Skip to content

fix(ci): surface refresh-baselines HTTP error body and status code #161

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mmmprod merged 3 commits into from
Apr 19, 2026
Merged

fix(ci): surface refresh-baselines HTTP error body and status code #161

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
dfbb0e3
fix(ci): surface refresh-baselines HTTP error body and status code
mmmprod Apr 19, 2026
7992e37
fix(ci): harden refresh-baselines step against curl/HTTP edge cases
mmmprod Apr 19, 2026
45bef78
Merge branch 'main' into fix/refresh-baselines-error-visibility
mmmprod Apr 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 22 additions & 2 deletions .github/workflows/refresh-baselines.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,28 @@ jobs:
ANON_KEY: ${{ secrets.SUPABASE_ANON_KEY }}
SECRET: ${{ secrets.REFRESH_SECRET }}
run: |
curl -s -f -X POST \
response=$(mktemp)
Copy link

Copilot AI Apr 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mktemp response file is never removed. Add a trap (e.g., on EXIT) to rm -f "$response" so repeated scheduled runs don’t accumulate temp files on the runner (and to keep logs/behavior consistent if the script exits early).

Suggested change
response=$(mktemp)
response=$(mktemp)
trap 'rm -f "$response"' EXIT

Copilot uses AI. Check for mistakes.
trap 'rm -f "${response}"' EXIT
curl_exit=0
http_code=$(curl -sS -X POST \
-o "${response}" \
-w "%{http_code}" \
"${FUNCTION_URL}/refresh-baselines" \
-H "Authorization: Bearer ${ANON_KEY}" \
-H "x-refresh-secret: ${SECRET}" \
-H "Content-Type: application/json"
-H "Content-Type: application/json") || curl_exit=$?
if [ "${curl_exit}" -ne 0 ]; then
echo "curl failed before producing an HTTP response (exit ${curl_exit})"
exit 1
fi
if ! [[ "${http_code}" =~ ^[0-9]+$ ]]; then
echo "Invalid HTTP code: ${http_code:-<empty>}"
exit 1
fi
echo "HTTP ${http_code}"
if [ "${http_code}" -ge 400 ]; then
echo "Response body:"
cat "${response}"
echo
exit 1
Comment on lines +36 to +40
Copy link

Copilot AI Apr 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If curl fails before producing an HTTP code (e.g., DNS/TLS error), http_code may be empty/non-numeric and [ "${http_code}" -ge 400 ] will error with “integer expression expected”. Guard for a numeric code (or treat empty as failure) so the step fails with a clearer message.

Copilot uses AI. Check for mistakes.
fi
Comment on lines +17 to +41
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, let's locate and examine the workflow file
find . -name "refresh-baselines.yml" -type f

Repository: mmmprod/claude-eta

Length of output: 103

🏁 Script executed:

# Check the full context of the workflow file
if [ -f ".github/workflows/refresh-baselines.yml" ]; then
  cat -n ".github/workflows/refresh-baselines.yml"
fi

Repository: mmmprod/claude-eta

Length of output: 1177

🏁 Script executed:

# Verify the shell syntax of the proposed patch by checking if it's valid bash
python3 << 'EOF'
import subprocess
import tempfile

# Test the proposed patch logic
test_script = '''#!/bin/bash
set -e

response=$(mktemp)
trap 'rm -f "${response}"' EXIT
set +e
http_code=$(curl -sS -X POST \
  -o "${response}" \
  -w "%{http_code}" \
  "http://httpbin.org/status/200" \
  -H "Content-Type: application/json")
curl_exit=$?
set -e

echo "HTTP ${http_code}"
echo "Response body:"
cat "${response}"
echo

if [ "${curl_exit}" -ne 0 ]; then
  echo "curl transport error: exit ${curl_exit}"
  exit "${curl_exit}"
fi
if [ "${http_code}" -ge 400 ]; then
  exit 1
fi
'''

# Check if bash can parse it
result = subprocess.run(['bash', '-n'], input=test_script.encode(), capture_output=True)
if result.returncode == 0:
    print("✓ Proposed patch syntax is valid")
else:
    print("✗ Syntax error in proposed patch:")
    print(result.stderr.decode())
EOF

Repository: mmmprod/claude-eta

Length of output: 94

Gérez explicitement les erreurs de transport curl pour préserver les diagnostics.

Si curl rencontre une erreur de transport (DNS, TLS, timeout), le script s'arrête immédiatement avant d'afficher les logs. Cela élimine les diagnostics que ce PR vise à exposer.

Patch proposé 
-          response=$(mktemp)
-          http_code=$(curl -sS -X POST \
+          response=$(mktemp)
+          trap 'rm -f "${response}"' EXIT
+          set +e
+          http_code=$(curl -sS -X POST \
             -o "${response}" \
             -w "%{http_code}" \
             "${FUNCTION_URL}/refresh-baselines" \
             -H "Authorization: Bearer ${ANON_KEY}" \
             -H "x-refresh-secret: ${SECRET}" \
             -H "Content-Type: application/json")
+          curl_exit=$?
+          set -e
           echo "HTTP ${http_code}"
           echo "Response body:"
           cat "${response}"
           echo
+          if [ "${curl_exit}" -ne 0 ]; then
+            echo "curl transport error: exit ${curl_exit}"
+            exit "${curl_exit}"
+          fi
           if [ "${http_code}" -ge 400 ]; then
             exit 1
           fi
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
response=$(mktemp)
http_code=$(curl -sS -X POST \
-o "${response}" \
-w "%{http_code}" \
"${FUNCTION_URL}/refresh-baselines" \
-H "Authorization: Bearer ${ANON_KEY}" \
-H "x-refresh-secret: ${SECRET}" \
-H "Content-Type: application/json"
-H "Content-Type: application/json")
echo "HTTP ${http_code}"
echo "Response body:"
cat "${response}"
echo
if [ "${http_code}" -ge 400 ]; then
exit 1
fi
response=$(mktemp)
trap 'rm -f "${response}"' EXIT
set +e
http_code=$(curl -sS -X POST \
-o "${response}" \
-w "%{http_code}" \
"${FUNCTION_URL}/refresh-baselines" \
-H "Authorization: Bearer ${ANON_KEY}" \
-H "x-refresh-secret: ${SECRET}" \
-H "Content-Type: application/json")
curl_exit=$?
set -e
echo "HTTP ${http_code}"
echo "Response body:"
cat "${response}"
echo
if [ "${curl_exit}" -ne 0 ]; then
echo "curl transport error: exit ${curl_exit}"
exit "${curl_exit}"
fi
if [ "${http_code}" -ge 400 ]; then
exit 1
fi
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/refresh-baselines.yml around lines 17 - 31, Le script
actuel appelle curl into http_code=$(curl -sS -X POST -o "${response}" -w
"%{http_code}" ...) but n'expose pas les erreurs de transport (DNS/TLS/timeout)
si curl échoue; modifiez l'appel pour capturer aussi la sortie d'erreur de curl
(rediriger stderr vers un second fichier temporaire), ne pas laisser le shell
aborter prématurément, puis vérifier le code de sortie de curl ($?) après
l'appel; si curl a échoué, afficher "Response body:" et le contenu de
"${response}" ainsi que le fichier d'erreur stderr, puis exit 1; conservez
l'utilisation de "${FUNCTION_URL}", "${ANON_KEY}", "${SECRET}" et la variable
http_code pour les réponses HTTP valides.

Loading