Skip to content

[aw] Dependency update reported incomplete result #128

Description

@github-actions

Workflow Failure

Workflow: Dependency update
Branch: main
Run: https://github.com/SocketDev/socket-btm/actions/runs/29637590112

Warning

Task Could Not Be Completed: The agent reported that the task could not be performed due to an infrastructure or tool failure.

Reasons:

  • Weekly /updating run produced no committable changes: the update executor is network-blocked, so no PR could be opened and no test/get-green step applies.

    Cadence resolved to weekly (empty event.schedule).

Root cause — taze endpoint blocked by egress allowlist:

  • pnpm run update -> scripts/fleet/update.mts runs taze, which resolves every package version through npm.antfu.dev (fast-npm-meta), NOT the npm registry.
  • This workflow (.github/workflows/weekly-update.md) allows only network: [defaults, api.anthropic.com]. npm.antfu.dev is not covered.
  • Proxy check: curl (npm.antfu.dev/redacted) => 403 CONNECT tunnel failed; curl https://registry.npmjs.org/rolldown => 200.
  • Result: taze times out on 100% of lookups and writes ZERO package.json changes, so pnpm run update is a no-op.

Why the gate still fired has-updates=true:

  • weekly-update.mts hasActionableUpdates() keys on pnpm outdated, which reads the (reachable) registry and reports real drift (e.g. rolldown 1.1.4->1.1.5, shell-quote 1.9.0->1.10.0, @sinclair/typebox 0.34.50->0.34.51, @anthropic-ai/claude-code 2.1.205->2.1.207). The gate is soak-agnostic and registry-based; the executor is soak-aware and antfu-based. That mismatch is why the gate says yes but the update does nothing.

Secondary blocker — uninitialized submodules:

  • All 28 git submodules are uninitialized in this checkout (git submodule status shows leading - on every entry).
  • Discovery false-flags them as out-of-sync; pnpm run lockstep exits 1 purely on "SHA unreachable / submodule too shallow", not real drift.
  • pnpm run build and pnpm test both need initialized submodules, so step 2 (build+test) cannot run here either.

Not hand-fixed on purpose: CLAUDE.md code-first-then-ai forbids hand-bumping deps the script owns, and taze enforces the 7-day soak I cannot evaluate with the endpoint blocked. Hand-editing package.json would bypass the soak gate.

Suggested fixes (workflow-side):

  1. Add npm.antfu.dev to the network.allowed list in .github/workflows/weekly-update.md (the endpoint scripts/fleet/lib/taze-output.mts documents), then recompile the lock file.
  2. Initialize submodules in the agent job (or have update.mts/lockstep tolerate an uninitialized tree in CI) so build/test and lockstep can run.
  3. Consider aligning the gate (registry pnpm outdated) with the executor (taze/antfu + soak) so has-updates does not fire for drift the soak-aware executor will decline.

No safe git state was changed; branch deps/weekly-update-2026-07-18 has no commits and the tree is clean (ignoring the local .pnpm-store install cache).

This is a structured incompletion signal (report_incomplete), not a real task outcome. Any other safe outputs emitted alongside this signal (e.g., comments) describe the failure state, not a completed review or action.

Action Required

Assign this issue to an agent to debug and fix the issue.

Debug with any coding agent

Use this prompt with any coding agent (GitHub Copilot, Claude, Gemini, etc.):

Debug the agentic workflow failure using https://raw.githubusercontent.com/github/gh-aw/main/debug.md

The failed workflow run is at https://github.com/SocketDev/socket-btm/actions/runs/29637590112
Manually invoke the agent

Debug this workflow failure using your favorite Agent CLI and the agentic-workflows prompt.

Tip

Stop reporting this workflow as a failure

To stop a workflow from creating failure issues, set report-failure-as-issue: false in its frontmatter:

safe-outputs:
  report-failure-as-issue: false

Generated from Dependency update · 474.4 AIC ·

  • expires on Jul 25, 2026, 8:46 AM UTC

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions