Skip to content

Deduplicate action pins in lock file by version precision#7301

Merged
pelikhan merged 3 commits intomainfrom
copilot/deduplicate-lock-file-references
Dec 22, 2025
Merged

Deduplicate action pins in lock file by version precision#7301
pelikhan merged 3 commits intomainfrom
copilot/deduplicate-lock-file-references

Conversation

Copy link
Contributor

Copilot AI commented Dec 22, 2025
edited
Loading

The actions lock file contained duplicate entries for the same action+SHA with different version references (e.g., actions/cache@v4 and actions/cache@v4.3.0 both pointing to the same commit). This bloated the lock file and created maintenance confusion.

Changes

Deduplication logic in ActionCache.Save():

  • Groups entries by repo+SHA
  • Keeps only the most precise version reference (most dots in semver)
  • Automatically applies on every cache save

Version precision comparison:

// v4.3.0 (2 dots) beats v4 (0 dots)
// v8.0.0 beats v8
isMorePreciseVersion("v4.3.0", "v4") // true

Results:

  • Lock file reduced from 40 to 27 entries
  • Kept: actions/cache@v4.3.0, actions/setup-go@v6.1.0, actions/checkout@v5.0.1
  • Removed: @v4, @v6, @v5 variants

Incidental fixes:

  • Unchecked error returns in mcp_gateway_command.go
Original prompt

The actions pins manager should deduplicate references in the lock file. Keep the latest most precise version reference for each action.

Example: if v8 and v8.0.0 are available, keep v8.0.0

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 2 commits December 22, 2025 18:01
@pelikhan
Implement action pins deduplication in lock file
435b385 
- Add deduplicateEntries() method to ActionCache.Save()
- Add isMorePreciseVersion() helper to compare version precision
- Deduplicate entries by keeping only the most precise version reference
  for each repo+SHA combination (e.g., keep v4.3.0 over v4)
- Add comprehensive tests for deduplication logic
- Update TestGetActionPinsSorting to expect 40 entries

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Fix linting errors and sync deduplicated action pins
7d79563 
- Fix unchecked error returns in mcp_gateway_command.go
- Sync deduplicated action_pins.json from .github/aw to pkg/workflow/data
- Update test to expect 27 entries after deduplication
- Regenerate all workflow lock files with deduplicated pins

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Deduplicate references in actions pins manager lock file Deduplicate action pins in lock file by version precision Dec 22, 2025
Copilot AI requested a review from pelikhan December 22, 2025 18:30
@pelikhan pelikhan marked this pull request as ready for review December 22, 2025 19:24
@pelikhan pelikhan merged commit 110358e into main Dec 22, 2025
4 checks passed
@pelikhan pelikhan deleted the copilot/deduplicate-lock-file-references branch December 22, 2025 19:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan

Comments