Bundle worker runtime output release#139
Merged
Merged
Conversation
Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v8...v9) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v5...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.11 to 8.1.1. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@22a9089...5f6978f) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…rigin/dependabot/github_actions/dot-github/workflows/actions/github-script-9', 'origin/dependabot/github_actions/dot-github/workflows/actions/upload-artifact-7', 'origin/dependabot/github_actions/dot-github/workflows/peter-evans/create-pull-request-8.1.1' and 'origin/cleanup-worker-runtime-docs' into single-release-20260617 # Conflicts: # Dockerfile
There was a problem hiding this comment.
Pull request overview
Bundles multiple pending worker changes into a single merge to trigger one release workflow run, including the new “runtime output” artifact/log emission intended for workflow/deployment integrations.
Changes:
- Adds runtime output generation that emits resolved non-secret env values plus a
redactedname list, with optional structured log output (WORKER_OUTPUT_LOG). - Extends CI to build the PR SHA image, capture runtime output JSON, write it to the step summary, and upload it as an artifact.
- Updates Dockerfile pins/installer steps and bumps several GitHub Actions workflow dependencies.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
lib/runtime_output.sh |
Reworks runtime-output JSON to emit non-secret env values + a redacted list, and adds optional structured log emission. |
test/modules/25_runtime_output.sh |
Adds a test module validating runtime output redaction behavior and log-line formatting. |
src/configs/worker.yaml |
Introduces WORKER_OUTPUT_LOG default setting in built-in config. |
docs/config.md |
Documents WORKER_OUTPUT_FILE and the new WORKER_OUTPUT_LOG behavior and output fields. |
Dockerfile |
Updates package pins and hardens cleanup/timezone/yq installation steps. |
.github/workflows/docker-ops.yml |
Adds a “Runtime Output” job to capture/upload runtime output from a locally-built image. |
.github/workflows/docker-dependency-updater.yml |
Bumps actions/github-script and actions/upload-artifact versions and updates create-pull-request pin. |
.rabbit/context.yaml |
Updates generator timestamp metadata. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
fqjony
added
documentation
kavaribes
approved these changes
Jun 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bundles the open worker update PRs into one release branch so
latestgets a single coordinated release workflow run.Release Scope
actions/github-scriptv9actions/upload-artifactv7peter-evans/create-pull-requestv8.1.1WORKER_RUNTIME_OUTPUT=trueas the single public opt-in env for runtime contract outputIntegration Adjustments
nano=8.4-1ubuntu0.1vim=2:9.1.0967-1ubuntu6.6actions/upload-artifact@v7.docker run ... true > runtime-output/runtime.json,jq,docs/runtime-output.mdand leavedocs/config.mdfocused on worker config.Runtime Output Contract
WORKER_RUNTIME_OUTPUT=falseby defaultWORKER_RUNTIME_OUTPUT=trueemits the runtime contract JSONenv: resolved non-secret environment variablesredacted: env names omitted because they are configured as secrets or secret referencespaths: worker config, services config, and generated environment file pathsdocker run -e WORKER_RUNTIME_OUTPUT=true image > runtime-output/runtime.jsondocker run --rm -e WORKER_RUNTIME_OUTPUT=true image true > runtime-output/runtime.jsonValidation
bash -n lib/runtime_output.shbash -n test/modules/25_runtime_output.shyq eval . .github/workflows/docker-ops.ymlyq eval . .github/workflows/docker-dependency-updater.ymlgit diff --check origin/latest..HEADmake buildmake testjqReview Notes