Skip to content

fix(ci): drop beta-Rust CodeQL leg (cancelled/hanging 'checks 2 things forever')#375

Merged
hyperpolymath merged 1 commit into
mainfrom
fix/codeql-drop-rust-beta-leg
Jul 17, 2026
Merged

fix(ci): drop beta-Rust CodeQL leg (cancelled/hanging 'checks 2 things forever')#375
hyperpolymath merged 1 commit into
mainfrom
fix/codeql-drop-rust-beta-leg

Conversation

@hyperpolymath

Copy link
Copy Markdown
Owner

What

The CodeQL matrix analysed actions + rust. CodeQL Rust support is beta — that leg cancels/hangs and never resolves (the recurring "CodeQL checks 2 things forever" symptom seen on this repo's Actions tab), so it provides zero real security coverage while looking permanently in-progress.

Fix

Remove the rust leg, keep actions (this repo's primary analysable surface). Matrix stays non-empty → no zero-jobs startup_failure.

Rust security (follow-up)

Rust belongs in native tooling, not CodeQL. rust.yml already runs clippy + build + test. Recommended next: a cargo-audit gate — verified locally that it runs and already flags a real vuln: crossbeam-epoch 0.9.18RUSTSEC-2026-0204 (fix >=0.9.20), plus anyhow 1.0.102 unsound (RUSTSEC-2026-0190).

Verification

actionlint exit 0; matrix = 1 actions leg, 0 active rust legs.

Context

Estate-wide shared-fate: 13 repos carry this beta-Rust CodeQL leg. Reference fix for the sweep.

🤖 Generated with Claude Code

…actions

The CodeQL matrix analysed `actions` + `rust`. CodeQL's Rust support is beta:
that leg cancels/hangs and never resolves (the recurring "CodeQL checks 2
things forever" symptom), providing zero real coverage. Removing it leaves the
`actions` leg (this repo's primary analysable surface, per the workflow's own
comment), so the matrix stays non-empty (no zero-jobs startup_failure).

Rust security should be covered natively instead: rust.yml already runs
clippy + build + test. A cargo-audit gate is a recommended follow-up — verified
locally that `cargo audit` runs and already flags a real vuln in shared-context
(crossbeam-epoch 0.9.18 → RUSTSEC-2026-0204, fix >=0.9.20; anyhow 1.0.102
unsound RUSTSEC-2026-0190).

Verified: actionlint exit 0; matrix has 1 `actions` leg, 0 active `rust` legs.

Part of the estate-wide CI cleanup: 13 repos carry this beta-Rust CodeQL leg.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@hyperpolymath
hyperpolymath marked this pull request as ready for review July 17, 2026 22:17
@hyperpolymath
hyperpolymath enabled auto-merge (squash) July 17, 2026 22:18
hyperpolymath added a commit to hyperpolymath/hybrid-automation-router that referenced this pull request Jul 17, 2026
…s forever') (#118)

## What

The CodeQL matrix analysed a `rust` leg. **CodeQL Rust support is beta**
— that leg cancels/hangs and never resolves (the recurring *"CodeQL
checks 2 things forever"* symptom), providing zero real security
coverage.

## Fix

Remove the `rust` leg; keep/ensure an `actions` leg so the matrix stays
non-empty (no zero-jobs `startup_failure`). Rust security belongs in
native tooling (cargo-audit / clippy), not beta CodeQL.

## Verification

`actionlint`: no parse/syntax errors; matrix has an `actions` leg and
zero active `rust` legs.

## Context

Estate-wide shared-fate: 13 repos carried this beta-Rust CodeQL leg.
Reference: hyperpolymath/gitbot-fleet#375.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
hyperpolymath added a commit to hyperpolymath/robodog-defensive-systems-lab that referenced this pull request Jul 17, 2026
…s forever') (#105)

## What

The CodeQL matrix analysed a `rust` leg. **CodeQL Rust support is beta**
— that leg cancels/hangs and never resolves (the recurring *"CodeQL
checks 2 things forever"* symptom), providing zero real security
coverage.

## Fix

Remove the `rust` leg; keep/ensure an `actions` leg so the matrix stays
non-empty (no zero-jobs `startup_failure`). Rust security belongs in
native tooling (cargo-audit / clippy), not beta CodeQL.

## Verification

`actionlint`: no parse/syntax errors; matrix has an `actions` leg and
zero active `rust` legs.

## Context

Estate-wide shared-fate: 13 repos carried this beta-Rust CodeQL leg.
Reference: hyperpolymath/gitbot-fleet#375.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
hyperpolymath added a commit to hyperpolymath/hesiod-dns-map that referenced this pull request Jul 17, 2026
…s forever') (#67)

## What

The CodeQL matrix analysed a `rust` leg. **CodeQL Rust support is beta**
— that leg cancels/hangs and never resolves (the recurring *"CodeQL
checks 2 things forever"* symptom), providing zero real security
coverage.

## Fix

Remove the `rust` leg; keep/ensure an `actions` leg so the matrix stays
non-empty (no zero-jobs `startup_failure`). Rust security belongs in
native tooling (cargo-audit / clippy), not beta CodeQL.

## Verification

`actionlint`: no parse/syntax errors; matrix has an `actions` leg and
zero active `rust` legs.

## Context

Estate-wide shared-fate: 13 repos carried this beta-Rust CodeQL leg.
Reference: hyperpolymath/gitbot-fleet#375.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
@hyperpolymath
hyperpolymath disabled auto-merge July 17, 2026 22:29
@hyperpolymath
hyperpolymath merged commit 7f51b12 into main Jul 17, 2026
11 of 12 checks passed
@hyperpolymath
hyperpolymath deleted the fix/codeql-drop-rust-beta-leg branch July 17, 2026 22:29
hyperpolymath added a commit to hyperpolymath/conative-gating that referenced this pull request Jul 17, 2026
…s forever') (#79)

## What

The CodeQL matrix analysed a `rust` leg. **CodeQL Rust support is beta**
— that leg cancels/hangs and never resolves (the recurring *"CodeQL
checks 2 things forever"* symptom), providing zero real security
coverage.

## Fix

Remove the `rust` leg; keep/ensure an `actions` leg so the matrix stays
non-empty (no zero-jobs `startup_failure`). Rust security belongs in
native tooling (cargo-audit / clippy), not beta CodeQL.

## Verification

`actionlint`: no parse/syntax errors; matrix has an `actions` leg and
zero active `rust` legs.

## Context

Estate-wide shared-fate: 13 repos carried this beta-Rust CodeQL leg.
Reference: hyperpolymath/gitbot-fleet#375.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
hyperpolymath added a commit to hyperpolymath/palimpsest-plasma that referenced this pull request Jul 17, 2026
…s forever') (#55)

## What

The CodeQL matrix analysed a `rust` leg. **CodeQL Rust support is beta**
— that leg cancels/hangs and never resolves (the recurring *"CodeQL
checks 2 things forever"* symptom), providing zero real security
coverage.

## Fix

Remove the `rust` leg; keep/ensure an `actions` leg so the matrix stays
non-empty (no zero-jobs `startup_failure`). Rust security belongs in
native tooling (cargo-audit / clippy), not beta CodeQL.

## Verification

`actionlint`: no parse/syntax errors; matrix has an `actions` leg and
zero active `rust` legs.

## Context

Estate-wide shared-fate: 13 repos carried this beta-Rust CodeQL leg.
Reference: hyperpolymath/gitbot-fleet#375.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
hyperpolymath added a commit to hyperpolymath/wokelang that referenced this pull request Jul 17, 2026
…s forever') (#121)

## What

The CodeQL matrix analysed a `rust` leg. **CodeQL Rust support is beta**
— that leg cancels/hangs and never resolves (the recurring *"CodeQL
checks 2 things forever"* symptom), providing zero real security
coverage.

## Fix

Remove the `rust` leg; keep/ensure an `actions` leg so the matrix stays
non-empty (no zero-jobs `startup_failure`). Rust security belongs in
native tooling (cargo-audit / clippy), not beta CodeQL.

## Verification

`actionlint`: no parse/syntax errors; matrix has an `actions` leg and
zero active `rust` legs.

## Context

Estate-wide shared-fate: 13 repos carried this beta-Rust CodeQL leg.
Reference: hyperpolymath/gitbot-fleet#375.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
hyperpolymath added a commit to hyperpolymath/project-wharf that referenced this pull request Jul 17, 2026
…s forever') (#70)

## What

The CodeQL matrix analysed a `rust` leg. **CodeQL Rust support is beta**
— that leg cancels/hangs and never resolves (the recurring *"CodeQL
checks 2 things forever"* symptom), providing zero real security
coverage.

## Fix

Remove the `rust` leg; keep/ensure an `actions` leg so the matrix stays
non-empty (no zero-jobs `startup_failure`). Rust security belongs in
native tooling (cargo-audit / clippy), not beta CodeQL.

## Verification

`actionlint`: no parse/syntax errors; matrix has an `actions` leg and
zero active `rust` legs.

## Context

Estate-wide shared-fate: 13 repos carried this beta-Rust CodeQL leg.
Reference: hyperpolymath/gitbot-fleet#375.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
hyperpolymath added a commit to hyperpolymath/reasonably-good-token-vault that referenced this pull request Jul 17, 2026
…133)

## What

`.github/workflows/codeql.yml` had **two** defects:
1. The `strategy:` block was indented 2 spaces — floating outside the
`analyze` job — with a misaligned matrix leg, so the file **did not
parse as YAML** (actionlint: *did not find expected '-' indicator*).
CodeQL never ran.
2. The only matrix language was `rust` (beta CodeQL — cancels/hangs).

## Fix

Re-indent the `strategy` block under the job; set the leg to `actions`
(non-empty matrix, no zero-jobs `startup_failure`).

## Verification

`actionlint`: no parse/syntax errors; `actions` leg present, no active
`rust` leg.

## Context

Estate-wide shared-fate: 13 repos carried the beta-Rust CodeQL leg.
Reference: hyperpolymath/gitbot-fleet#375.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
hyperpolymath added a commit to hyperpolymath/phantom-metal-taste that referenced this pull request Jul 17, 2026
…s forever') (#36)

## What

The CodeQL matrix analysed a `rust` leg. **CodeQL Rust support is beta**
— that leg cancels/hangs and never resolves (the recurring *"CodeQL
checks 2 things forever"* symptom), providing zero real security
coverage.

## Fix

Remove the `rust` leg; keep/ensure an `actions` leg so the matrix stays
non-empty (no zero-jobs `startup_failure`). Rust security belongs in
native tooling (cargo-audit / clippy), not beta CodeQL.

## Verification

`actionlint`: no parse/syntax errors; matrix has an `actions` leg and
zero active `rust` legs.

## Context

Estate-wide shared-fate: 13 repos carried this beta-Rust CodeQL leg.
Reference: hyperpolymath/gitbot-fleet#375.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
hyperpolymath added a commit to hyperpolymath/blocky-writer that referenced this pull request Jul 17, 2026
…s forever') (#21)

## What

The CodeQL matrix analysed a `rust` leg. **CodeQL Rust support is beta**
— that leg cancels/hangs and never resolves (the recurring *"CodeQL
checks 2 things forever"* symptom), providing zero real security
coverage.

## Fix

Remove the `rust` leg; keep/ensure an `actions` leg so the matrix stays
non-empty (no zero-jobs `startup_failure`). Rust security belongs in
native tooling (cargo-audit / clippy), not beta CodeQL.

## Verification

`actionlint`: no parse/syntax errors; matrix has an `actions` leg and
zero active `rust` legs.

## Context

Estate-wide shared-fate: 13 repos carried this beta-Rust CodeQL leg.
Reference: hyperpolymath/gitbot-fleet#375.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
hyperpolymath added a commit to hyperpolymath/social-media-polygraph that referenced this pull request Jul 17, 2026
…s forever') (#60)

## What

The CodeQL matrix analysed a `rust` leg. **CodeQL Rust support is beta**
— that leg cancels/hangs and never resolves (the recurring *"CodeQL
checks 2 things forever"* symptom), providing zero real security
coverage.

## Fix

Remove the `rust` leg; keep/ensure an `actions` leg so the matrix stays
non-empty (no zero-jobs `startup_failure`). Rust security belongs in
native tooling (cargo-audit / clippy), not beta CodeQL.

## Verification

`actionlint`: no parse/syntax errors; matrix has an `actions` leg and
zero active `rust` legs.

## Context

Estate-wide shared-fate: 13 repos carried this beta-Rust CodeQL leg.
Reference: hyperpolymath/gitbot-fleet#375.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant