Skip to content

ci(hypatia-scan): repin reusable to merge-commit SHA (orphan-SHA fix)#18

Merged
hyperpolymath merged 1 commit into
mainfrom
ci/hypatia-scan-pin-fix
May 27, 2026
Merged

ci(hypatia-scan): repin reusable to merge-commit SHA (orphan-SHA fix)#18
hyperpolymath merged 1 commit into
mainfrom
ci/hypatia-scan-pin-fix

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented May 26, 2026

Summary

The hypatia-scan.yml wrapper pins to 97df762... — the PR-branch commit of standards#193, not its merge commit. After the squash-merge, that PR-branch SHA was orphaned. GitHub Actions can no longer resolve the reusable, so every hypatia-scan run fails at parse stage (jobs: [], banner: "This run likely failed because of a workflow file issue").

Diagnosis

  • Old pin: 97df762107501909f50bb770e9bc200b6c415600 — PR-branch commit on standards#193 (orphaned).
  • New pin: 915139d73560e65a8240b8fc7768698658502c89 — actual merge-commit on standards/main.

Verification:

$ gh api repos/hyperpolymath/standards/compare/main...97df762
{ "status": "diverged", "ahead_by": 1, "behind_by": 24 }
$ gh api repos/hyperpolymath/standards/compare/main...915139d7
{ "status": "behind", "ahead_by": 0, "behind_by": 1 }

File content at both SHAs is byte-identical; only the reachability differs.

Estate scope

This is one of ~100 PRs in the sweep (gh search code "@97df762" --owner hyperpolymath returned 100 hits). Reusables-campaign closure track (memory [2026-05-26 reusables campaign — CLOSED]).

🤖 Generated with Claude Code

@hyperpolymath
ci(hypatia-scan): repin reusable to merge-commit SHA
5285c30 
The wrapper pins to 97df762..., the PR-branch commit on standards#193
that was orphaned after squash-merge. The new pin 915139d7... is the
merge-commit SHA on standards/main; file content is byte-identical.

Estate fix: ~100 repos affected by the same orphan.
@hyperpolymath hyperpolymath enabled auto-merge (squash) May 26, 2026 23:03
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 27, 2026

🔍 Hypatia Security Scan

Findings: 20 issues detected

Severity Count
🔴 Critical 0
🟠 High 16
🟡 Medium 4
View findings 
[
  {
    "reason": "Issue in scorecard.yml",
    "type": "missing_workflow",
    "file": "scorecard.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in mirror.yml",
    "type": "missing_workflow",
    "file": "mirror.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in secret-scanner.yml",
    "type": "missing_workflow",
    "file": "secret-scanner.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Required file missing (condition: public_repo)",
    "type": "missing_requirement",
    "file": ".github/workflows/scorecard.yml",
    "action": "create",
    "rule_module": "cicd_rules",
    "severity": "high"
  },
  {
    "reason": "Nominal-only SAST in a2ml_ex: codeql.yml language matrix contains no language present in the repo and lacks `actions`, so CodeQL records zero results on every commit. Remediation: set the CodeQL matrix to `language: actions`.",
    "type": "StaticAnalysis",
    "file": "/home/runner/work/a2ml_ex/a2ml_ex",
    "action": "auto_fix",
    "rule_module": "scorecard",
    "severity": "medium",
    "remediation": "Add CodeQL or equivalent SAST workflow.",
    "scorecard_check": "SAST"
  },
  {
    "reason": "Repository has 5 non-main remote branch(es). Policy: single main branch only.",
    "type": "GS007",
    "file": ".",
    "action": "delete_remote_branches",
    "rule_module": "git_state",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/git_state/GS007 -- Hypatia git_state: GS007 -- 9 day(s) old",
    "type": "CSA001",
    "file": ".",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/scorecard/StaticAnalysis -- Hypatia scorecard: StaticAnalysis -- 9 day(s) old",
    "type": "CSA001",
    "file": "a2ml_ex",
    "action": "review",
    "rule_module": "code_scanning_alerts",
    "severity": "medium"
  },
  {
    "reason": "Code scanning (Hypatia): hypatia/cicd_rules/missing_requirement -- Hypatia cicd_rules: missing_requirement -- 9 day(s) old [STALE]",
    "type": "CSA001",
    "file": ".github/workflows/scorecard.yml",
    "action": "escalate",
    "rule_module": "code_scanning_alerts",
    "severity": "high"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

@hyperpolymath hyperpolymath merged commit ec5d99e into main May 27, 2026
8 of 9 checks passed
@hyperpolymath hyperpolymath deleted the ci/hypatia-scan-pin-fix branch May 27, 2026 12:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hyperpolymath