Skip to content

BUILD-11417 Extract symlink keeper into its own sub-action#73

Merged
julien-carsique-sonarsource merged 1 commit into
masterfrom
feat/jcarsique/BUILD-11417-extract-symlink-keeper
May 26, 2026
Merged

BUILD-11417 Extract symlink keeper into its own sub-action#73
julien-carsique-sonarsource merged 1 commit into
masterfrom
feat/jcarsique/BUILD-11417-extract-symlink-keeper

Conversation

@julien-carsique-sonarsource
Copy link
Copy Markdown
Contributor

@julien-carsique-sonarsource julien-carsique-sonarsource commented May 25, 2026

Summary

  • Moves ensureCacheMetricsSymlink out of credential-guard-post into a new symlink-keeper/ sub-action; credential-setup/credential-guard revert to their pre-keeper baseline.
  • Registers the new step as the LAST main step of the top-level composite so its post fires FIRST in the LIFO post phase, recreating .actions/cache-metrics before cache-metrics-post resolves uses: ./.actions/cache-metrics.
  • Drops the temporary cache-backend == 's3' gate from cache-metrics-prep — metrics can now opt-in via CI_METRICS_ENABLED on both backends.

Ref strategy

action.yml references SonarSource/gh-action_cache/symlink-keeper@symlink-keeper-1.0.0. The branch symlink-keeper-1.0.0 is pinned at this PR's commit so CI on the PR can resolve the ref. After merge to master, the branch is replaced by a tag of the same name on the same commit (independent of the main v1.x.y cadence).

Test plan

  • npm test — all 54 unit tests pass (6 keeper tests now under __tests__/symlink-keeper.test.ts; credential-guard tests slimmed to credential-restore only).
  • npm run build — produces the new symlink-keeper/dist/{main,post}/index.js bundles and the rebuilt credential-guard/dist/{main,post}/index.js.
  • pre-commit run --all-files — clean.
  • In-repo regression: test-s3-cache-survives-git-clean-with-metrics (.github/workflows/test-action.yml) green on this PR — proves symlink-keeper-post recreates .actions/cache-metrics before cache-metrics-post fires after a nested actions/checkout.
  • Other regressions green: test-s3-cache-with-credential-interference, test-s3-cache-windows, test-s3-cache-multiple-invocations, test-s3-cache-with-preset-aws-config, test-s3-cache-survives-git-clean — proves the credential-guard revert didn't regress credential restore.
  • End-to-end through BUILD-11295 test gh-action_cache@feat/.../BUILD-11295-metricsFeatureFlag ci-github-actions#267https://github.com/SonarSource/sonar-dummy/pull/592 (both re-pinned to this branch).

Links

@julien-carsique-sonarsource julien-carsique-sonarsource requested a review from a team as a code owner May 25, 2026 08:16
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 25, 2026
edited
Loading

Agentic Analysis: Early Results

Agentic Analysis and Context Augmentation are available on your project. Here are some issues that could have been prevented. Follow the links to learn how to put them into action.

2 issue(s) found across 2 file(s):

Rule File Line Message
typescript:S7785 src/symlink-keeper-main.ts 13 Prefer top-level await over an async function run call.
typescript:S7785 src/symlink-keeper-post.ts 62 Prefer top-level await over an async function run call.

Analyzed by SonarQube Agentic Analysis in 4.4 s

gitar-bot[bot]
gitar-bot Bot reviewed May 25, 2026
View reviewed changes
Comment thread credential-guard/action.yml
gitar-bot[bot]

This comment was marked as resolved.

Sign in to view

@gitar-bot gitar-bot Bot dismissed their stale review May 25, 2026 09:13

✅ All code review findings resolved.

Configure merge blocking

@julien-carsique-sonarsource julien-carsique-sonarsource force-pushed the feat/jcarsique/BUILD-11417-extract-symlink-keeper branch from 5e0718f to 38e1e0b Compare May 25, 2026 09:34
@gitar-bot
Copy link
Copy Markdown

gitar-bot Bot commented May 25, 2026

Code Review ✅ Approved 1 resolved / 1 findings

Extracts symlink keeper into a dedicated sub-action and enables metrics across all backends via CI_METRICS_ENABLED. No issues found.

✅ 1 resolved
Bug: credential-guard post-if: success() prevents credential restore on failure

📄 credential-guard/action.yml:11
The previous credential-guard/action.yml had post-if: always() (or relied on the node20 action default of always()). This PR changes it to post-if: success(), which means the credential-guard post step will not run when the job fails.

This breaks the S3 cache-save post step and cache-metrics-post, both of which fire in the LIFO post phase and depend on AWS credentials being restored by credential-guard-post. On job failure, the cache won't be saved because credentials aren't available.

The symlink-keeper already correctly uses post-if: always() for the same reason — it must run regardless of job status. The credential-guard should do the same.

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.

Comment with these commands to change:

Auto-apply Compact 
gitar auto-apply:on         

gitar display:verbose

Was this helpful? React with 👍 / 👎 | Gitar

@julien-carsique-sonarsource
BUILD-11417 Extract symlink keeper into its own sub-action
6a89228 
Move `ensureCacheMetricsSymlink` out of credential-guard-post into a new
`symlink-keeper/` sub-action and wire it as the LAST main step of the
top-level composite so its post fires FIRST in the LIFO post phase,
ahead of cache-metrics-post. That ordering is what makes the
`.actions/cache-metrics` workspace symlink survive a nested
actions/checkout sequence (clean → reset --hard → checkout --force)
between cache-metrics-main and cache-metrics-post.

Side effect of the split: credential-guard no longer carries the
metrics-symlink concern, so the `cache-backend == 's3'` gate previously
added to `cache-metrics-prep` is dropped. Metrics now opt in via
CI_METRICS_ENABLED on both backends.

`@symlink-keeper-1.0.0` is a branch ref pinned to this commit's SHA;
after merge to master it is replaced by a tag of the same name on the
same commit.

Files:
- symlink-keeper/{action.yml,dist/main/index.js,dist/post/index.js}: new
- src/symlink-keeper-{main,post}.ts: new (post is a verbatim port of the
  keeper logic previously embedded in credential-guard-post)
- __tests__/symlink-keeper.test.ts: 6 tests (2 main, 4 post)
- src/credential-guard-{main,post}.ts, credential-guard/action.yml:
  reverted to pre-keeper baseline
- credential-guard/dist/{main,post}/index.js: rebuilt
- __tests__/credential-guard.test.ts: 6 keeper-related tests dropped
- package.json: build:keeper-main / build:keeper-post added to `build`
- .gitignore, .pre-commit-config.yaml: add symlink-keeper/dist patterns
- action.yml: drop the s3 gate from cache-metrics-prep; remove the
  cache-metrics-action-path parameter from the credential-guard step;
  add the symlink-keeper step at the end of the main phase
@julien-carsique-sonarsource julien-carsique-sonarsource force-pushed the feat/jcarsique/BUILD-11417-extract-symlink-keeper branch from 38e1e0b to 6a89228 Compare May 25, 2026 09:54
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 25, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqube-cloud-us
Copy link
Copy Markdown

sonarqube-cloud-us Bot commented May 25, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

matemoln
matemoln approved these changes May 26, 2026
View reviewed changes
Copy link
Copy Markdown

@matemoln matemoln left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for creating the improvement ticket! Approving this with BUILD-11445 in mind.

@julien-carsique-sonarsource julien-carsique-sonarsource merged commit 0414458 into master May 26, 2026
28 checks passed
@julien-carsique-sonarsource julien-carsique-sonarsource deleted the feat/jcarsique/BUILD-11417-extract-symlink-keeper branch May 26, 2026 12:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gitar-bot gitar-bot[bot] gitar-bot[bot] left review comments

@matemoln matemoln matemoln approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@julien-carsique-sonarsource @matemoln