Refactor workflows for external repositories#262
Merged
greenc-FNAL merged 9 commits intoFramework-R-D:mainfrom Jan 28, 2026
Conversation
Contributor
greenc-FNAL
commented
Jan 21, 2026
greenc-FNAL
commented
- refactor: Make workflows reusable for external repositories
- refactor: Make workflows reusable for external repositories
- refactor: Make workflows reusable for external repositories
- refactor: Make workflows reusable for external repositories
- docs: Correct bot command example for forks
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request refactors GitHub Actions workflows to make them reusable for external repositories that want to leverage Phlex's CI/CD infrastructure. The changes introduce workflow_call triggers with configurable inputs, replace hardcoded "phlex" references with dynamic repository-specific values, and update bot commands to support repository-specific naming patterns.
Changes:
- Added
workflow_calltriggers to 7 workflows with inputs for checkout paths, repository references, and relevance check controls - Introduced dynamic path variables using
local-checkout-pathandlocal-build-pathenvironment variables - Updated bot command triggers to support both
@phlexbotand@{repository}botpatterns - Added comprehensive documentation for external consumers in
.github/REUSABLE_WORKFLOWS.md - Updated action references from local paths to Framework-R-D/phlex@main for external reusability
- Removed obsolete REFACTORING_SUMMARY.md documentation
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| README.md | Added new CI/CD section with link to reusable workflows guide |
| .github/REUSABLE_WORKFLOWS.md | New comprehensive guide for external repositories to use Phlex workflows |
| .github/actions/README.md | Added note directing users to high-level workflow documentation |
| .github/actions/REFACTORING_SUMMARY.md | Deleted obsolete refactoring documentation |
| .github/workflows/python-fix.yaml | Added workflow_call trigger, dynamic paths, repository-specific bot command |
| .github/workflows/python-check.yaml | Added workflow_call trigger with relevance check inputs, dynamic paths |
| .github/workflows/codeql-analysis.yaml | Added workflow_call trigger, dynamic paths, support for external script checkout |
| .github/workflows/cmake-format-fix.yaml | Added workflow_call trigger, dynamic paths, repository-specific bot command |
| .github/workflows/cmake-format-check.yaml | Added workflow_call trigger, dynamic paths, updated error message |
| .github/workflows/cmake-build.yaml | Added workflow_call trigger, dynamic paths, repository name extraction for CMake variables |
| .github/workflows/actionlint-check.yaml | Added workflow_call trigger, dynamic paths, relevance check inputs |
greenc-FNAL
added a commit
to greenc-FNAL/phlex
that referenced
this pull request
Jan 27, 2026
greenc-FNAL
added a commit
to greenc-FNAL/phlex
that referenced
this pull request
Jan 27, 2026
Updates the `REUSABLE_WORKFLOWS.md` documentation to address the security concerns raised in the review comments on PR Framework-R-D#262. The key changes are: - The introductory note now explains the security risks of using a mutable branch like `@main` and recommends pinning to a specific commit SHA for stability and security. - All `uses:` examples in the document have been updated to use a specific commit SHA instead of `@main`. - The explanatory text clarifies that `@main` can still be used for development purposes at the user's own risk. Co-authored-by: greenc-FNAL <2372949+greenc-FNAL@users.noreply.github.com>
greenc-FNAL
added a commit
to greenc-FNAL/phlex
that referenced
this pull request
Jan 27, 2026
greenc-FNAL
added a commit
to greenc-FNAL/phlex
that referenced
this pull request
Jan 27, 2026
Updates the `REUSABLE_WORKFLOWS.md` documentation to address the security concerns raised in the review comments on PR Framework-R-D#262. The key changes are: - The introductory note now explains the security risks of using a mutable branch like `@main` and recommends pinning to a specific commit SHA for stability and security. - All `uses:` examples in the document have been updated to use a specific commit SHA instead of `@main`. - The explanatory text clarifies that `@main` can still be used for development purposes at the user's own risk. Co-authored-by: greenc-FNAL <2372949+greenc-FNAL@users.noreply.github.com>
greenc-FNAL
force-pushed
the
feature-refactor-workflows-for-external-repositories-5801018763696236656
branch
from
91a2b7f to
64cc745
Compare
knoepfel
reviewed
Jan 27, 2026
This change refactors the GitHub Actions workflows to support 'workflow_call' triggers. Key changes: - Added 'workflow_call' triggers to all relevant workflows. - Replaced hardcoded 'phlex' references with dynamic repository information. - Added inputs to configure checkout paths, build matrices, and skip relevance checks. - Ensured workflows remain backward-compatible with existing triggers. This allows the workflows to be called from external repositories, improving their reusability and portability.
This change refactors the GitHub Actions workflows to support 'workflow_call' triggers. Key changes: - Added 'workflow_call' triggers to all relevant workflows. - Replaced hardcoded 'phlex' references with dynamic repository information. - Added inputs to configure checkout paths, build matrices, and skip relevance checks. - Ensured workflows remain backward-compatible with existing triggers. - Fixed an issue with constructing CMake sanitizer options by correctly extracting the repository name. - Corrected the relevance check in `actionlint-check.yaml` to handle pull request context from `workflow_call`. This allows the workflows to be called from external repositories, improving their reusability and portability.
This change refactors the GitHub Actions workflows to support 'workflow_call' triggers, making them self-contained and portable for use in external repositories. Key changes: - Added 'workflow_call' triggers to all relevant workflows with inputs to configure behavior like checkout paths, build matrices, and relevance check skipping. - Replaced hardcoded 'phlex' references with dynamic repository information. - Ensured workflows remain backward-compatible with existing triggers. - Fixed an issue with constructing CMake sanitizer options by correctly extracting the repository name from the full 'owner/repo' string. - Corrected the relevance check in `actionlint-check.yaml` to handle pull request context from `workflow_call`. - Updated workflows to explicitly check out the 'phlex' repository for ancillary scripts or to use canonical remote paths for reusable actions, ensuring they are self-contained.
Corrects the example bot command in the reusable workflows guide for contributors working on a fork of the repository. The previous example, `@your-github-usernamebot format`, was incorrect. The correct command is `@phlexbot format`, as the dynamic repository name in the workflow resolves to `phlex` even in a fork.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Updates the `REUSABLE_WORKFLOWS.md` documentation to address the security concerns raised in the review comments on PR Framework-R-D#262. The key changes are: - The introductory note now explains the security risks of using a mutable branch like `@main` and recommends pinning to a specific commit SHA for stability and security. - All `uses:` examples in the document have been updated to use a specific commit SHA instead of `@main`. - The explanatory text clarifies that `@main` can still be used for development purposes at the user's own risk. Co-authored-by: greenc-FNAL <2372949+greenc-FNAL@users.noreply.github.com>
- Reoarganize to de-emphasize use of workflows from other repositories. - Add specific caveats to use of workflows from other repositories.
greenc-FNAL
force-pushed
the
feature-refactor-workflows-for-external-repositories-5801018763696236656
branch
from
64cc745 to
f7b139b
Compare
knoepfel
approved these changes
Jan 28, 2026
beojan
pushed a commit
to beojan/phlex
that referenced
this pull request
Jan 30, 2026
* refactor: Make workflows reusable for external repositories This change refactors the GitHub Actions workflows to support 'workflow_call' triggers. Key changes: - Added 'workflow_call' triggers to all relevant workflows. - Replaced hardcoded 'phlex' references with dynamic repository information. - Added inputs to configure checkout paths, build matrices, and skip relevance checks. - Ensured workflows remain backward-compatible with existing triggers. This allows the workflows to be called from external repositories, improving their reusability and portability. * refactor: Make workflows reusable for external repositories This change refactors the GitHub Actions workflows to support 'workflow_call' triggers. Key changes: - Added 'workflow_call' triggers to all relevant workflows. - Replaced hardcoded 'phlex' references with dynamic repository information. - Added inputs to configure checkout paths, build matrices, and skip relevance checks. - Ensured workflows remain backward-compatible with existing triggers. - Fixed an issue with constructing CMake sanitizer options by correctly extracting the repository name. - Corrected the relevance check in `actionlint-check.yaml` to handle pull request context from `workflow_call`. This allows the workflows to be called from external repositories, improving their reusability and portability. * refactor: Make workflows reusable for external repositories This change refactors the GitHub Actions workflows to support 'workflow_call' triggers, making them self-contained and portable for use in external repositories. Key changes: - Added 'workflow_call' triggers to all relevant workflows with inputs to configure behavior like checkout paths, build matrices, and relevance check skipping. - Replaced hardcoded 'phlex' references with dynamic repository information. - Ensured workflows remain backward-compatible with existing triggers. - Fixed an issue with constructing CMake sanitizer options by correctly extracting the repository name from the full 'owner/repo' string. - Corrected the relevance check in `actionlint-check.yaml` to handle pull request context from `workflow_call`. - Updated workflows to explicitly check out the 'phlex' repository for ancillary scripts or to use canonical remote paths for reusable actions, ensuring they are self-contained. * docs: Correct bot command example for forks Corrects the example bot command in the reusable workflows guide for contributors working on a fork of the repository. The previous example, `@your-github-usernamebot format`, was incorrect. The correct command is `@phlexbot format`, as the dynamic repository name in the workflow resolves to `phlex` even in a fork. * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Address `env:` consistency issue - per Framework-R-D#262 (comment) * docs: Recommend pinning reusable workflows to SHA Updates the `REUSABLE_WORKFLOWS.md` documentation to address the security concerns raised in the review comments on PR Framework-R-D#262. The key changes are: - The introductory note now explains the security risks of using a mutable branch like `@main` and recommends pinning to a specific commit SHA for stability and security. - All `uses:` examples in the document have been updated to use a specific commit SHA instead of `@main`. - The explanatory text clarifies that `@main` can still be used for development purposes at the user's own risk. Co-authored-by: greenc-FNAL <2372949+greenc-FNAL@users.noreply.github.com> * Reorganize and add caveats - Reoarganize to de-emphasize use of workflows from other repositories. - Add specific caveats to use of workflows from other repositories. * Revert CI/CD notes per https://github.com/Framework-R-D/phlex/pull/262/changes#r2733803993 --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: greenc-FNAL <2372949+greenc-FNAL@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.