Problem
ActionResolver.ResolveSHA (and its internal helper resolveFromGitHub) does not accept a context.Context parameter. As a result:
- GitHub API calls during action pin resolution use hard-coded 30-second timeouts from
context.Background()
- Callers cannot propagate cancellation signals (e.g., user Ctrl+C, compile timeout) into network calls
- The entire compilation pipeline (
Compiler.CompileWorkflow) also lacks a context, compounding the issue
Location
pkg/workflow/action_resolver.go:36 — ResolveSHA(repo, version string) (string, error) — no contextpkg/workflow/action_resolver.go:107 — context.WithTimeout(context.Background(), 30*time.Second) — ignores caller contextpkg/workflow/action_resolver.go:135 — same pattern in annotated-tag peel loop
Callers affected
pkg/workflow/maintenance_workflow.go:67pkg/workflow/action_sha_checker.go:121pkg/workflow/action_reference.go:77,115pkg/actionpins/actionpins.go:298pkg/cli/copilot_setup.go:23,33
Recommendation
Add a context.Context parameter to ResolveSHA and resolveFromGitHub, threading a caller-provided context through to all GitHub API calls. The internal context.WithTimeout calls should derive from the incoming context rather than context.Background():
// Before
func (r *ActionResolver) ResolveSHA(repo, version string) (string, error) {
sha, err := r.resolveFromGitHub(repo, version)
...
}
func (r *ActionResolver) resolveFromGitHub(repo, version string) (string, error) {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
...
}
// After
func (r *ActionResolver) ResolveSHA(ctx context.Context, repo, version string) (string, error) {
sha, err := r.resolveFromGitHub(ctx, repo, version)
...
}
func (r *ActionResolver) resolveFromGitHub(ctx context.Context, repo, version string) (string, error) {
ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
...
}All 5 call sites then pass the appropriate caller context (or a derived timeout context).
Severity
Medium — Network calls during gh aw compile are unresponsive to Ctrl+C while resolving action pins. Affects developer experience and testability.
Validation
Estimated Effort
Medium — requires updating the method signature and 5+ call sites.
Generated by Sergo — Serena Go Expert · Run §25270219443
Generated by Sergo - Serena Go Expert · ● 501.5K · ◷
Problem
ActionResolver.ResolveSHA(and its internal helperresolveFromGitHub) does not accept acontext.Contextparameter. As a result:context.Background()Compiler.CompileWorkflow) also lacks a context, compounding the issueLocation
pkg/workflow/action_resolver.go:36—ResolveSHA(repo, version string) (string, error)— no contextpkg/workflow/action_resolver.go:107—context.WithTimeout(context.Background(), 30*time.Second)— ignores caller contextpkg/workflow/action_resolver.go:135— same pattern in annotated-tag peel loopCallers affected
pkg/workflow/maintenance_workflow.go:67pkg/workflow/action_sha_checker.go:121pkg/workflow/action_reference.go:77,115pkg/actionpins/actionpins.go:298pkg/cli/copilot_setup.go:23,33Recommendation
Add a
context.Contextparameter toResolveSHAandresolveFromGitHub, threading a caller-provided context through to all GitHub API calls. The internalcontext.WithTimeoutcalls should derive from the incoming context rather thancontext.Background():All 5 call sites then pass the appropriate caller context (or a derived timeout context).
Severity
Medium — Network calls during
gh aw compileare unresponsive to Ctrl+C while resolving action pins. Affects developer experience and testability.Validation
go test ./pkg/workflow/...action_resolver_test.goEstimated Effort
Medium — requires updating the method signature and 5+ call sites.
Generated by Sergo — Serena Go Expert · Run §25270219443