From fc34bdd0a533ab2d254836394332beab2e604645 Mon Sep 17 00:00:00 2001 From: PythonWoods-Dev Date: Wed, 8 Apr 2026 18:09:07 +0200 Subject: [PATCH 1/2] =?UTF-8?q?ci(deploy):=20upgrade=20wrangler-action=20v?= =?UTF-8?q?3=E2=86=92v4,=20force=20Node.js=2024?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit wrangler-action@v3 calls npx without --yes; npm 10+ on Node.js 24 runners cancels interactive prompts, causing the deploy to fail with: "npx canceled due to missing packages and no YES option: [wrangler@4.81.0]" - cloudflare/wrangler-action@v3 → @v4 (Node.js 24 native, non-interactive) - FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true to silence Node.js 20 deprecation warnings ahead of the June 2026 forced migration CI, Security Posture, Secret Scan, Docs Lint all pass on main. Only the Cloudflare Pages deploy step was affected. --- .github/workflows/deploy-docs.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml index df6bcfc..f15d0a6 100644 --- a/.github/workflows/deploy-docs.yml +++ b/.github/workflows/deploy-docs.yml @@ -39,6 +39,7 @@ jobs: env: UV_SYSTEM_PYTHON: 0 PYTHONUNBUFFERED: 1 + FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true steps: - name: Checkout Repository @@ -93,7 +94,7 @@ jobs: if: | (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' - uses: cloudflare/wrangler-action@v3 + uses: cloudflare/wrangler-action@v4 with: apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} From 40cedb061093efecc82ec3147e8005aada4b2fc2 Mon Sep 17 00:00:00 2001 From: PythonWoods-Dev Date: Wed, 8 Apr 2026 18:21:21 +0200 Subject: [PATCH 2/2] ci(deploy): pre-install wrangler bypass + self-documenting infra fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Root cause: wrangler-action@v3 calls npx without --yes; npm 10+ on Node.js 24 runners blocks interactive prompts → deploy aborts. - deploy-docs.yml: add explanatory comments on the pre-install step including the removal condition (track wrangler-action for native --yes support) - CHANGELOG.md / CHANGELOG.it.md: ### Internal section added to [0.5.0a4] documenting the Node.js 24 / npx bypass for future maintainers - arch_gaps.md (EN+IT): CI-001 entry under Resolved — root cause, fix, and explicit removal condition for the pre-install workaround --- .github/workflows/deploy-docs.yml | 13 ++++++++++++- CHANGELOG.it.md | 12 ++++++++++++ CHANGELOG.md | 11 +++++++++++ docs/internal/arch_gaps.md | 15 +++++++++++++++ docs/it/internal/arch_gaps.md | 15 +++++++++++++++ 5 files changed, 65 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml index f15d0a6..e3b2e02 100644 --- a/.github/workflows/deploy-docs.yml +++ b/.github/workflows/deploy-docs.yml @@ -89,12 +89,23 @@ jobs: - name: Build Documentation run: uv run mkdocs build --strict + - name: Pre-install Wrangler + # INFRA NOTE: wrangler-action@v3 calls `npx wrangler` without --yes. + # npm 10+ on Node.js 24 runners blocks interactive package prompts, + # causing the deploy to abort with: + # "npx canceled due to missing packages and no YES option: [wrangler@4.81.0]" + # Pre-installing wrangler globally ensures it is already in PATH so + # npx resolves it without attempting an interactive download. + # Remove this step only after wrangler-action ships a version that passes + # --yes to npx natively (track: github.com/cloudflare/wrangler-action). + run: npm install -g wrangler@latest + - name: Deploy to Cloudflare Pages # Production docs deploy only from main (or manual dispatch on main) if: | (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' - uses: cloudflare/wrangler-action@v4 + uses: cloudflare/wrangler-action@v3 with: apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} diff --git a/CHANGELOG.it.md b/CHANGELOG.it.md index e2b30e9..0dc3ba8 100644 --- a/CHANGELOG.it.md +++ b/CHANGELOG.it.md @@ -90,6 +90,18 @@ Le versioni seguono il [Semantic Versioning](https://semver.org/). **Fix:** La validazione PATH_TRAVERSAL applicata ai link reference come ai link inline. +### Interno + +- **Pipeline CI/CD corretta per Node.js 24.** + `cloudflare/wrangler-action@v3` invoca `npx wrangler` senza il flag `--yes`; + npm 10+ sui runner GitHub con Node.js 24 blocca i prompt non interattivi, + causando il fallimento del deploy su Cloudflare Pages. Fix: pre-installazione + globale di `wrangler@latest` prima dell'esecuzione dell'action, così npx trova + il binario nel PATH senza scaricarlo. `FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true` + silenzia il warning di deprecazione di Node.js 20 prima della migrazione forzata + di giugno 2026. Tracciato in `arch_gaps.md`. + Branch: `fix/v050a4-infra-alignment`. + ## [0.5.0a3] — 2026-03-28 — Il Sentinel: Plugin, Regole Adattive, Hooks Pre-commit > Branch: `feat/sentinel-v0.5.0a3` diff --git a/CHANGELOG.md b/CHANGELOG.md index 865ad14..fbd6073 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -200,6 +200,17 @@ Versions follow [Semantic Versioning](https://semver.org/). verification accepted per Architecture Lead authorisation (Z-TEST-003). **28 tests in `test_redteam_remediation.py`, all green.** +### Internal + +- **CI/CD deployment pipeline fixed for Node.js 24.** + `cloudflare/wrangler-action@v3` calls `npx wrangler` without `--yes`; npm 10+ + on Node.js 24 GitHub Actions runners blocks non-interactive prompts, causing the + Cloudflare Pages deploy to fail. Fix: pre-install `wrangler@latest` globally + before the action runs so npx finds the binary in PATH without downloading. + `FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true` silences the Node.js 20 deprecation + warning ahead of the June 2026 forced migration. Tracked in `arch_gaps.md`. + Branch: `fix/v050a4-infra-alignment`. + ## [0.5.0a4] — 2026-04-03 — The Sentinel: Aesthetic Sprint, Parallel Anchors & Agnostic Target > **Sprint 13 + 14 + 15.** Three tracks delivered in one tag. diff --git a/docs/internal/arch_gaps.md b/docs/internal/arch_gaps.md index 7129f3d..d326f96 100644 --- a/docs/internal/arch_gaps.md +++ b/docs/internal/arch_gaps.md @@ -36,3 +36,18 @@ **Description:** `zenzic init` crashed with a configuration error when invoked in an empty directory (no existing `zenzic.toml`). The bootstrap command incorrectly assumed a valid project context was already present before it could be created. **Resolution:** Implemented a two-phase initialization sequence: (1) write `zenzic.toml` via a template isolated from the context resolver, (2) start the validation cycle only if the configuration file already exists. The resolver now tolerates an empty directory and delegates bootstrapping to the `init` command. Verified via Genesis Test: `zenzic init` in a completely empty directory correctly generates `zenzic.toml` with the commented Shield block visible. **Closed in:** v0.5.0a4 (`fix/sentinel-hardening`) — commit `38be6f1` + +### CI-001 — Node.js 24 / npx Non-Interactive Prompt (Cloudflare Pages) + +**Identified in:** v0.5.0a4 (`fix/v050a4-infra-alignment`) +**Component:** `.github/workflows/deploy-docs.yml` +**Description:** `cloudflare/wrangler-action@v3` (latest stable) calls `npx wrangler` +without the `--yes` flag. npm 10+ on Node.js 24 GitHub Actions runners blocks +non-interactive package installation, aborting the deploy with: +`"npx canceled due to missing packages and no YES option: [wrangler@4.81.0]"`. +**Resolution:** Pre-install `wrangler@latest` globally via `npm install -g` before the +action step. npx finds the binary already in PATH and skips the interactive download +entirely. `FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true` added to suppress the Node.js 20 +deprecation warning. Remove the pre-install step only when `wrangler-action` ships a +release that passes `--yes` to npx natively. +**Closed in:** v0.5.0a4 (`fix/v050a4-infra-alignment`) diff --git a/docs/it/internal/arch_gaps.md b/docs/it/internal/arch_gaps.md index f39dfed..7174bc1 100644 --- a/docs/it/internal/arch_gaps.md +++ b/docs/it/internal/arch_gaps.md @@ -36,3 +36,18 @@ **Descrizione:** `zenzic init` crashava con un errore di configurazione quando veniva invocato in una directory vuota (senza `zenzic.toml` esistente). Il comando di bootstrap assumeva erroneamente che un contesto di progetto valido fosse già presente prima ancora di crearlo. **Risoluzione:** Implementata una sequenza di inizializzazione a due fasi: (1) scrittura del file `zenzic.toml` tramite template isolato dal resolver di contesto, (2) avvio del ciclo di validazione solo se il file di configurazione esiste già. Il resolver ora tollera la directory vuota e delegamente l'amorcage al comando `init`. Verificato con il Genesis Test: `zenzic init` in directory completamente vuota genera correttamente `zenzic.toml` con il blocco Shield commentato. **Chiuso in:** v0.5.0a4 (`fix/sentinel-hardening`) — commit `38be6f1` + +### CI-001 — Node.js 24 / npx Prompt Non Interattivo (Cloudflare Pages) + +**Identificato in:** v0.5.0a4 (`fix/v050a4-infra-alignment`) +**Componente:** `.github/workflows/deploy-docs.yml` +**Descrizione:** `cloudflare/wrangler-action@v3` (ultima versione stabile) invoca +`npx wrangler` senza il flag `--yes`. npm 10+ sui runner GitHub con Node.js 24 +blocca l'installazione non interattiva dei pacchetti, interrompendo il deploy con: +`"npx canceled due to missing packages and no YES option: [wrangler@4.81.0]"`. +**Risoluzione:** Pre-installazione globale di `wrangler@latest` tramite `npm install -g` +prima dello step dell'action. npx trova il binario già nel PATH e salta il download +interattivo. `FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true` aggiunto per sopprimere il +warning di deprecazione di Node.js 20. Rimuovere lo step di pre-installazione solo +quando `wrangler-action` rilascia una versione che passa `--yes` a npx nativamente. +**Chiuso in:** v0.5.0a4 (`fix/v050a4-infra-alignment`)