Provide a reusable action for setting up qnx sdp usage#2
Merged
AlexanderLanin merged 38 commits intoMay 13, 2026
Merged
Conversation
- Log if qnx license file will be overwritten. - Only run with sudo if really required - Add qnx.com credential helper check
Use hyphens in input params instead of underscores.
MTomBosch
requested review from
AlexanderLanin,
MaximilianSoerenPollak,
PiotrKorkus,
dcalavrezo-qorix,
lurtz and
pawelrutkaq
as code owners
Member
|
We should convert this to JS/TS with a proper post step. |
MTomBosch
changed the title
MTomBosch
changed the title
There was a problem hiding this comment.
Pull request overview
Adds a new reusable JavaScript GitHub Action (setup-qnx-sdp) to standardize QNX SDP setup in CI, including license provisioning, optional license server configuration for Bazel, and qnx.com credential handling, plus a self-test workflow and pre-commit automation to rebuild bundled outputs.
Changes:
- Introduce
setup-qnx-sdpaction with main + post steps (license file creation/cleanup,.netrcsetup/cleanup, optional Bazel license server wiring). - Add action documentation, lint/build tooling, and commit bundled
dst/outputs (with a local pre-commit hook to regenerate them). - Add GitHub Actions workflow coverage to exercise key scenarios (basic, license-server, missing try-import warning).
Reviewed changes
Copilot reviewed 12 out of 16 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| setup-qnx-sdp/src/main.js | Implements main action logic: credential helper validation, license file writing, env exports, Bazel config, .netrc setup. |
| setup-qnx-sdp/src/post.js | Implements post-job cleanup: removes license directory and attempts to remove .netrc entry. |
| setup-qnx-sdp/src/common.js | Shared constants/utilities for .netrc location and entry matching. |
| setup-qnx-sdp/README.md | Documents action behavior, inputs, and expected side effects. |
| setup-qnx-sdp/action.yml | Declares action inputs and node24 main/post entrypoints. |
| setup-qnx-sdp/package.json | Defines Node dependencies and build/lint scripts for bundling with ncc. |
| setup-qnx-sdp/package-lock.json | Locks dependency tree for the action’s Node package. |
| setup-qnx-sdp/eslint.config.js | Adds ESLint configuration for the action sources. |
| setup-qnx-sdp/build.sh | Provides a rebuild script used by pre-commit to regenerate dst/ bundles. |
| .github/workflows/test-setup-qnx-sdp.yml | Adds CI coverage for the new action across multiple scenarios. |
| .github/workflows/_local_on_pr.yml | Wires the new action’s self-test workflow into PR validation. |
| .pre-commit-config.yaml | Adds exclusions for generated artifacts and a local hook to rebuild setup-qnx-sdp bundles. |
| README.md | Adds the new action to the repository action index and updates self-test wording. |
| .gitignore | Ignores node_modules in the repo. |
Files not reviewed (1)
- setup-qnx-sdp/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Member
AlexanderLanin
left a comment
AlexanderLanin
left a comment
There was a problem hiding this comment.
Thanks for this well-structured action! The code is clean, the README is thorough, and the test scenarios are a solid start. I have a few findings -- mostly around edge cases, test coverage, and one minor build script issue.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Signed-off-by: MTomBosch <marko.tomljenovic@etas.com>
AlexanderLanin
approved these changes
May 13, 2026
Member
AlexanderLanin
left a comment
AlexanderLanin
left a comment
There was a problem hiding this comment.
AI-assisted review (Claude):
Solid action. The code is well-structured, secrets are handled correctly, and the test coverage is comprehensive. All prior review findings have been addressed.
What's good:
- Clean main/post/common separation with proper
post-if: always()cleanup - Defensive input validation (empty paths, shallow absolute paths)
- Correct secret masking and restrictive file permissions (0o600)
- Smart sudo logic — tries without first, falls back only for paths outside
$HOME - 7 test scenarios covering happy path, edge cases, error paths, and cleanup verification
- The
verify-cleanupinternal action exploiting reverse post-step ordering is a clever pattern
Minor observations (non-blocking):
- The pre-commit
filesregex^setup-qnx-sdp/src/.*\.js|setup-qnx-sdp/package\.json$has an unanchored second alternative due to|precedence. Works in practice but^setup-qnx-sdp/(src/.*\.js|package\.json)$would be more precise. - No pre-commit build hook for
verify-cleanup— acceptable since it's internal and changes rarely. NETRC_ENTRY_REGEXmatches anymachine qnx.comblock, not just the one this action wrote. On self-hosted runners with pre-existing qnx.com entries this would be destructive. Fine for ephemeral runners.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new reusable GitHub Action,
setup-qnx-sdp, to simplify and standardize the setup of the QNX Software Development Platform (SDP) in CI workflows. The action manages QNX license files, configures license server access, checks availability of qnx.com portal related credential helper, and ensures secure access to qnx.com.This was tested by putting it into the qnx-build-yml resuable workflow (eclipse-score/cicd-workflows#107) and then running it on a company internal repository.