Skip to content

fix(ci): repair two pre-existing workflow failures (verify-specs + wasm-size)#92

Closed
brawlaphant wants to merge 1 commit into
regen-network:mainfrom
brawlaphant:fix/ci-workflow-wasm-size-and-verify-specs
Closed

fix(ci): repair two pre-existing workflow failures (verify-specs + wasm-size)#92
brawlaphant wants to merge 1 commit into
regen-network:mainfrom
brawlaphant:fix/ci-workflow-wasm-size-and-verify-specs

Conversation

@brawlaphant

Copy link
Copy Markdown
Contributor

Summary

Two pre-existing bugs in the CI workflow YAMLs have been producing red check marks on every PR regardless of content. This PR fixes both with a ~14 line diff across two YAML files.

  • Lands in: `.github/workflows/ci.yml`, `.github/workflows/wasm-size.yml`
  • Changes: remove broken `npm ci` step in verify-specs; pass wasm-size report via env var instead of template substitution
  • Validate: `node scripts/verify.mjs` (bug 1); wasm-size bug 2 end-to-end on this PR's own CI

Bug 1: `verify-specs` runs `npm ci` at a root with no lockfile

`.github/workflows/ci.yml` verify-specs job runs:

```yaml

  • name: Install root dependencies
    run: npm ci
    ```

The repository root has a `package.json` (declaring only `scripts`, zero dependencies) and no `package-lock.json`. `npm ci` strictly requires a lockfile even when there's nothing to install:

```
npm error code EUSAGE
npm error The `npm ci` command can only install with an existing
npm error package-lock.json or npm-shrinkwrap.json with
npm error lockfileVersion >= 1.
```

The actual work in this job is `node scripts/verify.mjs`, which only imports `node:fs`, `node:path`, and `node:child_process`. No external dependencies. Fix: remove the step entirely.

Bug 2: `wasm-size` can't substitute a multi-line report into a JS string literal

`.github/workflows/wasm-size.yml` uses `actions/github-script@v7` with this pattern:

```yaml
script: |
...
'${{ steps.sizes.outputs.report }}',
...
```

GitHub Actions substitutes the value into the JavaScript source text before execution. The report is a multi-line Markdown table (one row per contract). When the multi-line text is inlined into a JavaScript single-quoted string literal, the literal ends at the first newline and everything after becomes invalid JS:

```
SyntaxError: Invalid or unexpected token
at new AsyncFunction ()
...
```

Fix: pass the report via an `env:` map instead of template substitution. `actions/github-script` exposes the job's env to the script via `process.env`, so the multi-line string survives as an opaque runtime value:

```diff

  • name: Comment on PR
    uses: actions/github-script@v7
  • env:
  • REPORT: ${{ steps.sizes.outputs.report }}
    with:
    script: |
    ...
  •  '\${{ steps.sizes.outputs.report }}',
    
  •  const report = process.env.REPORT || '(no report)';
    
  •  ...
    
  •  report,
     ...
    

```

This is the pattern `actions/github-script` documents for untrusted or multi-line inputs.

Scope

Two YAML files. No TypeScript, no Rust, no reference-impl changes.

Related

Part of the CI-repair sweep alongside #90 (contracts clippy + 3 orphaned workspace members) and #91 (`agents/` `workspace:*` protocol). Together these three PRs should clear every CI failure on every open PR.

…sm-size)

Two pre-existing bugs in the CI workflow YAMLs have been producing
red check marks on every PR regardless of the content. This PR
fixes both.

## Bug 1: `verify-specs` runs `npm ci` at a root with no lockfile

The `Verify Specs` job in `.github/workflows/ci.yml` runs:

  - name: Install root dependencies
    run: npm ci

The repository root has a `package.json` (declaring only `scripts`,
zero dependencies), but **no `package-lock.json`**. `npm ci`
strictly requires a lockfile even when there is nothing to install:

  npm error code EUSAGE
  npm error The `npm ci` command can only install with an existing
  npm error package-lock.json or npm-shrinkwrap.json with
  npm error lockfileVersion >= 1.

The `Run verify script` step only calls `node scripts/verify.mjs`,
and that script only imports `node:fs`, `node:path`, and
`node:child_process`. No external dependencies are involved.

**Fix:** remove the `Install root dependencies` step entirely. It
was never doing any work, and the job now runs `node scripts/
verify.mjs` directly against the repository.

## Bug 2: `wasm-size` can't substitute multi-line report into JS

The `Report WASM Binary Sizes` job in `.github/workflows/
wasm-size.yml` uses `actions/github-script@v7` to post a PR
comment. The script is passed the multi-line WASM size report via
GitHub Actions template substitution:

  script: |
    ...
    '${{ steps.sizes.outputs.report }}',
    ...

GitHub Actions substitutes the value directly into the JavaScript
source text BEFORE execution. The report is a multi-line Markdown
table (one line per contract). When the substituted text is
dropped into a JavaScript single-quoted string literal, the
literal ends at the first newline and the remaining lines become
invalid JavaScript:

  SyntaxError: Invalid or unexpected token
      at new AsyncFunction (<anonymous>)
      ...

**Fix:** pass the report via an environment variable instead.
`actions/github-script` exposes the job's `env:` map to the
script via `process.env`, so the multi-line string survives as
an opaque runtime value. The script reads
`process.env.REPORT || '(no report)'` and uses it as-is. This
pattern is the one the `actions/github-script` docs recommend
for untrusted or multi-line inputs.

## Scope

Two YAML files, ~14 line delta total. Does not touch any
TypeScript, Rust, or reference-impl code.

## Validation

- Bug 1 validated by running `node scripts/verify.mjs` from the
  repo root — exits 0 with "agentic-tokenomics verify: PASS".
  The fix removes the broken step; no alternative to test
  because the script never needed dependencies.

- Bug 2 cannot be end-to-end validated locally (it requires a
  real PR to post a comment), but the JavaScript change is
  mechanical: `'${{ output }}'` →
  `process.env.REPORT || '(no report)'`. The env var is set via
  the `env:` map which `actions/github-script@v7` documents as
  the canonical way to pass multi-line/rich values.

## Related

Part of the CI-repair sweep alongside regen-network#90 (contracts clippy + 3
orphaned workspace members) and regen-network#91 (`agents/` workspace:*
protocol). Together these three PRs should clear every CI failure
on every open PR.

- Lands in: `.github/workflows/ci.yml`, `.github/workflows/wasm-size.yml`
- Changes: remove broken `npm ci` in verify-specs; pass wasm-size report via env var
- Validate: `node scripts/verify.mjs` (bug 1); wasm-size bug 2 runs end-to-end on this PR's CI
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

brawlaphant added a commit to brawlaphant/agentic-tokenomics that referenced this pull request Apr 13, 2026
Combines three independent fixes that each need the others to produce
a fully green CI run:

1. Contracts (Rust) — fix clippy errors across 6 contracts: replace
   redundant closures, op_ref on Uint128, manual_range_contains,
   unnecessary_map_or. Refactor too_many_arguments into param structs
   for credit-class-voting, contribution-rewards, service-escrow.
   Wire 3 orphaned contracts (reputation-signal, marketplace-curation,
   validator-governance) into the workspace so cargo clippy --workspace
   actually lints them.

2. Agents (Node) — replace workspace:* protocol with * in agent
   package.json files. npm ci on GitHub Actions doesn't support the
   workspace: protocol (pnpm-only feature).

3. Verify Specs — remove the npm ci step that fails because the root
   package.json has no lock file. The verify scripts only import
   built-in node:* modules, so no install is needed.

4. WASM Size Report — pass multi-line report through env var instead
   of inline ${{ }} substitution which breaks JS string literals.

Supersedes PRs regen-network#90, regen-network#91, regen-network#92 which each fix one job but fail the others.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@brawlaphant

Copy link
Copy Markdown
Contributor Author

Superseded by #106 which combines this fix with #90 and #91 into a single green-CI PR. The three standalone fix PRs each leave 2-3 other CI jobs failing; #106 fixes all four in one shot.

Suggest closing this once #106 lands.

glandua pushed a commit that referenced this pull request Apr 25, 2026
* fix: resolve all 4 CI job failures on main

Combines three independent fixes that each need the others to produce
a fully green CI run:

1. Contracts (Rust) — fix clippy errors across 6 contracts: replace
   redundant closures, op_ref on Uint128, manual_range_contains,
   unnecessary_map_or. Refactor too_many_arguments into param structs
   for credit-class-voting, contribution-rewards, service-escrow.
   Wire 3 orphaned contracts (reputation-signal, marketplace-curation,
   validator-governance) into the workspace so cargo clippy --workspace
   actually lints them.

2. Agents (Node) — replace workspace:* protocol with * in agent
   package.json files. npm ci on GitHub Actions doesn't support the
   workspace: protocol (pnpm-only feature).

3. Verify Specs — remove the npm ci step that fails because the root
   package.json has no lock file. The verify scripts only import
   built-in node:* modules, so no install is needed.

4. WASM Size Report — pass multi-line report through env var instead
   of inline ${{ }} substitution which breaks JS string literals.

Supersedes PRs #90, #91, #92 which each fix one job but fail the others.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* ci(wasm-size): mark comment-on-PR step as continue-on-error

PRs opened from forks run with a read-only GITHUB_TOKEN (GitHub
security policy), so the Comment on PR step returns 403 and fails
the job. The WASM build itself already succeeded — the report is
informational only, not a merge gate.

With continue-on-error the comment attempts to post (works on
branches inside the base repo) but won't fail the check when it
can't (fork PRs). That lets fork PRs show a fully green CI run
instead of a red check for a non-blocking reason.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(agents): pin internal @regen/* deps to ^0.1.0 for reproducible installs

Replace "*" with "^0.1.0" for the three internal workspace deps. The
original workaround was just to escape the workspace:* protocol that
npm ci rejects, and "*" does that — but it also matches any future
version, so an accidental major bump inside the workspace would still
resolve. Pinning to ^0.1.0 keeps the workspace-resolution behavior
(all three packages are versioned 0.1.0, private:true) while giving
npm ci a stable range to lock against.

Addresses Gemini review on fix/ci-green-all-jobs:
  - agents/packages/agents/package.json:8-10
  - agents/packages/plugin-koi-mcp/package.json:9
  - agents/packages/plugin-ledger-mcp/package.json:9

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: brawlaphant <brawlaphant@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@glandua

glandua commented Apr 25, 2026

Copy link
Copy Markdown
Contributor

Superseded by #106, which combined the fixes from this PR with the others needed to make all 4 CI jobs go green. #106 has been merged.

@glandua glandua closed this Apr 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants