Conversation
Contributor
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
3 tasks
kinyoklion
approved these changes
Apr 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Requirements
N/A — CI-only change, no application code or tests modified.
Related issues
Follow-up to #19 (merged). Fixes a boolean/string type mismatch in the
dry_runcondition for the attestation step.Describe the solution you've provided
Replaces
!inputs.dry_runwithformat('{0}', inputs.dry_run) == 'false'on the attestation step condition.GitHub Actions handles
dry_rundifferently depending on trigger type:workflow_dispatchwithtype: booleanpasses inputs as strings ('true'/'false')workflow_callwithtype: booleanpasses inputs as actual booleans (true/false)The old
!inputs.dry_runpattern breaks forworkflow_dispatchbecause!'false'→!truthy→false, so the attestation step would never run on manual triggers.format('{0}', ...)uses GitHub's documented string coercion (Booleanfalse→'false', String'false'→'false'), normalizing both types before comparison.Describe alternatives you've considered
inputs.dry_run == false— only works forworkflow_call(boolean); broken forworkflow_dispatchdue to GitHub's loose equality coercing string'false'toNaN.inputs.dry_run == 'false'— only works forworkflow_dispatch(string); broken forworkflow_calldue to booleanfalsecoercing to0vs string'false'coercing toNaN.fromJSON(inputs.dry_run) == false— likely works but GitHub docs don't explicitly guaranteefromJSON()is a no-op on already-parsed booleans.Additional context
Key review points:
format('{0}', inputs.dry_run)correctly normalizes both boolean and string inputs per the GitHub expressions docs..github/actions/publish/action.yml) usesinputs.dry_run == 'false'internally — this is correct because composite action inputs are always received as strings regardless of caller type. Only workflow-level conditions need theformat()pattern.This is part of an org-wide fix applied across all 15 attestation-only repos.
Link to Devin session: https://app.devin.ai/sessions/7d5bda4d9dbe4ae0b950b30a50485e60
Requested by: @keelerm84
Note
Low Risk
Low risk CI-only change that adjusts a GitHub Actions
if:expression; main risk is inadvertently skipping or always running the attestation step on manual publishes.Overview
Updates
manual-publish.ymlso the build provenance attestation step runs only whendry_runis effectively false by coercing the input viaformat('{0}', inputs.dry_run) == 'false', avoiding string/boolean mismatches fromworkflow_dispatchinputs.Written by Cursor Bugbot for commit 8463946. This will update automatically on new commits. Configure here.