ci: fix post-publish smoke test and refresh-baselines auth#366
Merged
Conversation
Two pre-existing workflow failures, both consistently breaking every merge to main: 1. Post-Publish Smoke Test was importing `@harness-engineering/dashboard` by bare specifier. Dashboard publishes no '.' export — it's a runnable server with side-effectful entrypoint and no library API — so Node rejected the bare import with `No "exports" main defined`. Probe `@harness-engineering/dashboard/package.json` instead; npm install still resolves dashboard's transitive deps, so incident #332-style cross-package drift would still surface there. 2. The `refresh-baselines` job had `contents: write` only. Branch protection now blocks direct pushes to main, so the workflow falls back to `gh pr create`, which fails with "Resource not accessible by integration" without `pull-requests: write`. Add the permission.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two pre-existing workflow failures, both consistently breaking every merge to main since at least 2026-05-18 (six failed Post-Publish Smoke Test runs in a row, and the refresh-baselines job has failed on the last several main merges including #363 and #365). Neither was introduced by a recent PR — they're workflow bugs.
Summary
1.
Post-Publish Smoke Test(.github/workflows/smoke-test.yml)@harness-engineering/dashboardpublishes only./serverand./package.jsonsubpath exports — it's a runnable server with no library API and a side-effectful entrypoint — so the bare import fails withNo "exports" main defined.@harness-engineering/dashboard/package.jsoninstead. Other packages keep the bare-specifier import.npm installstill resolves dashboard's transitive deps, so incident fix(types): republish types so downstream dist matches published exports #332-style cross-package drift would still surface there.2.
refresh-baselines(.github/workflows/ci.yml)permissions: contents: writeonly. Branch protection blocks direct pushes tomain, so the workflow falls back togh pr create— which fails withResource not accessible by integrationbecause the token lackspull-requests: write. Result: the merge run is marked failed even when the baseline diff was empty.pull-requests: writeto the job's permissions. Comment in the workflow explains the contract.Test plan
python3 -c "import yaml; yaml.safe_load(...)"parses both files.with: { type: 'json' }) verified to work on Node 22+ locally (the smoke runner is pinned to Node 22).Out of scope
.export) is intentional; this PR adapts the test, not the package.archbaseline regressions inpackages/cli(handleEmitSkillProposalcomplexity, module-size, dependency-depth) are unrelated.