From a003a5c1df5e79d4f027d7bcee0feeb26db0c786 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20Csomor?= Date: Tue, 26 May 2026 15:39:29 +0200 Subject: [PATCH 1/2] CI: migrate to Bento Drive-by: pin actions/checkout to a known-good commit hash --- .github/workflows/main.yml | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a267f9d..94d6725 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -49,7 +49,7 @@ jobs: remote_execution: 'true' steps: - - uses: actions/checkout@v4 + - uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up authentication shell: bash @@ -72,23 +72,28 @@ jobs: - "os=linux" - "arch=x64" - "remote_execution=${{ matrix.remote_execution }}" + - "engflow-bento-name=example-gh-x64" - "engflow-cluster=glass" - - "engflow-container-image=docker://645088952840.dkr.ecr.eu-west-1.amazonaws.com/engflow-ci/debian12-dind-x64@sha256:1389536c34990e6f49cb38575c2b4f9d08cd3a27e7c3e93c77b7af6260fc5f83" - - "engflow-pool=ci_sysbox_x64" - - "engflow-runtime=sysbox-runc" - - "engflow-runner-id=${{ github.repository_id }}_ci-runners-test-matrix_${{ github.run_id }}_${{ github.run_number }}_${{ github.run_attempt }}" + - "engflow-job-name=ci-runners-test-matrix" + - "engflow-job-type=${{github.event_name}}-${{github.ref_name}}" - "engflow-run-id=${{ github.run_id }}" + # To avoid a race condition, among all the jobs that use the same Bento in the same repo, only + # one should specify "engflow-bento-allow-save=true". + - "engflow-bento-allow-save=${{ matrix.allow_bento_snapshot }}" + timeout-minutes: 10 strategy: fail-fast: false matrix: include: - remote_execution: 'false' + allow_bento_snapshot: 'false' - remote_execution: 'true' + allow_bento_snapshot: 'true' steps: - - uses: actions/checkout@v3 + - uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up authentication shell: bash @@ -110,16 +115,15 @@ jobs: - self-hosted - "os=linux" - "arch=x64" + - "engflow-bento-name=example-gh-x64" - "engflow-cluster=glass" - - "engflow-container-image=docker://645088952840.dkr.ecr.eu-west-1.amazonaws.com/engflow-ci/debian12-dind-x64@sha256:1389536c34990e6f49cb38575c2b4f9d08cd3a27e7c3e93c77b7af6260fc5f83" - - "engflow-pool=ci_sysbox_x64" - - "engflow-runtime=sysbox-runc" - - "engflow-runner-id=${{ github.repository_id }}_buck2-test_${{ github.run_id }}_${{ github.run_number }}_${{ github.run_attempt }}" + - "engflow-job-name=ci-runners-test-matrix" + - "engflow-job-type=${{github.event_name}}-${{github.ref_name}}" - "engflow-run-id=${{ github.run_id }}" timeout-minutes: 10 steps: - - uses: actions/checkout@v4 + - uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" - name: Set up Buck2 binary shell: bash From 3a483201896d7110e2a83a88274e667191b3979e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20Csomor?= Date: Tue, 26 May 2026 15:46:33 +0200 Subject: [PATCH 2/2] uniquify job name --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 94d6725..70b5dc3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -74,7 +74,7 @@ jobs: - "remote_execution=${{ matrix.remote_execution }}" - "engflow-bento-name=example-gh-x64" - "engflow-cluster=glass" - - "engflow-job-name=ci-runners-test-matrix" + - "engflow-job-name=ci-runners-test-matrix-${{matrix.remote_execution}}_${{matrix.allow_bento_snapshot}}" - "engflow-job-type=${{github.event_name}}-${{github.ref_name}}" - "engflow-run-id=${{ github.run_id }}" # To avoid a race condition, among all the jobs that use the same Bento in the same repo, only