From 3d47eae87b65e437995b488dd3a082a0fd4e75e8 Mon Sep 17 00:00:00 2001 From: Matiss Janis Aboltins Date: Fri, 15 May 2026 20:51:40 +0100 Subject: [PATCH] [AI] Replace GitHub Actions with native gh CLI commands (#7852) * [AI] Replace superfluous actions flagged by zizmor Address zizmor's `superfluous-actions` audit by replacing actions whose functionality is already provided by the runner's pre-installed `gh` CLI: - `actions-ecosystem/action-add-labels` -> `gh issue edit --add-label` - `peter-evans/create-or-update-comment` -> `gh issue comment` - `softprops/action-gh-release` -> `gh release create` / `gh release upload` For the Electron release workflow, the create step is race-safe across the three matrix OS jobs that share the same draft release. * [AI] Simplify electron release upload script - Drop the `gh release view` existence check; `gh release create ... || true` already handles the matrix-job race against the same draft release. - Use `extglob` to exclude `Actual-windows.exe` inline instead of looping over `.exe` separately. * Add release notes for PR #7852 * [AI] Narrow error suppression on gh release create Only swallow the "already_exists" error from the parallel-matrix race; propagate any other failure (auth, network, API) instead of masking it. --------- Co-authored-by: Claude Co-authored-by: github-actions[bot] --- .github/workflows/electron-master.yml | 29 ++++++++++++++----- .../issues-close-feature-requests.yml | 21 +++++++------- upcoming-release-notes/7852.md | 6 ++++ 3 files changed, 38 insertions(+), 18 deletions(-) create mode 100644 upcoming-release-notes/7852.md diff --git a/.github/workflows/electron-master.yml b/.github/workflows/electron-master.yml index bd57342c46..1d0adfac20 100644 --- a/.github/workflows/electron-master.yml +++ b/.github/workflows/electron-master.yml @@ -100,10 +100,11 @@ jobs: path: | packages/desktop-electron/dist/*.appx - name: Add to new release - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1 - with: - draft: true - body: | + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_REPO: ${{ github.repository }} + TAG: ${{ github.ref_name }} + RELEASE_NOTES: | :link: [View release notes](https://actualbudget.org/blog/release-${{ steps.process_version.outputs.version }}) ## Desktop releases @@ -114,13 +115,27 @@ jobs: Get it on Flathub

- files: | + run: | + # The matrix runs three OS jobs in parallel against one release; + # only ignore the "already exists" error that the race losers hit. + if ! create_output=$(gh release create "$TAG" --draft --title "$TAG" --notes "$RELEASE_NOTES" 2>&1); then + if [[ "$create_output" != *already_exists* ]]; then + echo "$create_output" >&2 + exit 1 + fi + fi + + shopt -s extglob nullglob + files=( packages/desktop-electron/dist/*.dmg - packages/desktop-electron/dist/*.exe - !packages/desktop-electron/dist/Actual-windows.exe + packages/desktop-electron/dist/!(Actual-windows).exe packages/desktop-electron/dist/*.AppImage packages/desktop-electron/dist/*.flatpak packages/desktop-electron/dist/*.appx + ) + if [ ${#files[@]} -gt 0 ]; then + gh release upload "$TAG" --clobber "${files[@]}" + fi outputs: version: ${{ steps.process_version.outputs.version }} diff --git a/.github/workflows/issues-close-feature-requests.yml b/.github/workflows/issues-close-feature-requests.yml index ab57cb4852..eac322c2a1 100644 --- a/.github/workflows/issues-close-feature-requests.yml +++ b/.github/workflows/issues-close-feature-requests.yml @@ -11,21 +11,21 @@ jobs: needs-votes: if: ${{ github.event.label.name == 'feature' }} runs-on: ubuntu-latest + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_REPO: ${{ github.repository }} + ISSUE_NUMBER: ${{ github.event.issue.number }} steps: - - uses: actions-ecosystem/action-add-labels@bd52874380e3909a1ac983768df6976535ece7f8 # v1.1.0 - with: - labels: needs votes - github_token: ${{ secrets.GITHUB_TOKEN }} + - name: Add needs votes label + run: gh issue edit "$ISSUE_NUMBER" --add-label "needs votes" - name: Add reactions uses: aidan-mundy/react-to-issue@109392cac5159c2df6c47c8ab3b5d6b708852fe5 # v1.1.2 with: issue-number: ${{ github.event.issue.number }} reactions: '+1' - name: Create comment - uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 - with: - issue-number: ${{ github.event.issue.number }} - body: | + env: + COMMENT_BODY: | :sparkles: Thanks for sharing your idea! :sparkles: This repository uses a voting-based system for feature requests. While enhancement issues are automatically closed, we still welcome feature requests! The voting system helps us gauge community interest in potential features. We also encourage community contributions for any feature requests marked as needing votes (just post a comment first so we can help guide you toward a successful contribution). @@ -35,7 +35,6 @@ jobs: Don't forget to upvote the top comment with 👍! + run: gh issue comment "$ISSUE_NUMBER" --body "$COMMENT_BODY" - name: Close Issue - run: gh issue close "https://github.com/actualbudget/actual/issues/${{ github.event.issue.number }}" - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh issue close "$ISSUE_NUMBER" diff --git a/upcoming-release-notes/7852.md b/upcoming-release-notes/7852.md new file mode 100644 index 0000000000..5012711686 --- /dev/null +++ b/upcoming-release-notes/7852.md @@ -0,0 +1,6 @@ +--- +category: Maintenance +authors: [MatissJanis] +--- + +Refactor workflows to utilize native `gh` CLI commands instead of third-party GitHub Actions.