Skip to content

fix(workflows): update pinned SHA to commit with reusable/ directory #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
YiWang24 merged 8 commits into from
May 4, 2026
Merged

fix(workflows): update pinned SHA to commit with reusable/ directory #36

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
01acf89
fix(workflows): replace relative reusable paths with full org/repo refs
YiWang24 May 4, 2026
8b21871
fix(workflows): use manifest SHA and update routing tests
YiWang24 May 4, 2026
7794e59
fix(workflows): update pinned SHA to commit with reusable/ directory
YiWang24 May 4, 2026
c3418e4
feat(tooling): add structural SHA validation and bump-self-sha script
YiWang24 May 4, 2026
7439335
feat(ci): add SHA validation to PR gate and auto-bump post-merge
YiWang24 May 4, 2026
fcb0a75
fix(workflows): resolve merge conflict, keep valid SHA ebe8fca3
YiWang24 May 4, 2026
9853578
chore(lint): exclude worktrees from yamllint scan
YiWang24 May 4, 2026
58fdfb3
fix(tests): replace grep -P with grep -E for macOS compatibility
YiWang24 May 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions .github/scripts/verify-sha-consistency.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@
MANIFEST="${MANIFEST:-$REPO_ROOT/manifest.yml}"
PENDING="${PENDING:-$REPO_ROOT/manifest-pending.yml}"

# Self-referencing entries that need structural validation beyond SHA consistency.
# Each entry maps to the required path that must exist at the pinned SHA.
declare -A SELF_REFS
SELF_REFS["YiAgent/OpenCI"]=".github/workflows/reusable"

# SPEC Appendix B.2 — deprecated actions. Keep in sync with docs/SPEC.md.
DEPRECATED_ACTIONS=(
"semgrep/semgrep-action"
Expand Down Expand Up @@ -205,6 +210,24 @@
fi
done < <(collect_uses)

# ── Structural validation for self-referencing entries ──────────────────────
# Checks that the pinned SHA actually contains the required directory.
# Catches the "SHA predates reusable/ reorganization" class of failures
# before they reach CI (where they manifest as silent "workflow file issue").
local self_name self_required_path self_sha tree_output
for self_name in "${!SELF_REFS[@]}"; do
self_required_path="${SELF_REFS[$self_name]}"
self_sha="$(echo "$manifest_map" | awk -F'\t' -v key="$self_name" '$1 == key { print $2; exit }')"
[ -z "$self_sha" ] && continue

Check failure on line 221 in .github/scripts/verify-sha-consistency.sh

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Use '[[' instead of '[' for conditional tests. The '[[' construct is safer and more feature-rich. 


See more on https://sonarcloud.io/project/issues?id=YiAgent_OpenCI&issues=AZ3w232cOJbq9wLRQeAP&open=AZ3w232cOJbq9wLRQeAP&pullRequest=36

# git ls-tree returns non-empty output when the path exists at that SHA.
tree_output="$(git ls-tree "$self_sha" "$self_required_path/" 2>/dev/null || true)"
if [ -z "$tree_output" ]; then

Check failure on line 225 in .github/scripts/verify-sha-consistency.sh

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Use '[[' instead of '[' for conditional tests. The '[[' construct is safer and more feature-rich. 


See more on https://sonarcloud.io/project/issues?id=YiAgent_OpenCI&issues=AZ3w232cOJbq9wLRQeAQ&open=AZ3w232cOJbq9wLRQeAQ&pullRequest=36
emit_error "SHA Missing Structure" \
"manifest.yml: $self_name SHA $self_sha has no '$self_required_path/' directory. Run scripts/bump-self-sha.sh to update to a valid commit."
Comment on lines +224 to +227

@coderabbitai coderabbitai Bot May 4, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/usr/bin/env bash
set -euo pipefail

sha="$(yq -r '.deps["YiAgent/OpenCI"] // ""' manifest.yml)"
echo "is_shallow=$(git rev-parse --is-shallow-repository)"
echo "manifest_sha=$sha"

if git cat-file -e "${sha}^{commit}" 2>/dev/null; then
  echo "commit_object_present=yes"
else
  echo "commit_object_present=no (likely shallow clone or missing fetch)"
fi

Repository: YiAgent/OpenCI

Length of output: 101

🏁 Script executed:

# Find the target file and check its content
find . -name "verify-sha-consistency.sh" -type f

Repository: YiAgent/OpenCI

Length of output: 102

🏁 Script executed:

# Read the file to see lines around 224-227
if [ -f ".github/scripts/verify-sha-consistency.sh" ]; then
  wc -l ".github/scripts/verify-sha-consistency.sh"
  sed -n '210,240p' ".github/scripts/verify-sha-consistency.sh"
fi

Repository: YiAgent/OpenCI

Length of output: 1296

🏁 Script executed:

# Also check the full context of the function containing this code
if [ -f ".github/scripts/verify-sha-consistency.sh" ]; then
  sed -n '200,250p' ".github/scripts/verify-sha-consistency.sh"
fi

Repository: YiAgent/OpenCI

Length of output: 1661

🏁 Script executed:

# Check if git cat-file -e works as expected and how git ls-tree behaves
# Let's examine the git documentation/behavior in context

# First, verify the SELF_REFS pattern and how manifest.yml is used
grep -n "SELF_REFS" ".github/scripts/verify-sha-consistency.sh" | head -20

Repository: YiAgent/OpenCI

Length of output: 242

🏁 Script executed:

# Check if there are any other usages of git ls-tree in the script
grep -n "git ls-tree" ".github/scripts/verify-sha-consistency.sh"

Repository: YiAgent/OpenCI

Length of output: 231

🏁 Script executed:

# Verify the manifest.yml structure to understand the data being validated
if [ -f "manifest.yml" ]; then
  cat manifest.yml
fi

Repository: YiAgent/OpenCI

Length of output: 15767

Distinguish missing commit objects from missing directory structure in shallow clones.

Line 224 swallows git ls-tree errors with 2>/dev/null || true, causing shallow clones to produce false "SHA Missing Structure" errors even when the path exists in the commit but the commit object itself is unavailable locally. Check commit-object availability first using git cat-file -e, emit a more specific error, and only then perform the path check.

Suggested fix 
   for self_name in "${!SELF_REFS[@]}"; do
     self_required_path="${SELF_REFS[$self_name]}"
     self_sha="$(echo "$manifest_map" | awk -F'\t' -v key="$self_name" '$1 == key { print $2; exit }')"
     [ -z "$self_sha" ] && continue

+    if ! git cat-file -e "${self_sha}^{commit}" 2>/dev/null; then
+      emit_error "Missing Commit Object" \
+        "manifest.yml: $self_name SHA $self_sha is not present in the local clone. Fetch more history (e.g., checkout with fetch-depth: 0) and rerun."
+      continue
+    fi
+
     # git ls-tree returns non-empty output when the path exists at that SHA.
     tree_output="$(git ls-tree "$self_sha" "$self_required_path/" 2>/dev/null || true)"
     if [ -z "$tree_output" ]; then
       emit_error "SHA Missing Structure" \
         "manifest.yml: $self_name SHA $self_sha has no '$self_required_path/' directory. Run scripts/bump-self-sha.sh to update to a valid commit."
     fi
   done
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
tree_output="$(git ls-tree "$self_sha" "$self_required_path/" 2>/dev/null || true)"
if [ -z "$tree_output" ]; then
emit_error "SHA Missing Structure" \
"manifest.yml: $self_name SHA $self_sha has no '$self_required_path/' directory. Run scripts/bump-self-sha.sh to update to a valid commit."
for self_name in "${!SELF_REFS[@]}"; do
self_required_path="${SELF_REFS[$self_name]}"
self_sha="$(echo "$manifest_map" | awk -F'\t' -v key="$self_name" '$1 == key { print $2; exit }')"
[ -z "$self_sha" ] && continue
if ! git cat-file -e "${self_sha}^{commit}" 2>/dev/null; then
emit_error "Missing Commit Object" \
"manifest.yml: $self_name SHA $self_sha is not present in the local clone. Fetch more history (e.g., checkout with fetch-depth: 0) and rerun."
continue
fi
# git ls-tree returns non-empty output when the path exists at that SHA.
tree_output="$(git ls-tree "$self_sha" "$self_required_path/" 2>/dev/null || true)"
if [ -z "$tree_output" ]; then
emit_error "SHA Missing Structure" \
"manifest.yml: $self_name SHA $self_sha has no '$self_required_path/' directory. Run scripts/bump-self-sha.sh to update to a valid commit."
fi
done
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/scripts/verify-sha-consistency.sh around lines 224 - 227, The
current code silences git errors when running git ls-tree into tree_output,
causing shallow-clone cases where the commit object is missing to surface as
"SHA Missing Structure"; change the logic to first verify the commit object
exists by running git cat-file -e "$self_sha" (without redirecting stderr) and
if that fails call emit_error with a distinct message like "SHA Missing Commit"
explaining the commit object is not available locally, then only run git ls-tree
"$self_sha" "$self_required_path/" (as before) to detect a missing directory and
emit the existing "SHA Missing Structure" error using emit_error when
tree_output is empty.

fi
done

emit_notice "verify-sha-consistency" "Checked $checked uses, $errors error(s)."

if [ "$errors" -gt 0 ]; then
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/agent.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ concurrency:

jobs:
agent:
uses: YiAgent/OpenCI/.github/workflows/reusable/agent.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/agent.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
task: ${{ inputs.task }}
prompt: ${{ inputs.prompt }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ concurrency:

jobs:
ci:
uses: YiAgent/OpenCI/.github/workflows/reusable/ci.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/ci.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
openci-ref: ${{ github.sha }}
registry: ghcr.io
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dependencies.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,6 @@ concurrency:

jobs:
deps:
uses: YiAgent/OpenCI/.github/workflows/reusable/deps.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/deps.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
runner: blacksmith-32vcpu-ubuntu-2404
4 changes: 2 additions & 2 deletions .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:
&& github.event.workflow_run.name == 'ci'
&& github.event.workflow_run.conclusion == 'success')
|| (github.event_name == 'workflow_dispatch' && inputs.mode == 'stg')
uses: YiAgent/OpenCI/.github/workflows/reusable/stg.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/stg.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
app-name: ${{ vars.APP_NAME || github.event.repository.name }}
image-name: ${{ vars.IMAGE_NAME || github.event.repository.name }}
Expand All @@ -54,7 +54,7 @@ jobs:
&& github.event.workflow_run.name == 'release'
&& github.event.workflow_run.conclusion == 'success')
|| (github.event_name == 'workflow_dispatch' && inputs.mode == 'prd')
uses: YiAgent/OpenCI/.github/workflows/reusable/prd.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/prd.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
app-name: ${{ vars.APP_NAME || github.event.repository.name }}
image-name: ${{ vars.IMAGE_NAME || github.event.repository.name }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ concurrency:

jobs:
docs:
uses: YiAgent/OpenCI/.github/workflows/reusable/docs.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/docs.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
build-cmd: ${{ vars.DOCS_BUILD_CMD || '' }}
docs-path: ${{ vars.DOCS_DIR || 'docs' }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/issue-ops.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ concurrency:
jobs:
lifecycle:
if: github.event_name == 'issues' || github.event_name == 'issue_comment'
uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
mode: lifecycle
runner: blacksmith-32vcpu-ubuntu-2404
Expand All @@ -46,7 +46,7 @@ jobs:

ingest:
if: github.event_name == 'repository_dispatch'
uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
mode: ingest
runner: blacksmith-32vcpu-ubuntu-2404
Expand All @@ -60,7 +60,7 @@ jobs:

maintenance:
if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && inputs.mode == 'maintenance')
uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
mode: maintenance
runner: blacksmith-32vcpu-ubuntu-2404
Expand All @@ -74,7 +74,7 @@ jobs:

manual:
if: github.event_name == 'workflow_dispatch' && inputs.mode != 'maintenance'
uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/issue.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
mode: ${{ inputs.mode }}
runner: blacksmith-32vcpu-ubuntu-2404
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/observability.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,15 @@ concurrency:
jobs:
observe-canary:
if: ${{ github.event_name == 'schedule' && github.event.schedule == '*/15 * * * *' }}
uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
mode: canary-watch
runner: blacksmith-32vcpu-ubuntu-2404
secrets: inherit

observe-drift:
if: ${{ github.event_name == 'schedule' && github.event.schedule == '0 4 * * *' }}
uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
mode: terraform-drift
infra-dir: ${{ vars.INFRA_DIR || 'infrastructure' }}
Expand All @@ -50,7 +50,7 @@ jobs:
(github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success')
|| github.event_name == 'repository_dispatch'
|| (github.event_name == 'workflow_dispatch' && inputs.mode == 'verify-fix')
uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/observability.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
mode: verify-fix
runner: blacksmith-32vcpu-ubuntu-2404
Expand Down
98 changes: 98 additions & 0 deletions .github/workflows/on-main-bump-sha.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
# on-main-bump-sha.yml — Auto-bump the YiAgent/OpenCI self-reference SHA after
# every merge to main. Opens a follow-up PR when the SHA needs updating so the
# manifest never drifts out of sync.
#
# Why: the pinned SHA must point to a commit that contains
# .github/workflows/reusable/. After structural reorganizations (or simply
# as main moves forward) the SHA can become stale. This workflow detects
# that condition and creates a one-commit PR to fix it automatically.
name: Auto-bump self SHA

on:
push:
branches: [main]
workflow_dispatch:

permissions:
contents: write
pull-requests: write

jobs:
bump:
name: Bump YiAgent/OpenCI SHA if stale
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176
with: { egress-policy: audit }

- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
persist-credentials: true

- name: Install yq
run: |
sudo wget -qO /usr/local/bin/yq \
https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
sudo chmod +x /usr/local/bin/yq

- name: Check if SHA needs bumping
id: check
run: |
current_sha="$(yq -r '.deps["YiAgent/OpenCI"] // ""' manifest.yml)"
head_sha="$(git rev-parse HEAD)"

if [ -z "$current_sha" ]; then
echo "skip=true" >> "$GITHUB_OUTPUT"
echo "::notice::YiAgent/OpenCI not in manifest.yml — skipping"
exit 0
fi

tree_out="$(git ls-tree "$current_sha" .github/workflows/reusable/ 2>/dev/null || true)"
if [ -n "$tree_out" ] && [ "$current_sha" = "$head_sha" ]; then
echo "skip=true" >> "$GITHUB_OUTPUT"
echo "::notice::SHA $current_sha is current and valid — nothing to do"
exit 0
fi

{
echo "skip=false"
echo "current_sha=$current_sha"
echo "new_sha=$head_sha"
} >> "$GITHUB_OUTPUT"

- name: Run bump-self-sha.sh
if: steps.check.outputs.skip != 'true'
run: bash scripts/bump-self-sha.sh

- name: Commit and open PR
if: steps.check.outputs.skip != 'true'
env:
GH_TOKEN: ${{ github.token }}
NEW_SHA: ${{ steps.check.outputs.new_sha }}
OLD_SHA: ${{ steps.check.outputs.current_sha }}
run: |
branch="chore/bump-self-sha-${NEW_SHA:0:8}"
short_old="${OLD_SHA:0:8}"
short_new="${NEW_SHA:0:8}"

git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git checkout -b "$branch"
git add manifest.yml .github/workflows/
git commit -m "chore(manifest): bump YiAgent/OpenCI SHA to ${short_new}" \
-m "Automated update from on-main-bump-sha workflow. old=${OLD_SHA} new=${NEW_SHA}"

git push origin "$branch"

# shellcheck disable=SC2016
printf 'Automated SHA bump: `%s` to `%s`\n\nThe YiAgent/OpenCI self-reference SHA in manifest.yml was stale. Updated to the latest main HEAD so all reusable workflow calls resolve correctly.\n\n> Generated by the on-main-bump-sha workflow.' \
"$short_old" "$short_new" > /tmp/pr-body.md

gh pr create \
--title "chore(manifest): bump YiAgent/OpenCI SHA to ${short_new}" \
--body-file /tmp/pr-body.md \
--base main \
--head "$branch" \
--label "chore" 2>/dev/null || true
2 changes: 1 addition & 1 deletion .github/workflows/on-maintenance.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ jobs:
if: |
!contains(fromJSON('["pr-review","flag-audit"]'),
needs.resolve-mode.outputs.mode)
uses: YiAgent/OpenCI/.github/workflows/reusable/maintenance.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/maintenance.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
mode: ${{ needs.resolve-mode.outputs.mode }}
openci-ref: ${{ needs.resolve-mode.outputs.openci-ref }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pull-request.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ concurrency:

jobs:
checks:
uses: YiAgent/OpenCI/.github/workflows/reusable/pr.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/pr.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
enable-ai-review: true
enable-eval: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ concurrency:

jobs:
release:
uses: YiAgent/OpenCI/.github/workflows/reusable/release.yml@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/.github/workflows/reusable/release.yml@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
mode: ${{ inputs.mode || 'both' }}
image-name: ${{ vars.IMAGE_NAME || github.event.repository.name }}
Expand Down
16 changes: 8 additions & 8 deletions .github/workflows/reusable/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: { persist-credentials: false }
- name: Resolve OpenCI ref and checkout
uses: YiAgent/OpenCI/actions/_common/resolve-openci@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/actions/_common/resolve-openci@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
openci-ref: ${{ inputs.openci-ref }}
- name: Probe secrets
Expand Down Expand Up @@ -155,7 +155,7 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: { persist-credentials: false }
- name: Resolve OpenCI ref and checkout
uses: YiAgent/OpenCI/actions/_common/resolve-openci@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/actions/_common/resolve-openci@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
openci-ref: ${{ inputs.openci-ref }}
- id: detect
Expand Down Expand Up @@ -183,7 +183,7 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: { persist-credentials: false }
- name: Resolve OpenCI ref and checkout
uses: YiAgent/OpenCI/actions/_common/resolve-openci@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/actions/_common/resolve-openci@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
openci-ref: ${{ inputs.openci-ref }}
- id: build
Expand Down Expand Up @@ -212,7 +212,7 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: { persist-credentials: false }
- name: Resolve OpenCI ref and checkout
uses: YiAgent/OpenCI/actions/_common/resolve-openci@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/actions/_common/resolve-openci@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
openci-ref: ${{ inputs.openci-ref }}
- id: scan
Expand All @@ -235,7 +235,7 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: { persist-credentials: false }
- name: Resolve OpenCI ref and checkout
uses: YiAgent/OpenCI/actions/_common/resolve-openci@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/actions/_common/resolve-openci@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
openci-ref: ${{ inputs.openci-ref }}
- uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
Expand Down Expand Up @@ -282,7 +282,7 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: { persist-credentials: false }
- name: Resolve OpenCI ref and checkout
uses: YiAgent/OpenCI/actions/_common/resolve-openci@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/actions/_common/resolve-openci@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
openci-ref: ${{ inputs.openci-ref }}
- uses: ./.openci/actions/ci/check-migration
Expand All @@ -305,7 +305,7 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: { persist-credentials: false }
- name: Resolve OpenCI ref and checkout
uses: YiAgent/OpenCI/actions/_common/resolve-openci@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/actions/_common/resolve-openci@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
openci-ref: ${{ inputs.openci-ref }}
- uses: ./.openci/actions/ci/eval-smoke
Expand Down Expand Up @@ -485,7 +485,7 @@ jobs:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with: { persist-credentials: false }
- name: Resolve OpenCI ref and checkout
uses: YiAgent/OpenCI/actions/_common/resolve-openci@d280a64a392b7f1a3e906246286ca983e610f920
uses: YiAgent/OpenCI/actions/_common/resolve-openci@ebe8fca3260dce68d34d51b74703169e776bc72d
with:
openci-ref: ${{ inputs.openci-ref }}
- name: Download ci-context artifact
Expand Down
Loading
Loading