
Security And Secret Handling	✅ Passed	PR contains no hardcoded secrets, tokens, or credentials. GCP resource identifiers are public config values required for authentication setup.
Kubernetes Resource Safety	✅ Passed	PR modifies only README.md and GitHub Actions workflow; no Kubernetes resource manifests present.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch test/gcs-flow-smoke-test

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch test/gcs-flow-smoke-test

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/pull-reviews.yml:
- Line 15: Replace the reusable workflow reference that currently ends with
"@main" (the string
"ambient-code/pull-reviews/.github/workflows/review.yml@main") with a pinned
full 40-character commit SHA from the ambient-code repository; locate the
desired commit in that repo, copy its full commit SHA, and substitute it for
"@main" so the workflow references
"ambient-code/pull-reviews/.github/workflows/review.yml@<40-char-commit-sha>" to
ensure reproducible, immutable execution.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 831c7d57-fcf9-4aa1-bb4d-51651cbdf9f4

📥 Commits

Reviewing files that changed from the base of the PR and between d767395 and 94fe4be.

📒 Files selected for processing (1)

• .github/workflows/pull-reviews.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
rg -nP '^\s*uses:\s*[^@\n]+@(?![0-9a-fA-F]{40}\b)[^\s]+' .github/workflows

Repository: ambient-code/platform

Length of output: 10148

---

Pin reusable workflow to commit SHA instead of @main.

Using @main allows silent updates that break reproducibility and create supply-chain risk. Pin to a full 40-character commit SHA.

Suggested change

-    uses: ambient-code/pull-reviews/.github/workflows/review.yml@main
+    uses: ambient-code/pull-reviews/.github/workflows/review.yml@<commit-sha>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pull-reviews.yml at line 15, Replace the reusable workflow
reference that currently ends with "@main" (the string
"ambient-code/pull-reviews/.github/workflows/review.yml@main") with a pinned
full 40-character commit SHA from the ambient-code repository; locate the
desired commit in that repo, copy its full commit SHA, and substitute it for
"@main" so the workflow references
"ambient-code/pull-reviews/.github/workflows/review.yml@<40-char-commit-sha>" to
ensure reproducible, immutable execution.

[github-actions]

Pull Reviews

✅ Positive — This PR updates the CI/CD workflow to migrate from S3 to Google Cloud Storage for pull request review artifacts, adding a conditional check to prevent execution on forked repositories.

https://storage.googleapis.com/ambient-code-pull-reviews/videos/ci-ambient-code-platform-1287-1776087783472.mp4

Callouts

• warning (breaking-change): Migration from S3 to GCS is a significant infrastructure change. Existing review artifacts stored in S3 will become inaccessible unless a migration strategy is in place. The removal of S3 secrets assumes all dependent systems have been updated to use GCS.
• info (performance): GCS bucket region (us-east5) should be verified as appropriate for the project's geographic distribution. Consider documenting the rationale for this region choice.

File-by-file breakdown

• .github/workflows/pull-reviews.yml (high): Updates the pull request review workflow to use GCS instead of S3 and adds security controls for fork protection.
• README.md (low): Minor documentation formatting update.

---

_{Generated by pull-reviews — automated video reviews for PRs}