ci(diagnostic): hypatia-findings-dump — surface residual findings for triage#136
Merged
Conversation
…r triage Informational, non-gating workflow. Runs the Hypatia scanner the same way the standards hypatia-scan-reusable does, then dumps findings to the job log (totals; by severity/rule/path; one line per finding). Submodules are not checked out, so it scans reposystem's own tree only — the residual after the de-vendor (#133) + extraction (#134) work. Lets the residual be triaged from CI output without needing artifact download. Safe to delete once triaged. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01KhFfkfjKaB7Rg957u3uCT6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Tooling to unblock the Q4 hypatia residual triage. I can't run the Elixir scanner in-session or download the CI
hypatia-scan-findingsartifact, and the gate's job log only prints a one-line count. This adds an informational, non-gating workflow that runs the scanner the same way the standards reusable does and dumps the findings to the job log — totals, by-severity, by-rule, by-top-level-path, and one line per finding — so I can read them via the job logs and produce the precise fix-vs-baseline plan.Notes
hypatia-scan-reusablesetup (samecheckout/setup-beamSHAs, Elixir 1.19.4 / OTP 28.3, samehypatia-cli.sh scan .invocation).workflow_dispatchand on PRs touching its own file, so it adds no noise to normal PRs.This PR exists mainly to run the dump; I'll read the findings from its job log and come back with the plan.
🤖 Generated with Claude Code
https://claude.ai/code/session_01KhFfkfjKaB7Rg957u3uCT6
Generated by Claude Code