Skip to content

ci: fix three workflow infrastructure bugs (upload-artifact SHA, setup-beam ubuntu24, workflow-linter self-match)#3

Merged
hyperpolymath merged 3 commits into
mainfrom
chore/fix-upload-artifact-sha
May 2, 2026
Merged

ci: fix three workflow infrastructure bugs (upload-artifact SHA, setup-beam ubuntu24, workflow-linter self-match)#3
hyperpolymath merged 3 commits into
mainfrom
chore/fix-upload-artifact-sha

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented May 1, 2026
edited
Loading

Summary

Three independent CI infra fixes, each blocking PR #2 (and any other PR that triggers these workflows).

1. hypatia-scan.yml — bad upload-artifact SHA

actions/upload-artifact@65c79d7f54e76e4e3c7a8f34db0f4ac8b515c478 doesn't resolve to a real ref; every Hypatia run errors with Unable to resolve action ... unable to find version. Repinned to v4.6.2 (ea165f8d65b6e75b540449e92b4886f43607fa02), the current latest v4 series matching the original # v4 intent.

2. hypatia-scan.yml — setup-beam doesn't know ubuntu24

erlef/setup-beam@v1.18.2 predates ubuntu-24.04 and bails with Tried to map a target OS from env. variable 'ImageOS' (got ubuntu24), but failed. Bumped to v1.24.0 (8d44588995e53ce789721e96227122a67826542d); v1.24's README lists ubuntu-24.04 as supported.

3. workflow-linter.yml — SHA-pinned-actions check matches its own comment

The check ran grep -rn "uses:" .github/workflows/ against everything, then expected a 40-char hex pin. Its own explanatory comment # Find any uses: lines that don't have @SHA format survives the filter — there's no SHA — and the check fails on itself. Anchored the regex on leading-whitespace + directive form (^[[:space:]]+uses:[[:space:]]); comments and freeform text no longer match.

Test plan

  • Hypatia Self-Scan reaches the actual scan step on this branch (no Setup Elixir error)
  • Workflow Security Linter passes on this branch
  • Upload-artifact step reachable (i.e., scan completes)
  • After merge, PR feat(stdlib): add fs_*/env_args/format builtins + my-cli argv forwarding #2's workflows resolve cleanly (the antipattern-check vscode-extension/src/extension.ts flag is a separate decision — out of scope for this PR)

🤖 Generated with Claude Code

@hyperpolymath
ci(hypatia): fix unresolvable upload-artifact SHA pin
b6ea5cb 
The pinned SHA 65c79d7f54e76e4e3c7a8f34db0f4ac8b515c478 doesn't exist
in actions/upload-artifact, so the runner errors with "Unable to
resolve action ... unable to find version" and Hypatia scans never
start.

Pinned to v4.6.2 (ea165f8d65b6e75b540449e92b4886f43607fa02), which
is the latest v4 series matching the original `# v4` comment.
@hyperpolymath
ci: bump setup-beam to v1.24.0; tighten workflow-linter uses: regex
9258c2f 
Two more CI infra fixes uncovered while sorting PR #2:

* hypatia-scan.yml: setup-beam@v1.18.2 doesn't recognise ImageOS
  ubuntu24, so every Hypatia run aborts with "Tried to map a target
  OS from env. variable 'ImageOS' (got ubuntu24), but failed."
  Bumped to v1.24.0 (8d44588995...), which lists ubuntu-24.04
  support in its README.

* workflow-linter.yml: the SHA-pinned-actions check ran
  `grep -rn "uses:" .github/workflows/`, which matches the linter's
  own explanatory comment `# Find any uses: lines that don't have
  @sha format`. The comment is then flagged as unpinned and the
  check fails on itself. Anchor the regex on leading-whitespace +
  the directive form `^[[:space:]]+uses:[[:space:]]` so comments
  no longer match.
@hyperpolymath hyperpolymath changed the title ci(hypatia): fix unresolvable upload-artifact SHA pin ci: fix three workflow infrastructure bugs (upload-artifact SHA, setup-beam ubuntu24, workflow-linter self-match) May 1, 2026
@hyperpolymath
ci(hypatia): cd into $HOME/hypatia in shell instead of via working-di…
f386823 
…rectory

\${{ env.HOME }} resolves the workflow's `env:` block, not the runner's
$HOME, so the previous `working-directory: \${{ env.HOME }}/hypatia`
expanded to /hypatia and the build step failed with
"working directory '/hypatia'. No such file or directory".

Use a shell `cd "$HOME/hypatia"` instead, matching how the Clone and
Run steps already address the path.
@hyperpolymath hyperpolymath merged commit f340f7b into main May 2, 2026
16 of 18 checks passed
@hyperpolymath hyperpolymath deleted the chore/fix-upload-artifact-sha branch May 4, 2026 22:18
@hyperpolymath hyperpolymath mentioned this pull request May 19, 2026
Merged
hyperpolymath added a commit that referenced this pull request May 19, 2026
@hyperpolymath @claude
fix(licence): clear scaffold-placeholder leak (isolated; dirty repo) (#…
f9d1808 
…64)

#3 isolated commit. ONLY placeholder SPDX lines staged; repo's other
uncommitted WIP deliberately left untouched/unstaged. PLMP/PMLP +
doubled = scaffold artifacts (LICENCE-POLICY.adoc A5), NOT relicensing.
Diff-shape asserted (SPDX-only). Refs standards LICENCE-POLICY.adoc A5.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hyperpolymath