Skip to content

πŸ› Fix GitHub Actions workflow bugs and typos #6865

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
philipbalinov merged 2 commits into from
Mar 27, 2026
Merged

πŸ› Fix GitHub Actions workflow bugs and typos #6865

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
01528aa
πŸ› Fix GitHub Actions workflow bugs and typos
tas50 Mar 9, 2026
d247a2c
🧹 Remove pull_request trigger from pr-test-lint.yml
tas50 Mar 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions .github/workflows/pr-test-lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,15 @@ on:
- ".github/workflows/pr-test-lint.yml"
- ".github/workflows/reusable-lint-providers.yml"
- "**.toml" # run tests when any recording changed
pull_request:
Copy link
Copy Markdown
Contributor

@philipbalinov philipbalinov Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this would allow running the workflow against forked PR - i'd be hesitant to do it as-is; at the very least, we have steps that run on our self-hosted runners, and allowing 3rd party code to execute against those is probably not a good idea

paths:
- "**.go"
- "**.mod"
- "go.sum"
- "Makefile"
- ".github/workflows/pr-test-lint.yml"
- ".github/workflows/reusable-lint-providers.yml"
- "**.toml" # run tests when any recording changed

permissions:
contents: read
Expand Down Expand Up @@ -91,7 +100,7 @@ jobs:

- name: Set provider env
run: echo "PROVIDERS_PATH=${PWD}/.providers" >> $GITHUB_ENV
- name: Display Provider PAth
- name: Display Provider Path
run: echo $PROVIDERS_PATH

- name: Test mql
Expand Down Expand Up @@ -128,7 +137,7 @@ jobs:

- name: Set provider env
run: echo "PROVIDERS_PATH=${PWD}/.providers" >> $GITHUB_ENV
- name: Display Provider PAth
- name: Display Provider Path
run: echo $PROVIDERS_PATH

- name: Test mql CLI and Providers
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/providers.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,10 +94,10 @@ jobs:
- name: Build List
run: |
echo "=== Providers detected:"
echo ${{ steps.providers.outputs.providers }}
echo '${{ steps.providers.outputs.providers }}'
Copy link
Copy Markdown

@mondoo-code-review mondoo-code-review bot Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟑 warning β€” Good fix. Quoting the expression with single quotes prevents shell word-splitting and glob expansion on the output, which also mitigates a potential script injection vector if the output contained attacker-controlled content. Correct as-is.


echo "=== Providers select to build:"
echo ${{ steps.providers.outputs.build_list }}
echo "=== Providers selected to build:"
echo '${{ steps.providers.outputs.build_list }}'

provider-build:
name: "${{ matrix.provider }}"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-providers.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
# https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#push-using-ssh-deploy-keys
# tl;dr:
# The GITHUB_TOKEN is limited when creating PRs from a workflow
# becasue of that we use a ssh key for which the limitations do not apply
# because of that we use a ssh key for which the limitations do not apply
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/reusable-lint-providers.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,13 @@ jobs:
- name: Run golangci-lint on all providers
env:
ONLY_NEW_ISSUES: ${{ inputs.only-new-issues }}
BASE_SHA: ${{ github.event.pull_request.base.sha }}
Copy link
Copy Markdown

@mondoo-code-review mondoo-code-review bot Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

πŸ”΄ critical β€” Good catch β€” BASE_SHA was referenced in the script but never set as an environment variable. This fix is correct and necessary for the --new-from-rev logic to work at all.

run: |
failed=""
extra_args=""
if [ "$ONLY_NEW_ISSUES" = "true" ] && [ -n "${BASE_SHA}" ]; then
git fetch origin "${BASE_SHA}"
extra_args="--new-from-rev=${BASE_SHA}"
git fetch origin "${BASE_SHA}" --depth=1
extra_args="--new-from-rev=${BASE_SHA}"
fi
for provider in providers/*/; do
# Skip providers without go.mod (they are part of the main module)
Expand Down
Loading