Fix nested remote imports to resolve relative to parent's base path#16372
Fix nested remote imports to resolve relative to parent's base path#16372strawgate wants to merge 12 commits intogithub:mainfrom
Conversation
Nested relative imports from remote workflowspecs were hardcoded to resolve against .github/workflows/ in the remote repo. When the parent workflowspec was imported through a different path (e.g., gh-agent-workflows/), this produced inconsistent cache paths in the lock file and caused security scanner warnings for nonexistent local files. Add a BasePath field to remoteImportOrigin, derived from the parent workflowspec by stripping owner/repo and the last two path components (the 2-level import dir/file.md). Nested imports now resolve relative to this base, keeping cache paths consistent with the parent's path. Fixes github#16370 Co-authored-by: Cursor <cursoragent@cursor.com>
|
will test this locally for my usecase |
There was a problem hiding this comment.
Pull request overview
This pull request fixes a bug where nested remote imports were hardcoded to resolve against .github/workflows/ in the remote repository, causing inconsistent cache paths when the parent workflowspec was imported through a different directory (e.g., gh-agent-workflows/).
Changes:
- Added
BasePathfield toremoteImportOriginstruct to track the base directory path from the parent workflowspec - Updated
parseRemoteOriginto extractBasePathby removing the last 2 path components from the workflowspec path - Modified nested import resolution logic to use the parent's
BasePathinstead of hardcoded.github/workflows/
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| pkg/parser/import_processor.go | Added BasePath field to remoteImportOrigin struct, updated parseRemoteOrigin to extract BasePath from workflowspecs, and modified nested import resolution to use parent's BasePath |
| pkg/parser/import_remote_nested_test.go | Added comprehensive test cases for BasePath extraction across different path structures, and verified consistency between parent and nested import paths |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
dsyme
left a comment
dsyme
left a comment
There was a problem hiding this comment.
Looks OK but I'd really like to see any string-hacking around the different kind of specs we use put into helpers and shared across the codebase, preferably paired with their parsing, and under independent unit test
|
@strawgate let's add integration tests using some samples of githubnext/agentics |
|
Sounds good, let me get the right behavior working in this PR and then i'll expand with tests and identify helper extractions. Looks like the problem also occurs for runtime imports -- they are not pointing at the cache when added from a remote source |
|
fyi githubnext/agentics has a one-level import via the shared folder but no multi-level/nested imports |
what do I need to add in there to trigger this code path? |
|
@copilot merge main and recompile |
|
The repo currently has Workflow A -> fragment B I.e. A workflow which uses include to include a fragment Ideally we'd also add: Workflow A -> fragment B -> fragment C I.e. fragment B has an include in it as well Basically two levels of nested includes instead of just one |
|
See githubnext/agentics#170 for an example of the double nested workflow |
|
@copilot add integration test suite that generates various agentic workflows with multiple levels of imports and self adds the workflows to test those code paths. Test extensive graphs combination with combination of file path depth. |
|
See #16550 |
|
@pelikhan looks like this can close then! Copilot stealing my hard work is going to have a big impact on my attempt to goose my contributor ranking. 🤣 |
|
We are closing down 3rd party PR/ in favor of issue plans. ;) |
3 participants
.github/workflows/../traversals supported viapath.Cleanfor sibling-directory importsFormatWorkflowSpechelpergithubnext/agenticsverify end-to-end nested import resolutionProblem
parseRemoteOriginstripped the last 2 path components to deriveBasePath, soowner/repo/workflows/code-simplifier.mdgot an empty base path. Its nested importshared/reporting.mdresolved at the repo root instead ofworkflows/shared/reporting.md, causing 404s, security scanner warnings, and brokenruntime-importpaths in.lock.ymlfiles.Fix
BasePathis now the parent directory of the file (strip filename only):owner/repo/workflows/code-simplifier.mdworkflowsowner/repo/base/subdir/file.mdbase/subdirowner/repo/file.mdResolveNestedImportjoins base path + relative import withpath.Clean, so../sibling/file.mdfrombase/subdirresolves tobase/sibling/file.md. The traversal guard now only rejects paths escaping the repository root.Fixes #16370