From dfbb0e317203d9f4deb9b7c457a501e53f61f4d4 Mon Sep 17 00:00:00 2001 From: Ton Nom <6271526+mmmprod@users.noreply.github.com> Date: Sun, 19 Apr 2026 23:52:17 +0200 Subject: [PATCH 1/2] fix(ci): surface refresh-baselines HTTP error body and status code Replace `curl -s -f` (silent + fail-no-body) with explicit HTTP code capture and response body dump. Workflow has been failing every 6h with exit 22 (HTTP >=400) but root cause was hidden. Next failure will print HTTP status + Supabase error message in logs. --- .github/workflows/refresh-baselines.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/refresh-baselines.yml b/.github/workflows/refresh-baselines.yml index d4d2b0f..2c518b5 100644 --- a/.github/workflows/refresh-baselines.yml +++ b/.github/workflows/refresh-baselines.yml @@ -14,8 +14,18 @@ jobs: ANON_KEY: ${{ secrets.SUPABASE_ANON_KEY }} SECRET: ${{ secrets.REFRESH_SECRET }} run: | - curl -s -f -X POST \ + response=$(mktemp) + http_code=$(curl -sS -X POST \ + -o "${response}" \ + -w "%{http_code}" \ "${FUNCTION_URL}/refresh-baselines" \ -H "Authorization: Bearer ${ANON_KEY}" \ -H "x-refresh-secret: ${SECRET}" \ - -H "Content-Type: application/json" + -H "Content-Type: application/json") + echo "HTTP ${http_code}" + echo "Response body:" + cat "${response}" + echo + if [ "${http_code}" -ge 400 ]; then + exit 1 + fi From 7992e37532a958136eda129b41e87979e074b66f Mon Sep 17 00:00:00 2001 From: Ton Nom <6271526+mmmprod@users.noreply.github.com> Date: Sun, 19 Apr 2026 23:56:48 +0200 Subject: [PATCH 2/2] fix(ci): harden refresh-baselines step against curl/HTTP edge cases Address CodeRabbit review feedback on PR #161: - Add EXIT trap to clean up mktemp response file - Capture curl exit code; surface clear error when curl fails before producing an HTTP code (DNS, TLS, connection reset) - Validate http_code is numeric before integer comparison to avoid obscure "integer expression expected" failure - Only dump response body on HTTP >=400 to avoid noisy logs and reduce risk of leaking verbose payloads on success --- .github/workflows/refresh-baselines.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/workflows/refresh-baselines.yml b/.github/workflows/refresh-baselines.yml index 2c518b5..ba10c09 100644 --- a/.github/workflows/refresh-baselines.yml +++ b/.github/workflows/refresh-baselines.yml @@ -15,17 +15,27 @@ jobs: SECRET: ${{ secrets.REFRESH_SECRET }} run: | response=$(mktemp) + trap 'rm -f "${response}"' EXIT + curl_exit=0 http_code=$(curl -sS -X POST \ -o "${response}" \ -w "%{http_code}" \ "${FUNCTION_URL}/refresh-baselines" \ -H "Authorization: Bearer ${ANON_KEY}" \ -H "x-refresh-secret: ${SECRET}" \ - -H "Content-Type: application/json") + -H "Content-Type: application/json") || curl_exit=$? + if [ "${curl_exit}" -ne 0 ]; then + echo "curl failed before producing an HTTP response (exit ${curl_exit})" + exit 1 + fi + if ! [[ "${http_code}" =~ ^[0-9]+$ ]]; then + echo "Invalid HTTP code: ${http_code:-}" + exit 1 + fi echo "HTTP ${http_code}" - echo "Response body:" - cat "${response}" - echo if [ "${http_code}" -ge 400 ]; then + echo "Response body:" + cat "${response}" + echo exit 1 fi