Skip to content

Gha basic check#455

Draft
lsm5 wants to merge 2 commits intocontainers:mainfrom
lsm5:gha-basic-check
Draft

Gha basic check#455
lsm5 wants to merge 2 commits intocontainers:mainfrom
lsm5:gha-basic-check

Conversation

@lsm5
Copy link
Copy Markdown
Member

@lsm5 lsm5 commented Apr 21, 2026
edited by sourcery-ai Bot
Loading

Summary by Sourcery

Introduce GitHub Actions workflows to run Testing Farm-based TMT tests and perform workflow security scanning.

CI:

  • Add a TMT Tests workflow that schedules xmllint validation and basic_check plans on Testing Farm for main branch pushes, pull requests, and manual runs.
  • Replace the previous standalone xmllint-validation workflow with the new multi-job TMT Tests workflow.
  • Add a Workflow Security Scan job using zizmor to scan GitHub workflow files on main branch pushes, pull requests, and manual runs.

@lsm5
Add basic_check job to GitHub Actions workflow
2e5719b 
Extend the workflow to run basic_check TMT plan after xmllint_validation
passes. Rename workflow file to tmt-tests.yml to reflect that it now runs
multiple test plans.

Signed-off-by: Lokesh Mandvekar <[email protected]>
@gemini-code-assist
Copy link
Copy Markdown

gemini-code-assist Bot commented Apr 21, 2026

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@sourcery-ai
Copy link
Copy Markdown

sourcery-ai Bot commented Apr 21, 2026

Reviewer's Guide

Introduces two GitHub Actions workflows: one to run TMT-based Testing Farm checks (xmllint_validation and basic_check) and another to run zizmor security scanning on workflow files, while removing the legacy xmllint-validation workflow.

File-Level Changes

Change Details Files
Add TMT-based Testing Farm workflow to validate XML and run basic checks on PRs, pushes, and manual dispatches.
  • Create a workflow triggered on pull_request, push to main, and workflow_dispatch
  • Define xmllint-validation job that checks out the repo and schedules the xmllint_validation TMT plan via Testing Farm action using repository URL, ref, and secret API key
  • Define basic-check job that depends on xmllint-validation, checks out code, and schedules the basic_check TMT plan via the same Testing Farm action
 .github/workflows/tmt-tests.yml
Add a workflow to run zizmor security scanning against all workflow files on PRs and pushes.
  • Create a workflow triggered on pull_request, push to main, and workflow_dispatch with read-only contents permissions
  • Define zizmor job that checks out code, downloads a pinned zizmor release tarball, makes it executable, and runs it on .github/workflows/
 .github/workflows/zizmor.yml
Remove legacy standalone xmllint-validation workflow now superseded by the new TMT-based workflow.
  • Delete the previous xmllint-validation workflow file
 .github/workflows/xmllint-validation.yml
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@packit-as-a-service
Copy link
Copy Markdown

packit-as-a-service Bot commented Apr 21, 2026

Ephemeral COPR build failed. @containers/packit-build please check.

@lsm5
Use pull_request_target to allow fork PRs access to secrets
ee330f4 
Change trigger from pull_request to pull_request_target so that fork
PRs can access TESTING_FARM_API_KEY secret and run TMT tests. Remove
fork conditional checks - all PRs will attempt to run tests.

This is safe because we only pass git_ref to Testing Farm (tests run
in Testing Farm's isolated environment), we don't execute PR code in
the GitHub Actions runner.

Signed-off-by: Lokesh Mandvekar <[email protected]>
@lsm5 lsm5 force-pushed the gha-basic-check branch from 261f245 to ee330f4 Compare April 21, 2026 13:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lsm5