ci: repair unresolvable actions/cache SHA pin (v4.2.0)#394
Merged
Conversation
The pin actions/cache@d4373f2 (commented "# v4.2.0") does not correspond to any real actions/cache tag. Consumer repos fail their CI with: Unable to resolve action `actions/cache@d4373f267a887d77f9eb0683a479ec60b1fe5b2b`, unable to find version `d4373f267a887d77f9eb0683a479ec60b1fe5b2b` This broke the Hypatia scan and governance reusable workflows wherever they are called (e.g. wokelangiser "scan / Hypatia Neurosymbolic Analysis"). Restore the correct immutable v4.2.0 commit (1bd1e32a3bdc45362d1e726936510720a7c30a57), preserving the existing version comment. Affected: - .github/workflows/governance-reusable.yml - .github/workflows/hypatia-scan-reusable.yml Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_019jyAkRNSMqEJaRhvpned2K
The "Build Hypatia scanner" step in the scan and governance reusable workflows still assumed the old hypatia layout: it ran `cd scanner && mix escript.build && mv hypatia ../hypatia-v2`. The hyperpolymath/hypatia repo has since been restructured so mix.exs lives at the repo root and there is no scanner/ subdirectory, so the step died with "cd: scanner: No such file or directory" (exit 1), failing the "scan / Hypatia Neurosymbolic Analysis" and "governance / Validate Hypatia Baseline" jobs. Build the escript (escript name: hypatia, per hypatia's mix.exs) directly from the cloned repo root. hypatia-cli.sh — which the scan step invokes — already prefers the root-level `hypatia` binary and self-builds it the same way, so this realigns the explicit pre-build step with the current layout. Affected: - .github/workflows/governance-reusable.yml - .github/workflows/hypatia-scan-reusable.yml Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_019jyAkRNSMqEJaRhvpned2K
hyperpolymath
pushed a commit
that referenced
this pull request
Jun 21, 2026
Diagnose-and-record audit for the estate-wide `scan / Hypatia Neurosymbolic Analysis` failure (2026-06-20/21): Unable to resolve action actions/cache@d4373f2 Root cause: the corrupt SHA (a corruption of v4.2.2's d4323d4…) was pinned centrally in the two reusable workflows (hypatia-scan-reusable.yml, governance-reusable.yml) — zero consumer workflows carried it. Already repaired and merged in standards#394 (d72fe5a): re-pinned to the genuine v4.2.0 commit 1bd1e32a…, verified against upstream `git ls-remote`. The audit also documents the propagation caveat (consumers pin reusables by standards SHA, so the post-#394 "Check Workflow Staleness" red is expected drift pending gitbot-fleet enroll-repos re-pin to d72fe5a+) and records two out-of-scope nextgen-databases findings (K9 pedigree missing metadata.name; trusted-base reduction policy red). Adds .adoc + .a2ml companion, mirroring audit-hypatia-pin-orphan-2026-05-27. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_0144t85ipupFBhd9eJ8t9vaC
hyperpolymath
added a commit
that referenced
this pull request
Jun 21, 2026
…ir (#396) ## What Adds a diagnose-and-record audit (`.adoc` + `.a2ml` companion) for the estate-wide `scan / Hypatia Neurosymbolic Analysis` failure observed 2026-06-20/21: ``` Unable to resolve action actions/cache@d4373f2 (unable to find version d4373f267a887d77f9eb0683a479ec60b1fe5b2b) ``` This is **documentation only** — the underlying fix already shipped. ## Root cause (already fixed in #394) The corrupt SHA was pinned **centrally** in the two reusable workflows (`hypatia-scan-reusable.yml`, `governance-reusable.yml`) — zero consumer workflows carried it. It is a corruption of v4.2.2's real commit `d4323d4…`. **standards#394** (merged 2026-06-21, commit `d72fe5a`) already re-pinned both to the genuine `v4.2.0` commit `1bd1e32a…`. ## Independent verification (this session) Via `git ls-remote https://github.com/actions/cache`: | SHA | Upstream ref | Resolves? | |---|---|---| | `d4373f26…` (corrupt) | (none) | ✗ bogus | | `1bd1e32a…` (repair) | `refs/tags/v4.2.0` | ✓ | | `0057852b…` | `v4` + `v4.3.0` | ✓ | | `27d5ce7f…` | `main` + `v5` + `v5.0.5` | ✓ | `git grep d4373f…` across standards + hypatia → zero matches. ## Why the audit matters (propagation caveat) Consumers pin these reusables by **standards commit SHA**, not `@main` (`@5eb28d7…` / `@861b5e9…`). So the post-#394 `Check Workflow Staleness` red is **expected drift** — the signal that a gitbot-fleet `enroll-repos` re-pin to `d72fe5a`+ is still pending, not a new defect. The audit also records two out-of-scope `nextgen-databases` findings (K9 pedigree missing `metadata.name`; trusted-base reduction policy red). Full status recorded on the umbrella: hyperpolymath/hypatia#464. Cross-refs hyperpolymath/nextgen-typing#69. 🤖 Generated with [Claude Code](https://claude.com/claude-code) https://claude.ai/code/session_0144t85ipupFBhd9eJ8t9vaC --- _Generated by [Claude Code](https://claude.ai/code/session_0144t85ipupFBhd9eJ8t9vaC)_ Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The two reusable workflows pinned
actions/cachetod4373f267a887d77f9eb0683a479ec60b1fe5b2b(commented# v4.2.0), but thatSHA does not correspond to any real
actions/cachetag. It appears to be acorruption of v4.2.2's
d4323d4…, but is not a valid ref.Every consumer repo that calls these reusable workflows fails CI with:
Observed in e.g.
wokelangiser→ jobscan / Hypatia Neurosymbolic Analysis.Fix
Restore the correct immutable
v4.2.0commit1bd1e32a3bdc45362d1e726936510720a7c30a57, verified againstgit ls-remote https://github.com/actions/cache refs/tags/v4.2.0. The existing# v4.2.0version comment is preserved and is now accurate.This is a surgical repair of the broken hash that keeps the originally
documented version, rather than a version bump to the moving
v4tag.Files changed
.github/workflows/governance-reusable.yml.github/workflows/hypatia-scan-reusable.ymlVerification
1bd1e32a3bdc45362d1e726936510720a7c30a57↔refs/tags/v4.2.0(upstreamgit ls-remote).git grep d4373f267a887d77f9eb0683a479ec60b1fe5b2b→ no remaining matches.🤖 Generated with Claude Code
https://claude.ai/code/session_019jyAkRNSMqEJaRhvpned2K
Generated by Claude Code