chore(governance): remove non-functional .hypatia-baseline.json trigger#449
Merged
Merged
Conversation
The 'Validate Hypatia Baseline' job in governance-reusable.yml never actually reads this file's content to filter findings -- it fails on ANY raw hypatia-scan finding, full stop. The file's presence only flips the job's has_baseline trigger on, so keeping an empty/inert baseline here just forces a permanently-failing gate with no diagnostic value. Removing it unblocks PRs (incl. #448) until the underlying gate is fixed properly -- see the tracking issue for the estate-wide version of this bug (affects 15 repos with a populated .hypatia-baseline.json whose content is silently never consulted).
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



The
validate-hypatia-baselinejob ingovernance-reusable.ymlnever reads.hypatia-baseline.json's content — it just fails on any rawhypatia scanfinding with severity >= medium, full stop. The file's only functional effect is to flip the job'shas_baselinetrigger on via[ -f .hypatia-baseline.json ]. Ours was empty ([]) so it was providing zero exemption value while permanently failingmain(confirmed: last 5+ Governance runs on main, back to 2026-06-27, all failed here) and blocking PR #448.Removing it unblocks PRs here now. This is a narrow, standards-repo-scoped fix — it does not touch
governance-reusable.ymlitself, which is shared estate-wide and has the same bug for every repo that carries a real (non-empty).hypatia-baseline.json. Tracking issue for the proper estate-wide fix: (linking after filing).Left un-armed for auto-merge for a quick look, since it touches a security-scan gate even though it's currently non-functional.