a2ddedb744
- Created comprehensive LIMITATIONS.md documenting all v1 limitations with categories, resolution paths, and workarounds - Implemented 'gwt doctor' CLI command to check system and workflow compatibility - Updated README.md to reference LIMITATIONS.md - Updated USAGE.md with doctor command documentation and examples - Added example workflow demonstrating known limitations Co-authored-by: johndoe6345789 <224850594+johndoe6345789@users.noreply.github.com>
9.9 KiB
Known Limitations & Resolution Strategy (v1)
1. Scope
This document formally defines acknowledged limitations of GithubWorkflowTool v1, explains why they exist, and documents the intended resolution path for future versions.
The goal is transparency, predictability, and a clear upgrade trajectory rather than silent incompatibility.
2. Limitation Categories
Limitations are grouped by capability class and assigned a resolution tier:
- Deferred – intentionally excluded from v1, planned for v2+
- Constrained – partially supported with explicit restrictions
- External – blocked by legal, platform, or ecosystem constraints
- Configurable – disabled or limited by default but unlockable
3. Detailed Limitations
3.1 Incomplete GitHub Actions Feature Coverage
Status
- Type: Deferred
- Severity: Medium
- Impact: Some workflows may fail or require modification
Description
GithubWorkflowTool v1 implements a subset of GitHub Actions semantics. Unsupported or partially supported features include (non-exhaustive):
- Advanced expressions (
fromJSON,hashFiles, complex boolean chains) - Reusable workflows (
workflow_call) - Dynamic job generation outside
strategy.matrix - Job-level permissions and token scoping
- Environments with approval gates
- Concurrency groups
Rationale
GitHub Actions is not formally specified; it is an evolving behavior-driven platform. v1 prioritizes deterministic local execution over speculative compatibility.
Resolution Path
- v2: Expand expression engine coverage
- v2: Add reusable workflow resolution
- v3: Permissions & environment gates (read-only simulation)
User Guidance (v1)
- Prefer explicit
run:steps over deeply nested expressions - Avoid reusable workflows unless flattened
- Use matrix strategies only for static axes
3.2 Third-Party Actions Compatibility
Status
- Type: Constrained
- Severity: Medium–High
- Impact: Some marketplace actions may fail
Description
Some third-party actions assume:
- Preinstalled tools on GitHub-hosted runners
- Full Node.js runtime availability
- Docker-in-Docker capability
- Privileged filesystem or network access
v1 does not guarantee these assumptions unless explicitly provided by the selected runner backend.
Supported Action Types (v1)
- Local composite actions
- Docker-based actions
- Node-based actions only if:
- Container backend is used, or
- Required runtimes are present in the VM template
Resolution Path
- v2: Action capability probing (pre-flight validation)
- v2: Curated "known-good" action compatibility list
- v3: Optional toolchain auto-provisioning
User Guidance (v1)
- Prefer Docker-based actions
- Pin action versions explicitly
- Use container backend when testing marketplace actions
3.3 Service Containers Not Implemented
Status
- Type: Deferred
- Severity: High (for integration-heavy workflows)
- Impact: DB-backed or multi-service workflows will fail
Description
GitHub Actions services: (e.g., PostgreSQL, Redis) are not supported in v1.
There is no orchestration layer for:
- Service lifecycle management
- Network aliasing
- Health checks
- Port mapping into jobs
Rationale
Service containers introduce orchestration complexity comparable to a lightweight Kubernetes layer. This is intentionally excluded from v1 to keep execution semantics simple and debuggable.
Resolution Path
- v2: Container-backend-only service support
- v2.1: Declarative service lifecycle
- v3: QEMU backend service networking
User Guidance (v1)
Replace services with:
- External services (run manually, point workflows at fixed endpoints)
- Embedded test doubles
- Single-container workflows
- Manual database/service setup before workflow execution
Example Workaround:
Instead of:
jobs:
test:
services:
postgres:
image: postgres:14
Use:
# Run service manually
docker run -d -p 5432:5432 -e POSTGRES_PASSWORD=test postgres:14
# Then run workflow
gwt run /path/to/repo /path/to/workflow.yml --env DATABASE_URL=postgresql://localhost:5432
3.4 macOS Runner Images Unsupported
Status
- Type: External
- Severity: High (for Apple-specific projects)
- Impact: macOS workflows cannot be executed
Description
macOS GitHub-hosted runners are not supported in v1.
Reasons:
- Apple licensing restrictions
- Virtualization limitations outside Apple hardware
- Lack of redistributable macOS base images
Resolution Path
- v2: "macOS-host-like" profile (best-effort simulation on Linux)
- v3: Native macOS-host execution (host-only, no VM)
- No QEMU-based macOS support planned (licensing constraints)
User Guidance (v1)
- Use Linux runners for cross-platform builds where possible
- Split workflows:
- Linux CI locally (with GithubWorkflowTool)
- macOS CI only on GitHub
- For macOS-specific testing: use GitHub Actions cloud runners
3.5 Limited Network Access in Runners
Status
- Type: Configurable
- Severity: Medium
- Impact: Actions requiring external downloads may fail
Description
Network access inside runners may be:
- Restricted
- Rate-limited
- Disabled entirely (offline mode)
This applies especially to:
- QEMU backend
- Reproducibility-focused runs
- CI debugging scenarios
Rationale
Unrestricted network access:
- Breaks reproducibility
- Introduces nondeterministic failures
- Can leak secrets unintentionally
Resolution Path
- v1.1: Domain allowlist support
- v2: Network profiles per runner
- v2: Cached dependency mirrors
- v3: Deterministic fetch recording & replay
User Guidance (v1)
- Vendor dependencies where possible
- Use local mirrors or caches
- Enable network explicitly when required (container mode allows network by default)
- For offline testing, pre-download all dependencies
4. Limitation Visibility & UX Requirements
CLI Requirements
The gwt doctor command must report:
- Unsupported workflow features detected in a workflow file
- Action incompatibilities
- Missing toolchains (Docker, Podman, QEMU)
- Runner backend availability
- Clear warnings before execution, not after failure
Example Output:
$ gwt doctor /path/to/repo/.github/workflows/ci.yml
GithubWorkflowTool Diagnostics
==============================
Workflow: ci.yml
✓ Basic workflow structure valid
✓ Job dependencies resolvable
⚠ Warning: Uses reusable workflow (not supported in v1)
⚠ Warning: Service container 'postgres' detected (not supported in v1)
→ Workaround: Run PostgreSQL manually before workflow execution
✗ Error: Uses 'hashFiles' expression (not supported in v1)
→ Resolution: Simplify expression or upgrade to v2 (planned)
Backend Availability:
✓ Container backend: Docker detected (v24.0.0)
✓ QEMU backend: Available (v7.2.0)
Recommendation: 3 issues detected, 2 warnings, 1 error
Workflow may fail or require modifications to run successfully.
GUI Requirements
Visual badges on workflows/jobs:
- "✓ Fully Supported"
- "⚠ Partially Supported" (with details in hover/tooltip)
- "✗ Unsupported in v1" (with workaround in detail pane)
- "Requires Container Backend"
- "Requires QEMU Backend"
When hovering over a badge or clicking for details, explain:
- What limitation applies
- Why it exists
- Recommended workaround
- Expected version for full support
5. Versioning & Compatibility Policy
v1.x
- No breaking behavior changes
- Limitations remain explicit and documented
- New features may be added if backward compatible
- Unsupported features fail fast with clear error messages
v2.0
- Feature expansion allowed
- Backward compatibility preferred but not guaranteed
- Migration guide provided for breaking changes
- Unsupported features must fail fast, not silently degrade
Future Versions
- Incremental improvements to limitation resolution
- Regular compatibility matrix updates
- Community feedback integration
6. Acceptance Criteria (Limitations Spec)
This specification is satisfied when:
- ✅ All listed limitations are explicitly detected or documented at runtime
- ✅ Failures caused by limitations produce actionable diagnostics
- ✅ Users can predict before execution whether a workflow is likely to succeed
- ✅ Resolution paths are versioned and traceable
- ✅ Documentation is accessible and linked from main README
7. Compatibility Matrix (Preview)
A detailed compatibility matrix mapping common GitHub Actions to backend support will be provided in a future specification. Preview:
| Action | Container | QEMU | Status | Notes |
|---|---|---|---|---|
| actions/checkout@v3 | ✓ | ✓ | Full | Git must be available |
| actions/cache@v3 | ⚠ | ⚠ | Partial | Local cache only |
| actions/setup-node@v3 | ✓ | ✓ | Full | Node must be in image |
| docker/build-push-action@v4 | ✓ | ✗ | Container only | DinD required |
| Service containers | ✗ | ✗ | Not supported | v2 planned |
| Reusable workflows | ✗ | ✗ | Not supported | v2 planned |
Full matrix to be documented in COMPATIBILITY_MATRIX.md (future work).
8. Feedback and Contributions
Users encountering limitations not documented here should:
- Check for existing GitHub issues
- Report new limitations with:
- Workflow file (or minimal example)
- Error message
- Expected behavior
- Actual behavior
- Contribute workarounds to documentation
Summary
GithubWorkflowTool v1 is designed with intentional constraints to ensure:
- Predictable, deterministic execution
- Clear error messages and diagnostics
- Transparent limitations with documented workarounds
- Traceable resolution path for future versions
Users should consult this document and use the gwt doctor command before deploying workflows to understand compatibility and required modifications.
For questions or issues, please refer to the GitHub repository issue tracker.