Skip to content

Replace external Actions with native runner/buildx capabilities in repo workflows#39

Merged
tillkruss merged 3 commits into
mainfrom
copilot/replace-actions-and-update
Jun 16, 2026
Merged

Replace external Actions with native runner/buildx capabilities in repo workflows#39
tillkruss merged 3 commits into
mainfrom
copilot/replace-actions-and-update

Conversation

Copilot AI commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

This change removes third-party workflow dependencies that are no longer needed and shifts artifact/download and Docker caching to native GitHub tooling. It also tightens workflow robustness around artifact tag extraction.

  • Action dependency reduction

    • Removed unfor19/install-aws-cli-action from sync.yml and repos.yml; workflows now rely on the AWS CLI preinstalled on ubuntu-latest.
    • Replaced dawidd6/action-download-artifact with gh run download in both repos.yml jobs.
  • Native Buildx cache enablement

    • Added GitHub Actions cache backend to docker/build-push-action in image.yml using type=gha with mode=max.
  • Permissions + artifact handling hardening

    • Added explicit actions: read permission (alongside contents: write) for jobs that download artifacts via gh.
    • Updated TAG discovery logic to fail fast when the artifact is missing or empty, preventing silent downstream failures.
- name: Build and push
  uses: docker/build-push-action@v7
  with:
    context: build
    file: build/fpm.Dockerfile
    push: true
    tags: ghcr.io/${{ github.repository_owner }}/fpm:latest
    cache-from: type=gha
    cache-to: type=gha,mode=max

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modernizes the repository’s GitHub Actions workflows by removing third-party actions and relying on native runner tooling (GitHub CLI, preinstalled AWS CLI) plus Buildx’s native GHA cache backend, while hardening artifact TAG extraction to fail fast.

Changes:

  • Replaced third-party artifact download action with gh run download and added job permissions needed for artifact access.
  • Removed explicit AWS CLI install steps and relied on runner-provided AWS CLI.
  • Enabled Buildx caching via the GitHub Actions cache backend (type=gha) for Docker image builds.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File Description
.github/workflows/sync.yml Removes AWS CLI install action and relies on runner-provided AWS CLI for R2 sync.
.github/workflows/repos.yml Switches artifact downloads to gh run download, adds permissions, and hardens TAG discovery.
.github/workflows/image.yml Enables Buildx cache-from/cache-to using type=gha for faster image builds.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/repos.yml
Comment thread .github/workflows/repos.yml
Comment thread .github/workflows/repos.yml
Comment thread .github/workflows/repos.yml
@tillkruss tillkruss merged commit 3eb3701 into main Jun 16, 2026
1 check passed
@tillkruss tillkruss deleted the copilot/replace-actions-and-update branch June 16, 2026 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants