Skip to content

Fix SDK validation action pinning#1517

Merged
ChiragAgg5k merged 2 commits intomasterfrom
fix/remove-sdk-validation-cache
May 8, 2026
Merged

Fix SDK validation action pinning#1517
ChiragAgg5k merged 2 commits intomasterfrom
fix/remove-sdk-validation-cache

Conversation

@ChiragAgg5k
Copy link
Copy Markdown
Member

@ChiragAgg5k ChiragAgg5k commented May 8, 2026

Summary

  • Replace the Flutter setup composite action because it references actions/cache@v5 internally, which violates the repository action pinning policy.
  • Keep Rust cargo-audit caching, pinned to the stable actions/cache v4.2.4 commit SHA.

Testing

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented May 8, 2026
edited
Loading

Greptile Summary

This PR replaces the subosito/flutter-action composite action (which internally referenced an unpinned actions/cache@v5) with a manual git clone pinned to FLUTTER_VERSION=3.35.7, adds an explicit actions/cache@v4.2.4 step to cache the cloned Flutter SDK, and downgrades the Rust cargo-audit cache from v5.0.5 to the same v4.2.4 commit SHA used elsewhere in the workflow.

  • Flutter setup: The composite action is replaced by a two-step approach: a pinned actions/cache restore, followed by a conditional git clone --depth 1 --branch \"$FLUTTER_VERSION\" that only runs on a cache miss.
  • Rust cache downgrade: actions/cache for cargo-audit moves from the v5.0.5 commit SHA to v4.2.4, aligning with the repository's policy of using the 0400d5f6… pinned SHA throughout.

Confidence Score: 5/5

Safe to merge — the change is confined to CI workflow configuration and addresses two known issues without introducing new logic errors.

The cache-then-clone pattern is logically sound: the actions/cache restore runs first, the conditional guard skips the clone on a hit and lets it proceed on a miss, and the cache post-step saves the new install for future runs. Both the Flutter cache and the Rust cache now use the same pinned v4.2.4 commit SHA, consistent with the repository's pinning policy. No production code is touched.

No files require special attention.

Important Files Changed

Filename Overview
.github/workflows/sdk-build-validation.yml Replaces subosito/flutter-action (which internally used an unpinned cache action) with a manual git clone pinned to FLUTTER_VERSION=3.35.7, adds an explicit actions/cache@v4.2.4 step for the Flutter SDK, and downgrades the Rust cargo-audit cache from v5 to v4 for consistency with the repository's pinning policy.

Reviews (2): Last reviewed commit: "fix: pin and cache flutter sdk setup" | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 8, 2026
View reviewed changes
Comment thread .github/workflows/sdk-build-validation.yml Outdated
Comment thread .github/workflows/sdk-build-validation.yml
@ChiragAgg5k ChiragAgg5k merged commit eeef6b3 into master May 8, 2026
54 of 56 checks passed
@ChiragAgg5k ChiragAgg5k deleted the fix/remove-sdk-validation-cache branch May 8, 2026 12:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ChiragAgg5k