Skip to content

[Refactoring] Extract config-audit persistence and cleanup closure from createMainAction in src/commands/main-action.ts (follow- [Content truncated due to length] #5822

Description

@github-actions

Refactoring Opportunity

Summary

Evidence

After #3019 and #3227, several concerns were correctly extracted (preflight validation → ./preflight, signal handling → ./signal-handler, workflow execution → ../cli-workflow). However the mainAction closure remains 185 lines and still handles mixed concerns:

Lines Block Responsibility
44–78 Argument processing Single vs. multi-arg shell handling
80–84 Config precedence + validation Calls applyConfigFilePrecedence and validateOptions
86–105 Docker host + DinD probe Sets AWF docker host, auto-detects split filesystem, runs DinD bootstrap
107–135 Config audit persistence Redacts secrets, writes awf-resolved-config.json artifact to disk
148–184 Cleanup closure definition 36-line performCleanup closure capturing 3 local variables
186–192 Signal handler registration Wires performCleanup into registerSignalHandlers
194–220 Workflow execution + exit Delegates to runMainWorkflow and calls process.exit

The config-audit block (lines 107–135, ~28 lines) and the DinD probe block (lines 90–105, ~15 lines) are self-contained and have no dependencies on the cleanup closure or signal handler registration that follow.

Proposed Split

  • Extract persistConfigAuditArtifact(config, redactedConfig) (~28 lines) — writes the redacted config JSON to the audit dir; callers become a single function call
  • Extract buildCleanupFn(config, getContainersStarted, getHostIptablesSetup) or inline the cleanup body into ./signal-handler — the 36-line closure is a natural sibling of registerSignalHandlers
  • Consider extracting the DinD probe + bootstrap block into a helper such as applyDindProbeResult(config)

Affected Callers

grep -rn "from.*main-action" src/ 2>/dev/null

Output: only src/cli.ts (line 4) and src/commands/main-action.test.ts (line 18) import from this file. The public API (createMainAction) is unchanged.

Effort Estimate

Low-Medium — the config-audit extraction is purely mechanical. The cleanup closure extraction requires threading its captured variables as parameters.

Benefits

  • Config artifact persistence can be unit-tested without standing up the full action handler
  • The signal-handler + cleanup relationship is made explicit in one place
  • Reduces the primary action closure to a ~100-line orchestration sequence

Detected by Refactoring Scanner workflow. Run date: 2026-07-02
Prior related issues: #3019, #3227 (both closed: completed)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Refactoring Opportunity Scanner · 306.4 AIC · ⊞ 6.7K ·

  • expires on Aug 31, 2026, 4:02 PM UTC

Metadata

Metadata

Assignees

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions