feat(registry): deprecated action enforcement#2704
Conversation
This stack of pull requests is managed by Graphite. Learn more about stacking. |
|
✅ No security or compliance issues detected. Reviewed everything up to 5284377. Security Overview
Detected Code Changes
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e83b7ac5be
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
jordan-umusu
force-pushed
the
feat/deprecated-action-enforcement
branch
from
e83b7ac to
7cf4ee3
Compare
jordan-umusu
force-pushed
the
refactor/title-autogen-litellm
branch
from
53bb972 to
9c1704c
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7cf4ee30ec
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
jordan-umusu
force-pushed
the
refactor/title-autogen-litellm
branch
from
9c1704c to
9323e5f
Compare
jordan-umusu
force-pushed
the
feat/deprecated-action-enforcement
branch
from
7cf4ee3 to
5284377
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 528437745d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if action_impl.deprecated: | ||
| raise DeprecatedActionError(action_name, action_impl.deprecated) | ||
| action_secrets = await registry_resolver.collect_action_secrets_from_manifest( |
There was a problem hiding this comment.
prepare_resolved_context now rejects a deprecated root action, but it still calls collect_action_secrets_from_manifest immediately afterward, and that resolver recursively pulls secrets for all template steps before any step-level deprecation check runs. In a template that references a deprecated child action, missing/inaccessible child secrets can still fail first, so users get a secret-resolution error instead of the intended deprecation guidance. This means deprecated-action enforcement is still inconsistent for nested template actions and should be applied before recursive secret collection/evaluation.
Useful? React with 👍 / 👎.
jordan-umusu
force-pushed
the
refactor/title-autogen-litellm
branch
from
9323e5f to
27b4c4d
Compare
1 participant
Summary by cubic
Block execution of deprecated registry actions and surface a clear deprecation message to guide migrations. This prevents deprecated actions from running in workflows.
DeprecatedActionErrorwith action name and deprecation message.deprecatedflag from registry manifests intoActionImplementation._invoke_step: raise when an action is deprecated.ActionImplementationschema with an optionaldeprecatedfield.Written for commit e83b7ac. Summary will update on new commits. Review in cubic