You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey, following recent changes, essentially any value of runs-on: is accepted. Since one of the outcomes of this action is to reduce the possibility of broken workflows, I think it would be very beneficial to validate runs-on somehow.
Proposal
By default validate against freely available GitHub Hosted runners (no XL, no self-hosted) This way the validator brings immediate value to hopefully most users,
With a CLI parameter (--allowed-runners) allow setting valid (incl. custom) values. but also gives the ability to override if needed.
github-latest: ubuntu-latest, windows-latest, etc.
github-xl: -xl and -cores suffixed ones
self-hosted: special value for current 0.5.4 behaviour
Custom groups
If there's a known list of self hosted runners, it's possible to just list them all and use no groups. That is, to define a custom group, users need to list all runners explicitly.
For reusability the custom groups could be extracted into environment variables / organization level variables, like ACTION_VALIDATOR_ALLOWED_RUNNERS, and then that used in CLI with shell expansion: --allowed-runners=${ACTION_VALIDATOR_ALLOWED_RUNNERS},-ubuntu-latest.
Calculation
Start with empty set
Add all positive groups, and positive runners
Remove all negative groups and runners
i.e. order of flags doesn't matter.
Examples
the default when no argument provided
--allowed-runners=!github-free
a GitHub Enterprise user might validate like this, if they allow 2 self-hosted runners, and want to be explicit about versions:
I'm definitely in favour of introducing a way to better validate runs-on values. Not being a custom runner user myself, I'm probably not in a strong position to define a specification for how to do it. Thus, I can at best kibbitz on the work of others.
The only feedback I've got on your proposal so far is that I'm wary of using ! in a command-line argument, as shells have a habit of treating that character specially. I know of programs that use @ as a prefix for group-like behaviour; would that be an acceptable prefix in this case?
mpalmer
added
the
pr-welcome
This would be a good fix/feature, but the maintainer isn't planning on doing the work
label
Nov 28, 2023
Intro
Hey, following recent changes, essentially any value of
runs-on:
is accepted. Since one of the outcomes of this action is to reduce the possibility of broken workflows, I think it would be very beneficial to validate runs-on somehow.Proposal
This way the validator brings immediate value to hopefully most users,
--allowed-runners
) allow setting valid (incl. custom) values.but also gives the ability to override if needed.
Syntax
@
for built-in (in the validator) groups-
for exclusion-
prefix = positive listingBuilt-in groups
(might be more):
Custom groups
If there's a known list of self hosted runners, it's possible to just list them all and use no groups. That is, to define a custom group, users need to list all runners explicitly.
For reusability the custom groups could be extracted into environment variables / organization level variables, like
ACTION_VALIDATOR_ALLOWED_RUNNERS
, and then that used in CLI with shell expansion:--allowed-runners=${ACTION_VALIDATOR_ALLOWED_RUNNERS},-ubuntu-latest
.Calculation
i.e. order of flags doesn't matter.
Examples
The text was updated successfully, but these errors were encountered: