Skip to content

ci(nix): keep the nix job green when the sticky lockfile comment can't post#149

Merged
OmarB97 merged 1 commit into
mainfrom
fix/nix-sticky-comment-resilience
Jun 10, 2026
Merged

ci(nix): keep the nix job green when the sticky lockfile comment can't post#149
OmarB97 merged 1 commit into
mainfrom
fix/nix-sticky-comment-resilience

Conversation

@OmarB97

@OmarB97 OmarB97 commented Jun 10, 2026

Copy link
Copy Markdown
Owner

Why

Every fork PR currently shows a red nix (ubuntu-latest) check even when the nix build is green: the final "Comment/Clear sticky PR comment" housekeeping steps fail with ##[error]Requires authentication (reproduced on PRs #137 and #138 including a rerun), and the step failure fails the whole job — nix (macos-latest) then reports cancelled. A permanently red check trains everyone to ignore nix results and masks real breakage.

What changed

.github/workflows/nix.ymlcontinue-on-error: true on both marocchino/sticky-pull-request-comment steps (the lockfile-hash warning comment and its clear-on-resolution counterpart). The lockfile check itself still fails the job when the hash is stale; only the cosmetic comment delivery becomes best-effort.

How to review

  1. The two-step diff: each sticky-comment step gains continue-on-error: true with a comment stating the rationale.
  2. Confirm the hash_check gating logic is untouched — a stale lockfile still reds the job via its own step.

Evidence

Verification

  • YAML validity checked locally (pass).
  • Behavioral proof lands on the first PR run after merge: nix ends green with the comment step marked as a tolerated failure. Tracked on MeshBoard task fork-ci-nix-job-fails-every-pr-at-sticky-pr-comment.

Risks / gaps

  • A genuinely broken comment-permission setup would now be visible only as an annotation, not a red job — accepted tradeoff: the comment is advisory and the lockfile check still gates.
  • Root cause of the 401 (token scope on PR-event runs) remains unexplained upstream of this hardening — already tracked as MeshBoard task fork-ci-nix-job-fails-every-pr-at-sticky-pr-comment.

Collaborators

  • @OmarB97 (operator)
  • Claude Fable 5 (ko-mac.claude)

@claude
ci(nix): don't fail the nix job when the sticky lockfile comment can'…
9e3eb71 
…t be posted

The 'Comment/Clear sticky PR comment' steps are cosmetic housekeeping for
the lockfile-hash warning. When the comment API rejects the call (observed:
HTTP 401 on every fork PR run, twice reproduced on a rerun, while the nix
build itself was green), the whole job reports failure — training reviewers
to ignore a red nix check and masking real nix breakage. continue-on-error
keeps the comment best-effort and lets the build result speak.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jun 10, 2026

Copy link
Copy Markdown

🔎 Lint report: fix/nix-sticky-comment-resilience vs origin/main

ruff

Total: 0 on HEAD, 0 on base (➖ 0)

🆕 New issues: none

✅ Fixed issues: none

Unchanged: 0 pre-existing issues carried over.

ty (type checker)

Total: 10583 on HEAD, 10583 on base (➖ 0)

🆕 New issues: none

✅ Fixed issues: none

Unchanged: 5544 pre-existing issues carried over.

Diagnostics are surfaced as warnings — this check never fails the build.

@OmarB97 OmarB97 mentioned this pull request Jun 10, 2026
Merged
@OmarB97 OmarB97 merged commit a9141b0 into main Jun 10, 2026
14 of 20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@OmarB97