experiment(ci): rename rust-ci.yml → rust-ci-v2.yml to force fresh GH workflow_id (standards#322 root-cause test)#95
Closed
hyperpolymath wants to merge 5 commits into
Closed
Conversation
…kflow_id Hypothesis: GH Actions cached the path-based fallback name on workflow_id 231679368 (created 2026-02-07 with the old self-contained rust-ci.yml content) and never re-parsed after the thin-wrapper conversion landed (2026-05-26). All subsequent pushes produce 0s-duration "completed failure" runs because GH treats the workflow definition as unparseable. Evidence: - /repos/.../actions/workflows/231679368 returns name=".github/workflows/rust-ci.yml" (path-based fallback), not "Rust CI" (YAML name field). - governance.yml (workflow_id 278098065, created 2026-05-17 as a fresh thin wrapper) returns name="Governance" correctly — same caller pattern, no caching issue. - Disable+enable via API did NOT force re-parse. - panic-attack#84 + #92 SHA bumps did NOT fix it. Experiment: rename the file. If GH creates a new workflow_id and correctly parses "Rust CI" as the name, hypothesis 3 from standards#322 is confirmed and the fix is an estate-wide rename across all 43+ rust-ci callers. Companion to standards#322 root-cause investigation. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 98 issues detected
View findings[
{
"reason": "Action uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f5599 needs attention",
"type": "unpinned_action",
"file": "e2e.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action es: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb needs attention",
"type": "unpinned_action",
"file": "e2e.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in boj-build.yml",
"type": "missing_timeout_minutes",
"file": "boj-build.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in cargo-audit.yml",
"type": "missing_timeout_minutes",
"file": "cargo-audit.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in chapel-ci.yml",
"type": "missing_timeout_minutes",
"file": "chapel-ci.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in chapel-ci.yml",
"type": "missing_timeout_minutes",
"file": "chapel-ci.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in chapel-ci.yml",
"type": "missing_timeout_minutes",
"file": "chapel-ci.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
…solution) If @main parses where @cc5a372a does not, the bug is in GH's SHA resolution for cross-repo reusable workflows specifically. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 99 issues detected
View findings[
{
"reason": "Action uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f5599 needs attention",
"type": "unpinned_action",
"file": "e2e.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action es: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb needs attention",
"type": "unpinned_action",
"file": "e2e.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action perpolymath/standards/.github/workflows/rust-ci-reusable.yml@main\n needs attention",
"type": "unpinned_action",
"file": "rust-ci-v2.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in boj-build.yml",
"type": "missing_timeout_minutes",
"file": "boj-build.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in cargo-audit.yml",
"type": "missing_timeout_minutes",
"file": "cargo-audit.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in chapel-ci.yml",
"type": "missing_timeout_minutes",
"file": "chapel-ci.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in chapel-ci.yml",
"type": "missing_timeout_minutes",
"file": "chapel-ci.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
… to isolate filename-pattern bug
🔍 Hypatia Security ScanFindings: 101 issues detected
View findings[
{
"reason": "Action uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f5599 needs attention",
"type": "unpinned_action",
"file": "e2e.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action es: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb needs attention",
"type": "unpinned_action",
"file": "e2e.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
"type": "unpinned_action",
"file": "rust-ci-experiment-3.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
"type": "unpinned_action",
"file": "rust-ci-v2.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in boj-build.yml",
"type": "missing_timeout_minutes",
"file": "boj-build.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in cargo-audit.yml",
"type": "missing_timeout_minutes",
"file": "cargo-audit.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in casket-pages.yml",
"type": "missing_timeout_minutes",
"file": "casket-pages.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in chapel-ci.yml",
"type": "missing_timeout_minutes",
"file": "chapel-ci.yml",
"action": "flag",
"rule_module": "workflow_audit",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
Owner
Author
|
Investigation complete — root cause documented and fixed at source in hyperpolymath/standards#334. This experiment branch falsified hypotheses 1+2+3 from #322 and surfaced hypothesis 4 (bare |
hyperpolymath
added a commit
to hyperpolymath/standards
that referenced
this pull request
Jun 1, 2026
…closes #322) (#334) ## Summary \`rust-ci-reusable.yml\` lines 109 and 149 used a bare \`if:\` expression at job level: \`\`\`yaml if: hashFiles(format('{0}/Cargo.toml', inputs.working_directory)) != '' \`\`\` GH Actions silently fails to parse the entire CALLER workflow when this exact shape (`hashFiles(format(inputs.X))` bare at job-level) is reached in a reusable. Caller manifests as 0s-duration "completed failure" with the workflow name reported as the path (`.github/workflows/rust-ci.yml`) instead of the YAML `name:` field — GitHub's "This run likely failed because of a workflow file issue" diagnostic. ## Root-cause investigation Run on panic-attack#95 (experiment branch, 5 commits), tracking the parsed workflow `name` field via API: | commit | caller pin | caller shape | reusable | parsed name | result | |---|---|---|---|---|---| | `1d0a8b9` | `@cc5a372` | original thin wrapper | `rust-ci-reusable.yml` | path-fallback | ❌ fail | | `d022c8f` | `@main` | original thin wrapper | `rust-ci-reusable.yml` | path-fallback | ❌ fail | | `02c6753` | `@main` | governance.yml shape | `rust-ci-reusable.yml` | path-fallback | ❌ fail | | `6250e19` | `@main` | governance.yml shape | **`governance-reusable.yml`** | `'Rust CI'` ✓ | parses (fails at runtime, expected) | | `cb23224` | `@main` | governance.yml verbatim clone | `governance-reusable.yml` | `'Rust CI'` ✓ | parses | Falsifies #322 hypotheses 1+2+3: - Hypothesis 1 (caller structure) — falsified: changing the caller's YAML to match governance.yml verbatim did NOT fix. - Hypothesis 2 (SHA resolution) — falsified: `@main` floating ref ALSO failed. - Hypothesis 3 (workflow_id cache) — falsified: a fresh \`workflow_id\` 287101574 (created via filename rename) ALSO failed. Root cause: hypothesis 4 (new) — when the caller's \`uses:\` resolves to a reusable whose first job has a bare \`if: hashFiles(format(...))\` at job level, GH's expression evaluator rejects the resolution at workflow-parse time. The audit + coverage jobs (lines 187, 215) were always wrapped in \`\${{ }}\` and worked; the check + test jobs were not. ## The fix Two-line `if:` wrapping. Diff: \`\`\`diff - if: hashFiles(format('{0}/Cargo.toml', inputs.working_directory)) != '' + if: \${{ hashFiles(format('{0}/Cargo.toml', inputs.working_directory)) != '' }} \`\`\` ## Estate impact Once this merges, every caller of \`rust-ci-reusable.yml\` should immediately start parsing on its next push — no caller-side action needed for callers using \`@main\` floating refs. SHA-pinned callers will need to bump the pin to a commit at-or-after this merge. ## Follow-up - 43+ panic-attack-tracked callers using SHA-pinned rust-ci-reusable.yml — bumping their pins to the new commit could be a fan-out, but a no-op SHA bump is sufficient once \`@main\` resolution is confirmed clean. - Audit other reusables (\`governance-reusable.yml\`, \`secret-scanner-reusable.yml\`, etc.) for the same anti-pattern via grep: \`^\\s*if: [^$]\` followed by \`hashFiles\\|format\\|inputs\\.\` — none found in governance-reusable on inspection but worth a sweep. ## Refs - Closes #322 - Investigation PR (panic-attack side): hyperpolymath/panic-attack#95 - Original symptom report PRs: panic-attack#84 (orphan-SHA hypothesis, falsified), panic-attack#92 (SHA-bump experiment, falsified) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hypothesis
Per standards#322 hypothesis 3: GH Actions cached the path-based fallback name on workflow_id 231679368 (created 2026-02-07 with old self-contained content) and never re-parsed after the 2026-05-26 thin-wrapper conversion.
Evidence
namefieldrust-ci.yml.github/workflows/rust-ci.yml(path-based fallback — parse failed)governance.ymlGovernance(parsed correctly)Both are thin wrappers with the same YAML shape. The only difference is workflow_id provenance: governance.yml was a NEW file when added, rust-ci.yml was an OVERWRITE of an existing file.
Eliminated
cc5a372a) — no change822fa14e) — no changeTest
This PR renames the file. If a NEW workflow_id is created and parses
name: Rust CIcorrectly when this PR's push event triggers the workflow on the experiment branch, hypothesis 3 is confirmed and the estate-wide fix is a coordinated rename across 43+ callers.If the new workflow_id ALSO returns the path-based fallback, hypothesis 3 is falsified and we need to look elsewhere (most likely at the SHA-pin resolution layer or caller-permissions contract).
What this PR does NOT do
What happens after
If the rename works:
CI-REUSABLE-WORKFLOWS.adocrust-ci-v2.ymlfilenameIf the rename fails:
🤖 Generated with Claude Code