Skip to content

Prevent action pinning version comment flipping between equivalent tags #9023

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pelikhan merged 2 commits into from
Jan 5, 2026
Merged

Prevent action pinning version comment flipping between equivalent tags #9023

pelikhan merged 2 commits into from
Jan 5, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 5, 2026
edited
Loading

When compiling workflows with actions referenced by different version tags pointing to the same SHA (e.g., v8 vs v8.0.0), the version comments in lock files would flip between compilations, creating unnecessary git diffs.

Changes

  • ActionCache.FindEntryBySHA(): Added method to locate existing cache entries by repo+SHA combination
  • GetActionPinWithData(): Enhanced to check for existing cache entries with matching SHA and prefer the more precise version
  • Test coverage: Added TestActionCacheFindEntryBySHA to verify SHA-based lookup

Behavior

Before:

# Compile 1:
uses: actions/github-script@ed597411... # v8

# Compile 2 (no workflow changes):
uses: actions/github-script@ed597411... # v8.0.0

After:

# All compilations consistently use the more precise cached version:
uses: actions/github-script@ed597411... # v8.0.0

The system now canonicalizes to the most precise version in cache, eliminating version comment churn in lock files.

Original prompt

Update the action pinning resolation to avoid resolution switching between different versions on the same sha. See

@pelikhan ➜ /workspaces/gh-aw (main) $ DEBUG=workflow:action_* ./gh-aw compile smoke-copilot
workflow:action_mode Detecting action mode: version=v0.34.5-2-g647c7ecc2, isRelease=false +371ms
workflow:action_mode GitHub context: ref=, event= +33µs
workflow:action_mode Detected dev mode (default): isRelease=false, ref= +4µs
workflow:action_cache Creating action cache with path: /workspaces/gh-aw/.github/aw/actions-lock.json +402ms
workflow:action_cache Loading action cache from: /workspaces/gh-aw/.github/aw/actions-lock.json +17µs
workflow:action_cache Successfully loaded cache with 29 entries +101µs
workflow:action_reference Dev mode: using local action path: ./actions/setup +403ms
workflow:action_pins Unmarshaling action pins from embedded JSON (first call, will be cached) +403ms
workflow:action_pins Successfully unmarshaled and sorted 29 action pins from JSON +93µs
workflow:action_reference Dev mode: using local action path: ./actions/setup +135µs
workflow:action_reference Dev mode: using local action path: ./actions/setup +62µs
workflow:action_reference Dev mode: using local action path: ./actions/setup +64µs
workflow:action_pins Resolving action pin: repo=actions/github-script, version=v8, strict_mode=false +184µs
workflow:action_pins Attempting dynamic resolution for actions/github-script@v8 +7µs
workflow:action_resolver Resolving SHA for action: actions/github-script@v8 +403ms
workflow:action_cache Cache miss for key=actions/github-script@v8 +1ms
workflow:action_resolver Cache miss for actions/github-script@v8, querying GitHub API +8µs
workflow:action_resolver This may take a moment as we query GitHub API at /repos/actions/github-script/git/ref/tags/v8 +6µs
workflow:action_resolver Extracted base repository: actions/github-script from actions/github-script +6µs
workflow:action_resolver Querying GitHub API: /repos/actions/github-script/git/ref/tags/v8 +5µs
workflow:action_resolver Successfully resolved actions/github-script@v8 to SHA: ed597411d8f924073f98dfc5c65a23a2325f34cd +327ms
workflow:action_resolver Caching result: actions/github-script@v8 → ed597411d8f924073f98dfc5c65a23a2325f34cd +21µs
workflow:action_cache WARNING: Adding cache entry actions/github-script@v8 with SHA ed597411 that already exists as actions/github-script@v8.0.0 +327ms
workflow:action_cache This may cause version comment flipping in lock files. Consider using consistent version tags. +8µs
workflow:action_cache Setting cache entry: key=actions/github-script@v8, sha=ed597411d8f924073f98dfc5c65a23a2325f34cd +5µs
workflow:action_pins Dynamic resolution succeeded: actions/github-script@v8 → ed597411d8f924073f98dfc5c65a23a2325f34cd +327ms
workflow:action_pins Checking cache for other versions with same SHA ed597411 +6µs
workflow:action_pins Found cache entry with same SHA: actions/github-script@v8.0.0 (version=v8.0.0) vs requested version=v8 +31µs
workflow:action_pins Successfully resolved action pin (cache marked dirty, will save at end) +9µs
workflow:action_pins Returning pinned reference: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 +7µs
workflow:action_reference Dev mode: using local action path: ./actions/setup +328ms
workflow:action_reference Dev mode: using local action path: ./actions/setup +135µs
workflow:action_reference Dev mode: using local action path: ./actions/setup +62µs
workflow:action_reference Dev mode: using local action path: ./actions/setup +37µs
✓ .github/workflows/smoke-copilot.md (64.6 KB)
⚠ Campaign validation: found 7 problem(s) in campaign specs
workflow:action_cache Saving action cache to: /workspaces/gh-aw/.github/aw/actions-lock.json with 30 entries +15ms
workflow:action_cache Found 2 cache entries for actions/github-script with SHA ed597411 +16µs
workflow:action_cache Deduplicating: keeping actions/github-script@v8.0.0, removing actions/github-script@v8 +8µs
workflow:action_cache Deduplicated 1 entries, 29 entries remaining +4µs
workflow:action_cache Deduplication detail: actions/github-script: kept v8.0.0, removed v8 +3µs
workflow:action_cache Successfully saved action cache +181µs
✓ Compiled 1 workflow(s): 0 error(s), 0 warning(s)
@pelikhan ➜ /workspaces/gh-aw (main) $

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@pelikhan
Fix action pinning resolution to prevent version switching
0ddd2bf 
When an action is resolved (e.g., actions/github-script@v8) and the
cache already contains an entry with the same SHA but different version
(e.g., v8.0.0), use the more precise existing version to maintain
consistency and prevent version comment flipping in lock files.

Changes:
- Added ActionCache.FindEntryBySHA() to find entries by repo+SHA
- Modified GetActionPinWithData() to check for existing cache entries
  with same SHA and use the more precise version
- Added test coverage for FindEntryBySHA method

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Update action pinning resolution to prevent version switching Prevent action pinning version comment flipping between equivalent tags Jan 5, 2026
Copilot AI requested a review from pelikhan January 5, 2026 19:22
@pelikhan pelikhan marked this pull request as ready for review January 5, 2026 19:31
@pelikhan pelikhan merged commit b4e217c into main Jan 5, 2026
170 checks passed
@pelikhan pelikhan deleted the copilot/update-action-pinning-resolution branch January 5, 2026 19:31
@github-actions github-actions bot mentioned this pull request Jan 5, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan