Skip to content

refactor: migrate to centralized actions from cap-java/.github #842

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Schmarvinius wants to merge 1 commit into from
Closed

refactor: migrate to centralized actions from cap-java/.github #842

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 0 additions & 33 deletions .github/actions/build/action.yml
View file
Open in desktop

This file was deleted.

36 changes: 7 additions & 29 deletions .github/actions/cf-bind/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,36 +24,14 @@ inputs:
runs:
using: composite
steps:
- name: Install CF CLI
shell: bash
env:
CF_CLI_VERSION: '8.18.3'
run: |
wget -q "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=${CF_CLI_VERSION}&source=github-rel" -O cf-cli.tar.gz
tar -xzf cf-cli.tar.gz
sudo mv cf8 /usr/local/bin/cf
cf --version

- name: CF Login
shell: bash
env:
CF_USERNAME: ${{ inputs.cf-username }}
CF_PASSWORD: ${{ inputs.cf-password }}
CF_API: ${{ inputs.cf-api }}
CF_ORG: ${{ inputs.cf-org }}
CF_SPACE: ${{ inputs.cf-space }}
run: |
for i in {1..5}; do
cf api "$CF_API" && \
cf auth && \
cf target -o "$CF_ORG" -s "$CF_SPACE" && break
if [ "$i" -eq 5 ]; then
echo "cf login failed after 5 attempts."
exit 1
fi
echo "cf login failed, retrying ($i/5)..."
sleep 10
done
uses: cap-java/.github/actions/cf-login@feat/centralized-actions-workflows
Copy link
Copy Markdown
Contributor

@hyperspace-insights hyperspace-insights Bot May 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The CF Login step delegates to a cross-repository action pinned to a feature branch, not a stable ref

The reference cap-java/.github/actions/cf-login@feat/centralized-actions-workflows is a mutable branch tip. If that branch is force-pushed or rebased, the action will run a different (possibly broken) version without any notice. Additionally, cross-repository composite action uses: references are only supported when the referenced repository is in the same GitHub organization, and branch refs have no integrity guarantee.

Per the PR description, this should eventually be updated to @main once the central repo PR is merged. Make sure this is done before production use, or pin to a specific commit SHA.

Please provide feedback on the review comment by checking the appropriate box:

  • 🌟 Awesome comment, a human might have missed that.
  • ✅ Helpful comment
  • 🤷 Neutral
  • ❌ This comment is not helpful

with:
cf-api: ${{ inputs.cf-api }}
cf-username: ${{ inputs.cf-username }}
cf-password: ${{ inputs.cf-password }}
cf-org: ${{ inputs.cf-org }}
cf-space: ${{ inputs.cf-space }}

- name: Install @sap/cds-dk
shell: bash
Expand Down
70 changes: 0 additions & 70 deletions .github/actions/deploy-release/action.yml
View file
Open in desktop

This file was deleted.

79 changes: 0 additions & 79 deletions .github/actions/scan-with-blackduck/action.yml
View file
Open in desktop

This file was deleted.

51 changes: 0 additions & 51 deletions .github/actions/scan-with-codeql/action.yml
View file
Open in desktop

This file was deleted.

80 changes: 0 additions & 80 deletions .github/actions/scan-with-sonar/action.yml
View file
Open in desktop

This file was deleted.

21 changes: 2 additions & 19 deletions .github/workflows/issue.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,24 +8,7 @@ on:
- opened

jobs:
label_issues:
runs-on: ubuntu-latest
label:
uses: cap-java/.github/.github/workflows/issue.yml@feat/centralized-actions-workflows
permissions:
issues: write
Comment on lines +11 to 14
Copy link
Copy Markdown
Contributor

@hyperspace-insights hyperspace-insights Bot May 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Reusable workflow called without passing secrets: inherit

When a caller workflow uses uses: (reusable workflow call), secrets are not automatically passed through. The called workflow in cap-java/.github likely needs secrets.GITHUB_TOKEN (or similar) to label issues. Without secrets: inherit, the called workflow receives no secrets and will fail on any step that requires authentication.

Should add secrets: inherit to the job definition.

Suggested change
label:
uses: cap-java/.github/.github/workflows/issue.yml@feat/centralized-actions-workflows
permissions:
issues: write
label:
uses: cap-java/.github/.github/workflows/issue.yml@feat/centralized-actions-workflows
permissions:
issues: write
secrets: inherit

Double-check suggestion before committing. Edit this comment for amendments.

Please provide feedback on the review comment by checking the appropriate box:

  • 🌟 Awesome comment, a human might have missed that.
  • ✅ Helpful comment
  • 🤷 Neutral
  • ❌ This comment is not helpful

steps:
- run: gh issue edit "$NUMBER" --add-label "$LABELS"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
NUMBER: ${{ github.event.issue.number }}
LABELS: New

- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `👋 Hello @${context.payload.issue.user.login}, thank you for submitting this issue. Our team is reviewing your report and will follow up with you as soon as possible.`
})
Loading
Loading