Copilot commented on code in PR #728:
URL:
https://github.com/apache/hugegraph-toolchain/pull/728#discussion_r3094245320
##########
.github/workflows/client-go-ci.yml:
##########
@@ -19,56 +19,20 @@ on:
jobs:
client-go-ci:
- runs-on: ubuntu-latest
- env:
- USE_STAGE: 'true' # Whether to include the stage repository.
- TRAVIS_DIR: hugegraph-client/assembly/travis
- # TODO: replace it with the (latest - n) commit id (n >= 15)
- # FIXME: hugegraph commit date: 2025-10-30
- COMMIT_ID: 8c1ee71 # 5b3d295
- strategy:
- fail-fast: false
- matrix:
- JAVA_VERSION: ['11']
-
- steps:
- - name: Fetch Code
- uses: actions/checkout@v4
- with:
- fetch-depth: 2
-
- - name: Install JDK 11
- uses: actions/setup-java@v3
- with:
- java-version: ${{ matrix.JAVA_VERSION }}
- distribution: 'zulu'
-
- - name: Cache Maven packages
- uses: actions/cache@v3
- with:
- path: ~/.m2
- key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
- restore-keys: ${{ runner.os }}-m2
-
- - name: Use staged maven repo
- if: ${{ env.USE_STAGE == 'true' }}
- run: |
- cp $HOME/.m2/settings.xml /tmp/settings.xml
- mv -vf .github/configs/settings.xml $HOME/.m2/settings.xml
-
- - name: Prepare env and service
- run: |
- $TRAVIS_DIR/install-hugegraph-from-source.sh $COMMIT_ID
-
- - name: Init Go env
- uses: actions/[email protected]
- with: {go-version: '1.x'}
-
- - name: Go test
- run: |
- go version
- sudo swapoff -a
- sudo sysctl -w vm.swappiness=1
- sudo sysctl -w fs.file-max=262144
- sudo sysctl -w vm.max_map_count=262144
- cd hugegraph-client-go && make test
+ uses:
hugegraph/actions/.github/workflows/_toolchain_go_ci_reusable.yml@master
Review Comment:
The reusable workflow is referenced via a moving branch (`@master`). This is
a supply-chain risk because changes in `hugegraph/actions` can alter CI
behavior without review in this repo. Pin the reusable workflow to an immutable
ref (tag or commit SHA) and update it intentionally when needed.
```suggestion
uses:
hugegraph/actions/.github/workflows/_toolchain_go_ci_reusable.yml@<FULL_40_CHAR_REVIEWED_COMMIT_SHA>
```
##########
.github/workflows/hubble-ci.yml:
##########
@@ -21,88 +21,34 @@ on:
- .github/workflows/**
- pom.xml
-env:
- TRAVIS_DIR: hugegraph-hubble/hubble-dist/assembly/travis
- # TODO: replace it with the (latest - n) commit id (n >= 15)
- # FIXME: hugegraph commit date: 2025-10-30
- COMMIT_ID: 8c1ee71 # 5b3d295
-
jobs:
hubble-ci:
- runs-on: ubuntu-latest
- env:
- USE_STAGE: 'true' # Whether to include the stage repository.
- STATIC_DIR: hugegraph-hubble/hubble-dist/assembly/static
- strategy:
- matrix:
- JAVA_VERSION: ['11']
- python-version: ["3.11"]
-
- steps:
- - name: Fetch Code
- uses: actions/checkout@v4
- with:
- fetch-depth: 2
-
- - name: Install JDK 11
- uses: actions/setup-java@v3
- with:
- java-version: ${{ matrix.JAVA_VERSION }}
- distribution: 'adopt'
-
- - name: Set up Python ${{ matrix.python-version }}
- uses: actions/setup-python@v5
- with:
- python-version: ${{ matrix.python-version }}
- cache: 'pip'
-
- # we also should cache python & yarn & downloads to avoid useless work
- - name: Cache Maven packages
- uses: actions/cache@v3
- with:
- path: ~/.m2/repository
- key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
- restore-keys: |
- ${{ runner.os }}-maven-
-
- - name: use staged maven repo settings
- if: ${{ env.USE_STAGE == 'true' }}
- run: |
- cp $HOME/.m2/settings.xml /tmp/settings.xml
- mv -vf .github/configs/settings.xml $HOME/.m2/settings.xml
-
- - name: Compile
- run: |
- mvn install -pl hugegraph-client,hugegraph-loader -am
-Dmaven.javadoc.skip=true -DskipTests -ntp
- cd hugegraph-hubble && ls *
- mvn -e compile -Dmaven.javadoc.skip=true -ntp
-
- - name: Prepare env and service
- run: |
-
- python -m pip install -r ${TRAVIS_DIR}/requirements.txt
- cd hugegraph-hubble
- mvn package -Dmaven.test.skip=true
- cd apache-hugegraph-hubble-*
- cd bin
- ./start-hubble.sh -d
- ./stop-hubble.sh
- cd ../../../
- pwd
- $TRAVIS_DIR/install-hugegraph.sh $COMMIT_ID
-
- - name: Unit test
- run: mvn test -P unit-test -pl hugegraph-hubble/hubble-be -ntp
-
- - name: API test
- env:
- CI: false
- run: |
- cd hugegraph-hubble && ls
- hubble-dist/assembly/travis/run-api-test.sh
-
- - name: Upload coverage to Codecov
- uses: codecov/codecov-action@v3
- with:
- token: ${{ secrets.CODECOV_TOKEN }}
- file: target/site/jacoco/*.xml
+ uses:
hugegraph/actions/.github/workflows/_toolchain_java_ci_reusable.yml@master
Review Comment:
The reusable workflow is referenced via a moving branch (`@master`). This is
a supply-chain risk because changes in `hugegraph/actions` can alter CI
behavior without review in this repo. Pin the reusable workflow to an immutable
ref (tag or commit SHA) and update it intentionally when needed.
```suggestion
uses:
hugegraph/actions/.github/workflows/_toolchain_java_ci_reusable.yml@<FULL_LENGTH_COMMIT_SHA>
```
##########
.github/workflows/loader-ci.yml:
##########
@@ -21,67 +21,24 @@ on:
jobs:
loader-ci:
- runs-on: ubuntu-latest
- env:
- USE_STAGE: 'true' # Whether to include the stage repository.
- TRAVIS_DIR: hugegraph-loader/assembly/travis
- STATIC_DIR: hugegraph-loader/assembly/static
- # TODO: replace it with the (latest - n) commit id (n >= 15)
- # hugegraph commit date: 2025-10-30
- COMMIT_ID: 5b3d295
- DB_USER: root
- DB_PASS: root
- DB_DATABASE: load_test
- strategy:
- matrix:
- JAVA_VERSION: ['11']
-
- steps:
- - name: Fetch Code
- uses: actions/checkout@v4
- with:
- fetch-depth: 2
-
- - name: Install JDK 11
- uses: actions/setup-java@v4
- with:
- java-version: ${{ matrix.JAVA_VERSION }}
- distribution: 'adopt'
-
- - name: Cache Maven packages
- uses: actions/cache@v4
- with:
- path: ~/.m2
- key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
- restore-keys: ${{ runner.os }}-m2
-
- - name: use staged maven repo settings
- if: ${{ env.USE_STAGE == 'true' }}
- run: |
- cp $HOME/.m2/settings.xml /tmp/settings.xml
- mv -vf .github/configs/settings.xml $HOME/.m2/settings.xml
-
- - name: Compile
- run: |
- mvn install -pl hugegraph-client,hugegraph-loader -am
-Dmaven.javadoc.skip=true -DskipTests -ntp
-
- - name: Prepare env and service
- run: |
- $TRAVIS_DIR/install-hadoop.sh
- $TRAVIS_DIR/install-mysql.sh ${{ env.DB_DATABASE }} ${{ env.DB_PASS
}}
- $TRAVIS_DIR/install-hugegraph-from-source.sh $COMMIT_ID
-
- - name: Run test
- run: |
- cd hugegraph-loader && ls
- mvn test -P unit -ntp
- mvn test -P file
- mvn test -P hdfs
- mvn test -P jdbc
- mvn test -P kafka
-
- - name: Upload coverage to Codecov
- uses: codecov/codecov-action@v4
- with:
- token: ${{ secrets.CODECOV_TOKEN }}
- file: target/jacoco.xml
+ uses:
hugegraph/actions/.github/workflows/_toolchain_java_ci_reusable.yml@master
Review Comment:
The reusable workflow is referenced via a moving branch (`@master`). This is
a supply-chain risk because changes in `hugegraph/actions` can alter CI
behavior without review in this repo. Pin the reusable workflow to an immutable
ref (tag or commit SHA) and update it intentionally when needed.
```suggestion
uses:
hugegraph/actions/.github/workflows/_toolchain_java_ci_reusable.yml@0123456789abcdef0123456789abcdef01234567
```
##########
.github/workflows/client-ci.yml:
##########
@@ -20,72 +20,22 @@ on:
jobs:
client-ci:
- runs-on: ubuntu-latest
- env:
- USE_STAGE: 'true' # Whether to include the stage repository.
- TRAVIS_DIR: hugegraph-client/assembly/travis
- # TODO: replace it with the (latest - n) commit id (n >= 15)
- # hugegraph commit date: 2025-11-4
- COMMIT_ID: b7998c1
- strategy:
- fail-fast: false
- matrix:
- # released pd package is compiled in version 55.0, which requires java
11 to use
- JAVA_VERSION: [ '11' ]
-
- steps:
- - name: Fetch code
- uses: actions/checkout@v4
- with:
- fetch-depth: 2
-
- # TODO: do we need it? (need test)
- - name: Cache Maven packages
- uses: actions/cache@v4
- with:
- path: ~/.m2/repository
- key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
- restore-keys: ${{ runner.os }}-maven-
-
- - name: Install JDK 11 for graph server
- uses: actions/setup-java@v4
- with:
- java-version: '11'
- distribution: 'zulu'
- cache: 'maven'
-
- - name: Prepare env and service
- run: |
- # TODO(@Thespica): test both servers of supporting gs and not
supporting gs
- # when the server supports gs
- $TRAVIS_DIR/install-hugegraph-from-source.sh $COMMIT_ID
-
- - name: Install Java ${{ matrix.JAVA_VERSION }} for client
- uses: actions/setup-java@v4
- with:
- java-version: ${{ matrix.JAVA_VERSION }}
- distribution: 'zulu'
- cache: 'maven'
-
- - name: Use staged maven repo
- if: ${{ env.USE_STAGE == 'true' }}
- run: |
- cp $HOME/.m2/settings.xml /tmp/settings.xml
- mv -vf .github/configs/settings.xml $HOME/.m2/settings.xml
-
- - name: Compile
- run: |
- mvn -e compile -pl hugegraph-client -Dmaven.javadoc.skip=true -ntp
-
- - name: Run test
- run: |
- cd hugegraph-client && ls *
- mvn test -Dtest=UnitTestSuite -ntp
- mvn test -Dtest=ApiTestSuite
- mvn test -Dtest=FuncTestSuite
-
- - name: Upload coverage to Codecov
- uses: codecov/codecov-action@v3
- with:
- token: ${{ secrets.CODECOV_TOKEN }}
- file: target/jacoco.xml
+ uses:
hugegraph/actions/.github/workflows/_toolchain_java_ci_reusable.yml@master
Review Comment:
The reusable workflow is referenced via a moving branch (`@master`). This is
a supply-chain risk because changes in `hugegraph/actions` can alter CI
behavior without review in this repo. Pin the reusable workflow to an immutable
ref (tag or commit SHA) and update it intentionally when needed.
```suggestion
uses:
hugegraph/actions/.github/workflows/_toolchain_java_ci_reusable.yml@<FULL_LENGTH_COMMIT_SHA>
```
##########
.github/workflows/tools-ci.yml:
##########
@@ -20,56 +20,17 @@ on:
jobs:
tools-ci:
- runs-on: ubuntu-latest
- env:
- USE_STAGE: 'true' # Whether to include the stage repository.
- TRAVIS_DIR: hugegraph-tools/assembly/travis
- # TODO: could we use one param to unify it? or use a action template
(could use one ci file)
- # TODO: replace it with the (latest - n) commit id (n >= 15)
- # hugegraph commit date: 2025-11-4
- COMMIT_ID: b7998c1
- strategy:
- matrix:
- JAVA_VERSION: [ '11' ]
-
- steps:
- - name: Fetch Code
- uses: actions/checkout@v4
- with:
- fetch-depth: 2
-
- - name: Install JDK 11
- uses: actions/setup-java@v3
- with:
- java-version: ${{ matrix.JAVA_VERSION }}
- distribution: 'adopt'
- - name: Cache Maven packages
- uses: actions/cache@v3
- with:
- path: ~/.m2
- key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
- restore-keys: ${{ runner.os }}-m2
-
- - name: use staged maven repo settings
- if: ${{ env.USE_STAGE == 'true' }}
- run: |
- cp $HOME/.m2/settings.xml /tmp/settings.xml
- mv -vf .github/configs/settings.xml $HOME/.m2/settings.xml
-
- - name: Compile
- run: |
- mvn install -pl hugegraph-client,hugegraph-tools -am
-Dmaven.javadoc.skip=true -DskipTests -ntp
-
- - name: Prepare env and service
- run: |
- $TRAVIS_DIR/install-hugegraph-from-source.sh $COMMIT_ID
-
- - name: Run test
- run: |
- mvn test -Dtest=FuncTestSuite -pl hugegraph-tools -ntp
-
- - name: Upload coverage to Codecov
- uses: codecov/codecov-action@v3
- with:
- token: ${{ secrets.CODECOV_TOKEN }}
- file: target/jacoco.xml
+ uses:
hugegraph/actions/.github/workflows/_toolchain_java_ci_reusable.yml@master
Review Comment:
The reusable workflow is referenced via a moving branch (`@master`). This is
a supply-chain risk because changes in `hugegraph/actions` can alter CI
behavior without review in this repo. Pin the reusable workflow to an immutable
ref (tag or commit SHA) and update it intentionally when needed.
```suggestion
uses:
hugegraph/actions/.github/workflows/_toolchain_java_ci_reusable.yml@<FULL_40_CHAR_COMMIT_SHA>
```
##########
.github/workflows/client-go-ci.yml:
##########
@@ -4,7 +4,7 @@ on:
push:
branches:
- master
- - /^release-.*$/
+ - release-*
Review Comment:
PR description/verification notes mention manually triggering
`client-go-ci`, but this workflow currently has no `workflow_dispatch` trigger
(only `push`/`pull_request`). Either add `workflow_dispatch:` (if manual runs
are intended) or update the PR description to match the actual trigger policy.
##########
.github/workflows/spark-connector-ci.yml:
##########
@@ -21,50 +21,17 @@ on:
jobs:
spark-connector-ci:
- runs-on: ubuntu-latest
- env:
- USE_STAGE: 'true' # Whether to include the stage repository.
- TRAVIS_DIR: hugegraph-spark-connector/assembly/travis
- # hugegraph commit date: 2025-10-30
- COMMIT_ID: 5b3d295
- strategy:
- matrix:
- JAVA_VERSION: [ '11' ]
-
- steps:
- - name: Fetch Code
- uses: actions/checkout@v4
- with:
- fetch-depth: 2
-
- - name: Install JDK 11
- uses: actions/setup-java@v4
- with:
- java-version: '11'
- distribution: 'adopt'
-
- - name: Cache Maven packages
- uses: actions/cache@v3
- with:
- path: ~/.m2
- key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
- restore-keys: ${{ runner.os }}-m2
-
- - name: use staged maven repo settings
- if: ${{ env.USE_STAGE == 'true' }}
- run: |
- cp $HOME/.m2/settings.xml /tmp/settings.xml
- mv -vf .github/configs/settings.xml $HOME/.m2/settings.xml
-
- - name: Compile
- run: |
- mvn install -pl hugegraph-client,hugegraph-spark-connector -am
-Dmaven.javadoc.skip=true -DskipTests -ntp
-
- - name: Prepare env and service
- run: |
- $TRAVIS_DIR/install-hugegraph-from-source.sh $COMMIT_ID
-
- - name: Run test
- run: |
- cd hugegraph-spark-connector && ls
- mvn test
+ uses:
hugegraph/actions/.github/workflows/_toolchain_java_ci_reusable.yml@master
Review Comment:
The reusable workflow is referenced via a moving branch (`@master`). This is
a supply-chain risk because changes in `hugegraph/actions` can alter CI
behavior without review in this repo. Pin the reusable workflow to an immutable
ref (tag or commit SHA) and update it intentionally when needed.
```suggestion
uses:
hugegraph/actions/.github/workflows/_toolchain_java_ci_reusable.yml@<FULL_LENGTH_COMMIT_SHA>
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
