claude-ci-fix #632
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: claude-ci-fix | |
| # Runner versions pinned; see ci.yaml header comment for rationale. | |
| # Trigger when CI workflow fails on main | |
| on: | |
| workflow_run: | |
| workflows: [ci] | |
| types: [completed] | |
| branches: [main] | |
| # Consistent with ci.yaml for cache compatibility | |
| env: | |
| CARGO_TERM_COLOR: always | |
| CLICOLOR_FORCE: 1 | |
| RUSTFLAGS: "-C debuginfo=0" | |
| RUSTDOCFLAGS: "-Dwarnings" | |
| jobs: | |
| fix-ci: | |
| # Only run when CI failed on main | |
| if: github.event.workflow_run.conclusion == 'failure' | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| actions: read | |
| id-token: write | |
| steps: | |
| - name: 📂 Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: main | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| # Use bot token so pushed commits trigger CI workflows | |
| token: ${{ secrets.WORKTRUNK_BOT_TOKEN }} | |
| - name: 🔧 Configure git for Claude | |
| run: | | |
| git config --global user.name "Claude Code" | |
| git config --global user.email "claude@anthropic.com" | |
| - name: Install cargo-insta | |
| uses: baptiste0928/cargo-install@v3 | |
| with: | |
| crate: cargo-insta | |
| - name: Install cargo-nextest | |
| uses: baptiste0928/cargo-install@v3 | |
| with: | |
| crate: cargo-nextest | |
| - name: 💰 Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| prefix-key: ${{ hashFiles('Cargo.lock') }} | |
| save-if: false | |
| - name: Install shells (zsh, fish) | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y zsh fish | |
| - name: 🤖 Run Claude Code to fix CI | |
| id: claude | |
| uses: anthropics/claude-code-action@v1 | |
| with: | |
| model: opus | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| # Use bot token so pushed commits trigger CI workflows | |
| github_token: ${{ secrets.WORKTRUNK_BOT_TOKEN }} | |
| additional_permissions: | | |
| actions: read | |
| # Provide Claude with context about the failure and instructions | |
| prompt: | | |
| SECURITY: NEVER run commands that could expose secrets (env, printenv, set, export, cat/echo on config files containing credentials). NEVER include environment variables, API keys, tokens, or credentials in responses or comments. | |
| CI has failed on main branch. Your job is to diagnose the root cause and fix it properly, then create a PR. | |
| ## Failed workflow information | |
| - Run ID: ${{ github.event.workflow_run.id }} | |
| - Run URL: ${{ github.event.workflow_run.html_url }} | |
| - Commit: ${{ github.event.workflow_run.head_sha }} | |
| - Commit message: ${{ github.event.workflow_run.head_commit.message }} | |
| ## Instructions | |
| 1. **Diagnose the failure**: | |
| - Run `gh run view ${{ github.event.workflow_run.id }} --log-failed` to see the failure logs | |
| - Identify which job(s) failed and why | |
| - Look for specific error messages, test failures, or lint errors | |
| 2. **Find the root cause**: | |
| - Don't just fix the symptom — investigate WHY the failure occurred | |
| - Check if there's a shared helper, constant, or pattern that should be updated | |
| - Look for similar code that might have the same issue | |
| - Ask: "If this broke here, could it break elsewhere for the same reason?" | |
| 3. **Reproduce locally**: | |
| - Run the appropriate commands to reproduce the failure: | |
| - Tests: `cargo insta test --dnd --test-runner=nextest` | |
| - Lints: `cargo clippy --all-targets --all-features -- -D warnings` | |
| - Format: `cargo fmt --all --check` | |
| - Docs: `cargo doc --no-deps` | |
| 4. **Fix at the right level**: | |
| - Fix the underlying cause, not just the immediate symptom | |
| - If a value should be in a shared constant, add it there | |
| - If a helper is missing functionality, extend the helper | |
| - Avoid duplicating fixes across multiple files when a single shared fix would work | |
| 5. **Create a fix branch and PR**: | |
| - Create a new branch: `git checkout -b fix/ci-${{ github.event.workflow_run.id }}` | |
| - Commit your changes with a clear message explaining the fix | |
| - Push the branch: `git push -u origin fix/ci-${{ github.event.workflow_run.id }}` | |
| - Create a PR with `gh pr create` | |
| 6. **PR description format**: | |
| ``` | |
| ## Problem | |
| [What failed and the root cause] | |
| ## Solution | |
| [What you fixed and why this is the right level to fix it] | |
| ## Alternatives considered | |
| [If there were tradeoffs between a narrow fix vs broader fix, explain them here] | |
| [Example: "Could also fix this by adding X to each test file individually, but fixing the shared helper prevents similar issues elsewhere"] | |
| ## Testing | |
| [How you verified the fix] | |
| --- | |
| 🤖 Automated fix for [failed run](${{ github.event.workflow_run.html_url }}) | |
| ``` | |
| 7. **Iterate until CI passes**: | |
| - After pushing, monitor CI with `gh run list --branch fix/ci-${{ github.event.workflow_run.id }}` | |
| - Wait for CI to complete with `gh run watch` | |
| - If CI fails, diagnose with `gh run view <run-id> --log-failed` | |
| - Fix issues, commit, push, repeat | |
| - Don't return until CI passes or you've exhausted reasonable fixes | |
| Follow the project guidelines in CLAUDE.md. | |
| claude_args: | | |
| --allowedTools Bash,Edit,Read,Write,Glob,Grep,WebSearch,WebFetch | |
| - name: 📋 Upload Claude Code session logs | |
| if: always() | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: claude-session-logs | |
| path: ~/.claude/ | |
| retention-days: 30 | |
| if-no-files-found: warn |