chore(deps): update stranske/workflows digest to 44965d8#859
chore(deps): update stranske/workflows digest to 44965d8#859renovate[bot] wants to merge 1 commit into
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
🔗 Linked repositories identifiedCodeRabbit considers these linked repositories for cross-repo context during reviews:
📜 Recent review details⏰ Context from checks skipped due to timeout. (1)
🧰 Additional context used📓 Path-based instructions (6){pyproject.toml,.github/workflows/*.{yml,yaml}}📄 CodeRabbit inference engine (.github/copilot-instructions.md)
Files:
.github/workflows/*.{yml,yaml}📄 CodeRabbit inference engine (.github/copilot-instructions.md)
Files:
.github/workflows/**/*.yml📄 CodeRabbit inference engine (CLAUDE.md)
Files:
.github/workflows/agents-*.yml📄 CodeRabbit inference engine (CLAUDE.md)
Files:
.github/workflows/*.yml📄 CodeRabbit inference engine (AGENTS.md)
Files:
{.github/workflows/agents-*.yml,.github/workflows/autofix.yml,.github/codex/**/*.{md,txt,prompt},**/*.sync.*}📄 CodeRabbit inference engine (AGENTS.md)
Files:
🔀 Multi-repo context stranske/Workflows, stranske/TemplateBased on the previous research provided, cross-repository exploration has already been completed comprehensively. Let me acknowledge and summarize those findings: Linked Repositories FindingsSummary of Verified Cross-Repo ContextThe previous research has already conducted shell verification across both [::stranske/Workflows::] and [::stranske/Template::]
Consumer Impact Analysis:
Risk Assessment:
🔇 Additional comments (1)
📝 WalkthroughWalkthroughTwo lines in ChangesAction SHA Pin Update
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
333abea to
68373fb
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/agents-guard.yml:
- Line 114: The SHA digest update for the setup-api-client action at line 114
(and also at line 183) should not be edited directly in this agents-guard.yml
file since it is a synced workflow that will be overwritten during the next sync
cycle. Instead, locate the sync manifest in the stranske/Workflows repository
and apply the digest bump to the source definition there, then trigger a sync to
propagate the change into this repository. This prevents sync drift and ensures
the changes persist across future sync operations.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 6030f158-150d-4d1a-9348-3e08a95fb856
📒 Files selected for processing (1)
.github/workflows/agents-guard.yml
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
stranske/Workflows(auto-detected)stranske/Template(auto-detected)
📜 Review details
🧰 Additional context used
📓 Path-based instructions (6)
{pyproject.toml,.github/workflows/*.{yml,yaml}}
📄 CodeRabbit inference engine (.github/copilot-instructions.md)
{pyproject.toml,.github/workflows/*.{yml,yaml}}: Ensure coverage thresholds inpyproject.toml([tool.coverage.report] fail_under) match thecoverage-minsettings in CI workflow files to avoid threshold conflicts
The Manager-Database repository has a coverage threshold of 75%
Files:
.github/workflows/agents-guard.yml
.github/workflows/*.{yml,yaml}
📄 CodeRabbit inference engine (.github/copilot-instructions.md)
When a GitHub Actions workflow fails with
startup_failure, check for invalid YAML syntax, top-levelpermissions:blocks onworkflow_callreusable workflows (which conflicts with caller permissions), invalid permission scopes, or circular workflow references
Files:
.github/workflows/agents-guard.yml
.github/workflows/**/*.yml
📄 CodeRabbit inference engine (CLAUDE.md)
Reference reusable workflows with
@mainto match first-party consumer defaults, unless intentionally pinning to an exact commit SHA for a controlled reason.
Files:
.github/workflows/agents-guard.yml
.github/workflows/agents-*.yml
📄 CodeRabbit inference engine (CLAUDE.md)
Synced workflows (
agents-*.yml,autofix.yml) should be fixed instranske/Workflows, not locally in the consumer repo.
Files:
.github/workflows/agents-guard.yml
.github/workflows/*.yml
📄 CodeRabbit inference engine (AGENTS.md)
First-party consumers should reference reusable workflows with
@mainunless intentionally pinning to an exact commit SHA for a controlled reason.
Files:
.github/workflows/agents-guard.yml
{.github/workflows/agents-*.yml,.github/workflows/autofix.yml,.github/codex/**/*.{md,txt,prompt},**/*.sync.*}
📄 CodeRabbit inference engine (AGENTS.md)
Synced workflow files, agent prompts, scripts, and consumer docs should be fixed in
stranske/Workflowsthrough the sync manifest, not edited locally.
Files:
.github/workflows/agents-guard.yml
🔀 Multi-repo context stranske/Template, stranske/Workflows
Linked repositories findings
Based on my exploration of the cross-repository context, here are the relevant findings for this PR:
stranske/Template
Usage of the setup-api-client action:
- [::stranske/Template::]
.github/workflows/agents-guard.yml:114and.github/workflows/agents-guard.yml:183— The workflow usesstranske/Workflows/.github/actions/setup-api-client@d68de1904bcdbe16bfe2462b73aa18f41f8a0a47as a fallback reference (marked as# v1). This is triggered only when the local action at./.github/actions/setup-api-clientis unavailable.
Action interface consistency:
- [::stranske/Template::] The local
setup-api-clientaction (572 lines) maintains the same interface as the Workflows version:- Inputs:
secrets,github_token, multiple app credentials (workflows_app_id, keepalive_app_id, gh_app_id, etc.), and config options (skip_deps,verbose,install_dir) - Outputs:
token_count,available_tokens,setup_contract
- Inputs:
Fallback mechanism:
- [::stranske/Template::]
.github/workflows/agents-guard.ymlhas a dual-checkout strategy that attempts to use the local action first, then falls back to the Workflows version only if the local action is unavailable. This fallback pattern is employed for bothpull_request_targetandpull_requestevents.
Broader workflow impact:
- [::stranske/Template::] The Template repository contains 20 workflows that use
setup-api-client. Only 2 references explicitly use the remote Workflows action (both in agents-guard.yml); the other 18 use the local version.
stranske/Workflows
Action implementation details:
- [::stranske/Workflows::]
.github/actions/setup-api-client/action.yml(22,877 bytes) provides comprehensive setup for@octokitdependencies with pinned versions (@octokit/rest@20.0.2,@octokit/plugin-retry@6.0.1,@octokit/auth-app@6.0.3, lru-cache@10.4.3), vendor alias management viacreate_vendor_aliases.js, and token load balancer support.
Change assessment:
- [::stranske/Workflows::] The CHANGELOG shows version 1.15.2 (dated 2026-06-19) includes the commit range, with documented bug fixes for guard runtime and dependency workflow updates, but no breaking changes documented for the setup-api-client action interface.
No breaking changes identified:
Both repositories maintain consistent action interfaces across the digest update. The action's inputs, outputs, and core functionality (dependency installation, token management, NODE_PATH export) remain unchanged between the two commits.
| steps.eligibility.outputs.should-run == 'true' && | ||
| steps.api_client_base.outputs.available != 'true' | ||
| uses: "stranske/Workflows/.github/actions/setup-api-client@d68de1904bcdbe16bfe2462b73aa18f41f8a0a47" # v1 | ||
| uses: "stranske/Workflows/.github/actions/setup-api-client@c2537cc959f2ce05926c4639d25b90678abc97bc" # v1 |
There was a problem hiding this comment.
Move this SHA bump to the synced source workflow repository instead of editing here.
Line 114 and Line 183 update a synced agents-*.yml file locally; this creates sync drift and can be overwritten by the next sync cycle. Apply this digest bump in stranske/Workflows via the sync manifest path, then sync it into this repo.
As per coding guidelines, “Synced workflows (agents-*.yml, autofix.yml) should be fixed in stranske/Workflows, not locally in the consumer repo,” and “Synced workflow files … should be fixed in stranske/Workflows through the sync manifest, not edited locally.”
Also applies to: 183-183
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/agents-guard.yml at line 114, The SHA digest update for
the setup-api-client action at line 114 (and also at line 183) should not be
edited directly in this agents-guard.yml file since it is a synced workflow that
will be overwritten during the next sync cycle. Instead, locate the sync
manifest in the stranske/Workflows repository and apply the digest bump to the
source definition there, then trigger a sync to propagate the change into this
repository. This prevents sync drift and ensures the changes persist across
future sync operations.
Source: Coding guidelines
68373fb to
48f6a0a
Compare
48f6a0a to
3a1d2c9
Compare
|
Closing as superseded by the Workflows source/sync path; this PR patches managed agents-guard.yml directly and is behind the newer source fix. |
This PR contains the following updates:
c2537cc→44965d8Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.