chore(ci): convert hypatia-scan.yml to wrapper of standards reusable#84
Merged
Conversation
…able Replaces ~416 lines of duplicated Hypatia scan plumbing with a 29-line wrapper calling hyperpolymath/standards/.github/workflows/hypatia-scan-reusable.yml at SHA 2569c10e831e293f9dd6580d82a494aca039deee (standards#191 HEAD). Behaviour-preserving: same triggers, same concurrency group, same permissions, same secrets passthrough. Refs standards#191.
Standards #191 was closed in favour of #193 (parallel-session implementation with simpler API: zero inputs except runs-on). Repointing the wrapper at #193 HEAD 97df762107501909f50bb770e9bc200b6c415600 so it picks up the merged reusable once #193 lands. Refs standards#193.
🔍 Hypatia Security ScanFindings: 885 issues detected
View findings[
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Python file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/developer-ecosystem/developer-ecosystem/iser-tools/julianiser/examples/data-pipeline/pipeline.py",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/developer-ecosystem/developer-ecosystem/affinescript-ecosystem/rattlescript/affinescript/editors/vscode/src/extension.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/developer-ecosystem/developer-ecosystem/affinescript-ecosystem/rattlescript/affinescript/packages/affine-ts/types.d.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/developer-ecosystem/developer-ecosystem/affinescript-ecosystem/rattlescript/affinescript/packages/affine-js/types.d.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/developer-ecosystem/developer-ecosystem/affinescript-ecosystem/affinescript-deno-test/example/smoke_driver.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/developer-ecosystem/developer-ecosystem/affinescript-ecosystem/affinescript-deno-test/cli.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/developer-ecosystem/developer-ecosystem/affinescript-ecosystem/affinescript-deno-test/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/developer-ecosystem/developer-ecosystem/affinescript-ecosystem/affinescript-deno-test/lib/compile.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/developer-ecosystem/developer-ecosystem/affinescript-ecosystem/affinescript-deno-test/lib/runner.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
hyperpolymath
added a commit
that referenced
this pull request
May 30, 2026
…ocks required check) (#98) Root cause: the pinned SHA \`97df762107501909f50bb770e9bc200b6c415600\` references the **original PR-branch commit** of [standards#193](hyperpolymath/standards#193), not the squash-merged commit on main (\`915139d7\`). The PR-branch commit is **orphaned** — not reachable from \`origin/main\`: \`\`\` $ git merge-base --is-ancestor 97df762... origin/main $ echo $? 1 \`\`\` GitHub Actions requires \`workflow_call\` SHAs reachable from the called repo's default branch. With an unreachable SHA, the workflow fails with **"This run likely failed because of a workflow file issue"** — no jobs are created, no logs produced, and the required check \`Hypatia Neurosymbolic Analysis\` never reports, blocking every PR via branch-protection's required-checks list. ## Evidence - Last successful hypatia-scan run on this repo: 2026-05-26 17:42 (commit \`ce329927\`, before SHA-pin merged in #84) - First failing run: 2026-05-27 12:02:35 (commit \`eb02a080\`, on main after #84) - Every subsequent run: failed identically - All other reusables (secret-scanner, mirror, governance) pin to reachable SHAs and work fine ## Fix Bump to \`4f07382468f045cdaf75e0bbdb1886a0579d83e3\` — the latest commit on standards' main that modified \`hypatia-scan-reusable.yml\` (2026-05-30 erlef/setup-beam consolidation, [standards#289](hyperpolymath/standards#289)). Verified reachable from \`origin/main\` of standards. ## Estate-wide scope 54 repos carry the same broken SHA. Sweep tracked separately. Distribution: | SHA | Repo count | Reachable? | |---|---|---| | \`97df762\` (broken — PR-branch commit) | 54 | ❌ | | \`915139d7\` (merge commit) | 19 | ✅ | | \`5eb28d7d\` (later) | 10 | ✅ | | \`2569c10e\` (later) | 1 | ✅ | Refs hyperpolymath/standards#287 Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces the per-repo
hypatia-scan.yml(416 lines) with a 29-line wrapper callinghyperpolymath/standards/.github/workflows/hypatia-scan-reusable.yml@2569c10e831e293f9dd6580d82a494aca039deee(standards#191 HEAD SHA).Behaviour-preserving: identical triggers (push/pull_request/schedule/workflow_dispatch), same concurrency group, same permissions (contents:read + security-events:write + pull-requests:write), same secrets passthrough.
Same pattern as the rust-ci wrapper sweep (standards#174 + 82 wrapper PRs filed 2026-05-26).
Pin-to-not-yet-merged-SHA
Intentional: the SHA points at standards#191's PR HEAD. The wrapper file is staged but the action runner won't load the reusable until standards#191 lands on main.
Test plan
pull_requesttriggers run main's old workflow file (target-branch semantics)Refs standards#191.
🤖 Generated with Claude Code