Use reusable workflow

[joselsegura]

Additional Context

Use the reusable workflow for BDD tests

Fixes #CCXDEV-16052

Type of change

• Behavioral tests (no changes in the code)
• Configuration update

Testing steps

Tested in personal fork/local image

Checklist

• pre-commit run --all passes
• updated documentation wherever necessary
• added or modified tests if necessary
• updated schemas and validators in insights-data-schemas in case of input/output change

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e5e8c953-5bb0-40cd-b290-475d6631de32

📥 Commits

Reviewing files that changed from the base of the PR and between ab3da5d and 3829d51.

📒 Files selected for processing (1)

• .github/workflows/bdd.yaml

---

Summary by CodeRabbit

• Chores
  • Updated CI configuration: replaced the previous BDD workflow with a new BDD workflow that runs behavior-driven tests on pushes to main and on pull requests, reusing an existing workflow template and providing the required service configuration for inference tests.

Walkthrough

Replaced a local BDD GitHub Actions workflow with a workflow that calls a shared external workflow (RedHatInsights/processing-tools/.github/workflows/bdd.yaml@master), preserving triggers for pushes to main/master and pull requests and passing service: inference-service.

Changes

Cohort / File(s)	Summary
BDD workflow files \.github/workflows/bdd.yaml, \.github/workflows/bdd.yml	Added bdd.yaml which references and reuses the external shared workflow RedHatInsights/processing-tools/.github/workflows/bdd.yaml@master with service: inference-service. Removed the previous local bdd.yml that contained container setup, env vars, checkout, make inference-service-tests, log renaming on failure, and artifact upload. Maintains triggers for pushes to main/master and pull requests.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: replacing the local BDD workflow with a reusable workflow from an external repository.
Description check	✅ Passed	The description follows the template with all required sections completed: additional context, type of change, testing steps, and checklist. It clearly explains the purpose and references the related issue.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.93%. Comparing base (2c7ddac) to head (3829d51).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #24   +/-   ##
=======================================
  Coverage   86.93%   86.93%           
=======================================
  Files          10       10           
  Lines         199      199           
  Branches        6        6           
=======================================
  Hits          173      173           
  Misses         25       25           
  Partials        1        1           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/bdd.yaml:
- Line 11: The reusable workflow reference currently uses a floating ref "uses:
RedHatInsights/processing-tools/.github/workflows/bdd.yaml@master"; replace the
"@master" ref with the full commit SHA of the upstream commit you want to pin so
the workflow is deterministically versioned. Update the string in the
.github/workflows/bdd.yaml file to use the specific commit hash (e.g.,
.../bdd.yaml@<FULL_COMMIT_SHA>) and commit that change so CI uses the pinned
reusable workflow.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 65d21e69-a299-4cc3-8751-84df23ee9fb6

📥 Commits

Reviewing files that changed from the base of the PR and between cfe985b and ab3da5d.

📒 Files selected for processing (2)

• .github/workflows/bdd.yaml
• .github/workflows/bdd.yml

💤 Files with no reviewable changes (1)

• .github/workflows/bdd.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

What do GitHub Actions security best practices recommend for referencing reusable workflows in another repository: pinning to a branch like master, a tag, or a full commit SHA?

💡 Result:

GitHub Actions security guidance recommends pinning reusable workflows to a full commit SHA (immutable) rather than a mutable branch like master/main. While {ref} can be a branch name, release tag, or SHA, GitHub explicitly notes that using the commit SHA is the safest option for stability and security. [1] GitHub also generally recommends SHA-pinning dependencies to reduce the risk of a compromised/moved tag or branch being pulled automatically. [2]

Answer: Prefer full commit SHA; avoid pinning to master/main. Tags are allowed, but SHA is the security-best-practice choice. [1][2]

Sources:
[1] GitHub Docs – Reusing workflows (reusable workflow refs; “commit SHA is the safest option”)
[2] GitHub Changelog – Recommendation to pin GitHub Actions dependencies to a specific commit SHA

---

Pin the reusable workflow to a full commit SHA.

Using @master allows upstream changes to alter this repository's CI behavior without review. GitHub Actions security best practices recommend pinning reusable workflows to a full commit SHA for stability and security.

Suggested change

-    uses: RedHatInsights/processing-tools/.github/workflows/bdd.yaml@master
+    uses: RedHatInsights/processing-tools/.github/workflows/bdd.yaml@<full_commit_sha>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/bdd.yaml at line 11, The reusable workflow reference
currently uses a floating ref "uses:
RedHatInsights/processing-tools/.github/workflows/bdd.yaml@master"; replace the
"@master" ref with the full commit SHA of the upstream commit you want to pin so
the workflow is deterministically versioned. Update the string in the
.github/workflows/bdd.yaml file to use the specific commit hash (e.g.,
.../bdd.yaml@<FULL_COMMIT_SHA>) and commit that change so CI uses the pinned
reusable workflow.

[joselsegura]

/retest

[matysek]

/retest

[joselsegura]

/retest