Skip to content

ci: fix the bug of pr-cancel and Autobuild #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
317787106 merged 4 commits into from
Mar 20, 2026
+20 −10
Merged

ci: fix the bug of pr-cancel and Autobuild #56

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e0a73ca
fix bug of pr-cancel
317787106 Mar 20, 2026
7a2c629
use build-mode manual
317787106 Mar 20, 2026
12174e5
add more workflows to cancel
317787106 Mar 20, 2026
b0d34f8
fix the bug of coverage-upload
317787106 Mar 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,16 @@ jobs:
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
build-mode: manual

- name: Autobuild
uses: github/codeql-action/autobuild@v4
- name: Set up JDK 8
uses: actions/setup-java@v5
with:
java-version: '8'
distribution: 'temurin'

- name: Build
run: ./gradlew build -x test --no-daemon

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/coverage-update-baseline.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ jobs:
fetch-depth: 0

- name: Download coverage artifacts
uses: actions/download-artifact@v6
uses: actions/download-artifact@v7
with:
name: base-jacoco-xml
path: coverage-artifacts
Expand Down
13 changes: 8 additions & 5 deletions .github/workflows/coverage-upload.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
persist-credentials: false

- name: Download coverage artifact
uses: actions/download-artifact@v6
uses: actions/download-artifact@v7
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

actions/download-artifact v7 release notes

💡 Result:

actions/download-artifact@v7.0.0 release notes (highlights)

  • Runtime update (important): now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version 2.327.1 (update self-hosted runners before upgrading). [1]
  • What changed:
    • Updated GHES guidance to reference a Node 20 version. [1]
    • Added Node 24 support. [1]
    • Updated @actions/artifact to address a Node.js 24 punycode deprecation. [1]
    • Release prep for Node 24 support. [1]

Source: GitHub release page for v7.0.0. [1]

Verify self-hosted runner compatibility with actions/download-artifact@v7.

v7 is valid and released, but introduces breaking changes: it requires Node.js 24 runtime and Actions Runner version 2.327.1 or later. If this repository uses self-hosted runners, confirm they meet the minimum version requirement before merging, as workflows will fail otherwise. GitHub-hosted runners are auto-updated and compatible. The run-id and github-token parameters remain compatible.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/coverage-upload.yml at line 33, The workflow uses
actions/download-artifact@v7 which requires Node.js 24 and Actions Runner >=
2.327.1; confirm any self-hosted runners meet those minimums or change the
action to a compatible release (e.g., pin to an earlier v3/v4 tag) to avoid
breaking changes. Locate the reference to actions/download-artifact@v7 in the
workflow and either (a) add documentation/checks and upgrade your self-hosted
runners to Node.js 24 and Runner 2.327.1+, or (b) replace the action version
with a prior compatible release to maintain backward compatibility for existing
self-hosted runners.

with:
name: jacoco-coverage
path: coverage
Expand All @@ -43,13 +43,16 @@ jobs:
with:
script: |
const headSha = context.payload.workflow_run.head_sha;
const { data: pulls } = await github.rest.repos.listPullRequestsAssociatedWithCommit({
const headOwner = context.payload.workflow_run.head_repository.owner.login;
const headBranch = context.payload.workflow_run.head_branch;
const { data: pulls } = await github.rest.pulls.list({
owner: context.repo.owner,
repo: context.repo.repo,
commit_sha: headSha,
state: 'all',
head: `${headOwner}:${headBranch}`,
});
if (pulls.length > 0) {
const pr = pulls[0];
const pr = pulls.find((p) => p.head.sha === headSha);
if (pr) {
core.setOutput('pr_number', pr.number);
core.setOutput('pr_sha', headSha);
core.setOutput('pr_branch', headBranch);
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/pr-cancel.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
uses: actions/github-script@v8
with:
script: |
const workflows = ['pr-build.yml', 'system-test.yml'];
const workflows = ['pr-build.yml', 'system-test.yml', 'codeql.yml', 'coverage-waiting.yml'];
const headSha = context.payload.pull_request.head.sha;
const prNumber = context.payload.pull_request.number;

Expand All @@ -36,7 +36,7 @@ jobs:
);

for (const run of runs) {
const isTargetPr = run.pull_requests?.some((pr) => pr.number === prNumber);
const isTargetPr = !run.pull_requests?.length || run.pull_requests.some((pr) => pr.number === prNumber);
if (run.head_sha === headSha && isTargetPr) {
Comment on lines +39 to 40
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Line 39 fallback is too broad and may cancel the wrong PR run.

When run.pull_requests is empty, isTargetPr becomes true, so any run sharing the same head_sha can be canceled. Tighten the fallback by also matching the PR head ref (or other PR-unique signal).

🔧 Suggested fix 
-                  const isTargetPr = !run.pull_requests?.length || run.pull_requests.some((pr) => pr.number === prNumber);
-                  if (run.head_sha === headSha && isTargetPr) {
+                  const isTargetPr = run.pull_requests?.length
+                    ? run.pull_requests.some((pr) => pr.number === prNumber)
+                    : (run.head_sha === headSha &&
+                       run.head_branch === context.payload.pull_request.head.ref);
+                  if (isTargetPr) {
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pr-cancel.yml around lines 39 - 40, The fallback when
run.pull_requests is empty is too permissive: update the isTargetPr logic so
that when there are no pull_requests you also verify the run's head ref matches
the PR head ref (avoid relying on head_sha alone). Specifically, change the
check around isTargetPr/run.pull_requests to: if run.pull_requests has items,
keep the existing some(pr => pr.number === prNumber); otherwise require the
run's head ref (e.g., run.head_branch or run.head_ref) to equal the target PR
head ref (obtainable from the PR context or from run.pull_requests[0].head.ref
when available) in addition to matching headSha; reference isTargetPr,
run.pull_requests, run.head_sha, headSha and prNumber when making the change.

await github.rest.actions.cancelWorkflowRun({
owner: context.repo.owner,
Expand Down
Loading