From 4a2ce57b59606e25767273716818f494386ed9ab Mon Sep 17 00:00:00 2001 From: hyperpolymath <6759885+hyperpolymath@users.noreply.github.com> Date: Tue, 7 Jul 2026 11:04:45 +0100 Subject: [PATCH] =?UTF-8?q?fix(ci):=20repair=20the=20two=20standing=20red?= =?UTF-8?q?=20checks=20=E2=80=94=20codeql=20init/analyze=20version=20split?= =?UTF-8?q?=20+=20stale=20hypatia=20reusable=20pin?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Every PR has carried two red checks: 1. `analyze (actions, none)` (CodeQL — a REQUIRED check per the workflow's own comment): dependabot #670/#673 bumped `analyze`/`upload-sarif` to v4.36.3 (54f647b7) but left `init` at v4.36.2 (8aad20d1). The init step writes a config the newer analyze rejects: "Loaded a configuration file for version '4.36.2', but running 4.36.3" Fix: align `init` to the same v4.36.3 SHA. Also corrected the drifted "# v3.28.1" comments to the SHA's real version (comment said v3.28.1, SHA was v4.36.x — the drift is what hid the split). 2. `hypatia / Hypatia Neurosymbolic Analysis`: the wrapper pinned the standards reusable at d135b05 — the known estate CI-red master-cause pin. The reusable was fixed upstream in standards #428 (GITHUB_TOKEN), #441 (un-stale scanner cache — our exact "Cache not found ... exit 1" symptom), #445, #453. Fix: bump the pin to 5fa7a834e (#453), the latest commit touching the reusable. Workflow-file change: pushed via WSL gh (workflow scope present). Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/hypatia-scan.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5d6f867..28c0275 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,11 +37,11 @@ jobs: - name: Checkout uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Initialize CodeQL - uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3.28.1 + uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v3.28.1 + uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/hypatia-scan.yml b/.github/workflows/hypatia-scan.yml index 8ae2c83..a03406c 100644 --- a/.github/workflows/hypatia-scan.yml +++ b/.github/workflows/hypatia-scan.yml @@ -25,5 +25,5 @@ permissions: pull-requests: write jobs: hypatia: - uses: hyperpolymath/standards/.github/workflows/hypatia-scan-reusable.yml@d135b05bfc647d0c0fbfedc7e80f37ea50f49236 + uses: hyperpolymath/standards/.github/workflows/hypatia-scan-reusable.yml@5fa7a834e015f22c14d2de592ccc369caefa318a secrets: inherit