From 0964972acda4b24bff17803832b79509ab3c6df2 Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 20 Jun 2026 14:18:39 +0000 Subject: [PATCH] ci(hypatia-scan): repin reusable + grant actions:read so the scan runs The standards hypatia-scan-reusable was pinned at a stale ref (0-jobs failure) AND the caller permissions block omitted actions:read, which the reusable requires. Either gap alone leaves the run broken (0 jobs, or startup_failure once the ref resolves). Repins to 8e6ba7d (standards #380) and adds actions:read. Validated end-to-end on eclexia#42 (hypatia-scan now runs the full scan + posts findings). Co-Authored-By: Claude Claude-Session: https://claude.ai/code/session_01PWMMxryCcPrAjJ8tuGvygG --- .github/workflows/hypatia-scan.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/hypatia-scan.yml b/.github/workflows/hypatia-scan.yml index 2755c53..b910785 100644 --- a/.github/workflows/hypatia-scan.yml +++ b/.github/workflows/hypatia-scan.yml @@ -22,9 +22,13 @@ permissions: contents: read security-events: write pull-requests: write + # The standards reusable declares actions:read; a caller permissions + # block that omits it pins actions to `none`, so the reusable's request + # exceeds the grant and the run dies as `startup_failure` (no jobs). + actions: read jobs: hypatia: - uses: hyperpolymath/standards/.github/workflows/hypatia-scan-reusable.yml@5eb28d7d8790d5389b7b6a5233fe6265a775e3d0 + uses: hyperpolymath/standards/.github/workflows/hypatia-scan-reusable.yml@8e6ba7d4a0890d25425855a77404d4690d0ab4b5 # standards #380; repin from a 0-jobs stale ref (paired with actions:read above) timeout-minutes: 10 secrets: inherit