Skip to content

Refactor build workflows #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
daniel-richter merged 8 commits into from
Jul 21, 2025
Merged

Refactor build workflows #20

Changes from 3 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
c03918a
Refactor AI-assisted action execution to use matrix strategy
daniel-richter Jul 21, 2025
2a12c4a
Refactor testing jobs to separate PR Summary and PR Review actions
daniel-richter Jul 21, 2025
458520c
Update AI model from gpt-4o to o3 in PR Summary and PR Review actions
daniel-richter Jul 21, 2025
7187aca
Add permissions to jobs in workflow files for proper access control
daniel-richter Jul 21, 2025
6cdd925
Disable major updates for SAP/ai-assisted-github-actions in Renovate …
daniel-richter Jul 21, 2025
71a8c05
Update AI model to anthropic--claude-4-opus in PR Summary and PR Revi…
daniel-richter Jul 21, 2025
67367a4
Update action versions for PR Summary and PR Review steps to v3
daniel-richter Jul 21, 2025
bd13dfb
Update AI model in PR Summary and PR Review actions to anthropic--cla…
daniel-richter Jul 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 16 additions & 5 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,32 +90,43 @@
git commit -m "${{ github.event.number && format('PR-{0}', github.event.number) || join(github.event.commits.*.message, ', ') }}" || true
git push

testing:
name: Execute the AI-assisted action defined in this PR
testing-summary:
name: Execute the action (PR Summary) defined in this PR
runs-on: [ubuntu-latest]
needs: create-release
if: ${{ github.ref_name != 'main' }}
steps:
- name: Checkout release branch
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ env.RELEASE_BRANCH }}
- name: Run the AI-assisted action (PR Summary)
uses: ./pr-summary # action.yml is in the pr-summary folder of the release branch
with:
aicore-service-key: ${{ secrets.AICORE_SERVICE_KEY }}
model: gpt-4o
model: o3
exclude-files: package-lock.json
display-mode: comment-delta
- name: Run the AI-assisted action (PR Summary)

testing-review:
name: Execute the action (PR Review) defined in this PR
runs-on: [ubuntu-latest]
needs: create-release
if: ${{ github.ref_name != 'main' }}
steps:
- name: Checkout release branch
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ env.RELEASE_BRANCH }}
- name: Run the AI-assisted action (PR Review)
uses: ./pr-review # action.yml is in the pr-review folder of the release branch
with:
aicore-service-key: ${{ secrets.AICORE_SERVICE_KEY }}
model: gpt-4o
model: o3
exclude-files: package-lock.json
display-mode: review-comment-delta
Copy link

@github-actions github-actions bot Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both testing-summary and testing-review repeat the same boilerplate (runs-on, needs, checkout step, etc.). You can eliminate duplication and improve maintainability by employing a matrix strategy or by using a reusable composite action. Example with a matrix:

  pr-jobs:
    strategy:
      matrix:
        include:
          - name: PR Summary
            uses: ./pr-summary
            model: gpt-4o
            display: comment-delta
          - name: PR Review
            uses: ./pr-review
            model: gpt-4o
            display: review-comment-delta
    name: Execute ${{ matrix.name }} action defined in this PR
    runs-on: ubuntu-latest
    needs: create-release
    if: ${{ github.ref_name != 'main' }}
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ env.RELEASE_BRANCH }}
      - name: Run AI-assisted ${{ matrix.name }}
        uses: ${{ matrix.uses }}
        with:
          aicore-service-key: ${{ secrets.AICORE_SERVICE_KEY }}
          model: ${{ matrix.model }}
          exclude-files: package-lock.json
          display-mode: ${{ matrix.display }}

This drastically shortens the workflow file and ensures consistency between both jobs.

Copy link
Contributor Author

@daniel-richter daniel-richter Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not possible: "In order to enact policies like only using actions defined in the org or repo we can’t allow actions to dynamically change at runtime. So using any sort of dynamic value in uses is not something we will be able to support."


update-tags:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
name: Update semantic version tags
runs-on: [ubuntu-latest]
needs: create-release
Expand Down