fix(reusable-ci): repair runaway YAML indentation breaking all consumers#8
Conversation
The previous commit (e5f2e19) introduced broken indentation where each successive line accumulated additional leading whitespace, producing invalid YAML. GitHub Actions could not parse the workflow, so every consumer repo's `ci.yml` (which references this file via `uses: chittyfoundation/.github/.github/workflows/reusable-ci-pipeline.yml@main`) failed in 0 seconds with "workflow file issue" and never scheduled a job. Symptom: chittyos/chittyentity PRs #430, #441-#444 (and any other repo consuming this reusable workflow) show ci.yml failing instantly with zero jobs run, zero log output. Root cause: malformed YAML — `inputs:` and every nested key were progressively over-indented; `secrets:` and `jobs:` ended up nested inside `inputs:` instead of at top level. Fix: rewrite the file with correct, consistent 2-space indentation. No semantic changes to inputs, secrets, or job definitions, with two small correctness fixes that were latent in the original: - Step-level `if: secrets.X != ''` is not a valid expression context (the `secrets` context is not available in step `if:`). Replaced with the canonical pattern of exposing the secret to `env` and checking `env.X != ''`. Impacted repos (any with a caller pointing at `chittyfoundation/.github/.github/workflows/reusable-ci-pipeline.yml@main`): - chittyos/chittyentity (confirmed) - any other consumer using the same caller pattern Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
Warning Review limit reached
More reviews will be available in 31 minutes and 31 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…#9) Step-level env: is materialized too late to be visible in that same step's if: expression. After #8 unblocked YAML parsing, consumer runs began hitting startup_failure because the security and ai-review jobs declared SNYK_TOKEN / ANTHROPIC_API_KEY only at step level while gating the step with `if: env.X != ''`. Hoist those env: blocks to job scope (canonical pattern) so the gate resolves correctly. No behavior change when the secret is present; when absent, the gated step is skipped instead of failing the run. Also adds the missing actions/setup-node step to the security job so `npm audit` has a node toolchain. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 participant
Summary
.github/workflows/reusable-ci-pipeline.ymlhad runaway indentation introduced in e5f2e19, producing invalid YAML.chittyos/chittyentityPRs #430, #441-#444) showsci.ymlfailing in 0 seconds with "workflow file issue" — GitHub refuses to schedule any job.Root cause
In e5f2e19 ("Align reusable CI pipeline with ChittyOS SOPs - add security scanning"), nested keys under
inputs:were over-indented progressively, causingsecrets:andjobs:to land insideinputs:instead of at the top level. The YAML parser fails, so GitHub Actions rejects the workflow before scheduling any runner — hence the 0-second "workflow file issue" failure on every PR in every consumer repo.Latent bug also fixed
Original used
if: secrets.SNYK_TOKEN != ''andif: secrets.ANTHROPIC_API_KEY != ''at the step level. Thesecretscontext is not available in step-levelif:expressions. Switched to the canonical pattern: expose secret toenv:and checkenv.X != ''. (Would have silently never-run those steps even after YAML parse succeeded.)Impacted repos
Any repo whose
ci.ymlcallsuses: chittyfoundation/.github/.github/workflows/reusable-ci-pipeline.yml@main. Confirmed:chittyos/chittyentity. Likely others across the foundation/portfolio.Test plan
python3 -c "import yaml; yaml.safe_load(...)"parses cleanly with all 7 inputs, 2 secrets, 5 jobs present.chittyos/chittyentityPR (e.g. #444) and confirm jobs actually schedule and produce real output (pass or fail with real logs, not 0s "workflow file issue").