github · pelikhan · May 24, 2026 · May 24, 2026 · github-actions · May 24, 2026
diff --git a/pkg/cli/update_actions.go b/pkg/cli/update_actions.go
@@ -660,17 +660,6 @@ func updateActionsInWorkflowFiles(ctx context.Context, deps actionUpdateDeps, wo
 	return nil
 }
 
-// updateActionRefsInContent replaces outdated "uses: org/repo@version" references
-// in content with the latest major version and SHA. Returns (changed, newContent, error).
-// cache is keyed by "repo@currentVersion" and avoids redundant API calls across lines/files.
-// coolDownCache is keyed by "repo@tag" and avoids redundant cooldown date API calls.
-// When allowMajor is true (the default), all matched actions are updated to the latest
-// major version. When allowMajor is false (--disable-release-bump), non-core (non
-// actions/*) action refs are skipped; core actions are always updated.
-func updateActionRefsInContent(ctx context.Context, content string, cache map[string]latestReleaseResult, coolDownCache map[string]coolDownCheckResult, allowMajor, verbose bool, coolDown time.Duration) (bool, string, error) {
-	return updateActionRefsInContentWithDeps(ctx, defaultActionUpdateDeps(), content, cache, coolDownCache, allowMajor, verbose, coolDown)
-}
-
 func updateActionRefsInContentWithDeps(ctx context.Context, deps actionUpdateDeps, content string, cache map[string]latestReleaseResult, coolDownCache map[string]coolDownCheckResult, allowMajor, verbose bool, coolDown time.Duration) (bool, string, error) {
 	changed := false
 	lines := strings.Split(content, "\n")

diff --git a/pkg/cli/update_actions_test.go b/pkg/cli/update_actions_test.go
@@ -353,43 +353,6 @@ func TestIsCoreAction(t *testing.T) {
 	}
 }
 
-func TestUpdateActionRefsInContent_NonCoreActionsUnchanged(t *testing.T) {
-	// When allowMajor=false (--disable-release-bump), non-actions/* org references
-	// should not be modified because they are not core actions.
-	input := `steps:
-  - uses: docker/login-action@v3
-  - uses: github/codeql-action/upload-sarif@v3
-  - run: echo hello`
-
-	cache := make(map[string]latestReleaseResult)
-	changed, newContent, err := updateActionRefsInContent(context.Background(), input, cache, make(map[string]coolDownCheckResult), false, false, 0)
-	if err != nil {
-		t.Fatalf("updateActionRefsInContent() error = %v", err)
-	}
-	if changed {
-		t.Errorf("updateActionRefsInContent() changed = true, want false for non-actions/* refs with allowMajor=false")
-	}
-	if newContent != input {
-		t.Errorf("updateActionRefsInContent() modified content for non-actions/* refs\nGot: %s\nWant: %s", newContent, input)
-	}
-}
-
-func TestUpdateActionRefsInContent_NoActionRefs(t *testing.T) {
-	input := `description: Test workflow
-steps:
-  - run: echo hello
-  - run: echo world`
-
-	cache := make(map[string]latestReleaseResult)
-	changed, _, err := updateActionRefsInContent(context.Background(), input, cache, make(map[string]coolDownCheckResult), true, false, 0)
-	if err != nil {
-		t.Fatalf("updateActionRefsInContent() error = %v", err)
-	}
-	if changed {
-		t.Errorf("updateActionRefsInContent() changed = true, want false for content with no action refs")
-	}
-}
-
 func TestUpdateActionRefsInContent_VersionTagReplacement(t *testing.T) {
 	// Stub latest release lookup so the test doesn't hit the network.
 	deps := newActionUpdateDepsWithLatestRelease(func(_ context.Context, repo, currentVersion string, allowMajor, verbose bool) (string, string, error) {

diff --git a/pkg/workflow/call_workflow_validation.go b/pkg/workflow/call_workflow_validation.go
@@ -191,12 +191,6 @@ func extractMDWorkflowCallInputs(mdPath string) (map[string]any, error) {
 	return extractInputsFromMarkdown(mdPath, "workflow_call")
 }
 
-// extractWorkflowCallInputsFromParsed extracts workflow_call inputs from an already-parsed
-// workflow map (used for both .lock.yml and .yml files).
-func extractWorkflowCallInputsFromParsed(workflow map[string]any) map[string]any {
-	return extractInputsFromParsedWorkflow(workflow, "workflow_call")
-}
-
 // mdHasWorkflowCall reads a .md workflow file's frontmatter and reports whether
 // the workflow includes a workflow_call trigger in its 'on:' section.
 func mdHasWorkflowCall(mdPath string) (bool, error) {

diff --git a/pkg/workflow/engine_helpers.go b/pkg/workflow/engine_helpers.go
@@ -16,9 +16,6 @@
 //
 // # Key Functions
 //
-// Base Installation:
-//   - GetBaseInstallationSteps() - Generate base installation steps for an engine
-//
 // Secret Validation:
 //   - GenerateMultiSecretValidationStep() - Validate at least one of multiple secrets
 //   - BuildDefaultSecretValidationStep() - Build secret validation step for an engine
@@ -89,42 +86,6 @@ func engineEnvHasKey(workflowData *WorkflowData, key string) bool {
 	return ok
 }
 
-// GetBaseInstallationSteps returns the common installation steps for an engine.
-// This includes npm package installation steps shared across all engines.
-// Secret validation is now handled in the activation job via GetSecretValidationStep.
-//
-// Parameters:
-//   - config: Engine-specific configuration for installation
-//   - workflowData: The workflow data containing engine configuration
-//
-// Returns:
-//   - []GitHubActionStep: The base installation steps (npm install)
-func GetBaseInstallationSteps(config EngineInstallConfig, workflowData *WorkflowData) []GitHubActionStep {
-	engineHelpersLog.Printf("Generating base installation steps for %s engine: workflow=%s", config.Name, workflowData.Name)
-
-	var steps []GitHubActionStep
-
-	// Secret validation step is now generated in the activation job (GetSecretValidationStep).
-
-	// Determine step name - use InstallStepName if provided, otherwise default to "Install <Name>"
-	stepName := config.InstallStepName
-	if stepName == "" {
-		stepName = "Install " + config.Name
-	}
-
-	// Add npm package installation steps
-	npmSteps := BuildStandardNpmEngineInstallSteps(
-		config.NpmPackage,
-		config.Version,
-		stepName,
-		config.CliName,
-		workflowData,
-	)
-	steps = append(steps, npmSteps...)
-
-	return steps
-}
-
 // GenerateMultiSecretValidationStep creates a GitHub Actions step that validates at least one
 // of multiple secrets is available.
 // secretNames: slice of secret names to validate (e.g., []string{"CODEX_API_KEY", "OPENAI_API_KEY"})

diff --git a/pkg/workflow/safe_outputs_call_workflow_test.go b/pkg/workflow/safe_outputs_call_workflow_test.go
@@ -465,27 +465,6 @@ jobs:
 
 // TestExtractWorkflowCallInputsFromParsed tests the parsing of workflow_call inputs
 // from an already-parsed workflow map
-func TestExtractWorkflowCallInputsFromParsed(t *testing.T) {
-	workflow := map[string]any{
-		"on": map[string]any{
-			"workflow_call": map[string]any{
-				"inputs": map[string]any{
-					"payload": map[string]any{
-						"type":     "string",
-						"required": false,
-					},
-				},
-			},
-		},
-	}
-
-	inputs := extractWorkflowCallInputsFromParsed(workflow)
-	assert.Contains(t, inputs, "payload", "Should extract payload input")
-
-	payloadInput, ok := inputs["payload"].(map[string]any)
-	require.True(t, ok, "payload input should be a map")
-	assert.Equal(t, "string", payloadInput["type"], "payload should be string type")
-}
 
 // TestCallWorkflowConfig_WithGeneratedYAML tests that the compiled YAML for a gateway workflow
 // includes the expected call-workflow fan-out jobs structure