fix: Log the local serr in workflow status-update fallbacks

[chet]

Description

Cleans up a recurring "wrong variable logged"... mmmm pattern? ...across four workflow activity files. In each spot, an inner if serr != nil { ... Err(err) } was logging the outer-scope err (instead of the local serr returned by the status-update helper) -- so when a status write failed, the log surfaced whatever stale value happened to be in err (often nil), masking the actual error.

Doing this because CodeRabbit flagged a similar finding in #594, and since I've been trying to keep everything boilerplate, I was like hrmmm.... so I went back through prior PRs to do a sweep and make sure this was addressed in other call sites that already went in.

Signed-off-by: Chet Nichols III chetn@nvidia.com

Type of Change

• Feature - New feature or functionality (feat:)
• Fix - Bug fixes (fix:)
• Chore - Modification or removal of existing functionality (chore:)
• Refactor - Refactoring of existing functionality (refactor:)
• Docs - Changes in documentation or OpenAPI schema (docs:)
• CI - Changes in GitHub workflows. Requires additional scrutiny (ci:)
• Version - Issuing a new release version (version:)

Services Affected

• API - API models or endpoints updated
• Workflow - Workflow service updated
• DB - DB DAOs or migrations updated
• Site Manager - Site Manager updated
• Cert Manager - Cert Manager updated
• Site Agent - Site Agent updated
• Flow - Flow service updated
• Powershelf Manager - Powershelf Manager updated
• NVSwitch Manager - NVSwitch Manager updated

Related Issues (Optional)

Breaking Changes

• This PR contains breaking changes

Testing

• Unit tests added/updated
• Integration tests added/updated
• Manual testing performed
• No testing required (docs, internal refactor, etc.)

Additional Notes

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 410c49f5-afa1-4e98-a51f-ddf67aa165c4

📥 Commits

Reviewing files that changed from the base of the PR and between d3a07c6 and 67ad5e6.

📒 Files selected for processing (4)

• workflow/pkg/activity/machine/machine.go
• workflow/pkg/activity/operatingsystem/operatingsystem.go
• workflow/pkg/activity/sshkeygroup/sshkeygroup.go
• workflow/pkg/activity/vpcprefix/vpcprefix.go

---

Summary by CodeRabbit

• Bug Fixes
  • Corrected error logging across multiple system components to report accurate error information during status updates and database operations, improving troubleshooting and monitoring capabilities.

Walkthrough

This pull request corrects error logging across four activity modules by reporting the actual error values returned by status update operations instead of unrelated outer-scoped error variables. All changes maintain existing control flow and return behavior while improving error diagnostics.

Changes

Error Logging Fixes in Activity Status Update Handlers

Layer / File(s)	Summary
Error variable corrections in status update failure paths workflow/pkg/activity/machine/machine.go, workflow/pkg/activity/operatingsystem/operatingsystem.go, workflow/pkg/activity/sshkeygroup/sshkeygroup.go, workflow/pkg/activity/vpcprefix/vpcprefix.go	Eight error logging statements are corrected to use serr (the actual return value from status update operations) instead of outer-scoped or unrelated err variables. Corrections span Machine Site status updates, OperatingSystem site association and missing-on-site updates, SSHKeyGroup site association updates, and VpcPrefix missing-on-site updates. No control flow or database behavior is altered.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely describes the primary change: correcting error variable references in workflow status-update error handlers across multiple files.
Description check	✅ Passed	The description provides clear context on the issue (logging stale/nil error values instead of actual errors), the scope (four workflow activity files), and the motivation (CodeRabbit finding and consistency sweep).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔐 TruffleHog Secret Scan

✅ No secrets or credentials found!

Your code has been scanned for 700+ types of secrets and credentials. All clear! 🎉

🔗 View scan details

_{🕐 Last updated: 2026-06-01 19:58:35 UTC | Commit: 67ad5e6}

[github-actions]

🔍 Container Scan Summary

Service	Total	Critical	High	Medium	Low	Other
nico-flow	66	4	34	18	2	8
nico-nsm	82	2	28	43	9	0
nico-psm	67	4	35	18	2	8
nico-rest-api	100	6	53	30	3	8
nico-rest-cert-manager	65	4	34	18	1	8
nico-rest-db	66	4	34	18	2	8
nico-rest-site-agent	65	4	34	18	1	8
nico-rest-site-manager	65	4	34	18	1	8
nico-rest-workflow	67	4	35	18	2	8
TOTAL	643	36	321	199	23	64

Per-CVE detail lives in the per-service grype-* artifacts (JSON + SARIF). Severity counts only — no CVE IDs published here.