Conversation
There was a problem hiding this comment.
Pull request overview
This PR extends the repository’s reusable CI workflows so callers can choose the runner label globally or per child workflow, while also simplifying the internal input names used by the CodeQL leaf workflow.
Changes:
- Added a
runs-oninput to each CI leaf workflow and wired it into the job definitions. - Added cascading runner-selection inputs to
goCI.ymlandcode-scan.ymlso callers can set one default runner or override individual child workflows. - Renamed
codeql-analysis.ymlinputs fromcodeql-*to shorter unprefixed names and updated parent mappings.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/govulncheck.yml |
Adds reusable runs-on input and uses it for the vulncheck job. |
.github/workflows/goTest.yml |
Adds reusable runs-on input and applies it to matrix setup and test jobs. |
.github/workflows/goLint.yml |
Adds reusable runs-on input for the lint job. |
.github/workflows/goCI.yml |
Adds global/per-child runner inputs and passes cascaded values to child workflows. |
.github/workflows/goBuild.yml |
Adds reusable runs-on input and applies it to matrix setup and build jobs. |
.github/workflows/codeql-analysis.yml |
Renames CodeQL leaf inputs and adds reusable runs-on support. |
.github/workflows/code-scan.yml |
Adds parent-level runner selection and remaps CodeQL inputs to renamed leaf inputs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
azazeal
changed the title
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The reusable workflows in this repo were Linux-only by assumption:
runs-onwas hardcoded toubuntu-latestin some places and derivable only from a single shared input in others, and the install step always shelled out toapt-get. That made it hard to point CI at the larger GitHub-hosted runners without piping a runner label through every leaf, and impossible to dispatch any of these workflows on non-Linux runners at all.To that end, this PR threads
runs-onthrough the parent workflows (code-scan.yml,goCI.yml) with a cascading default per child: the parent accepts a top-levelruns-onplus per-child overrides (lint-runs-on,test-runs-on,build-runs-on,govulncheck-runs-on,codeql-runs-on), and each child resolves to${{ inputs.<child>-runs-on || inputs.runs-on || 'ubuntu-latest' }}. Each leaf (goLint.yml,goTest.yml,goBuild.yml,govulncheck.yml,codeql-analysis.yml) accepts its own plainruns-oninput.It also makes the leaves OS-aware where they used to be Linux-specific. The
Install Dependenciesstep now dispatches on${RUNNER_OS}to callapt-geton Linux,brewon macOS, orchocoon Windows; callers pass package names matching the runner they picked, since the workflow doesn't translate names. The redundant manualactions/cache+chmodsteps ingoTest.ymlandcodeql-analysis.ymlwere dropped —actions/setup-gowithcache: truealready handles per-OS cache paths. Steps that depend on POSIX shell features (eval, pipelines,${GITHUB_ENV}redirects) now declareshell: bashexplicitly so they run under Git Bash on Windows runners.In
codeql-analysis.yml, the leaf inputs were also renamed to drop the redundantcodeql-prefix (build-cmd,build-mode,make-bootstrap,runs-on); parent workflows still exposecodeql-*inputs and map them down, so callers aren't affected. A grep across Smallstep repos confirmed nothing callscodeql-analysis.ymldirectly — every caller goes throughcode-scan.ymlorgoCI.yml.