ci: only commit gRPC cache updates on pull requests

[lklimek]

Issue being fixed or feature implemented

The "Check rs-sdk gRPC coverage" workflow tries to commit cache updates directly to protected branches (v*-dev, master) on push events, which fails with:

remote: error: GH013: Repository rule violations found for refs/heads/v3.1-dev.
Changes must be made through a pull request.

See: https://github.com/dashpay/platform/actions/runs/22679875743/job/65747025659

User Story

Imagine you are a developer merging a PR that touches gRPC protos. The merge triggers a push event on v3.1-dev, which runs the gRPC coverage check. The cache update step tries to push directly to the protected branch and fails — making the CI red for no good reason.

What was done?

Changed the "Commit cache updates" step condition from:

• github.event_name == 'push' (can't push to protected branches)

To:

• github.event_name == 'pull_request' (can push to PR head branch)

Also added git checkout "${{ github.head_ref }}" since PR checkouts are in detached HEAD state.

The same guard (github.event.pull_request.head.repo.full_name == github.repository) is used as the existing "Comment PR" step, ensuring we only push to same-repo PRs (not forks).

How Has This Been Tested?

• YAML validated
• Logic matches existing pattern in the same workflow (Comment PR step, line 79)

Breaking Changes

None

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated relevant unit/integration/functional/e2e tests
• I have made corresponding changes to the documentation if needed

_{🤖 Co-authored by Claudius the Magnificent AI Agent}

Summary by CodeRabbit

• New Features

  • Added six new gRPC queries to support address info and balance tracking: getAddressInfo, getAddressesBranchState, getAddressesInfos, getAddressesTrunkState, getRecentAddressBalanceChanges, and getRecentCompactedAddressBalanceChanges.

• Chores

  • Hardened CI workflow to ensure branch consistency and safer cache update handling, reducing risk of mismatched cache pushes.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1155a45e-cb4a-4081-b3f4-262a0bb63dc8

📥 Commits

Reviewing files that changed from the base of the PR and between 63b39d7 and 1c6fd4a.

📒 Files selected for processing (1)

• .github/grpc-queries-cache.json

---

📝 Walkthrough

Walkthrough

Added six implemented gRPC query entries to the query cache and updated its timestamp. Adjusted the CI workflow to set checkout ref, restrict cache commit updates to pull_request events with a head-repo check, and added a branch-consistency guard before pushing cache updates.

Changes

Cohort / File(s)	Summary
gRPC Query Cache \.github/grpc-queries-cache.json	Inserted six implemented queries: getAddressInfo, getAddressesBranchState, getAddressesInfos, getAddressesTrunkState, getRecentAddressBalanceChanges, getRecentCompactedAddressBalanceChanges. Updated last_updated timestamp.
CI/CD Workflow \.github/workflows/tests-rs-sdk-grpc-coverage.yml	Set ref on the checkout step, changed cache commit update condition to run on pull_request with a head-repo equality check, and added a guard that verifies the current branch equals the PR head before pushing cache updates.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I hopped through JSON fields at dawn,

Six new queries neatly drawn.
I checked the branch, locked the gate,
So CI caches update straight.
A carrot cheer — deploy, elate! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: restricting gRPC cache updates to pull request events only, which directly addresses the CI workflow fix described in the PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ci/fix-grpc-cache-commit-on-pr

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅ gRPC Query Coverage Report

================================================================================
gRPC Query Coverage Report - NEW QUERIES ONLY
================================================================================

Total queries in proto: 53
Previously known queries: 53
New queries found: 0


================================================================================
Summary:
--------------------------------------------------------------------------------
No new queries found

Total known queries: 53
  - Implemented: 50
  - Not implemented: 2
  - Excluded: 1

Not implemented queries:
  - getConsensusParams
  - getTokenPreProgrammedDistributions

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/tests-rs-sdk-grpc-coverage.yml:
- Around line 66-71: The workflow currently interpolates the user-controlled
github.head_ref directly into the shell script; instead set an environment
variable (e.g., EXPECTED) from the workflow YAML using EXPECTED: ${{
github.head_ref }} and then reference that safe env var in the script (use
BRANCH=$(git branch --show-current) and compare to "$EXPECTED"). Update the step
to export/declare EXPECTED in the job or step env and remove any direct inline
interpolation of github.head_ref inside the shell commands so the script only
reads the value from the environment.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a65a1d08-d3da-4207-a287-ce4a962be9ad

📥 Commits

Reviewing files that changed from the base of the PR and between a7b0661 and a09f936.

📒 Files selected for processing (2)

• .github/grpc-queries-cache.json
• .github/workflows/tests-rs-sdk-grpc-coverage.yml

[thepastaclaw]

Reviewed — this looks good. Clean fix for a real problem.

What's here:

1. Cache commit condition switches from push (can't write to protected branches) → pull_request (can push to PR head branch). Correct fix.
2. ref: ${{ github.head_ref || github.ref }} added to checkout — ensures we're on the actual branch, not detached HEAD. Needed for the git push.
3. Branch safety guard compares git branch --show-current against expected — good belt-and-suspenders.
4. github.head_ref passed via env: block, not inline interpolation — addresses the script injection vector that CodeRabbit flagged (already fixed in this revision).
5. Same-repo guard (head.repo.full_name == github.repository) prevents pushes on fork PRs — matches existing pattern in the Comment PR step.

Cache JSON adds 6 new address-related queries. Looks like it reflects current proto state.

One minor note: the push trigger is still present in on: — meaning the coverage check still runs on push to protected branches (just the commit step is skipped). That seems intentional since you still want the coverage report artifact on push events. 👍

[QuantumExplorer]

appr