Skip to content

ci: fall back to ubuntu-latest for fork PRs #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
27Bslash6 merged 2 commits into from
May 17, 2026
Merged

ci: fall back to ubuntu-latest for fork PRs #49

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6e58cb3
ci: fall back to ubuntu-latest for fork PRs
27Bslash6 May 17, 2026
de275e1
docs(ci): clarify why test-integration uses cachekit, not cachekit-lean
27Bslash6 May 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 13 additions & 7 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ permissions:

jobs:
lint:
runs-on: cachekit-lean
runs-on: ${{ github.event.pull_request.head.repo.fork && 'ubuntu-latest' || 'cachekit-lean' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

Expand All @@ -33,7 +33,7 @@ jobs:
run: pnpm type-check

test:
runs-on: cachekit-lean
runs-on: ${{ github.event.pull_request.head.repo.fork && 'ubuntu-latest' || 'cachekit-lean' }}
strategy:
fail-fast: false
matrix:
Expand All @@ -60,7 +60,13 @@ jobs:
run: pnpm test

test-integration:
runs-on: cachekit # needs DinD for Redis service container
# Fork PRs fall back to ubuntu-latest (GHA disables self-hosted runners
# for fork PRs by security policy). Internal/push runs use 'cachekit'
# (NOT 'cachekit-lean') because the redis service container below
# requires Docker on the host: cachekit-lean is a locked-down rootless
# pod with no DOCKER_HOST and no docker socket, so services would fail
# to start. ubuntu-latest has Docker preinstalled.
runs-on: ${{ github.event.pull_request.head.repo.fork && 'ubuntu-latest' || 'cachekit' }}
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use the same self-hosted fallback label as other jobs.

Line 66 uses 'cachekit' while the rest of the workflow uses 'cachekit-lean'. This inconsistency can break scheduling for test-integration on push/same-repo PRs if cachekit is not an available label.

Proposed fix 
-    runs-on: ${{ github.event.pull_request.head.repo.fork && 'ubuntu-latest' || 'cachekit' }}
+    runs-on: ${{ github.event.pull_request.head.repo.fork && 'ubuntu-latest' || 'cachekit-lean' }}
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml at line 66, The runs-on expression uses the
fallback label 'cachekit' which differs from other jobs; update the conditional
expression that sets runs-on (the string literal currently 'cachekit') to use
the same fallback label 'cachekit-lean' so push/same-repo PRs schedule
consistently with other jobs.

services:
redis:
image: redis:7-alpine
Expand Down Expand Up @@ -96,7 +102,7 @@ jobs:
CI: true

coverage:
runs-on: cachekit-lean
runs-on: ${{ github.event.pull_request.head.repo.fork && 'ubuntu-latest' || 'cachekit-lean' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

Expand Down Expand Up @@ -124,7 +130,7 @@ jobs:
fail_ci_if_error: false

security:
runs-on: cachekit-lean
runs-on: ${{ github.event.pull_request.head.repo.fork && 'ubuntu-latest' || 'cachekit-lean' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

Expand Down Expand Up @@ -158,7 +164,7 @@ jobs:

smoke-test:
name: Package smoke test (ESM + CJS)
runs-on: cachekit-lean
runs-on: ${{ github.event.pull_request.head.repo.fork && 'ubuntu-latest' || 'cachekit-lean' }}
needs: [test]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
Expand Down Expand Up @@ -219,7 +225,7 @@ jobs:

ci-success:
name: CI Success
runs-on: cachekit-lean
runs-on: ${{ github.event.pull_request.head.repo.fork && 'ubuntu-latest' || 'cachekit-lean' }}
needs: [lint, test, test-integration, coverage, security, smoke-test]
if: always()
steps:
Expand Down