Skip to content

refactor(ci): swap uuid for getrandom in the GHA heredoc delimiter#1446

Merged
mergify[bot] merged 1 commit into
mainfrom
devs/jd/worktree-rust-port/swap-uuid-getrandom-gha-heredoc-delimiter--b6599e9b
May 29, 2026
Merged

refactor(ci): swap uuid for getrandom in the GHA heredoc delimiter#1446
mergify[bot] merged 1 commit into
mainfrom
devs/jd/worktree-rust-port/swap-uuid-getrandom-gha-heredoc-delimiter--b6599e9b

Conversation

@jd
Copy link
Copy Markdown
Member

@jd jd commented May 19, 2026
edited
Loading

ci queue-info::write_github_output formatted a unique
ghadelimiter_<uuid-v4> to guard against a metadata payload that
happens to contain its own heredoc delimiter. The actual contract
is "32 unpredictable hex chars", not "a UUID per RFC 4122" — the
delimiter is never parsed by anyone, only matched as a string.

Pull 16 random bytes straight from getrandom::fill and hex-encode
them. Drops uuid from the direct deps (it stays unreferenced and
disappears from Cargo.lock), with getrandom taking its place —
which uuid was already pulling in transitively, so the net add
is zero new code shipped to the binary.

The local helper is six lines. Same blast radius for a
maintainer-attack story, smaller surface to read.

Co-Authored-By: Claude Opus 4.7 noreply@anthropic.com

@jd jd mentioned this pull request May 19, 2026
Merged
@mergify mergify Bot had a problem deploying to Mergify Merge Protections May 19, 2026 15:16 Failure
This was referenced May 19, 2026
Merged
Merged
Merged
Merged
@jd jd temporarily deployed to func-tests-live May 19, 2026 15:16 — with GitHub Actions Inactive
This was referenced May 19, 2026
Merged
Merged
Merged
Merged
@jd
Copy link
Copy Markdown
Member Author

jd commented May 19, 2026
edited
Loading

This pull request is part of a Mergify stack:

# Pull Request Link
1 refactor(ci): swap uuid for getrandom in the GHA heredoc delimiter #1446 👈
2 refactor(config): standardize the workspace on serde_yaml_ng for YAML parsing #1447
3 test(ci): add live smoke test for ci scopes select-all path #1460
4 feat(rust): port ci scopes to native Rust #1461
5 feat(ci): swap Python's JUnit XML parser for the native Rust parser #1465
6 feat(ci): swap Python's OTLP encode+upload for the native Rust pipeline #1466
7 feat(ci): promote ci junit-process and its junit-upload alias to native Rust #1467

This was referenced May 19, 2026
Merged
Merged
Merged
Merged
Merged
Merged
@mergify
Copy link
Copy Markdown
Contributor

mergify Bot commented May 19, 2026
edited
Loading

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 🤖 Continuous Integration

Wonderful, this rule succeeded.
  • all of:
    • check-success=ci-gate

🟢 👀 Review Requirements

Wonderful, this rule succeeded.
  • any of:
    • #approved-reviews-by>=2
    • author = dependabot[bot]
    • author = mergify-ci-bot
    • author = renovate[bot]

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

  • title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert|ui)(?:\(.+\))?:

🟢 🔎 Reviews

Wonderful, this rule succeeded.
  • #changes-requested-reviews-by = 0
  • #review-requested = 0
  • #review-threads-unresolved = 0

🟢 📕 PR description

Wonderful, this rule succeeded.
  • body ~= (?ms:.{48,})

@mergify mergify Bot requested a review from a team May 19, 2026 15:32
@jd jd marked this pull request as ready for review May 20, 2026 07:26
sileht
sileht previously approved these changes May 20, 2026
View reviewed changes
@mergify mergify Bot requested a review from a team May 20, 2026 07:42
@jd jd force-pushed the devs/jd/worktree-rust-port/swap-uuid-getrandom-gha-heredoc-delimiter--b6599e9b branch from 2cd6b4f to 5cd88c9 Compare May 20, 2026 08:42
@jd jd force-pushed the devs/jd/worktree-rust-port/drop-indexmap-group-scope-returns-vec-k-v--7085cf29 branch from e31730b to 57559b2 Compare May 20, 2026 08:42
@jd jd temporarily deployed to func-tests-live May 20, 2026 08:42 — with GitHub Actions Inactive
@jd jd temporarily deployed to func-tests-live May 20, 2026 08:42 — with GitHub Actions Inactive
@jd
Copy link
Copy Markdown
Member Author

jd commented May 20, 2026
edited
Loading

Revision history

# Type Changes Reason Date
1 initial 2cd6b4f 2026-05-20 08:42 UTC
2 rebase 2cd6b4f → 5cd88c9 (rebase only) 2026-05-20 08:42 UTC
3 rebase 5cd88c9 → 8468caf (rebase only) 2026-05-20 09:05 UTC
4 rebase 8468caf → 73811d4 (rebase only) 2026-05-21 07:25 UTC
5 rebase 73811d4 → d61afc0 (rebase only) 2026-05-21 07:56 UTC
6 rebase d61afc0 → 637e6a8 (rebase only) 2026-05-21 12:39 UTC
7 content 637e6a8 → cdbf4bc 2026-05-22 07:10 UTC
8 rebase cdbf4bc → c0920c6 (rebase only) 2026-05-22 14:40 UTC
9 rebase c0920c6 → 9a4cadc (rebase only) 2026-05-27 07:53 UTC
10 rebase 9a4cadc → 258428f (rebase only) 2026-05-27 08:27 UTC
11 rebase 258428f → 9a6412d (rebase only) 2026-05-27 10:04 UTC
12 rebase e95b052 → aa78c91 (rebase only) 2026-05-28 09:45 UTC
13 rebase aa78c91 → 48e0093 (rebase only) 2026-05-29 06:35 UTC

@mergify mergify Bot dismissed sileht’s stale review May 20, 2026 08:43

Pull request has been modified.

@mergify mergify Bot had a problem deploying to Mergify Merge Protections May 20, 2026 08:43 Failure
@jd jd force-pushed the devs/jd/worktree-rust-port/swap-uuid-getrandom-gha-heredoc-delimiter--b6599e9b branch from 258428f to 9a6412d Compare May 27, 2026 10:04
@jd jd temporarily deployed to func-tests-live May 27, 2026 10:04 — with GitHub Actions Inactive
@mergify mergify Bot had a problem deploying to Mergify Merge Protections May 27, 2026 10:06 Failure
@jd jd force-pushed the devs/jd/worktree-rust-port/swap-uuid-getrandom-gha-heredoc-delimiter--b6599e9b branch from 9a6412d to e95b052 Compare May 28, 2026 07:44
@jd jd force-pushed the devs/jd/worktree-rust-port/drop-indexmap-group-scope-returns-vec-k-v--7085cf29 branch from 17f749f to 52a696d Compare May 28, 2026 07:44
@jd jd temporarily deployed to func-tests-live May 28, 2026 07:44 — with GitHub Actions Inactive
@jd jd temporarily deployed to func-tests-live May 28, 2026 07:44 — with GitHub Actions Inactive
@mergify mergify Bot had a problem deploying to Mergify Merge Protections May 28, 2026 07:45 Failure
JulianMaurin
JulianMaurin previously approved these changes May 28, 2026
View reviewed changes
@mergify mergify Bot requested a review from a team May 28, 2026 09:26
@jd jd force-pushed the devs/jd/worktree-rust-port/swap-uuid-getrandom-gha-heredoc-delimiter--b6599e9b branch from e95b052 to aa78c91 Compare May 28, 2026 09:45
@jd jd temporarily deployed to func-tests-live May 28, 2026 09:45 — with GitHub Actions Inactive
@jd jd temporarily deployed to func-tests-live May 28, 2026 09:45 — with GitHub Actions Inactive
@mergify mergify Bot dismissed JulianMaurin’s stale review May 28, 2026 09:45

Pull request has been modified.

@mergify mergify Bot had a problem deploying to Mergify Merge Protections May 28, 2026 09:45 Failure
JulianMaurin
JulianMaurin previously approved these changes May 29, 2026
View reviewed changes
@mergify mergify Bot requested a review from a team May 29, 2026 05:35
Base automatically changed from devs/jd/worktree-rust-port/drop-indexmap-group-scope-returns-vec-k-v--7085cf29 to main May 29, 2026 05:52
@jd @claude
refactor(ci): swap uuid for getrandom in the GHA heredoc delimiter
48e0093 
`ci queue-info::write_github_output` formatted a unique
`ghadelimiter_<uuid-v4>` to guard against a metadata payload that
happens to contain its own heredoc delimiter. The actual contract
is "32 unpredictable hex chars", not "a UUID per RFC 4122" — the
delimiter is never parsed by anyone, only matched as a string.

Pull 16 random bytes straight from `getrandom::fill` and hex-encode
them. Drops `uuid` from the direct deps (it stays unreferenced and
disappears from `Cargo.lock`), with `getrandom` taking its place —
which `uuid` was already pulling in transitively, so the net add
is zero new code shipped to the binary.

The local helper is six lines. Same blast radius for a
maintainer-attack story, smaller surface to read.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Change-Id: Ib6599e9b6fca49281186b726a63e4641fa32596e
@jd jd force-pushed the devs/jd/worktree-rust-port/swap-uuid-getrandom-gha-heredoc-delimiter--b6599e9b branch from aa78c91 to 48e0093 Compare May 29, 2026 06:35
@jd jd temporarily deployed to func-tests-live May 29, 2026 06:35 — with GitHub Actions Inactive
@mergify mergify Bot dismissed JulianMaurin’s stale review May 29, 2026 06:35

Pull request has been modified.

@mergify mergify Bot deployed to Mergify Merge Protections May 29, 2026 06:35 Active
@mergify mergify Bot requested a review from a team May 29, 2026 06:51
@mergify
Copy link
Copy Markdown
Contributor

mergify Bot commented May 29, 2026
edited
Loading

Merge Queue Status

  • Entered queue2026-05-29 07:06 UTC · Rule: default
  • Checks skipped · PR is already up-to-date
  • Merged2026-05-29 07:06 UTC · at 48e00934560e94f42d5ace84a30de0d2b1dcfb47 · squash

This pull request spent 18 seconds in the queue, including 3 seconds running CI.

Required conditions to merge

@mergify mergify Bot added the queued label May 29, 2026
@mergify mergify Bot merged commit e387cbb into main May 29, 2026
19 checks passed
@mergify mergify Bot mentioned this pull request May 29, 2026
Closed
38 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kozlek kozlek kozlek approved these changes

@JulianMaurin JulianMaurin JulianMaurin approved these changes

@sileht sileht sileht left review comments

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jd @sileht @kozlek @JulianMaurin