Honor default GH host in PinContext hardcoded-pin fallback guard

[Copilot]

SkipHardcodedFallback only considered GH_HOST, so compile flows targeting GHE via SetDefaultGHHost could still silently fall back to bundled pins after dynamic resolution failures. This change makes host detection consistent with effective runtime host selection (setupGHCommand in github_cli.go) and preserves github.com behavior.

• Pin context host evaluation

  • Extended WorkflowData.PinContext() to set SkipHardcodedFallback when either:
    • GH_HOST is a non-github.qkg1.top host, or
    • GH_HOST is unset and getDefaultGHHost() is a non-github.qkg1.top host.
  • GH_HOST takes unconditional precedence over the programmatic default host, mirroring setupGHCommand's behavior.

• Wasm build compatibility

  • Added no-op stubs for getDefaultGHHost() and SetDefaultGHHost() to github_cli_wasm.go so compiler_types.go compiles under js/wasm targets.

• Coverage

  • Added GH_HOST=github.com + non-github.qkg1.top default host → fallback stays false (precedence regression test).
  • Added focused tests for SetDefaultGHHost scenarios with GH_HOST unset:
    • non-github.qkg1.top default host ⇒ fallback disabled
    • github.com default host ⇒ fallback unchanged
  • Kept existing GH_HOST-based assertions intact.

if ghHost := os.Getenv("GH_HOST"); ghHost != "" {
    if ghHost != "github.com" {
        pinCtx.SkipHardcodedFallback = true
    }
} else if defaultHost := getDefaultGHHost(); defaultHost != "" && defaultHost != "github.com" {
    pinCtx.SkipHardcodedFallback = true
}

[github-actions]

🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅

[github-actions]

✅ PR Code Quality Reviewer completed the code quality review.

[github-actions]

✅ Design Decision Gate 🏗️ completed the design decision gate check.

No ADR enforcement needed: PR #40028 does not have the 'implementation' label and has 33 new lines (≤100 threshold) in business logic directories.

[github-actions]

✅ Test Quality Sentinel completed test quality analysis.

[Copilot]

Pull request overview

Updates WorkflowData.PinContext() host detection so the hardcoded-pin fallback is disabled not only for GH_HOST-driven GHES/GHEC compilation, but also when a non-github.qkg1.top default host is set programmatically (e.g. via SetDefaultGHHost), aligning behavior with the effective host selection used by gh helpers.

Changes:

• Extend PinContext() to consider getDefaultGHHost() when determining SkipHardcodedFallback.
• Add unit tests covering SetDefaultGHHost behavior when GH_HOST is unset.
• Add test scaffolding to restore the original default host after the test.

Show a summary per file

File	Description
pkg/workflow/compiler_types.go	Adds default-host-based logic for disabling bundled hardcoded-pin fallback.
pkg/workflow/compiler_types_test.go	Adds focused tests for SkipHardcodedFallback behavior with SetDefaultGHHost and GH_HOST unset.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 2/2 changed files
• Comments generated: 3

[github-actions]

Test Quality Sentinel Report Score: 90/100 Excellent

🧪 Test quality analysis by Test Quality Sentinel · ◷

[github-actions]

✅ Test Quality Sentinel: 90/100. Test quality is excellent — 0% of new tests are implementation tests (threshold: 30%). Both new subtests verify observable behavioral contracts for the PinContext default-host fallback guard.

[github-actions]

REQUEST_CHANGES — one correctness bug + one test gap that hides it.

### Blocking issues

1. Priority inversion in PinContext() (high)

The two if blocks evaluate GH_HOST and getDefaultGHHost() independently. SetDefaultGHHost is documented as the fallback when GH_HOST is not set, but the new code can still set SkipHardcodedFallback=true even when GH_HOST=github.com is explicitly present. This is both a contract violation and a correctness bug — a user who sets GH_HOST=github.com to override an auto-detected GHE remote will have pin resolution silently fail.

The fix is to consult defaultGHHost only when GH_HOST is absent, matching setupGHCommand's identical precedence logic.

2. Missing conflict-scenario test (medium)

The GH_HOST=github.com subtest does not set defaultGHHost to a conflicting value, so the test suite passes green despite the bug above. A test covering GH_HOST=github.com + defaultGHHost=myorg.ghe.com → SkipHardcodedFallback=false is required; it will red-bar today and go green after the fix.

🔎 Code quality review by PR Code Quality Reviewer

Comments that could not be inline-anchored

pkg/workflow/compiler_types.go:649

Priority inversion: defaultGHHost is evaluated independently of GH_HOST, so an explicit GH_HOST=github.com cannot prevent SkipHardcodedFallback from being set when a non-github.qkg1.top default host is active.

<details>
<summary>💡 Details and suggested fix</summary>

SetDefaultGHHost is documented as "the default host used by gh CLI helper commands when GH_HOST is not set in the process environment", and setupGHCommand enforces this contract:

if os.Getenv("GH_HOST") …

</details>

<details><summary>pkg/workflow/compiler_types_test.go:30</summary>

**This test cannot catch the priority-inversion regression**: `defaultGHHost` is not set to a conflicting non-`github.com` value here, so the test passes even with the buggy independent-`if` logic.

&lt;details&gt;
&lt;summary&gt;💡 Required test case&lt;/summary&gt;

The critical path that needs to be covered is: `GH_HOST=github.com` **and** `defaultGHHost=myorg.ghe.com`. In that configuration the existing code sets `SkipHardcodedFallback=true` (wrong), while the corrected single-priority logic would leave it `…

</details>

[github-actions]

Skills-Based Review 🧠

Applied /diagnose and /tdd — one test-isolation suggestion and one pre-existing parallel code path to track.

📋 Key Themes & Highlights

Pre-existing parallel code path (/diagnose)

getCachedActionPinFromResolver in action_pins.go:121 constructs a PinContext{} directly and never sets SkipHardcodedFallback:

func getCachedActionPinFromResolver(repo string, resolver SHAResolver) string {
    ctx := &actionpins.PinContext{}  // SkipHardcodedFallback stays false
    ...
}

It is called from maintenance_workflow_yaml.go in ~20 places. GHE users on the maintenance-workflow generation path will still silently receive hardcoded-pin fallback — the same class of bug fixed here. The fix is out of scope for this PR, but worth a follow-up issue so the whole surface is covered consistently.

Test isolation gap (/tdd)

See inline comment on line 41. The SetDefaultGHHost("") pattern added to sub-test 3 should also appear in the sibling sub-test 2 for symmetry and order-independence.

Positive Highlights

• ✅ Fix is minimal and correct — OR-logic handles both env-var and programmatic host sources; once true, SkipHardcodedFallback is never reset to false
• ✅ Two new test cases neatly mirror the existing GH_HOST tests for the defaultGHHost path
• ✅ Top-level t.Cleanup is the right pattern for restoring shared global state across sub-tests
• ✅ Clear PR description identifying root cause and the specific gap being closed

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer

[github-actions]

[/tdd] The sibling sub-test "does not set SkipHardcodedFallback when GH_HOST is github.com" also asserts SkipHardcodedFallback = false but doesn't call SetDefaultGHHost(""). Now that sub-tests 4 and 5 mutate the shared defaultGHHost, sub-test 2 relies on execution order for isolation.

💡 Suggested fix for sub-test 2

t.Run("does not set SkipHardcodedFallback when GH_HOST is github.com", func(t *testing.T) {
	t.Setenv("GH_HOST", "github.com")
	SetDefaultGHHost("") // add this guard

	d := &WorkflowData{}
	ctx := d.PinContext()
	...
})

Without this, if a future sub-test is inserted before it that sets defaultGHHost to a GHE host, the assert.False assertion would spuriously fail.

[pelikhan]

@copilot run pr-finisher skill

[Copilot]

@copilot run pr-finisher skill

Done. Three issues from the review are now addressed (commit fix: GH_HOST precedence over default host, add wasm stubs, add precedence test):

1. Precedence bug — getDefaultGHHost() is now only consulted when GH_HOST is unset, mirroring setupGHCommand's logic in github_cli.go.
2. Wasm build bug — Added no-op stubs for getDefaultGHHost() and SetDefaultGHHost() to github_cli_wasm.go so compiler_types.go compiles under GOOS=js GOARCH=wasm.
3. Missing precedence test — Added GH_HOST=github.com wins over non-github.qkg1.top default host subtest (with t.Cleanup to restore global state) that would have caught the original bug.

Local fmt, lint, and test-unit all pass.

[pelikhan]

@copilot merge main and recompile

[Copilot]

@copilot merge main and recompile

Done. Merged main into the branch (resolved a conflict in github_cli_wasm.go by keeping both the ForceGHHostEnv stub from main and our SetDefaultGHHost/getDefaultGHHost stubs), then recompiled all 250 workflows — 0 errors.

done