Skip to content

fix: add context.Context to ResolveSHA for graceful cancellation#29900

Merged
pelikhan merged 3 commits intomainfrom
copilot/update-action-resolver-context-parameter
May 3, 2026
Merged

fix: add context.Context to ResolveSHA for graceful cancellation#29900
pelikhan merged 3 commits intomainfrom
copilot/update-action-resolver-context-parameter

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 3, 2026
edited
Loading

ActionResolver.ResolveSHA and resolveFromGitHub used hard-coded context.Background() timeouts, making GitHub API calls during action pin resolution unresponsive to cancellation (Ctrl+C, compile timeout, etc.).

Core changes

  • ActionSHAResolver interface and actionpins.SHAResolver interface: add ctx context.Context as first parameter
  • ActionResolver.ResolveSHA / resolveFromGitHub: accept and thread context; rename internal ctx shadow to callCtx so annotated-tag peel iterations each get a fresh 30s timeout from the original caller context rather than an already-running one
  • actionpins.PinContext: add Ctx context.Context field; ResolveActionPin uses cmp.Or(ctx.Ctx, context.Background()) to forward it into dynamic resolution
// Before
func (r *ActionResolver) ResolveSHA(repo, version string) (string, error)
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)

// After
func (r *ActionResolver) ResolveSHA(ctx context.Context, repo, version string) (string, error)
callCtx, cancel := context.WithTimeout(ctx, 30*time.Second)
// peel loop derives from original ctx, not callCtx
peelCtx, peelCancel := context.WithTimeout(ctx, 30*time.Second)

Call sites (5)

All updated to pass context.Background() — correct since no parent context is threaded through the intermediate workflow/CLI functions yet:

File Location
pkg/workflow/maintenance_workflow.go resolveActionRef
pkg/workflow/action_sha_checker.go CheckActionSHAUpdates
pkg/workflow/action_reference.go resolveSetupActionRef (×2)
pkg/actionpins/actionpins.go ResolveActionPin
pkg/cli/copilot_setup.go getActionRef (×2)

Test mock mockSHAResolver in copilot_setup_test.go updated to match the new signature.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh gh repo view --json owner,name --jq .owner.login + "/" + .name ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env 3472095762/.github/workflows GO111MODULE cfg GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw GOMOD GOMODCACHE go env /ref/tags/v9 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw util GOMODCACHE go env t_NmpAeXU GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE rtcfg (http block)
  • https://api.github.com/orgs/test-owner/actions/secrets
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name --check scripts/**/*.js 64/bin/go -d GO111MODULE 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq [.object.sha, .object.type] | @tsv --show-toplevel go /usr/bin/git ithub/workflows/git GO111MODULE 1/x64/bin/node git rev-�� --show-toplevel 1/x64/bin/node /usr/bin/git -bool s /usr/bin/git git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv add upstream /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel FVPrIMI/Ghy3DT33Rik9SPHCtMYQ /usr/bin/gh -json GO111MODULE 64/bin/go gh (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linurepos/{owner}/{repo}/actions/runs/12346/artifact-c /usr/bin/git /tmp/go-build486git l /tmp/go-build486--show-toplevel git rev-�� --show-toplevel /tmp/go-build486489152/b450/styles.test /usr/bin/git -test.paniconexigh -test.v=true /usr/bin/gh git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 git bject.type] | @tsv :latest go /opt/hostedtoolc--show-toplevel git rev-�� /ref/tags/v9 /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile sv /tmp/go-build486infocmp -trimpath /opt/hostedtoolcxterm-color gh (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv 4542917 GO111MODULE /opt/hostedtoolcache/go/1.25.8/x--created GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE /opt/hostedtoolcache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel /usr/lib/git-core/git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq [.object.sha, .object.type] | @tsv --show-toplevel infocmp /usr/bin/git xterm-color go /usr/bin/git git rev-�� --show-toplevel git /usr/bin/infocmp --show-toplevel go /usr/bin/git infocmp (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 --jq bject.type] | @tsv GOSUMDB GOWORK 64/bin/go /usr/lib/git-core/git main�� run --auto ache/node/24.14.1/x64/bin/node --detach --check 64/bin/go node (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv Xz34/0uXSzV-SefrVVCpTXz34 (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv GOMODCACHE l /usr/bin/git -json GO111MODULE 64/bin/go git rev-�� --show-toplevel 3Zv3h0y/rLzSlIqW^remote\..*\.gh-resolved$ /usr/bin/git -json GO111MODULE nch,headSha,disp--show-toplevel git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/infocmp GOMODCACHE go /usr/bin/git infocmp -1 xterm-color git /usr/bin/git /tmp/shared-actiinfocmp rev-parse e/git git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE node /opt�� prettier --check 64/bin/go --ignore-path .prettierignore 64/bin/go go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv npx prettier --cGOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go node /hom�� --check scripts/**/*.js 64/bin/go .prettierignore GO111MODULE 64/bin/go go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq [.object.sha, .object.type] | @tsv prettier --check 64/bin/go **/*.ts **/*.json --ignore-path go list�� -mod=readonly -f 64/bin/go -d unsafe 64/bin/go go (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9.0.0
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9.0.0 --jq [.object.sha, .object.type] | @tsv GOSUMDB GOWORK 64/bin/go GOINSECURE GOMOD GOMODCACHE node /hom�� --check **/*.cjs 64/bin/go **/*.json --ignore-path run-script/lib/n-json go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9.0.0 --jq [.object.sha, .object.type] | @tsv npx prettier --cGOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK run-script/lib/n-json sh -c "prettier" --cheGOINSECURE go 64/bin/go tierignore GO111MODULE 64/bin/go go (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9.0.0 --jq [.object.sha, .object.type] | @tsv prettier --check 64/bin/go **/*.ts **/*.json --ignore-path -3lxG0HoYBiF env -json GOMOD 64/bin/go tierignore GO111MODULE 64/bin/go go (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv xterm-color ache/go/1.25.8/xREDACTED /usr/bin/git 489152/b392/_pkggit GO111MODULE 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linu-test.v=true /usr/bin/git _.a GO111MODULE kflows/my-workfl--show-toplevel git (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --get remote.origin.url /usr/bin/unpigz -json GO111MODULE 64/bin/go /usr/bin/unpigz -d -c go /usr/bin/git 345 GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/link /usr/bin/git CommaSeparatedCogit GO111MODULE 489152/b070/impo--show-toplevel git rev-�� --show-toplevel 1NuU9jtEgawZo/Ci-buildtags /usr/bin/git runs/20260503-08git GO111MODULE 489152/b070/_pkg--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/infocmp k/gh-aw/gh-aw/.ggit config /opt/hostedtoolc--show-toplevel infocmp -1 xterm-color node /usr/bin/git /tmp/TestHashConinfocmp go (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv 3126-32420/test-4542917 -test.v=true 489152/b440/vet.cfg -test.timeout=10git -test.run=^Test -test.short=true--show-toplevel /bin/sh -c git-upload-pack '/tmp/TestParseDefaultBranchFromLsRemoteWithReal-c=4 resolved$ /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile prettier --check 64/bin/go /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linu^remote\..*\.gh-resolved$ (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv -bool l /usr/bin/git -errorsas -ifaceassert -nilfunc git -C /tmp/compile-instructions-test-2309641142/.github/workflows s/3/artifacts /usr/bin/git remote.origin.urgit GO111MODULE 64/bin/go git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v6 --jq [.object.sha, .object.type] | @tsv /tmp/gh-aw-test-runs/20260503-083126-32420/test-remote.origin.url (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv -unreachable=false /tmp/go-build486489152/b111/vet.cfg /opt/hostedtoolcache/node/24.14.1/x64/bin/node -c=4 -nolocalimports -importcfg node /tmp�� /home/REDACTED/work/gh-aw/gh-aw/.github/workflows/approach-validator.md Ww7VJguVlRAx /usr/lib/git-core/git -json GO111MODULE 64/bin/go /usr/lib/git-core/git (http block)
  • https://api.github.com/repos/aws-actions/configure-aws-credentials/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/aws-actions/configure-aws-credentials/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv ithub-script/git/ref/tags/v9 7D8RXanEmFBss/sX9FX53sm1OTZ6jdpo--jq bject.type] | @tsv ry=1 config 489152/b472/_pkg--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x--jq /usr/bin/git -bool -buildtags /usr/bin/gh git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/aws-actions/configure-aws-credentials/git/ref/tags/v4 --jq [.object.sha, .object.type] | @tsv --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile /usr/bin/git k/gh-aw/gh-aw/.ggit -trimpath /opt/hostedtoolcuser.name git rev-�� --show-toplevel node /usr/bin/gh runs/20260503-08git -dwarf=false /opt/hostedtoolc--show-toplevel gh (http block)
  • https://api.github.com/repos/azure/login/git/ref/tags/v2
    • Triggering command: /usr/bin/gh gh api /repos/azure/login/git/ref/tags/v2 --jq [.object.sha, .object.type] | @tsv --show-toplevel /tmp/go-build486489152/b431/parser.test /usr/bin/git -test.paniconexigit -test.v=true om/testorg/testr--show-toplevel git rev-�� --show-toplevel git /usr/bin/git --show-toplevel go /usr/bin/git git (http block)
  • https://api.github.com/repos/docker/login-action/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/docker/login-action/git/ref/tags/v3 --jq [.object.sha, .object.type] | @tsv --show-toplevel infocmp /usr/bin/git xterm-color 489152/b452/_tesrev-parse e/git git rev-�� /ref/tags/v9 e/git sv --get remote.origin.ur-1 /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq [.object.sha, .object.type] | @tsv /repos/actions/github-script/git/ref/tags/v9 --jq /usr/bin/git Onlyrepos_only_wgh GO111MODULE /opt/hostedtoolc/repos/actions/github-script/git/ref/tags/v9 git rev-�� --show-toplevel go /usr/bin/infocmp 3126-32420/test-infocmp GO111MODULE /opt/hostedtoolcxterm-color infocmp (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv xterm-color go /usr/bin/gh -json GO111MODULE 64/bin/go gh api /repos/actions/github-script/git/ref/tags/v9 --jq /usr/bin/git ub/workflows GO111MODULE x_amd64/vet git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv ignore-path ../../../.prettierignore --jq /usr/bin/gh --show-toplevel git /usr/bin/git gh api /repos/actions/github-script/git/ref/tags/v9 --jq /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv GOMODCACHE (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-04-26 GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-04-03 GOMOD GOMODCACHE go env itcustom_branch4125408134/001 itcustom_branch4125408134/002/work x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --limit 100 --created >=2026-02-02 GOMOD GOMODCACHE go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env 1488526916 GO111MODULE k GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env _.a GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE util GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linuremote1 env ithub/workflows GO111MODULE rtcfg.link GOINSECURE GOMOD GOMODCACHE iUEqf5PFeb3NCkL0nF/2rw-RdHCw_apH02zfbN4/uSkbk2Boconfig (http block)
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env /ref/tags/v9.0.0 GO111MODULE sv GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1234567890
    • Triggering command: /usr/bin/gh gh api repos/{owner}/{repo}/actions/runs/1234567890 --jq {databaseId: .id, number: .run_number, url: .html_url, status: .status, conclusion: .conclusion, workflowName: .name, workflowPath: .path, createdAt: .created_at, startedAt: .run_started_at, updatedAt: .updated_at, event: .event, headBranch: .head_branch, log.showsignaturGOINSECURE log 64/bin/go --format=%H:%ct GO111MODULE 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet stlo�� -json GO111MODULE k GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE til.test GOINSECURE GOMOD GOMODCACHE y4/NgsYRIvMQHHTX^remote\..*\.gh-resolved$ 8648�� -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go stlo�� 3126-32420/test-source-field-vargo1.25.8 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x--created GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile env 3494/001/stability-test.md GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE er GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE 06/m1mI9m8ZybBw5VAsfaec/Pi1C9UClmDRmydbNI-g3 env -json GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env 182857883 GO111MODULE k GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env 1488526916 GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env 3126-32420/test-source-field-variant-208046924 GO111MODULE ow.lock.yml GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --check scripts/**/*.js 64/bin/go .prettierignore GO111MODULE 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 /tmp/go-build486489152/b456/importcfg -pack /tmp/go-build486489152/b456/_testmain.go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 GOMOD GOMODCACHE ole.test 8648�� 3494/001/stability-test.md GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/contents/.github/workflows/shared/reporting.md
    • Triggering command: /tmp/go-build486489152/b404/cli.test /tmp/go-build486489152/b404/cli.test -test.testlogfile=/tmp/go-build486489152/b404/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE 573529/b425/impoGO111MODULE -c che/go-build/47/GOINSECURE GOPROXY 64/bin/go GOSUMDB GOWORK 64/bin/go /opt/hostedtoolcGO111MODULE (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git k/gh-aw/gh-aw/pkbasename config /usr/bin/git git rev-�� --show-toplevel git /usr/bin/gh /tmp/gh-aw-test-gh remote /usr/bin/git gh (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv /ref/tags/v9 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env -json GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/link GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuremote.origin.url (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq [.object.sha, .object.type] | @tsv ignore-path ../../../.prettierignore git /usr/bin/infocmp --show-toplevel node /usr/bin/git infocmp -1 xterm-color git modules/@npmcli/run-script/lib/node-gyp-bin/node /ref/tags/v9 git sv gh (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE fe972c7217b251a76ba089fa9291ded1-d GOINSECURE GOMOD GOMODCACHE go env ub/workflows GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq [.object.sha, .object.type] | @tsv ignore-path ../../../.prettierignore git /usr/bin/gh --show-toplevel /opt/hostedtoolc-c /usr/bin/git gh api /repos/actions/github-script/git/ref/tags/v9 --jq /usr/bin/git --show-toplevel git /usr/bin/git git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/link GOINSECURE GOMOD GOMODCACHE x_amd64/link (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq [.object.sha, .object.type] | @tsv go1.25.8 -c=4 -nolocalimports -importcfg /tmp/go-build486489152/b462/importcfg -pack /tmp/go-build486489152/b462/_testmain.go env ub/workflows GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq [.object.sha, .object.type] | @tsv ignore-path ../../../.prettierignore git /usr/bin/infocmp --show-toplevel git /usr/bin/git infocmp -1 xterm-color git /usr/bin/gh --show-toplevel git /usr/bin/git gh (http block)
  • https://api.github.com/repos/google-github-actions/auth/git/ref/tags/v2
    • Triggering command: /usr/bin/gh gh api /repos/google-github-actions/auth/git/ref/tags/v2 --jq [.object.sha, .object.type] | @tsv --show-toplevel git /usr/bin/git --show-toplevel (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv -json GO111MODULE cfg GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuremote.myorg.url (http block)
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv ignore-path ../../../.prettierignore git bject.type] | @tsv ithub-script/gitsh /tmp/go-build486-c bject.type] | @t"prettier" --write '**/*.cjs' '**/*.ts' '**/*.json' --ignore-path ../../../.pret.prettierignore git rev-�� --show-toplevel git /usr/bin/infocmp --show-toplevel git /usr/bin/git infocmp (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE tdrain GOMODCACHE x_amd64/vet env NFnr1OmBQ GO111MODULE ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE rtcfg (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go -d GO111MODULE 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo 64/bin/go tierignore GO111MODULE 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
    • Triggering command: /usr/bin/gh gh workflow list --repo owner/repo --json name,path,state ache/go/1.25.8/x64/bin/go GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/bin/bash GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name --check scripts/**/*.js 64/bin/go -d GO111MODULE 64/bin/go go env -json GO111MODULE 64/bin/go GOINSECURE GOMOD GOMODCACHE go (http block)
  • https://api.github.com/repos/test/repo
    • Triggering command: /usr/bin/gh gh api /repos/test/repo --jq .default_branch -json GO111MODULE cfg GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/xREDACTED (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI linked an issue May 3, 2026 that may be closed by this pull request
ActionResolver.ResolveSHA lacks context parameter, preventing graceful cancellation #29875
Closed
4 tasks
Copilot AI changed the title [WIP] Add context parameter to ActionResolver.ResolveSHA for cancellation support fix: add context.Context to ResolveSHA for graceful cancellation May 3, 2026
Copilot AI requested a review from pelikhan May 3, 2026 08:36
@github-actions github-actions Bot mentioned this pull request May 3, 2026
Closed
@pelikhan pelikhan marked this pull request as ready for review May 3, 2026 13:09
Copilot AI review requested due to automatic review settings May 3, 2026 13:10
Copilot AI reviewed May 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates action tag-to-SHA resolution to accept and propagate context.Context, enabling GitHub API calls (via gh api) during action pin resolution to respect cancellation/timeouts instead of using hard-coded context.Background().

Changes:

  • Add ctx context.Context parameter to workflow.ActionSHAResolver and actionpins.SHAResolver and thread it through ActionResolver.ResolveSHAresolveFromGitHub.
  • Introduce actionpins.PinContext.Ctx and forward it into dynamic resolution via ResolveActionPin.
  • Update all current call sites and mocks/tests to match the new ResolveSHA(ctx, repo, version) signature.
Show a summary per file
File Description
pkg/workflow/maintenance_workflow.go Passes a context into SHA resolution when generating maintenance workflow action refs.
pkg/workflow/action_sha_checker.go Passes a context into SHA resolution when checking for action SHA updates.
pkg/workflow/action_resolver_test.go Updates resolver tests to call the new ResolveSHA(ctx, ...) signature.
pkg/workflow/action_resolver.go Adds ctx threading into ResolveSHA/resolveFromGitHub and updates timeout derivation.
pkg/workflow/action_reference.go Passes a context into SHA resolution when resolving setup action references.
pkg/cli/copilot_setup_test.go Updates the mockSHAResolver to match the new interface signature.
pkg/cli/copilot_setup.go Passes a context into SHA resolution when generating copilot setup steps YAML.
pkg/actionpins/actionpins.go Extends pin resolution context to carry a context.Context and forwards it into dynamic SHA resolution.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 8/8 changed files
  • Comments generated: 1

Comment thread pkg/workflow/action_resolver.go
Comment on lines +109 to 112
// operation can also derive a fresh 30-second timeout from it (rather than from
// the already-running callCtx, which may have far less than 30 seconds remaining).
callCtx, cancel := context.WithTimeout(ctx, 30*time.Second)
defer cancel()
@github-actions github-actions Bot mentioned this pull request May 3, 2026
Open
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 3, 2026

🧪 Test Quality Sentinel Report

Test Quality Score: 100/100

Excellent test quality

Metric Value
New/modified tests analyzed 2
✅ Design tests (behavioral contracts) 2 (100%)
⚠️ Implementation tests (low value) 0 (0%)
Tests with error/edge cases 2 (100%)
Duplicate test clusters 0
Test inflation detected No
🚨 Coding-guideline violations None

Test Classification Details

Test File Classification Issues Detected
TestActionResolverCache pkg/workflow/action_resolver_test.go:59 ✅ Design None — verifies cached SHA is returned without an API call
TestActionResolverFailedResolutionCache pkg/workflow/action_resolver_test.go:80 ✅ Design None — verifies failed resolution is cached and re-used

No new test functions were added. Both modified tests received purely mechanical updates — passing context.Background() to match the new ResolveSHA(context.Context, ...) signature.

Language Support

Tests analyzed:

  • 🐹 Go (*_test.go): 2 modified tests — both unit (//go:build !integration)
  • 🟨 JavaScript (*.test.cjs, *.test.js): 0 tests

Verdict

Check passed. 0% of new/modified tests are implementation tests (threshold: 30%). Both modified tests verify behavioral contracts (caching of successful and failed SHA resolution). Build tags are present. No mock libraries used. No assertion-message violations detected.

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

  • Assert on observable outputs, return values, or state changes
  • Cover error paths and boundary conditions
  • Would catch a behavioral regression if deleted
  • Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

  • Assert on internal function calls (mocking internals)
  • Only test the happy path with typical inputs
  • Break during legitimate refactoring even when behavior is correct
  • Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

References: §25280071162

🧪 Test quality analysis by Test Quality Sentinel · ● 496K ·

github-actions[bot]
github-actions Bot approved these changes May 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Test Quality Sentinel: 100/100. Test quality is excellent — 0% of new/modified tests are implementation tests (threshold: 30%). Both tests verify behavioral caching contracts with error-path coverage.

@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented May 3, 2026

@copilot review comments

@pelikhan
fix: guard against nil context in ResolveSHA
e5ba753 
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/4b1fc56b-45a3-4355-accd-5a6d3110d196

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 3, 2026
edited
Loading

@copilot review comments

Addressed in e5ba753 — added a nil guard at the top of ResolveSHA that normalizes nil to context.Background() before any context usage, preventing the panic described in the review comment.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq [.object.sha, .object.type] | @tsv (http block)

If you need me to access, download, or install something from one of these locations, you can either:

@pelikhan pelikhan merged commit ecda80c into main May 3, 2026
@pelikhan pelikhan deleted the copilot/update-action-resolver-context-parameter branch May 3, 2026 14:54
Copilot AI added a commit that referenced this pull request May 3, 2026
fix: add context.Context to ResolveSHA for graceful cancellation (#29900
b8398e4 
)

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@github-actions github-actions[bot] github-actions[bot] approved these changes

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ActionResolver.ResolveSHA lacks context parameter, preventing graceful cancellation

3 participants

@pelikhan