Skip to content

Fix: apply gh-aw actionlint ignore patterns in compile path#42672

Merged
pelikhan merged 2 commits into
mainfrom
copilot/static-analysis-2026-07-01
Jul 1, 2026
Merged

Fix: apply gh-aw actionlint ignore patterns in compile path#42672
pelikhan merged 2 commits into
mainfrom
copilot/static-analysis-2026-07-01

Conversation

Copilot AI commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

runActionlintOnFiles (used during compilation) was not passing defaultGhAwActionlintIgnorePatterns, so gh-aw-specific suppressions — including unexpected key "queue" for "concurrency" section — were only applied via the lint command, leaving 426 false-positive actionlint findings in the static analysis report.

Changes

  • pkg/cli/actionlint.go: Added IgnorePatterns: defaultGhAwActionlintIgnorePatterns to runActionlintOnFiles, aligning the compile path with the existing lint command behavior.
func runActionlintOnFiles(ctx context.Context, lockFiles []string, verbose bool, strict bool) error {
    return runActionlintOnFilesWithOptions(ctx, lockFiles, verbose, strict, actionlintRunOptions{
        IncludeShellcheck: true,
        IncludePyflakes:   true,
        IgnorePatterns:    defaultGhAwActionlintIgnorePatterns, // was missing
    })
}

The queue key under concurrency is a gh-aw extension not yet in actionlint's schema; this suppression already existed in the pattern list but was never wired into the compile-time invocation.

Copilot AI linked an issue Jul 1, 2026 that may be closed by this pull request
6 tasks
… (compile path)

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Update static analysis report for 2026-07-01 Fix: apply gh-aw actionlint ignore patterns in compile path Jul 1, 2026
Copilot AI requested a review from pelikhan July 1, 2026 06:44
@pelikhan pelikhan marked this pull request as ready for review July 1, 2026 06:44
Copilot AI review requested due to automatic review settings July 1, 2026 06:44

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes an inconsistency in how gh-aw runs actionlint during compilation by ensuring the compile-time lint invocation uses the same gh-aw-specific ignore patterns already applied by the lint command. This reduces false positives in compile-time/static-analysis results (including the known concurrency.queue schema mismatch).

Changes:

  • Wire defaultGhAwActionlintIgnorePatterns into runActionlintOnFiles so compile-time actionlint runs respect gh-aw suppressions.
  • Align compile-path behavior with the existing lint command’s actionlint configuration.
Show a summary per file
File Description
pkg/cli/actionlint.go Passes defaultGhAwActionlintIgnorePatterns into the compile-path actionlint invocation so compile results match gh aw lint suppressions.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 1/1 changed files
  • Comments generated: 0
  • Review effort level: Low

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

PR Code Quality Reviewer completed the code quality review.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Test Quality Sentinel completed test quality analysis.

No test files were added or modified in this PR. Test Quality Sentinel skipped.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Design Decision Gate 🏗️ completed the design decision gate check.

No ADR enforcement needed: PR #42672 does not have the 'implementation' label and has ≤100 new lines of code in business logic directories (default_business_additions=1).

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅

@github-actions github-actions Bot mentioned this pull request Jul 1, 2026

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — correct and minimal fix

The single-line addition wires defaultGhAwActionlintIgnorePatterns into the compile-path actionlint invocation, aligning it with the lint command behavior. The fix is correct, targeted, and eliminates 426 genuine false positives without risk of masking real errors (the patterns are already trusted and test-covered in lint_command_test.go).

🔎 Code quality review by PR Code Quality Reviewer · 33.5 AIC · ⌖ 9.34 AIC · ⊞ 1.6K
Comment /review to run again

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix is correct and minimal. All three compile-path callers of runActionlintOnFiles (compile_validation.go lines 112 & 182, and compile_external_tools.go line 39) were silently omitting defaultGhAwActionlintIgnorePatterns, while the lint command was already passing them. Adding IgnorePatterns: defaultGhAwActionlintIgnorePatterns to the wrapper function fixes all three call sites in one place — exactly the right level to fix this.

The patterns list and its test coverage in lint_command_test.go are unaffected. No security or behavioral regressions are possible: these are suppress-list entries for known gh-aw schema extensions not yet upstream in actionlint.

🧵 Reviewed using Impeccable skills by Impeccable Skills Reviewer · 33.4 AIC · ⌖ 6.7 AIC · ⊞ 4.9K

@pelikhan pelikhan merged commit ef3e4df into main Jul 1, 2026
81 of 92 checks passed
@pelikhan pelikhan deleted the copilot/static-analysis-2026-07-01 branch July 1, 2026 06:55

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skills-Based Review 🧠

Applied /diagnosing-bugs and /tdd — the fix is correct; one observation on test coverage.

📋 Key Themes & Highlights

Key Themes

  • Root cause fully addressed: The behavioural divergence between runActionlintOnFiles (compile path) and the lint command was a simple missing field; the single-line fix is the right and minimal solution.
  • No regression test: The pattern tests in TestNewLintCommand verify the content of defaultGhAwActionlintIgnorePatterns, but no test verifies that the compile-path wrapper passes those patterns through. This allowed the omission to persist undetected.

Positive Highlights

  • ✅ Minimal, surgical change — exactly one line added, aligns two code paths cleanly
  • ✅ Clear PR description explains the root cause and the 426 false-positive impact
  • ✅ Existing defaultGhAwActionlintIgnorePatterns was already well-documented with inline comments; no new vocabulary needed

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 44.9 AIC · ⌖ 7.19 AIC · ⊞ 6.6K
Comment /matt to run again

Comment thread pkg/cli/actionlint.go
return runActionlintOnFilesWithOptions(ctx, lockFiles, verbose, strict, actionlintRunOptions{
IncludeShellcheck: true,
IncludePyflakes: true,
IgnorePatterns: defaultGhAwActionlintIgnorePatterns,

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[/tdd] No regression test guards this compile path — if IgnorePatterns were accidentally dropped again, no test would catch it.

💡 Suggested regression test

The existing TestNewLintCommand in lint_command_test.go verifies that defaultGhAwActionlintIgnorePatterns contains the expected patterns, but nothing verifies that runActionlintOnFiles (the compile wrapper) actually forwards them to runActionlintOnFilesWithOptions.

A lightweight guard — for example a test that injects a fake runner and asserts options.IgnorePatterns == defaultGhAwActionlintIgnorePatterns — would prevent the compile/lint drift that caused 426 false-positive findings:

// TestRunActionlintOnFilesUsesDefaultIgnorePatterns guards the compile path
// against a repeat of the missing-IgnorePatterns regression (PR #42672).
func TestRunActionlintOnFilesUsesDefaultIgnorePatterns(t *testing.T) {
    var captured actionlintRunOptions
    // inject a stub runner that records the options, then call runActionlintOnFiles
    // and assert captured.IgnorePatterns == defaultGhAwActionlintIgnorePatterns
}

@copilot please address this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[static-analysis] Report - 2026-07-01

3 participants