Skip to content

Test workflow on pushes or pull requests #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
J0sueTM merged 5 commits into from
Nov 21, 2025
Merged

Test workflow on pushes or pull requests #3

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
890e974
chore: add test github workflow
J0sueTM Nov 21, 2025
71f18f2
fix: pull submodules as well
J0sueTM Nov 21, 2025
584133c
fix: generate seed according to what munit wants
J0sueTM Nov 21, 2025
cc6ef9b
style: echo generated seed
J0sueTM Nov 21, 2025
ddb3d30
style: move seed generation to the same step as test run
J0sueTM Nov 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions .github/workflows/test-on-push-or-pr.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: test-on-push-or-pr
on:
push:
branches: main
pull_request:
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
submodules: true

- name: Build makefiles with premake
uses: eariassoto/setup-premake@v1
with:
version: '5.0.0-beta1'
action: 'gmake'
options: '--cc=gcc'

- name: Install GCC
uses: egor-tensin/setup-gcc@v1
with:
version: latest
platform: x64
Comment on lines +22 to +25

@coderabbitai coderabbitai Bot Nov 21, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

Pin GCC to a specific version instead of latest.

Using latest for GCC breaks reproducibility—builds may differ between CI runs. Pin to a specific stable version.

      - name: Install GCC
        uses: egor-tensin/setup-gcc@v1
        with:
-         version: latest
+         version: '13'
          platform: x64

Adjust the version number to match your project's requirements.

🏁 Script executed:

#!/bin/bash
# Verify the workflow file and lines 19-22
if [ -f ".github/workflows/test-on-push-or-pr.yaml" ]; then
  echo "File found. Content around lines 19-22:"
  sed -n '15,25p' ".github/workflows/test-on-push-or-pr.yaml"
else
  echo "File not found at .github/workflows/test-on-push-or-pr.yaml"
fi

Length of output: 276

🏁 Script executed:

#!/bin/bash
# Check for any other GCC setup references in workflows
rg -n "setup-gcc|version.*latest" .github/workflows/ -A2 -B2 2>/dev/null || echo "No matches found"

Length of output: 445

🌐 Web query:

egor-tensin/setup-gcc action latest version behavior reproducibility

💡 Result:

Short answer: using egor-tensin/setup-gcc with version: latest will install whatever the action’s default “latest” GCC is at the time the workflow runs — that value can change over time — so workflows that use version: latest are not reproducible across runs. Pin a concrete GCC version (e.g. version: 11 or version: 12) or pin the action tag/commit to get reproducible toolchains. [1][2]

Details / evidence:

  • The action’s README documents a version input and shows "latest" as the default. Using version: latest is supported but means the action chooses the default/latest available compiler. [1]
  • Multiple projects use the action with numeric versions when they need specific compilers; relying on latest is common but causes changing toolchain behavior over time. Security/usage summaries also show the action is used widely (so behavior matters to downstream users). [2]

Recommendation:

  • For reproducible CI builds: specify an explicit GCC release (e.g. version: 11) and/or pin the action to a specific release tag or commit (egor-tensin/setup-gcc@v1 or @). If you must follow the latest, accept the non-reproducibility risk and consider recording the installed gcc --version in logs/artifacts. [1][2]

Sources:
[1] setup-gcc README (action docs). (git.tensin.name)
[2] Action usage / advisor listing (usage and popularity). (app.stepsecurity.io)

Citations:

Pin GCC to a specific version instead of latest to ensure reproducible builds.

Using version: latest installs whatever the action's default GCC is at the time the workflow runs—that value can change over time—making workflows non-reproducible across runs. Specify an explicit GCC release (e.g. version: 13) to maintain consistent toolchain behavior.

      - name: Install GCC
        uses: egor-tensin/setup-gcc@v1
        with:
-         version: latest
+         version: '13'
          platform: x64
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
uses: egor-tensin/setup-gcc@v1
with:
version: latest
platform: x64
uses: egor-tensin/setup-gcc@v1
with:
version: '13'
platform: x64
🤖 Prompt for AI Agents 
.github/workflows/test-on-push-or-pr.yaml lines 19-22: the workflow pins GCC
using version: latest which makes builds non-reproducible; change the action
input to a specific GCC major (or exact) version such as version: 13 (or 13.1)
to lock the toolchain; update the YAML to replace latest with the chosen numeric
version and commit so the CI uses the fixed GCC release.


- name: Build tests
run: make tests

- name: Run tests
run: |
# From munit's help:
#
# Must be a 32-bit integer in decimal notation with no
# separators (commas, decimals, spaces, etc.), or hexidecimal
# prefixed by "0x".
TEST_SEED=$((RANDOM << 16 | RANDOM))
echo "Seed generated: $TEST_SEED"
./bin/tests/dbg/tests --seed "$TEST_SEED"