[TT-17477] Add distros matrix GitHub action by konrad-sol · Pull Request #136 · TykTechnologies/github-actions

konrad-sol · 2026-06-10T14:56:39Z

Add distro-matrix action under .github/actions/tests/distro-matrix. It outputs the deb and rpm JSON arrays used by upgrade smoke tests. Unlike test-controller, it takes no inputs — the distro list does not vary by repo, branch, or trigger, so it is hardcoded directly in the action

When a PR is opened or updated in this repo, automatically: - detect which action/workflow paths changed - find every tyk-analytics workflow that references those paths - create a short-lived branch in tyk-analytics with all pinned SHAs redirected to the PR's HEAD commit - inject workflow_dispatch into any affected workflow that lacks it (on the temp branch only, never permanently) - trigger those workflows via the GitHub API and wait for results - post a results table as a PR comment - delete the temp branch regardless of outcome Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Two bugs fixed: 1. Python regex ^(on:)\s*$ failed to match 'on: # yamllint comment' (seen in s1-cns-scans.yml). Replace with ^(on:[^\n]*\n) which captures the full line including any trailing comment and appends workflow_dispatch on the very next line — tested against all four on: patterns in tyk-analytics. 2. git commit hard-failed when sed produced no diff (e.g. SHA already matched). Guard with 'git diff --cached --quiet' and set ok=false rather than erroring. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…s-repo token ORG_GITHUB_TOKEN is not set in this repo. Switch to the GitHub App credentials (PROBE_APP_ID + PROBE_APP_PRIVATE_KEY) that are already used org-wide (force-merge.yaml, sbom-dev.yaml, godoc.yml, nancy.yaml, etc.) via actions/create-github-app-token. Changes: - Remove job-level GH_TOKEN env (can't reference step output at job level) - Add 'Generate cross-repo token' as first step using PROBE_APP_ID/PROBE_APP_PRIVATE_KEY - Thread app-token through: checkout token, every gh-cli step's GH_TOKEN env, and the Delete branch cleanup step - Switch github-script comment to github.token (the workflow's own token is sufficient for writing comments on a PR in the same repo) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

probelabs · 2026-06-10T14:58:10Z

This pull request introduces a new, self-contained GitHub Action, distro-matrix, designed to centralize the list of Linux distributions used for testing.

Files Changed Analysis

.github/actions/tests/distro-matrix/action.yaml (new): A new composite action that provides hardcoded JSON arrays of deb (Debian, Ubuntu) and rpm (Amazon Linux, Red Hat) based Linux distributions. This creates a single, reusable source of truth for test matrices.
.github/actions/tests/env-up/action.yaml (modified): A minor cosmetic change, removing a single blank line.

Architecture & Impact Assessment

What this PR accomplishes: It introduces a reusable GitHub Action to provide a standardized list of Linux distributions for automated testing. This centralizes configuration, preventing divergence and simplifying maintenance for any workflow that needs to run jobs across different Linux versions.
Key technical changes introduced: A new composite GitHub Action (distro-matrix) is created. It uses a simple inline shell script to define two outputs (deb and rpm) containing JSON arrays of container image names. The action is self-contained and requires no inputs.
Affected system components: This change primarily affects the CI/CD pipeline. Other GitHub Actions and workflows, particularly those related to upgrade and smoke tests as mentioned in the description, can now consume this action to build their test matrices. The impact is confined to the CI system and does not affect production code.
Component Interaction:

graph TD
A[Consumer Workflow e.g., Upgrade/Smoke Tests] -- uses --> B[distro-matrix Action];
B -- outputs --> C{""deb: ["distro1", ...]"uot;, ...]"}
B -- outputs --> D{rpm: ["distroA", ...]}
A -- builds matrix from --> C;
A -- builds matrix from --> D;


## Scope Discovery & Context Expansion

The immediate scope is the creation of this reusable CI component. The PR description explicitly states its purpose is for "upgrade smoke tests." This implies that the next step would be to refactor existing test workflows to use this new action, thereby removing any hardcoded distribution lists they might currently contain.

This action establishes a pattern for centralizing configuration within the CI system. While it currently only provides Linux distribution lists, this approach could be expanded for other shared test configurations, such as cloud provider regions, database versions, or other matrix-based testing parameters.


<details>
  <summary>Metadata</summary>

  - Review Effort: 1 / 5
  - Primary Label: feature


</details>
<!-- visor:section-end id="overview" -->

<!-- visor:thread-end key="TykTechnologies/github-actions#136@ff48ab3" -->

---

*Powered by [Visor](https://probelabs.com/visor) from [Probelabs](https://probelabs.com)*

*Last updated: 2026-06-10T18:43:25.960Z | Triggered by: pr_updated | Commit: ff48ab3*

💡 **TIP:** You can chat with Visor using `/visor ask <your question>`
<!-- /visor-comment-id:visor-thread-overview-TykTechnologies/github-actions#136 -->

probelabs · 2026-06-10T14:58:53Z

Security Issues (1)

Severity	Location	Issue
🟡 Warning	`.github/actions/tests/distro-matrix/action.yaml:19`	The list of distributions for testing includes operating systems that are past their standard End-of-Life (EOL) date, such as `ubuntu:xenial` (standard support ended April 2021) and `ubuntu:bionic` (standard support ended April 2023). Using EOL software can pose a security risk as it no longer receives security updates. 💡 Suggestion Review the list of distributions to ensure that testing on EOL versions is strictly necessary for backward compatibility. If so, consider replacing them with Extended Security Maintenance (ESM) versions if available, or add a comment acknowledging the risk and justifying their use. For example, replace `ubuntu:xenial` with a more recent LTS version unless testing upgrades from that specific version is a requirement.

Security Issues (1)

Severity	Location	Issue
🟡 Warning	`.github/actions/tests/distro-matrix/action.yaml:19`	The list of distributions for testing includes operating systems that are past their standard End-of-Life (EOL) date, such as `ubuntu:xenial` (standard support ended April 2021) and `ubuntu:bionic` (standard support ended April 2023). Using EOL software can pose a security risk as it no longer receives security updates. 💡 Suggestion Review the list of distributions to ensure that testing on EOL versions is strictly necessary for backward compatibility. If so, consider replacing them with Extended Security Maintenance (ESM) versions if available, or add a comment acknowledging the risk and justifying their use. For example, replace `ubuntu:xenial` with a more recent LTS version unless testing upgrades from that specific version is a requirement.

\n\n ### Architecture Issues (1)

Severity	Location	Issue
🟡 Warning	`.github/actions/tests/distro-matrix/action.yaml:17-23`	The use of heredoc syntax (`<<EOF`) for setting the `deb` and `rpm` outputs is unnecessary as the JSON arrays are single-line strings. This makes the script more verbose and complex than required. 💡 Suggestion Simplify the script by setting the outputs using direct, single-line `echo` commands. This improves readability and maintainability. 🔧 Suggested Fix `run: \| echo 'deb=["ubuntu:xenial","debian:bullseye","ubuntu:bionic","ubuntu:focal","ubuntu:jammy","debian:bookworm","debian:trixie"]' >> $GITHUB_OUTPUT echo 'rpm=["amazonlinux:2","registry.access.redhat.com/ubi8/ubi","amazonlinux:2023","registry.access.redhat.com/ubi9/ubi"]' >> $GITHUB_OUTPUT`

✅ Performance Check Passed

No performance issues found – changes LGTM.

Powered by Visor from Probelabs

Last updated: 2026-06-10T18:43:06.380Z | Triggered by: pr_updated | Commit: ff48ab3

💡 TIP: You can chat with Visor using /visor ask <your question>

github-actions · 2026-06-10T15:49:09Z

❌ Downstream test results — `TykTechnologies/tyk-analytics`

Tested against commit 82e32071 on temp branch ga-pr-136 (now deleted).

Workflow	Run	Result
`release.yml`	27285208515	⏱️ `timed_out`
`nightly-e2e-tests.yml`	27285216280	❌ `failure`

konrad-sol and others added 5 commits May 29, 2026 14:16

add atest change

4e73fc6

add distro matrix github action

82e3207

konrad-sol requested a review from a team June 10, 2026 14:56

update

ff48ab3

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[TT-17477] Add distros matrix GitHub action#136

[TT-17477] Add distros matrix GitHub action#136
konrad-sol wants to merge 6 commits into
mainfrom
TT-17477_add_distros_matrix_github-action

konrad-sol commented Jun 10, 2026

Uh oh!

probelabs Bot commented Jun 10, 2026 •

edited

Loading

Uh oh!

probelabs Bot commented Jun 10, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Jun 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

konrad-sol commented Jun 10, 2026

Uh oh!

probelabs Bot commented Jun 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Files Changed Analysis

Architecture & Impact Assessment

Uh oh!

probelabs Bot commented Jun 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Security Issues (1)

Security Issues (1)

✅ Performance Check Passed

Uh oh!

github-actions Bot commented Jun 10, 2026

❌ Downstream test results — TykTechnologies/tyk-analytics

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

probelabs Bot commented Jun 10, 2026 •

edited

Loading

probelabs Bot commented Jun 10, 2026 •

edited

Loading

❌ Downstream test results — `TykTechnologies/tyk-analytics`