Fix: apply gh-aw actionlint ignore patterns in compile path#42672
Conversation
… (compile path) Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR fixes an inconsistency in how gh-aw runs actionlint during compilation by ensuring the compile-time lint invocation uses the same gh-aw-specific ignore patterns already applied by the lint command. This reduces false positives in compile-time/static-analysis results (including the known concurrency.queue schema mismatch).
Changes:
- Wire
defaultGhAwActionlintIgnorePatternsintorunActionlintOnFilesso compile-time actionlint runs respect gh-aw suppressions. - Align compile-path behavior with the existing
lintcommand’s actionlint configuration.
Show a summary per file
| File | Description |
|---|---|
pkg/cli/actionlint.go |
Passes defaultGhAwActionlintIgnorePatterns into the compile-path actionlint invocation so compile results match gh aw lint suppressions. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 0
- Review effort level: Low
|
✅ PR Code Quality Reviewer completed the code quality review. |
|
✅ Test Quality Sentinel completed test quality analysis. No test files were added or modified in this PR. Test Quality Sentinel skipped. |
|
✅ Design Decision Gate 🏗️ completed the design decision gate check. No ADR enforcement needed: PR #42672 does not have the 'implementation' label and has ≤100 new lines of code in business logic directories (default_business_additions=1). |
|
🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅ |
There was a problem hiding this comment.
LGTM — correct and minimal fix
The single-line addition wires defaultGhAwActionlintIgnorePatterns into the compile-path actionlint invocation, aligning it with the lint command behavior. The fix is correct, targeted, and eliminates 426 genuine false positives without risk of masking real errors (the patterns are already trusted and test-covered in lint_command_test.go).
🔎 Code quality review by PR Code Quality Reviewer · 33.5 AIC · ⌖ 9.34 AIC · ⊞ 1.6K
Comment /review to run again
There was a problem hiding this comment.
The fix is correct and minimal. All three compile-path callers of runActionlintOnFiles (compile_validation.go lines 112 & 182, and compile_external_tools.go line 39) were silently omitting defaultGhAwActionlintIgnorePatterns, while the lint command was already passing them. Adding IgnorePatterns: defaultGhAwActionlintIgnorePatterns to the wrapper function fixes all three call sites in one place — exactly the right level to fix this.
The patterns list and its test coverage in lint_command_test.go are unaffected. No security or behavioral regressions are possible: these are suppress-list entries for known gh-aw schema extensions not yet upstream in actionlint.
🧵 Reviewed using Impeccable skills by Impeccable Skills Reviewer · 33.4 AIC · ⌖ 6.7 AIC · ⊞ 4.9K
There was a problem hiding this comment.
Skills-Based Review 🧠
Applied /diagnosing-bugs and /tdd — the fix is correct; one observation on test coverage.
📋 Key Themes & Highlights
Key Themes
- Root cause fully addressed: The behavioural divergence between
runActionlintOnFiles(compile path) and thelintcommand was a simple missing field; the single-line fix is the right and minimal solution. - No regression test: The pattern tests in
TestNewLintCommandverify the content ofdefaultGhAwActionlintIgnorePatterns, but no test verifies that the compile-path wrapper passes those patterns through. This allowed the omission to persist undetected.
Positive Highlights
- ✅ Minimal, surgical change — exactly one line added, aligns two code paths cleanly
- ✅ Clear PR description explains the root cause and the 426 false-positive impact
- ✅ Existing
defaultGhAwActionlintIgnorePatternswas already well-documented with inline comments; no new vocabulary needed
🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 44.9 AIC · ⌖ 7.19 AIC · ⊞ 6.6K
Comment /matt to run again
| return runActionlintOnFilesWithOptions(ctx, lockFiles, verbose, strict, actionlintRunOptions{ | ||
| IncludeShellcheck: true, | ||
| IncludePyflakes: true, | ||
| IgnorePatterns: defaultGhAwActionlintIgnorePatterns, |
There was a problem hiding this comment.
[/tdd] No regression test guards this compile path — if IgnorePatterns were accidentally dropped again, no test would catch it.
💡 Suggested regression test
The existing TestNewLintCommand in lint_command_test.go verifies that defaultGhAwActionlintIgnorePatterns contains the expected patterns, but nothing verifies that runActionlintOnFiles (the compile wrapper) actually forwards them to runActionlintOnFilesWithOptions.
A lightweight guard — for example a test that injects a fake runner and asserts options.IgnorePatterns == defaultGhAwActionlintIgnorePatterns — would prevent the compile/lint drift that caused 426 false-positive findings:
// TestRunActionlintOnFilesUsesDefaultIgnorePatterns guards the compile path
// against a repeat of the missing-IgnorePatterns regression (PR #42672).
func TestRunActionlintOnFilesUsesDefaultIgnorePatterns(t *testing.T) {
var captured actionlintRunOptions
// inject a stub runner that records the options, then call runActionlintOnFiles
// and assert captured.IgnorePatterns == defaultGhAwActionlintIgnorePatterns
}@copilot please address this.
runActionlintOnFiles(used during compilation) was not passingdefaultGhAwActionlintIgnorePatterns, so gh-aw-specific suppressions — includingunexpected key "queue" for "concurrency" section— were only applied via thelintcommand, leaving 426 false-positive actionlint findings in the static analysis report.Changes
pkg/cli/actionlint.go: AddedIgnorePatterns: defaultGhAwActionlintIgnorePatternstorunActionlintOnFiles, aligning the compile path with the existinglintcommand behavior.The
queuekey underconcurrencyis a gh-aw extension not yet in actionlint's schema; this suppression already existed in the pattern list but was never wired into the compile-time invocation.