ci: reuse ovmlayer action from oocana-rust

[leavesster]

Summary

• replace local ovmlayer action references with the shared action in oocana-rust
• delete the duplicated .github/actions/ovmlayer/action.yml from this repo
• keep ovmlayer action behavior unified across repos

Testing

• not run locally

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9225952e-0219-47a6-8d6c-44bfdd1b9266

📥 Commits

Reviewing files that changed from the base of the PR and between b9ca909 and 3e197c4.

📒 Files selected for processing (2)

• .github/workflows/layer.yml
• .github/workflows/oocana-node.yml

✅ Files skipped from review due to trivial changes (2)

• .github/workflows/layer.yml
• .github/workflows/oocana-node.yml

---

Summary by CodeRabbit

发布说明

• 杂项
  • 移除了本地封装的 CI 操作实现，工作流现改为引用外部已固定版本的操作。
  • 持续集成相关步骤保持输入与行为不变，切换来源以简化维护与更新。

Walkthrough

删除了仓库内的本地复合 GitHub Action 定义 .github/actions/ovmlayer/action.yml，并将两个工作流中的 ovmlayer 步骤改为引用外部仓库 oomol/oocana-rust 的已固定提交实现（切换 action 来源）。

Changes

Cohort / File(s)	Summary
本地 Action 删除 \.github/actions/ovmlayer/action.yml	完全移除本地复合 GitHub Action 文件（删除安装系统包、检测架构、下载/解压/安装 ovmlayer 二进制、rootfs 下载与运行时/开发 setup 的所有步骤）。
工作流 Action 引用更新 \.github/workflows/layer.yml, \.github/workflows/oocana-node.yml	将原先使用本地路径 ./.github/actions/ovmlayer 的步骤改为引用外部仓库实现 oomol/oocana-rust/.github/actions/ovmlayer 并固定到提交 6c365c646efde55d6c4636b5921e237020ea2838；传入的 with: 参数未改动。

Sequence Diagram(s)

(已跳过 — 更改为外部 action 引用与删除本地定义，不引入新的多组件控制流需视图化的顺序交互。)

代码审查工作量估计

🎯 2 (Simple) | ⏱️ ~10 分钟

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title follows the required format <type>(<scope>): <subject> with type 'ci' and subject 'reuse ovmlayer action from oocana-rust', clearly summarizing the main change of consolidating action references.
Description check	✅ Passed	The pull request description directly relates to the changeset, explaining the replacement of local action references with shared ones and deletion of duplicated files, which aligns with the actual code changes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR updates CI workflows to reuse the shared ovmlayer GitHub Action from oomol/oocana-rust instead of maintaining a duplicated local composite action, keeping behavior consistent across repositories.

Changes:

• Switch ovmlayer steps in workflows to use oomol/oocana-rust/.github/actions/ovmlayer.
• Remove the duplicated local composite action definition from this repository.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
.github/workflows/oocana-node.yml	Replaces local ovmlayer action usage with the shared action reference.
.github/workflows/layer.yml	Replaces local ovmlayer action usage with the shared action reference.
.github/actions/ovmlayer/action.yml	Deletes the local duplicated composite action implementation.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The workflow now references a remote action pinned to the moving main branch. This reduces reproducibility and increases supply-chain risk (the action behavior can change without changes in this repo). Pin the action to an immutable ref (a version tag/release or a full commit SHA) and update intentionally when you want to pull changes.

Suggested change

	- uses: oomol/oocana-rust/.github/actions/ovmlayer@main
	- uses: oomol/oocana-rust/.github/actions/ovmlayer@v1

[Copilot]

The workflow now references a remote action pinned to the moving main branch. This can cause CI to break unexpectedly and is a supply-chain risk. Prefer pinning to an immutable ref (tag/release or full commit SHA) so changes to the action are pulled in deliberately.

Suggested change

	- uses: oomol/oocana-rust/.github/actions/ovmlayer@main
	- uses: oomol/oocana-rust/.github/actions/ovmlayer@5d41402abc4b2a76b9719d911017c59200000000 # pin to immutable commit SHA

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/layer.yml:
- Line 57: The workflow currently pins the external Action using a mutable ref
"uses: oomol/oocana-rust/.github/actions/ovmlayer@main" which risks drift;
replace the "@main" ref with a specific commit SHA for the ovmlayer action
(e.g., obtain MAIN_SHA via `gh api repos/oomol/oocana-rust/branches/main --jq
'.commit.sha'` and update the uses entry to "@<that_SHA>") so the CI invocation
of ovmlayer is immutable and reproducible.

In @.github/workflows/oocana-node.yml:
- Line 35: The workflow is using a mutable action reference
oomol/oocana-rust/.github/actions/ovmlayer@main which makes CI non-reproducible
and less secure; replace the `@main` suffix with the specific commit SHA for that
action (use the exact full 40-char commit SHA) in the workflow entry and do the
same for the other invocation referenced in layer.yml (the ovmlayer action at
the other location) so both CI paths are pinned to immutable SHAs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4bc9235d-c7cf-4a8d-8b28-2bcaa53b0310

📥 Commits

Reviewing files that changed from the base of the PR and between d0bb0f3 and b9ca909.

📒 Files selected for processing (3)

• .github/actions/ovmlayer/action.yml
• .github/workflows/layer.yml
• .github/workflows/oocana-node.yml

💤 Files with no reviewable changes (1)

• .github/actions/ovmlayer/action.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, let's examine the workflow file and its content around line 35
cat -n .github/workflows/oocana-node.yml | head -40

Repository: oomol/oocana-node

Length of output: 1689

---

🏁 Script executed:

# Also search for other workflow files that might have similar issues
fd -e yml -e yaml .github/workflows/

Repository: oomol/oocana-node

Length of output: 438

---

🏁 Script executed:

# Search for other instances of `@main` in workflow files to understand the pattern
rg '@main' .github/workflows/ -n

Repository: oomol/oocana-node

Length of output: 252

---

避免在工作流中使用 @main 的可变引用：请固定到 commit SHA

Line 35 的 oomol/oocana-rust/.github/actions/ovmlayer@main 使用了可变引用，存在不可重现性和安全风险。请将其改为特定的 commit SHA，以确保 CI 流程的一致性和可复现性。同时，请检查 layer.yml 中的相同操作（line 57），确保两条 CI 链路都遵循相同的安全实践。

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/oocana-node.yml at line 35, The workflow is using a
mutable action reference oomol/oocana-rust/.github/actions/ovmlayer@main which
makes CI non-reproducible and less secure; replace the `@main` suffix with the
specific commit SHA for that action (use the exact full 40-char commit SHA) in
the workflow entry and do the same for the other invocation referenced in
layer.yml (the ovmlayer action at the other location) so both CI paths are
pinned to immutable SHAs.