Skip to content

ci(hypatia-scan): repin orphan reusable SHA — finish #140's intent#163

Merged
hyperpolymath merged 1 commit into
mainfrom
fix/hypatia-scan-orphan-sha-repin
May 30, 2026
Merged

ci(hypatia-scan): repin orphan reusable SHA — finish #140's intent#163
hyperpolymath merged 1 commit into
mainfrom
fix/hypatia-scan-orphan-sha-repin

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented May 30, 2026

Summary

PR #140 ("repin orphan reusable SHAs (97df7621/4fdf4314 → live)") was
filed to repin both rust-ci.yml and hypatia-scan.yml away from
orphan pins, per its description:

  • hypatia-scan-reusable.yml@97df7621@915139d73560e65a8240b8fc7768698658502c89
  • rust-ci-reusable.yml@4fdf4314@cc5a372af1af1b202c17f1b21efd954e6c038bef

…but the merged diff only touched rust-ci.yml. hypatia-scan.yml
line 28 was never updated.

Result: the Hypatia Security Scan workflow has been completing as
failure with zero jobs on every push to main since #140
merged — workflow_call refuses orphan SHAs and emits "workflow file
issue" with no jobs created (exactly the pattern #140's description
named).

Verification

git merge-base --is-ancestor 97df7621... origin/main → NOT ancestor (orphan)
git merge-base --is-ancestor 915139d7... origin/main → ancestor (behind by 56)

Why this PR exists separately

It applies the SECOND half of #140's stated fix, no other changes.
The first half (rust-ci.yml) shipped in #140 and is working as
intended (cc5a372 confirmed as ancestor of standards/main).

Refs #140.

🤖 Generated with Claude Code

@hyperpolymath @claude
ci(hypatia-scan): repin orphan reusable SHA — finish #140's intent
99d5470 
PR #140 ("repin orphan reusable SHAs (97df7621/4fdf4314 → live)") was
filed to repin BOTH `rust-ci.yml` and `hypatia-scan.yml` away from
orphan pins, per its description:

    - hypatia-scan-reusable.yml@97df7621 → @915139d7…
    - rust-ci-reusable.yml@4fdf4314    → @cc5a372a…

…but the merged diff only touched `rust-ci.yml`. `hypatia-scan.yml`
line 28 was never updated. Result: the Hypatia Security Scan workflow
has been completing as `failure` with zero jobs on every push to main
since #140 merged (workflow_call refuses orphan SHAs).

Verification:

    git merge-base --is-ancestor 97df7621... origin/main → NOT ancestor
    git merge-base --is-ancestor 915139d7... origin/main → ancestor
                                                         (behind by 56)

This commit applies the SECOND half of #140's stated fix, no other
changes.

Refs #140.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@hyperpolymath hyperpolymath enabled auto-merge (squash) May 30, 2026 22:33
@hyperpolymath hyperpolymath merged commit 20bb6ba into main May 30, 2026
31 of 39 checks passed
@hyperpolymath hyperpolymath deleted the fix/hypatia-scan-orphan-sha-repin branch May 30, 2026 23:13
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 31, 2026

🔍 Hypatia Security Scan

Findings: 205 issues detected

Severity Count
🔴 Critical 12
🟠 High 80
🟡 Medium 113

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Issue in agda-meta-checker.yml",
    "type": "missing_timeout_minutes",
    "file": "agda-meta-checker.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in boj-build.yml",
    "type": "missing_timeout_minutes",
    "file": "boj-build.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in cargo-audit.yml",
    "type": "missing_timeout_minutes",
    "file": "cargo-audit.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in cflite_batch.yml",
    "type": "missing_timeout_minutes",
    "file": "cflite_batch.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in cflite_pr.yml",
    "type": "missing_timeout_minutes",
    "file": "cflite_pr.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in chapel-ci.yml",
    "type": "missing_timeout_minutes",
    "file": "chapel-ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in chapel-ci.yml",
    "type": "missing_timeout_minutes",
    "file": "chapel-ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in chapel-ci.yml",
    "type": "missing_timeout_minutes",
    "file": "chapel-ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in chapel-ci.yml",
    "type": "missing_timeout_minutes",
    "file": "chapel-ci.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hyperpolymath