Validate workflow lock files using frontmatter hash comparison and optimize checkouts#13079
Closed
Validate workflow lock files using frontmatter hash comparison and optimize checkouts#13079
Conversation
- Extract hash from lock file using extractHashFromLockFile - Recompute hash from .md source file using computeFrontmatterHash - Display both hashes in action output with comparison - Show warning if hashes don't match - All existing tests pass - JavaScript code formatted with prettier Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
- Use JavaScript frontmatter hash implementation for consistency - Add note about potential differences between Go and JS implementations - Display helps identify either frontmatter changes or implementation differences - All tests pass Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
|
@copilot the check that workflows are outdated is NOT done through time spans anymore. Instead just make sure that the frontmatter hashes and recomputed hash match |
Copilot
AI
changed the title
[WIP] Display front matter hashes in action output
Display frontmatter hash comparison in workflow timestamp validation
Feb 1, 2026
- Remove GitHub API timestamp comparison logic - Use frontmatter hash matching as the only validation method - Fail step when hashes don't match (instead of just warning) - Display both hashes in output for debugging - Simplified validation flow: extract hash from lock file, recompute from source, compare Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in f93b867. The validation now uses only frontmatter hash comparison:
The step now displays both hashes and fails immediately if they differ, providing clear feedback about configuration drift. |
Copilot
AI
changed the title
Display frontmatter hash comparison in workflow timestamp validation
Validate workflow lock files using frontmatter hash comparison
Feb 1, 2026
Contributor
|
@copilot update the compiler so that the activation job must also checkout the .github folder (shallow) |
- Created generateCheckoutForActivation() function - Activation job now checks out both actions and .github folders - Uses shallow clone (depth: 1) for efficiency - Enables frontmatter hash validation to read source .md files - Pre-activation job still only checks out actions folder Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Done in 614c5c6. The activation job now checks out both - name: Checkout actions folder
uses: actions/checkout@v6
with:
sparse-checkout: |
actions
.github
depth: 1
persist-credentials: falseThis enables the hash validation step to read the source |
pelikhan
reviewed
Feb 1, 2026
- Added depth: 1 to generateCheckoutActionsFolder dev mode - Now all checkout steps use shallow clone for efficiency - Activation job: checks out actions + .github (shallow) - All other jobs: check out actions only (shallow) - Reduces checkout time and disk usage across all jobs Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
Validate workflow lock files using frontmatter hash comparison
Validate workflow lock files using frontmatter hash comparison and optimize checkouts
Feb 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces timestamp-based validation with frontmatter hash comparison to detect outdated workflow lock files. The validation now directly compares the hash from the lock file with a recomputed hash from the source markdown file. Additionally, optimizes all checkout steps to use shallow clones.
Changes
Replaced timestamp validation with hash-based validation in
check_workflow_timestamp_api.cjs# frontmatter-hash:comment.mdfile using JavaScript implementationUpdated activation job to checkout
.githubfolder for hash validationgenerateCheckoutForActivation()function incompiler_yaml_helpers.goactionsand.githubfolders using sparse-checkoutdepth: 1) for efficiency.mdfiles from.github/workflows/Optimized all checkout steps to use shallow clone
depth: 1togenerateCheckoutActionsFolder()dev modeValidation Flow
.mdfile in.github/workflows/Output
When hashes match:
When hashes don't match:
Checkout Configuration
Activation job (needs source files for hash validation):
All other jobs (only need scripts):
Benefits
depth: 1) with sparse-checkout minimizes time and disk usage across all 146 workflowsNotes
frontmatter_hash_pure.cjs) may produce different results than the Go compiler for the same frontmatterOriginal prompt
💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.