feat(classify): skip_label input + gh retry resilience; non-fatal annotate#95
Merged
Merged
Conversation
…otate
The 2026-06-10 GitHub incident ('erroneous 401 responses', ~15% of API
traffic) turned classify red fleet-wide: any unguarded gh call that lost
the coin flip failed the job, including the policy-notice comment step
that documents itself as never exiting non-zero.
- retry (3 attempts, 5s/10s backoff) on every gh call that gates the job;
buffered stdout so command substitutions never capture error bodies
from failed attempts
- annotate step now downgrades gh failures to ::warning:: (it is a
policy notice, not a gate — the label and automerge regex gate)
- new skip_label input: embedded classify jobs (pr-codex-review callers)
only need the risk_class output; the standalone PR Classify caller owns
the label + sticky comment, ending duplicate writes and write races
- fix stale 'exits 1' comment in our own codex caller (exit-1 removed
in #21)
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Coverage Floor — mode:
|
|
No issues found. Retry logic, skip_label gating, and non-fatal annotate are all correctly implemented; backwards compatibility is preserved. |
topcoder1
added a commit
to topcoder1/nanoclaw
that referenced
this pull request
Jun 11, 2026
…86) Refreshes the pr-codex-review.yml caller to the current template (topcoder1/ci-workflows#95 companion). **What changes:** - Embedded classify job renamed `classify` → `codex-classify`: its check context no longer collides with the standalone PR Classify workflow's `classify / Classify PR Risk`, which is a required status check in some rulesets. The 2026-06-10 GitHub 401 incident reddened the duplicate context and polluted required-check evaluation. - Passes `skip_label: true`: this embedded run only computes the `risk_class` output. The standalone PR Classify workflow remains the single writer of the `risk:*` label and the blocked-PR sticky comment (no more write races). - Adds `reopened` to trigger types (parity with the standalone classify caller). **Behavior unchanged:** Codex review still runs on risk:sensitive and risk:blocked PRs; automerge gating (label + path regex) is untouched. **Auto-merge rationale:** manual click-merge — touches `.github/workflows/**` (fleet policy). 🤖 Generated with [Claude Code](https://claude.com/claude-code)
topcoder1
added a commit
to whois-api-llc/ProfessionalServices
that referenced
this pull request
Jun 11, 2026
…14) Refreshes the pr-codex-review.yml caller to the current template (topcoder1/ci-workflows#95 companion). **What changes:** - Embedded classify job renamed `classify` → `codex-classify`: its check context no longer collides with the standalone PR Classify workflow's `classify / Classify PR Risk`, which is a required status check in some rulesets. The 2026-06-10 GitHub 401 incident reddened the duplicate context and polluted required-check evaluation. - Passes `skip_label: true`: this embedded run only computes the `risk_class` output. The standalone PR Classify workflow remains the single writer of the `risk:*` label and the blocked-PR sticky comment (no more write races). - Adds `reopened` to trigger types (parity with the standalone classify caller). **Behavior unchanged:** Codex review still runs on risk:sensitive and risk:blocked PRs; automerge gating (label + path regex) is untouched. **Auto-merge rationale:** manual click-merge — touches `.github/workflows/**` (fleet policy). 🤖 Generated with [Claude Code](https://claude.com/claude-code)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Root cause this responds to
On 2026-06-10 15:20–16:21Z, GitHub had a platform incident: "sporadic authentication failures, impacting approximately 15% of API traffic. Erroneous 401 responses" (githubstatus.com). Valid
GITHUB_TOKENs were intermittently treated as anonymous. In whois-api-llc/disposable-email-domains (first blocked-path PR since codex-review install), this reddenedclassify / Classify PR Risk— a required check there — on two consecutive pushes (runs 27288936851, 27289393205, 27289393136). Same job, same token:gh pr editsucceeded at 16:02:59 and aghwrite 401'd at 16:03:01. A rerun 20h later passed unchanged — there was no token-plumbing bug (the suspected missingGH_TOKEN/secrets: inheritwas a red herring;github.tokenwas set at every step).The incident exposed two real structural weaknesses, fixed here:
Changes
retryon every gh call that gates the job (3 attempts, 5s/10s backoff). Stdout is buffered per attempt so command substitutions never capture error bodies from failed attempts. Turns a 15% per-call platform blip into ~0.3%.::warning::(it's a policy notice; gating lives in the label + claude-author-automerge regex).skip_labelinput — fleet repos run this reusable from TWO workflows (standalone PR Classify + embedded in PR Codex Review), racing to write the same label and sticky comment, and producing two check contexts both namedclassify / Classify PR Risk(polluting required-check evaluation). Embedded callers will passskip_label: trueand just consume therisk_classoutput. Follow-up: fleet caller-template rollout renames the embedded job tocodex-classifyso the contexts stop colliding.skip_label: true— it's the only labeler here (no standalone classify caller in ci-workflows).Backward compatible:
skip_labeldefaults tofalse; existing callers see retry hardening only.Verification
actionlint(incl. shellcheck on run blocks): PASS$(… || true)→ empty capture, no script abortCodex pre-review: PASS — no P1. Two P2s: (1)
gh pr viewin label step un-retried → fixed in this PR (wrapped in retry); (2) pre-existing word-splitting if a risk label name contained spaces → declined, label names come from the classifier's fixed enum (no spaces possible).Auto-merge rationale: manual click-merge —
.github/workflows/**is on the high-risk list, and this is the fleet-wide reusable: a bad merge breaks classify on every PR in 40+ repos until reverted.🤖 Generated with Claude Code