Skip to content

Improve efficiency of CI workflow through several small changes #1042

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mhucka merged 6 commits into from
Apr 9, 2026
Merged

Improve efficiency of CI workflow through several small changes #1042

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8cf8139
Update pr-labeler workflow to use ubuntu-slim runner
mhucka Apr 8, 2026
55f6916
Most jobs don't need full git history
mhucka Apr 8, 2026
d7e8021
Remove Scorecard debugging upload we never used
mhucka Apr 8, 2026
8edae6d
Run yamllint directly, not via a find-pipe
mhucka Apr 8, 2026
03ef0f1
Run buildifier directly, not via a find-pipe
mhucka Apr 8, 2026
f4f9197
Run hadolint directly, not via a find-pipe
mhucka Apr 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 9 additions & 22 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,19 +102,19 @@ jobs:
steps:
- name: Check out a copy of the git repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0

- name: Run hadolint on Dockerfiles
continue-on-error: ${{inputs.soft-linting == 'true'}}
env:
hadolint_version: 'sha256:e9dbf5113239ef2bf696d20c8f28d3019a47c26a38c98b89344d3e2846c4d5f8'
sha: 'sha256:e9dbf5113239ef2bf696d20c8f28d3019a47c26a38c98b89344d3e2846c4d5f8'
run: |
echo '::add-matcher::.github/problem-matchers/hadolint.json'
find . -name Dockerfile -print0 | \
xargs -0 -r docker run --rm -i -v "${PWD}:/app" -w /app \
--entrypoint /bin/hadolint \
ghcr.io/hadolint/hadolint@${{env.hadolint_version}}
shopt -s globstar
files=(**/Dockerfile*)
if [[ ${#files[@]} -gt 0 ]]; then
docker run --rm -v "${PWD}:/app" -w /app \
ghcr.io/hadolint/hadolint@${{env.sha}} /bin/hadolint "${files[@]}"
fi

shell-lint:
name: Shell script lint checks
Expand All @@ -124,8 +124,6 @@ jobs:
steps:
- name: Check out a copy of the git repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0

- name: Install problem matcher
run: echo '::add-matcher::.github/problem-matchers/shellcheck.json'
Expand All @@ -147,8 +145,6 @@ jobs:
steps:
- name: Check out a copy of the git repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0

- name: Install yamllint
run: |
Expand All @@ -159,10 +155,7 @@ jobs:
continue-on-error: ${{inputs.soft-linting == 'true'}}
run: |
echo "::add-matcher::.github/problem-matchers/yamllint.json"
# shellcheck disable=SC2038
find . -not -path '*.github/workflows/*' \
'(' -name '*.yaml' -o -name '*.yml' ')' | \
xargs yamllint -f github
yamllint -f github . CITATION.cff

bazel-lint:
name: Bazel build lint checks
Expand All @@ -172,8 +165,6 @@ jobs:
steps:
- name: Check out a copy of the git repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0

- name: Install Buildifier
uses: jbajic/setup-buildifier@c558ee05c6f74ab5753ff794516750b4aadac296 # v1
Expand All @@ -184,9 +175,7 @@ jobs:
continue-on-error: ${{inputs.soft-linting == 'true'}}
run: |
echo '::add-matcher::.github/problem-matchers/buildifier.json'
# shellcheck disable=SC2038
find . -name 'BUILD' -o -name '*.bzl' -o -name 'WORKSPACE' | \
xargs buildifier -mode=diff -lint=warn
buildifier -mode=diff -lint=warn -r .

action-lint:
name: GitHub Actions lint checks
Expand All @@ -196,8 +185,6 @@ jobs:
steps:
- name: Check out a copy of the git repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0

- name: Run actionlint
continue-on-error: ${{inputs.soft-linting == 'true'}}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pr-labeler.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
label-pr-size:
if: github.repository_owner == 'quantumlib'
name: Update PR size labels
runs-on: ubuntu-24.04
runs-on: ubuntu-slim
timeout-minutes: 5
permissions:
contents: read
Expand Down
16 changes: 1 addition & 15 deletions .github/workflows/scorecard-scanner.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,6 @@ on:

# Allow manual invocation.
workflow_dispatch:
inputs:
debug:
description: 'Run with debugging options'
type: boolean
default: true

concurrency:
# Cancel any previously-started but still active runs on the same branch.
Expand Down Expand Up @@ -73,19 +68,10 @@ jobs:

- name: Upload results to code-scanning dashboard
# yamllint disable rule:line-length
uses: github/codeql-action/upload-sarif@ba454b8ab46733eb6145342877cd148270bb77ab # codeql-bundle-v2.23.5
uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
with:
sarif_file: scorecard-results.sarif

- if: github.event.inputs.debug == true || runner.debug == true
name: Upload results as artifacts to the workflow Summary page
# yamllint disable rule:line-length
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: Scorecard SARIF file
path: scorecard-results.sarif
retention-days: 5

# Scorecard currently (ver. 2.4.x) doesn't allow submissions from jobs having
# steps that use "run:". To print to the summary, we need to use another job.
write-summary:
Expand Down
Loading