Skip to content

Bump actions versions + correctly handle labels#2700

Closed
thewhaleking wants to merge 5 commits into
devnet-readyfrom
chore/thewhaleking/update-workflows
Closed

Bump actions versions + correctly handle labels#2700
thewhaleking wants to merge 5 commits into
devnet-readyfrom
chore/thewhaleking/update-workflows

Conversation

@thewhaleking

@thewhaleking thewhaleking commented May 28, 2026

Copy link
Copy Markdown
Contributor

Description

This is a two-part PR.
Part One:
Workflows run correctly depending on labeling now. Previously any label change would trigger the rerunning of a number of tests:

  • check-bittensor-e2e-tests.yml (should only not run on skip-bittensor-e2e-tests label)
  • check-devnet.yml (no-spec-version-bump label)
  • check-finney.yml (no-spec-version-bump label)
  • check-testnet.yml (no-spec-version-bump label)
  • cargo-audit.yml (skip-cargo-audit)
  • check-node-compat.yml (check-node-compat, switched from 'contains')

Part Two:
Basically every GitHub Action used in this PR was outdated and using deprecated Node versions, causing 200+ warnings on every run. This is annoying to look through annotations to find one that actually matters out of hundreds.

Related Issue(s)

N/A

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Other (please describe): better workflows

Breaking Change

N/A

Checklist

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have run ./scripts/fix_rust.sh to ensure my code is formatted and linted correctly
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

Screenshots (if applicable)

Screenshot 2026-05-28 at 15 08 33 Screenshot 2026-05-28 at 15 08 01

Additional Notes

I didn't touch the actions in ai-review.yml or ai-review-index-gittensor.yml because those use hash-specified actions versions, and I don't know why.

@github-actions

github-actions Bot commented May 28, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

BASELINE scrutiny: established 2018 account, repo write permission, high contribution counts, no committer mismatch, no Gittensor allowlist hit; branch chore/thewhaleking/update-workflows -> devnet-ready.

Reviewed the workflow-only diff for protected AI-review prompt changes, permission expansion, token exposure, dangerous trigger changes, and required-check bypasses. The PR does not modify .github/ai-review/* or .github/copilot-instructions.md. The label-event gates now only mirror a previous completed result for the same head SHA, so unrelated label changes do not create a fresh required-check success without an earlier successful run for that commit.

Findings

No findings.

Prior-comment reconciliation

  • dfa248d1: addressed — The current cargo-audit gate only skips on unrelated label events when it finds a previous successful completed run for the same head SHA; otherwise it runs or mirrors failure.
  • 3c04f825: addressed — The current E2E gate records mirror state only from a previous completed run for the same head SHA, then fails on prior failure or skips on prior success.
  • c904a582: addressed — The current devnet spec-version gate no longer treats any unrelated label event as success by itself; it requires a previous successful completed run for the same head SHA.
  • 0e7ef028: addressed — The current finney spec-version gate no longer treats any unrelated label event as success by itself; it requires a previous successful completed run for the same head SHA.
  • d73dddd6: addressed — The current testnet spec-version gate no longer treats any unrelated label event as success by itself; it requires a previous successful completed run for the same head SHA.

Conclusion

No malicious behavior or PR-introduced security vulnerability found in the current diff. The earlier label-event required-check bypass concerns remain addressed by gating skips on a prior completed run for the same head SHA.


🔍 AI Review — Auditor (domain review)

VERDICT: 👍

Gittensor UNKNOWN by trusted allowlists; author has repo write permission and substantial contribution history, so review focused on workflow correctness.

The PR body is substantive and matches the workflow-only diff. No runtime or pallet files are touched, so no spec_version bump is needed.

I did not run Rust builds/tests for this workflow-only change. I parsed the touched workflow YAML successfully; actionlint is not installed in this environment.

No overlapping open PRs were reported in the prefetched overlap data.

Findings

No findings.

Prior-comment reconciliation

  • 9a06aca2: addressed — The current gate logic mirrors a previous completed success/failure for unrelated label events and otherwise runs the check, so an unrelated label event no longer creates a skipped-success replacement for required work.

Conclusion

Approving: the prior label-gating concern remains addressed by mirroring previous completed results for the same head SHA, and the remaining changes are consistent with workflow maintenance.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread .github/workflows/cargo-audit.yml Outdated
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread .github/workflows/cargo-audit.yml Outdated
Comment thread .github/workflows/check-devnet.yml Outdated
Comment thread .github/workflows/check-finney.yml Outdated
Comment thread .github/workflows/check-testnet.yml Outdated
Comment thread .github/workflows/check-bittensor-e2e-tests.yml Outdated
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@thewhaleking thewhaleking marked this pull request as ready for review May 28, 2026 16:58
@thewhaleking thewhaleking requested a review from a team May 28, 2026 16:58
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@thewhaleking thewhaleking added the skip-cargo-audit This PR fails cargo audit but needs to be merged anyway label Jun 1, 2026
@github-actions github-actions Bot mentioned this pull request Jun 4, 2026
@IntiTechnologies IntiTechnologies deleted the chore/thewhaleking/update-workflows branch July 9, 2026 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

skip-cargo-audit This PR fails cargo audit but needs to be merged anyway

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants