Skip to content

Allow matlab-actions/run-tests v3.1.1#846

Open
kevingurney wants to merge 1 commit into
apache:mainfrom
kevingurney:matlab-actions-run-tests-3-1-1
Open

Allow matlab-actions/run-tests v3.1.1#846
kevingurney wants to merge 1 commit into
apache:mainfrom
kevingurney:matlab-actions-run-tests-3-1-1

Conversation

@kevingurney
Copy link
Copy Markdown
Member

@kevingurney kevingurney commented May 15, 2026
edited
Loading

To address: #49962, we would like to allow v3.1.1 of the matlab-actions/run-tests action.

Note: v3.1.1 is not a Prerelease, so we don't expect to run into the "commit churn" which was addressed by #735 for this version. On behalf of the MathWorks CI Team - our sincere apologies for the inconvenience this issue caused.

Note: It is unclear what is preventing matlab-actions/run-tests from eventually ending up in the same state again if a future upgrade is also a Prerelease. Does some kind of additional logic need to be added to the infrastructure to "ignore" prereleases for Dependabot upgrades?

@potiuk potiuk mentioned this pull request May 17, 2026
Open
@potiuk
Copy link
Copy Markdown
Member

potiuk commented May 17, 2026

Hi @kevingurney — thanks for the bump.

Running our automated allowlist check (verify-action-build) on v3.1.1 turns up one issue we'd want to resolve before approving:

dist/bin/win64/run-matlab-command.exe: no SLSA attestation and release v3.1.1 has no SHA256SUMS

The JS rebuild matches cleanly (✓), no curl-downloads, lock file present. The blocker is just the four dist/bin/*/run-matlab-command* launchers that v3.1.x now commits to the tree — they're opaque to any rebuild check, and matlab-actions/run-tests releases don't ship SHA256SUMS or SLSA attestations, so there's no way for us to tie the bytes back to the source/workflow that produced them.

(Side note: vendoring the binaries into dist/ is actually a security improvement over fetching them via common-utils at install time — the SHA-pin now freezes the bytes. We just need the upstream provenance hook to close the verification loop.)

I've opened matlab-actions/run-tests#94 proposing actions/attest-build-provenance (or SHA256SUMS as a release asset) as the fix — same one-line pattern that runs-on/action#37 used. Since you're at MathWorks, you may have a faster path to that team than a drive-by issue does — if you could support the upstream request as a downstream consumer, that'd unblock this PR (and every future matlab-actions/* bump).

Holding approval until upstream provenance lands.

@potiuk potiuk mentioned this pull request May 17, 2026
Merged
2 tasks
@kevingurney @sgilmore10 @potiuk
Add support for v3.1.1 of matlab-actions/run-tests.
6a2d9cb 
Co-authored-by: Sarah Gilmore <sgilmore@mathworks.com>
potiuk added a commit to kevingurney/infrastructure-actions that referenced this pull request May 18, 2026
@potiuk
verify-action-build: detect MATLAB platform-named binary dirs
2b00cc4 
The in-tree binary detector flagged matlab-actions/run-tests@v3.1.1's
dist/bin/win64/run-matlab-command.exe (via .exe extension) but missed
the three Unix siblings under dist/bin/{glnxa64,maca64,maci64}/, which
have no extension and don't match the <name>-<os>-<arch> cross-compile
filename regex.  Add a parent-directory rule for MATLAB's platform
identifiers so the Linux/macOS launchers are caught too, and pin a
regression test against the actual v3.1.1 shape.

Surfaced while triaging apache#846.

Generated-by: Claude Opus 4.7 (1M context)
@potiuk potiuk force-pushed the matlab-actions-run-tests-3-1-1 branch from bc5bd26 to 6a2d9cb Compare May 18, 2026 09:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dfoulks1 dfoulks1 Awaiting requested review from dfoulks1 dfoulks1 is a code owner

@potiuk potiuk Awaiting requested review from potiuk potiuk is a code owner

@ppkarwasz ppkarwasz Awaiting requested review from ppkarwasz ppkarwasz is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kevingurney @potiuk