fix(ci): silence two flavors of ghost-failure noise on PR pushes#117
Merged
Conversation
`anthropics/claude-code-action` runs a self-validation step that fails when its own workflow file (`.github/workflows/claude-review.yml`) or the prompt template (`.github/prompts/pr-review.md`) is in the PR's diff — the action parses them and breaks on configs that aren't the live runtime version. Every PR touching Claude's wiring (which is most recent activity — #105, #108, #109, #110, #111, #113, this PR's parent #115) has been logging a noisy red Claude check that resolves itself once the change merges. Add a self-modification gate in the trust-step before the action runs: if `gh pr view --json files` includes either path, set `skip=true` and exit 0. The check shows success, the action never runs, and the change still takes effect on the next PR's review once this is merged. Same skip mechanism we already use for untrusted committers; the orchestrator's bot-clean (now in housekeeping) doesn't care about Claude review's specific conclusion, just that it completed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Note Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported. |
#115 introduced `${{ replace(env.ADMINS, ',', ' ') }}` to convert the comma-separated ADMINS env var into the space-separated form the assign-and-request-review composite expects. Problem: GitHub Actions doesn't have a `replace()` expression function — the valid list is `contains`, `startsWith`, `endsWith`, `format`, `join`, `toJSON`, `fromJSON`, `hashFiles`, plus status checks. An unknown function in a `with:` expression fails workflow validation, which is why every branch push has been producing a ghost `.github/workflows/dependabot-automerge.yml push failure` run with no jobs and the file path (not the workflow's `name:`) as the display name — GitHub couldn't load the workflow definition cleanly for the push event. Replaced with a bash step that uses parameter expansion (`${ADMINS//,/ }`) to do the conversion, then the composite reads `env.ADMINS_SPACE`. Both steps gated on the major-bump path so they only run when actually needed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two related noise sources
Both produce red workflow runs on PR pushes that don't reflect actual problems and were flooding the inbox.
1.
claude-review.ymlfailing on PRs that edit Claude's own filesThe Anthropic action runs a self-validation step that fails when its own workflow file (
.github/workflows/claude-review.yml) or the prompt template (.github/prompts/pr-review.md) is in the PR's diff. Every PR touching Claude's wiring (#105, #108, #109, #110, #111, #113, the merge commit of #115) has logged a noisy red Claude check that resolves itself once the change merges.Fix: in
claude-review.yml's gate step, query the PR's changed files; if either path is in the diff, setskip=trueand exit 0. The check shows success, the action never runs, the change still takes effect on the next PR's review.2.
dependabot-automerge.yml push failureghost runs on every branch push#115 added
reviewers: ${{ replace(env.ADMINS, ',', ' ') }}to convert the comma-separatedADMINSenv var to the space-separated form the composite expects. Problem:replace()isn't a GitHub Actions expression function. The valid list iscontains,startsWith,endsWith,format,join,toJSON,fromJSON,hashFiles, plus status checks. An unknown function fails workflow validation, and GitHub records a failed run with the file path (not the workflow'sname:) as the display name and no jobs — every push to any branch since #115 merged.Fix: replace the bad expression with a real bash step that uses parameter expansion (
${ADMINS//,/ }) to writeADMINS_SPACEto$GITHUB_ENV. The composite'swith:then referencesenv.ADMINS_SPACE. Both steps gated onupdate-type == version-update:semver-majorso they only run when actually needed.Test plan
.github/workflows/dependabot-automerge.yml push failureruns.ADMINS_SPACE.🤖 Generated with Claude Code