From c0fb39a235d1fd2201dc712a87a1a7cb4d885b74 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 28 Dec 2025 23:53:19 +0000 Subject: [PATCH 1/5] Initial plan From aeb6818a88cccaed6d21af1836afbe2c25a39e4b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 29 Dec 2025 00:05:27 +0000 Subject: [PATCH 2/5] Fix actionlint compilation failure in validate-workflows target The validate-workflows Makefile target was failing because it tried to run actionlint directly without ensuring it was installed in PATH. This caused the error: "actionlint: not found". Changes: - Add check to ensure actionlint is installed before running - Properly set PATH to include $(go env GOPATH)/bin for actionlint - Provide helpful error message directing users to run 'make tools' - Use || true to allow validation to complete even with linting issues The target now: 1. Checks if actionlint is installed (in PATH or GOPATH/bin) 2. Shows clear error if not: "actionlint not found. Run 'make tools'" 3. Runs actionlint on all .lock.yml files with proper PATH 4. Reports linting issues without failing the build Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com> --- .github/workflows/ci-coach.lock.yml | 1 + Makefile | 11 +++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index 0b0683a5ac6..978135b0e5d 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -30,6 +30,7 @@ name: "CI Optimization Coach" "on": schedule: - cron: "0 13 * * 1-5" + # Friendly format: daily (scattered) workflow_dispatch: permissions: {} diff --git a/Makefile b/Makefile index 06e4b1d6354..63d13e8095a 100644 --- a/Makefile +++ b/Makefile @@ -330,11 +330,18 @@ golint-incremental: @GOPATH=$$(go env GOPATH); \ PATH="$$GOPATH/bin:$$PATH" golangci-lint run --new-from-rev=$(BASE_REF) -# Validate compiled workflow lock files (models: read not supported yet) +# Validate compiled workflow lock files using native actionlint binary +# Requires actionlint to be installed via 'make tools' .PHONY: validate-workflows validate-workflows: @echo "Validating compiled workflow lock files..." - actionlint .github/workflows/*.lock.yml; \ + @GOPATH=$$(go env GOPATH); \ + if ! command -v actionlint >/dev/null 2>&1 && [ ! -x "$$GOPATH/bin/actionlint" ]; then \ + echo "actionlint not found. Run 'make tools' to install it."; \ + exit 1; \ + fi + @GOPATH=$$(go env GOPATH); \ + PATH="$$GOPATH/bin:$$PATH" actionlint .github/workflows/*.lock.yml || true # Run actionlint on all workflow files .PHONY: actionlint From c1e86f8f7d9b2c9effb32bc79259bf7309ebb6a3 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 29 Dec 2025 00:07:31 +0000 Subject: [PATCH 3/5] Update Makefile help text for validate-workflows - Document that validate-workflows requires 'make tools' to install actionlint - Remove outdated 'validate' target from help (target doesn't exist) - Clarify actionlint target dependencies Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com> --- Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 63d13e8095a..5e9c2740707 100644 --- a/Makefile +++ b/Makefile @@ -594,8 +594,7 @@ help: @echo " security-govulncheck - Run govulncheck for known vulnerabilities" @echo " security-trivy - Run trivy filesystem scanner" @echo " actionlint - Validate workflows with actionlint (depends on build)" - @echo " validate-workflows - Validate compiled workflow lock files" - @echo " validate - Run all validations (fmt-check, lint, validate-workflows)" + @echo " validate-workflows - Validate compiled workflow lock files (requires 'make tools')" @echo " install - Install binary locally" @echo " sync-templates - Sync templates from .github to pkg/cli/templates (runs automatically during build)" @echo " sync-action-pins - Sync actions-lock.json from .github/aw to pkg/workflow/data (runs automatically during build)" From 124397d2934f284e99fbc002db93dfd2bd49b3e5 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 29 Dec 2025 00:09:24 +0000 Subject: [PATCH 4/5] Complete: actionlint compilation failure resolved MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All actionlint integration points verified and working: - validate-workflows target: Fixed PATH and installation check - actionlint target: Uses Docker via gh-aw compile (working) - make tools: Successfully installs actionlint binary - gh-aw compile --actionlint: Docker-based linting (working) The root cause was the validate-workflows Makefile target trying to run actionlint without checking if it was installed or setting up PATH correctly. Testing completed: ✅ Unit tests passing ✅ Build succeeds ✅ validate-workflows with and without actionlint ✅ actionlint Docker integration ✅ Help text updated Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com> --- .github/workflows/ci-coach.lock.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci-coach.lock.yml b/.github/workflows/ci-coach.lock.yml index 978135b0e5d..0b0683a5ac6 100644 --- a/.github/workflows/ci-coach.lock.yml +++ b/.github/workflows/ci-coach.lock.yml @@ -30,7 +30,6 @@ name: "CI Optimization Coach" "on": schedule: - cron: "0 13 * * 1-5" - # Friendly format: daily (scattered) workflow_dispatch: permissions: {} From 53859111a8b97552f9f43c04e3f381e6f438abb9 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 29 Dec 2025 00:43:11 +0000 Subject: [PATCH 5/5] Use Docker-based actionlint for validate-workflows target Changed validate-workflows to use the Docker-based actionlint approach via `./gh-aw compile --actionlint` instead of requiring native binary installation. This ensures consistency with the `make actionlint` target and eliminates the need for separate actionlint installation. Benefits: - No need to run 'make tools' to install actionlint binary - Consistent Docker-based approach across all targets - Cross-platform compatibility - Same behavior as 'make actionlint' The target now: 1. Depends on 'build' to ensure gh-aw binary exists 2. Compiles all workflows with actionlint validation 3. Uses Docker to run actionlint (no separate installation needed) Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- Makefile | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index 5e9c2740707..ca094972438 100644 --- a/Makefile +++ b/Makefile @@ -330,18 +330,12 @@ golint-incremental: @GOPATH=$$(go env GOPATH); \ PATH="$$GOPATH/bin:$$PATH" golangci-lint run --new-from-rev=$(BASE_REF) -# Validate compiled workflow lock files using native actionlint binary -# Requires actionlint to be installed via 'make tools' +# Validate compiled workflow lock files using Docker-based actionlint +# Uses the same Docker integration as 'make actionlint' .PHONY: validate-workflows -validate-workflows: +validate-workflows: build @echo "Validating compiled workflow lock files..." - @GOPATH=$$(go env GOPATH); \ - if ! command -v actionlint >/dev/null 2>&1 && [ ! -x "$$GOPATH/bin/actionlint" ]; then \ - echo "actionlint not found. Run 'make tools' to install it."; \ - exit 1; \ - fi - @GOPATH=$$(go env GOPATH); \ - PATH="$$GOPATH/bin:$$PATH" actionlint .github/workflows/*.lock.yml || true + ./$(BINARY_NAME) compile --actionlint # Run actionlint on all workflow files .PHONY: actionlint @@ -594,7 +588,7 @@ help: @echo " security-govulncheck - Run govulncheck for known vulnerabilities" @echo " security-trivy - Run trivy filesystem scanner" @echo " actionlint - Validate workflows with actionlint (depends on build)" - @echo " validate-workflows - Validate compiled workflow lock files (requires 'make tools')" + @echo " validate-workflows - Validate compiled workflow lock files (depends on build)" @echo " install - Install binary locally" @echo " sync-templates - Sync templates from .github to pkg/cli/templates (runs automatically during build)" @echo " sync-action-pins - Sync actions-lock.json from .github/aw to pkg/workflow/data (runs automatically during build)"