ci: update ovmlayer and GitHub Action versions#472
Conversation
Summary by CodeRabbitChores
概览本次更新在多个GitHub Actions工作流中升级了核心操作版本(checkout、setup-node、upload-artifact从v4升至v6),更新了路径过滤操作版本,并重构了两个工作流的令牌获取机制,从静态密钥改为动态GitHub App令牌生成。 变更
预估代码审查工作量🎯 2 (Simple) | ⏱️ ~12 分钟 🚥 Pre-merge checks | ✅ 2✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
There was a problem hiding this comment.
Pull request overview
This PR updates CI workflows to use newer GitHub-hosted actions (aiming for Node 24 compatibility) and vendors the ovmlayer setup composite action locally, switching ovmlayer downloads to use a GitHub App token and enabling the current ovmlayer-next runtime setup interface.
Changes:
- Bump GitHub Actions dependencies (e.g.,
actions/checkout,actions/setup-node,actions/upload-artifact) across workflows and composite actions. - Replace the remote ovmlayer composite action reference with a locally vendored
.github/actions/ovmlayeraction. - Generate a GitHub App token at workflow runtime and pass it (plus the ovmlayer repository name) into the local ovmlayer action, enabling runtime setup.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/publish.yml | Updates checkout action version used during publish. |
| .github/workflows/pr.yml | Updates action versions (checkout/setup-node/upload-artifact) in PR CI workflow. |
| .github/workflows/oocana-python.yml | Switches ovmlayer setup to local action, adds GitHub App token generation, updates upload-artifact. |
| .github/workflows/layer.yml | Switches ovmlayer setup to local action, adds GitHub App token generation, updates checkout/setup-node/upload-artifact. |
| .github/actions/ovmlayer/action.yml | Adds a locally vendored composite action to download/install ovmlayer and optionally perform runtime setup. |
| .github/actions/oocana-python/action.yml | Updates checkout action version used by the composite action. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
.github/actions/ovmlayer/action.yml
Outdated
| GH_TOKEN: ${{ inputs.token }} | ||
| - name: download base rootfs | ||
| run: | | ||
| curl -L ${{ inputs.rootfs }} -o base_rootfs.tar |
There was a problem hiding this comment.
The action downloads the rootfs with curl -L but without --fail/--show-error, so HTTP errors (e.g. 404) can still produce a file that then fails later in a less clear way. Consider using curl --fail --location --silent --show-error (and ideally --retry) and quoting the URL input to avoid word-splitting/globbing issues.
| curl -L ${{ inputs.rootfs }} -o base_rootfs.tar | |
| curl --fail --location --silent --show-error --retry 3 "${{ inputs.rootfs }}" -o base_rootfs.tar |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/actions/ovmlayer/action.yml:
- Around line 15-18: The action's rootfs input currently defaults to a fixed
amd64 URL (rootfs) which mismatches the normalized runner architecture (the arch
normalization code that maps to amd64/arm64), so change the action.yml rootfs
input to derive its default from the normalized arch (use an expression/template
that yields the correct URL for amd64 vs arm64, e.g. a conditional expression
using inputs.arch or the normalized arch variable to pick ".../amd64-rootfs.tar"
vs ".../arm64-rootfs.tar" or remove the hardcoded default and construct the URL
at runtime based on arch), and update callers
(.github/workflows/oocana-python.yml and .github/workflows/layer.yml) to stop
forcing the hardcoded amd64 URL so the correct arch-specific rootfs is used with
the ovmlayer binary.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: d1c02d37-9b41-41dd-a3fc-7bf2171dac78
📒 Files selected for processing (6)
.github/actions/oocana-python/action.yml.github/actions/ovmlayer/action.yml.github/workflows/layer.yml.github/workflows/oocana-python.yml.github/workflows/pr.yml.github/workflows/publish.yml
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/workflows/layer.yml (1)
84-92: 为setup-node指定 Node 运行时版本。Line 84 升级了
setup-nodeaction,但未指定node-version。Line 91-92 的npm install/npm run test将使用ubuntu-latest预装的 Node 版本,导致 CI 结果依赖于 GitHub 更新环境时的变化,降低可复现性。仓库内无
.nvmrc、.node-version文件,flow-examples/package.json亦无engines字段,建议在setup-node中明确指定经过验证的 Node 版本(如node-version: '18'或node-version: '20')以确保 CI 稳定性。🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/layer.yml around lines 84 - 92, 在 CI 工作流中 actions/setup-node@v6 步骤没有指定 node-version,导致后续在 “test flow examples” 步骤用到的 npm install / npm run test 依赖 runner 预装的 Node 版本并影响可复现性;请在该步骤(actions/setup-node@v6)添加明确的 node-version 字段(例如 '18' 或 '20')以锁定运行时版本,确保 flow-examples 的测试在稳定的 Node 版本下执行(可选同时添加 cache: 'npm' 来加速依赖安装)。
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/layer.yml:
- Around line 35-37: The workflow exposes OVMLAYER_REPOSITORY but still
hardcodes the rootfs to base-rootfs@0.4.0/amd64-rootfs.tar and the ovmlayer
action (.github/actions/ovmlayer/action.yml download step) uses gh release
download without --tag, causing binary and rootfs to drift; fix by adding an
explicit OVMLAYER_VERSION input/env (e.g., OVMLAYER_VERSION) and wire it into
both the ovmlayer action download (use --tag or the specific release) and the
rootfs filename so binary and rootfs are pinned together (keep
OVMLAYER_REPOSITORY for repo selection but use OVMLAYER_VERSION for
release/tag), and also update the actions/setup-node@v6 step to include a fixed
node-version parameter to prevent Node version drift.
---
Nitpick comments:
In @.github/workflows/layer.yml:
- Around line 84-92: 在 CI 工作流中 actions/setup-node@v6 步骤没有指定 node-version,导致后续在
“test flow examples” 步骤用到的 npm install / npm run test 依赖 runner 预装的 Node
版本并影响可复现性;请在该步骤(actions/setup-node@v6)添加明确的 node-version 字段(例如 '18' 或
'20')以锁定运行时版本,确保 flow-examples 的测试在稳定的 Node 版本下执行(可选同时添加 cache: 'npm' 来加速依赖安装)。
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: eea8ea75-c1a8-4cb1-8c2b-b091aaabdb7d
📒 Files selected for processing (3)
.github/workflows/layer.yml.github/workflows/oocana-python.yml.github/workflows/pr.yml
✅ Files skipped from review due to trivial changes (1)
- .github/workflows/pr.yml
🚧 Files skipped from review as they are similar to previous changes (1)
- .github/workflows/oocana-python.yml
There was a problem hiding this comment.
♻️ Duplicate comments (1)
.github/workflows/layer.yml (1)
84-84:⚠️ Potential issue | 🟡 Minor
actions/setup-node@v6缺少node-version参数。当前配置未指定 Node 版本,将使用 runner 预装版本。这可能导致 runner 更新后 Node 版本漂移,造成测试环境不一致。
🔧 建议添加固定的 node-version
- uses: actions/setup-node@v6 + with: + node-version: '20' - name: test flow examples🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/layer.yml at line 84, 在 GitHub Actions 步骤中使用 actions/setup-node@v6 时没有指定 Node 版本(当前行包含 actions/setup-node@v6),请在该步骤中添加一个固定的 node-version 参数(例如 node-version: 18 或从工作流输入/矩阵读取的版本),以确保 runner 不会因预装 Node 版本变化而引起环境漂移;更新对应步骤的配置以明确 node-version 值或引用 workflow 输入/矩阵变量以保持可复现性。
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In @.github/workflows/layer.yml:
- Line 84: 在 GitHub Actions 步骤中使用 actions/setup-node@v6 时没有指定 Node 版本(当前行包含
actions/setup-node@v6),请在该步骤中添加一个固定的 node-version 参数(例如 node-version: 18
或从工作流输入/矩阵读取的版本),以确保 runner 不会因预装 Node 版本变化而引起环境漂移;更新对应步骤的配置以明确 node-version
值或引用 workflow 输入/矩阵变量以保持可复现性。
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 95b811f9-ce9d-443b-a322-6e55f45ab65f
📒 Files selected for processing (2)
.github/workflows/layer.yml.github/workflows/oocana-python.yml
🚧 Files skipped from review as they are similar to previous changes (1)
- .github/workflows/oocana-python.yml
Summary
Validation