Skip to content

chore(ci): use yaml anchors in checks job for common reused actions #2900

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
jakedoublev wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

chore(ci): use yaml anchors in checks job for common reused actions #2900

jakedoublev wants to merge 1 commit into from

Conversation

@jakedoublev
Copy link
Contributor

@jakedoublev jakedoublev commented Nov 12, 2025

Proposed Changes

  • If a GHA is used more than 2 times in the checks.yaml workflow, we should use a yaml anchor, now GA in GHA

Checklist

  • I have added or updated unit tests
  • I have added or updated integration tests (if appropriate)
  • I have added or updated documentation

Testing Instructions

@github-actions github-actions bot added comp:ci Github Actions Work size/s labels Nov 12, 2025
github-actions[bot]
github-actions bot reviewed Nov 12, 2025
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remaining comments which cannot be posted as a review comment to avoid GitHub Rate Limit

actionlint

🚫 [actionlint] reported by reviewdog 🐶
specifying action "" in invalid format because ref is missing. available formats are "{owner}/{repo}@{ref}" or "{owner}/{repo}/{path}@{ref}" [action]

platform/.github/workflows/checks.yaml

Line 557 in 9a4da1d

- uses: *actions-checkout

🚫 [actionlint] reported by reviewdog 🐶
expected scalar node for string value but found alias node with "" tag [syntax-check]

platform/.github/workflows/checks.yaml

Line 560 in 9a4da1d

- uses: *actions-setup-go

🚫 [actionlint] reported by reviewdog 🐶
specifying action "" in invalid format because ref is missing. available formats are "{owner}/{repo}@{ref}" or "{owner}/{repo}/{path}@{ref}" [action]

platform/.github/workflows/checks.yaml

Line 560 in 9a4da1d

- uses: *actions-setup-go

.github/workflows/checks.yaml
contents: read
name: integration tests
runs-on: ubuntu-22.04
runs-on: *ubuntu-runner
Copy link
Contributor

@github-actions github-actions bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [actionlint] reported by reviewdog 🐶
"runs-on" section is alias node but mapping node is expected [syntax-check]

.github/workflows/checks.yaml
TLS_ENABLED: "true"
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: *actions-checkout
Copy link
Contributor

@github-actions github-actions bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [actionlint] reported by reviewdog 🐶
expected scalar node for string value but found alias node with "" tag [syntax-check]

.github/workflows/checks.yaml
TLS_ENABLED: "true"
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: *actions-checkout
Copy link
Contributor

@github-actions github-actions bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [actionlint] reported by reviewdog 🐶
specifying action "" in invalid format because ref is missing. available formats are "{owner}/{repo}@{ref}" or "{owner}/{repo}/{path}@{ref}" [action]

.github/workflows/checks.yaml
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
- uses: *actions-setup-go
Copy link
Contributor

@github-actions github-actions bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [actionlint] reported by reviewdog 🐶
expected scalar node for string value but found alias node with "" tag [syntax-check]

.github/workflows/checks.yaml
with:
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
- uses: *actions-setup-go
Copy link
Contributor

@github-actions github-actions bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [actionlint] reported by reviewdog 🐶
specifying action "" in invalid format because ref is missing. available formats are "{owner}/{repo}@{ref}" or "{owner}/{repo}/{path}@{ref}" [action]

.github/workflows/checks.yaml
input: service
against: "https://github.com/opentdf/platform.git#branch=${{ github.event.pull_request.base.ref || github.base_ref || 'main' }},subdir=service"
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
- uses: *actions-setup-go
Copy link
Contributor

@github-actions github-actions bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [actionlint] reported by reviewdog 🐶
expected scalar node for string value but found alias node with "" tag [syntax-check]

.github/workflows/checks.yaml
input: service
against: "https://github.com/opentdf/platform.git#branch=${{ github.event.pull_request.base.ref || github.base_ref || 'main' }},subdir=service"
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
- uses: *actions-setup-go
Copy link
Contributor

@github-actions github-actions bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [actionlint] reported by reviewdog 🐶
specifying action "" in invalid format because ref is missing. available formats are "{owner}/{repo}@{ref}" or "{owner}/{repo}/{path}@{ref}" [action]

.github/workflows/checks.yaml
- tests-bdd
- otdfctl-test
runs-on: ubuntu-22.04
runs-on: *ubuntu-runner
Copy link
Contributor

@github-actions github-actions bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [actionlint] reported by reviewdog 🐶
"runs-on" section is alias node but mapping node is expected [syntax-check]

.github/workflows/checks.yaml
contents: read
name: license check
runs-on: ubuntu-22.04
runs-on: *ubuntu-runner
Copy link
Contributor

@github-actions github-actions bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [actionlint] reported by reviewdog 🐶
"runs-on" section is alias node but mapping node is expected [syntax-check]

.github/workflows/checks.yaml
runs-on: *ubuntu-runner
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: *actions-checkout
Copy link
Contributor

@github-actions github-actions bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [actionlint] reported by reviewdog 🐶
expected scalar node for string value but found alias node with "" tag [syntax-check]

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 12, 2025
View reviewed changes
.github/workflows/checks.yaml
fetch-depth: 0
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
- uses: &actions-setup-go actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0

Check failure

Code scanning / zizmor

runtime artifacts potentially vulnerable to a cache poisoning attack Error

runtime artifacts potentially vulnerable to a cache poisoning attack
.github/workflows/checks.yaml
fetch-depth: 0
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
- uses: &actions-setup-go actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0

Check failure

Code scanning / zizmor

runtime artifacts potentially vulnerable to a cache poisoning attack Error

runtime artifacts potentially vulnerable to a cache poisoning attack
.github/workflows/checks.yaml
fetch-depth: 0
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
- uses: &actions-setup-go actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0

Check failure

Code scanning / zizmor

runtime artifacts potentially vulnerable to a cache poisoning attack Error

runtime artifacts potentially vulnerable to a cache poisoning attack
.github/workflows/checks.yaml
fetch-depth: 0
persist-credentials: false
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
- uses: &actions-setup-go actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0

Check failure

Code scanning / zizmor

runtime artifacts potentially vulnerable to a cache poisoning attack Error

runtime artifacts potentially vulnerable to a cache poisoning attack
@github-actions
Copy link
Contributor

github-actions bot commented Nov 12, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 144.22185ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 82.843812ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 368.638262ms
Throughput 271.27 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 37.801046878s
Average Latency 376.150955ms
Throughput 132.27 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 25.872255216s
Average Latency 257.989273ms
Throughput 193.26 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Nov 12, 2025

X-Test Results

opentdfplatform6N03G8.dockerbuild
cukes-report
✅ js-v0.4.34
✅ java-v0.4.34
✅ go-v0.4.34
bats-test-results
✅ js-pull-2900
✅ java-pull-2900
✅ go-pull-2900

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

comp:ci Github Actions Work size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jakedoublev