Add base-ref-aware stale lock guard for workflow markdown edits#44912
Merged
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add stale-lock guard for workflow markdown edits
Add base-ref-aware stale lock guard for workflow markdown edits
Jul 11, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Adds base-reference support to detect stale workflow lock files in clean CI checkouts.
Changes:
- Adds
--base-refdiffing. - Adds committed-change tests.
- Integrates the guard into
make lint.
Show a summary per file
| File | Description |
|---|---|
scripts/check-stale-lock-files.sh |
Adds base-ref change detection. |
scripts/check-stale-lock-files_test.sh |
Tests committed markdown and lock changes. |
Makefile |
Configures base-ref selection and lint integration. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comments suppressed due to low confidence (1)
Makefile:957
- This does not wire the guard into pull-request CI because no PR workflow invokes the aggregate
make linttarget. The CGO workflow calls individual targets instead (.github/workflows/cgo.yml:1181-1215), and CJS similarly callslint-cjs/format targets (.github/workflows/cjs.yml:154-161); the only workflow callingmake lintis the manually dispatched format workflow. Add an explicit guard step to a PR workflow (with full base history) so the stated CI enforcement actually runs.
@bash scripts/check-action-sh-no-python.sh
- Files reviewed: 3/3 changed files
- Comments generated: 3
- Review effort level: Medium
Comment on lines
+79
to
+84
| if git rev-parse --verify "${BASE_REF}^{commit}" >/dev/null 2>&1; then | ||
| git diff --name-only "${BASE_REF}...HEAD" 2>/dev/null || true | ||
| return | ||
| fi | ||
| echo -e "${YELLOW}WARN${NC}: --base-ref not found (${BASE_REF}); falling back to working-tree check." >&2 | ||
| fi |
Comment on lines
+107
to
108
| [ -f "$md" ] || continue | ||
| lock="${md%.md}.lock.yml" |
Comment on lines
+787
to
+793
| elif [ -n "$${GITHUB_BASE_REF:-}" ] && git rev-parse --verify "origin/$${GITHUB_BASE_REF}^{commit}" >/dev/null 2>&1; then \ | ||
| bash scripts/check-stale-lock-files.sh --base-ref "origin/$${GITHUB_BASE_REF}"; \ | ||
| elif [ -n "$${GITHUB_BASE_REF:-}" ] && git rev-parse --verify "$${GITHUB_BASE_REF}^{commit}" >/dev/null 2>&1; then \ | ||
| bash scripts/check-stale-lock-files.sh --base-ref "$${GITHUB_BASE_REF}"; \ | ||
| else \ | ||
| bash scripts/check-stale-lock-files.sh; \ | ||
| fi |
Contributor
|
🎉 This pull request is included in a new release. Release: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stale
.lock.ymlfiles after.github/workflows/*.mdedits were still slipping through and causing avoidable CI churn. This change adds a fast stale-lock guard that works both for local edits and clean CI checkouts, with explicit remediation to runmake recompile.Guard behavior: detect stale lock files in both local and CI contexts
scripts/check-stale-lock-files.shwith--base-ref <git-ref>.git diff HEAD), andgit diff <base-ref>...HEAD).Contributor/CI path wiring
Makefilecheck-stale-lock-filestarget to resolve base ref from:CHECK_STALE_LOCK_BASE_REF, ororigin/$GITHUB_BASE_REF/$GITHUB_BASE_REFwhen available.check-stale-lock-filesas a prerequisite ofmake lintso stale locks fail earlier.Coverage for stale vs clean base-ref scenarios
scripts/check-stale-lock-files_test.shwith base-ref cases:Example usage in CI-style comparison: