From c174a2b2f1bdd33c16c1563180b6b216b6a40ced Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 20 Jun 2026 14:18:41 +0000 Subject: [PATCH] ci(hypatia-scan): repin reusable + grant actions:read so the scan runs The standards hypatia-scan-reusable was pinned at a stale ref (0-jobs failure) AND the caller permissions block omitted actions:read, which the reusable requires. Either gap alone leaves the run broken (0 jobs, or startup_failure once the ref resolves). Repins to 8e6ba7d (standards #380) and adds actions:read. Validated end-to-end on eclexia#42 (hypatia-scan now runs the full scan + posts findings). Co-Authored-By: Claude Claude-Session: https://claude.ai/code/session_01PWMMxryCcPrAjJ8tuGvygG --- .github/workflows/hypatia-scan.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/hypatia-scan.yml b/.github/workflows/hypatia-scan.yml index 67aacf9..6ce7514 100644 --- a/.github/workflows/hypatia-scan.yml +++ b/.github/workflows/hypatia-scan.yml @@ -22,9 +22,13 @@ permissions: contents: read security-events: write pull-requests: write + # The standards reusable declares actions:read; a caller permissions + # block that omits it pins actions to `none`, so the reusable's request + # exceeds the grant and the run dies as `startup_failure` (no jobs). + actions: read jobs: hypatia: timeout-minutes: 30 - uses: hyperpolymath/standards/.github/workflows/hypatia-scan-reusable.yml@915139d73560e65a8240b8fc7768698658502c89 + uses: hyperpolymath/standards/.github/workflows/hypatia-scan-reusable.yml@8e6ba7d4a0890d25425855a77404d4690d0ab4b5 # standards #380; repin from a 0-jobs stale ref (paired with actions:read above) secrets: inherit