Skip to content

Enforce syntax-aware linting for bundled CommonJS action scripts#43470

Merged
pelikhan merged 5 commits into
mainfrom
copilot/deep-report-add-compiler-validation
Jul 5, 2026
Merged

Enforce syntax-aware linting for bundled CommonJS action scripts#43470
pelikhan merged 5 commits into
mainfrom
copilot/deep-report-add-compiler-validation

Conversation

Copilot AI commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

A bundled actions/setup/js/*.cjs script previously shipped with await inside a non-async helper, causing a hard SyntaxError at require() time and breaking runtime log parsing steps. This change moves detection of that failure class into the standard lint gate so invalid bundled CommonJS syntax is rejected before lock files ship.

  • Make lint-cjs syntax-aware

    • Wire make lint-cjs to run the existing eslint-factory lint over actions/setup/js.
    • Keep the current formatting checks, but add real parsing/linting so invalid CommonJS syntax fails during validation instead of at workflow runtime.
    • Bootstrap eslint-factory dependencies when needed so the gate works from a fresh clone.
  • Add a focused regression test

    • Add an ESLint parser-level test that codifies the specific failure mode:
      • reject await inside a non-async function
      • allow the same code when the function is marked async
  • Scope

    • No workflow logic changes.
    • No new lint framework introduced; this uses the existing eslint-factory path that already targets bundled setup scripts.
const messages = linter.verify(
  `function writeStepSummaryWithTokenUsage(coreObj) { await coreObj.summary.write(); }`,
  cjsConfig,
  "parse_mcp_gateway_log.cjs"
);

expect(messages).toContainEqual(
  expect.objectContaining({ fatal: true, ruleId: null })
);

Copilot AI and others added 2 commits July 5, 2026 05:44
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add compiler validation for await in non-async functions Enforce syntax-aware linting for bundled CommonJS action scripts Jul 5, 2026
Copilot AI requested a review from pelikhan July 5, 2026 05:51
@pelikhan pelikhan marked this pull request as ready for review July 5, 2026 06:34
Copilot AI review requested due to automatic review settings July 5, 2026 06:34
@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

🛠️ Agentic Maintenance updated this pull request branch.

View workflow run

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR strengthens the repository’s validation gates by making make lint-cjs run syntax-aware ESLint parsing over the bundled CommonJS action scripts under actions/setup/js, preventing invalid .cjs bundles (e.g., await inside non-async functions) from shipping via workflow lockfiles.

Changes:

  • Updated make lint-cjs to run eslint-factory’s lint:setup-js (bootstrapping node_modules when absent) in addition to existing formatting checks.
  • Added a focused ESLint parser-level regression test to codify the “invalid await in non-async function” failure mode.
  • Regenerated multiple workflow .lock.yml files (notably changing embedded awf-config.json payloads, such as adding a models.lyria entry).
Show a summary per file
File Description
Makefile Enhances lint-cjs to include syntax-aware ESLint linting via eslint-factory (plus Node version gating).
eslint-factory/src/commonjs-syntax.test.ts Adds regression coverage ensuring ESLint parsing fails for await in non-async functions and succeeds when async is present.
.github/workflows/workflow-health-manager.lock.yml Regenerated lockfile content; embedded firewall config payload changed (e.g., models mapping updated).
.github/workflows/schema-consistency-checker.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/safe-output-health.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/pr-triage-agent.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/poem-bot.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/gpclean.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/daily-team-evolution-insights.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/daily-safe-output-optimizer.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/daily-regulatory.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/daily-observability-report.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/daily-multi-device-docs-tester.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/daily-max-ai-credits-test.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/daily-credit-limit-test.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/daily-compiler-quality.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/daily-cli-tools-tester.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/daily-cache-strategy-analyzer.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/copilot-centralization-optimizer.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/copilot-centralization-drilldown.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/code-simplifier.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/ci-coach.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/agentic-token-optimizer.lock.yml Regenerated lockfile content; embedded firewall config payload changed.
.github/workflows/agent-performance-analyzer.lock.yml Regenerated lockfile content; embedded firewall config payload changed.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (1)

Makefile:823

  • The comment above lint-cjs says it lints ".cjs and .js", but the target only checks Prettier formatting for **/*.cjs, **/*.ts, and **/*.json (via actions/setup/js scripts) and then runs ESLint over actions/setup/js *.cjs files. Consider updating this comment to accurately reflect what the target validates so contributors don’t assume .js files are covered.
# Check JSON file formatting in pkg directory (excluding actions/setup/js, which is handled by npm script)
  • Files reviewed: 2/2 changed files
  • Comments generated: 0
  • Review effort level: Low

@pelikhan

pelikhan commented Jul 5, 2026

Copy link
Copy Markdown
Collaborator

@copilot resolve the merge conflicts in this pull request

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI commented Jul 5, 2026

Copy link
Copy Markdown
Contributor Author

@copilot resolve the merge conflicts in this pull request

Resolved — I merged the latest main into this branch and fixed the conflict in Makefile in commit 18cd4a7.

@pelikhan pelikhan merged commit 0a55371 into main Jul 5, 2026
@pelikhan pelikhan deleted the copilot/deep-report-add-compiler-validation branch July 5, 2026 07:00
@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, verify the recent merge-conflict resolution is complete, address any remaining review feedback, and rerun checks if you make changes.

Generated by 👨‍🍳 PR Sous Chef · 12.3 AIC · ⌖ 5.1 AIC · ⊞ 3.5K ·
Comment /souschef to run again

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[deep-report] Add compiler validation rejecting await inside non-async functions in bundled .cjs action scripts

4 participants