ci(hypatia): make self-scan resilient to upstream outages#32
Merged
Conversation
Ports the two-failure-class policy from hyperpolymath/echo-types#43 into burble's Hypatia self-scan, expansively. Class 1 (external infrastructure): setup-beam, cloning hyperpolymath/ hypatia, mix deps.get/escript.build, and the gitbot-fleet clone now degrade to a non-gating skip with a warning + job-summary note instead of failing the job. An upstream Hypatia/BEAM outage can no longer block unrelated PRs. Class 2 (scan findings): findings are still surfaced loudly (summary, artifact, fleet submission, PR comment) and remain fix-forward / never hard-gated. Scanner runtime errors and malformed JSON also degrade to a non-gating skip rather than a red build. - setup-beam: continue-on-error + outcome check - consolidated clone+build into one tolerant "Provision Hypatia scanner" step exposing steps.scanner.outputs.ready - all downstream steps gated on ready == 'true' - added "Note skipped scan" summary step for class-1 events - documented the policy in the workflow header https://claude.ai/code/session_01SkqcQQaCVXNBT8eCQiwb3v
…-pr43-rZNvx # Conflicts: # .github/workflows/hypatia-scan.yml
…-pr43-rZNvx # Conflicts: # .github/workflows/hypatia-scan.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Ports the two-failure-class resilience policy from
hyperpolymath/echo-types#43
into burble's
hypatia-scan.yml, applied expansively.burble's Hypatia self-scan had the same fragility echo-types #43 fixed: a
flake in upstream infrastructure (BEAM provisioning, cloning
hyperpolymath/hypatia, building the scanner, cloninggitbot-fleet)would fail the job and block otherwise-healthy PRs, even though the scan
is meant to be non-gating.
Two failure classes, deliberately distinct
setup-beam, hypatia clone,mix deps.get/escript.build, gitbot-fleet clone): now degrades to anon-gating skip with a
::warning::and a job-summary note. Anupstream Hypatia/BEAM outage can no longer block unrelated PRs.
this repo): still surfaced loudly (job summary, artifact, fleet
submission, PR comment) and remains fix-forward / never hard-gated,
exactly as before.
Changes
setup-beam:continue-on-error: true+ downstreamoutcomecheckscanner step exposing
steps.scanner.outputs.readysteps.scanner.outputs.ready == 'true'job summary for class-1 events
gitbot-fleet clone failures also degrade to non-gating skips instead of
red builds; shallow clones for speed
Net effect: a Hypatia outage can never block a PR; a Hypatia finding
never silently disappears.
Test plan
yaml.safe_loadparses the workflow cleanlysurface normally when upstream is healthy
green with the "Hypatia Scan: skipped (non-gating)" summary
https://claude.ai/code/session_01SkqcQQaCVXNBT8eCQiwb3v
Generated by Claude Code