mirror of
https://github.com/lucas-labs/claude-plugins.git
synced 2026-07-10 19:25:44 -03:00
ci: pin validate-plugins + scan-plugins + bump-plugin-shas to self-healing CLI install (#3095)
* ci: bump validate-plugins action pin to self-healing CLI install Bumps the pinned validate-plugins action SHA (f846a0bc -> 5d75f99) to pick up two fixes already merged in claude-plugins-community: 1. Self-healing claude CLI install (community#233): the prior pin's install step was a bare `npm i -g @anthropic-ai/claude-code@latest && claude --version`, which intermittently stalled (a 28-min hang -> "native binary not installed") and jammed whichever bump PR caught it (e.g. desktop-commander #2985). The new step forces the optional native dep, verifies the binary, re-runs the postinstall on a miss, and bounds every network step with a timeout. 2. strict:false skills-only manifest synthesis: the prior pin hard-required a plugin.json for external git-subdir sources, false-failing skills-only entries that the marketplace server synthesizes a manifest for. This is what blocks #2997 (learn-with-coursera) and #2312 (netsuite-suitecloud) today; the bumped action synthesizes a minimal manifest for them instead. No other change. The action stays on claude-cli-version: latest. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * ci: pin scan-plugins + bump-plugin-shas to self-healing action too Extend the validate-plugins pin bump (this PR) to the other two shared actions that install the claude CLI the same flaky way. All three now pin the same claude-plugins-community SHA (d207465) carrying the self-healing install (community#233 + #234): force the optional native dep, verify, re-run postinstall on a miss, timeout every network step, retry with real reinstalls. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * ci: run validate on workflow-file changes (fix required-check deadlock) A PR touching only .github/workflows/** (e.g. an action-SHA re-pin like this one) never matched validate-plugins.yml's pull_request path filter, so the required 'validate' check never ran and the PR sat 'Expected — Waiting for status to be reported' with no way to clear it (workflow_dispatch check runs aren't associated with the PR, so they don't satisfy the required check; the ruleset has no bypass actors). Add .github/workflows/** to the trigger so workflow-only PRs validate in-context and can clear the gate — and so this PR unblocks itself. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
46a038ad2d
commit
94258c5913
2
.github/workflows/bump-plugin-shas.yml
vendored
2
.github/workflows/bump-plugin-shas.yml
vendored
@ -51,7 +51,7 @@ jobs:
|
||||
|
||||
# createCommitOnBranch-based bump so commits are signed by GitHub and
|
||||
# satisfy the org-level required_signatures ruleset on main.
|
||||
- uses: anthropics/claude-plugins-community/.github/actions/bump-plugin-shas@e2019b2a01f11aa1484c53540b1cfab5eebbc299
|
||||
- uses: anthropics/claude-plugins-community/.github/actions/bump-plugin-shas@d207465eb6ec02b6f3f1dbb131717830dc9ecc68
|
||||
id: bump
|
||||
with:
|
||||
marketplace-path: .claude-plugin/marketplace.json
|
||||
|
||||
2
.github/workflows/scan-plugins.yml
vendored
2
.github/workflows/scan-plugins.yml
vendored
@ -196,7 +196,7 @@ jobs:
|
||||
continue-on-error: true
|
||||
# Pinned to claude-plugins-community#34 (WIF input support).
|
||||
# TODO: re-pin to a main-branch SHA once #34 merges.
|
||||
uses: anthropics/claude-plugins-community/.github/actions/scan-plugins@e85f0d65b4fc87f07862e1dcdc467950514414ec
|
||||
uses: anthropics/claude-plugins-community/.github/actions/scan-plugins@d207465eb6ec02b6f3f1dbb131717830dc9ecc68
|
||||
with:
|
||||
# Anthropic auth via Workload Identity Federation — the action
|
||||
# mints a GitHub OIDC token (id-token: write above) and the claude
|
||||
|
||||
8
.github/workflows/validate-plugins.yml
vendored
8
.github/workflows/validate-plugins.yml
vendored
@ -8,6 +8,12 @@ on:
|
||||
- '*/agents/**'
|
||||
- '*/skills/**'
|
||||
- '*/commands/**'
|
||||
# `validate` is a required status check, so a PR that touches ONLY workflow
|
||||
# files (e.g. an action-SHA re-pin) would otherwise never trigger validate
|
||||
# and sit "Expected — Waiting for status to be reported" forever (workflow_dispatch
|
||||
# check runs aren't associated with the PR, so they don't satisfy it). Run
|
||||
# validate on workflow changes too so those PRs can clear the gate in-context.
|
||||
- '.github/workflows/**'
|
||||
push:
|
||||
branches: [main]
|
||||
paths:
|
||||
@ -32,7 +38,7 @@ jobs:
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- uses: anthropics/claude-plugins-community/.github/actions/validate-plugins@f846a0bcb0e721b1f93d60e8b73e91dafc4a1e87
|
||||
- uses: anthropics/claude-plugins-community/.github/actions/validate-plugins@d207465eb6ec02b6f3f1dbb131717830dc9ecc68
|
||||
with:
|
||||
marketplace-path: .claude-plugin/marketplace.json
|
||||
# Official curated marketplace: SHA-pin (I5) is a HARD error.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user