@htekdev/actions-debugger 1.0.105 → 1.0.106

package/errors/caching-artifacts/cache-save-restore-path-mismatch-silent-miss.yml

@@ -0,0 +1,93 @@
+id: caching-artifacts-062
+title: "actions/cache save and restore Separate Actions Silently Miss When Paths Differ"
+category: caching-artifacts
+severity: silent-failure
+tags:
+  - cache
+  - cache-save
+  - cache-restore
+  - path-mismatch
+  - cache-miss
+  - silent
+patterns:
+  - regex: 'Cache not found for input keys'
+    flags: i
+error_messages:
+  - "Cache not found for input keys: my-cache-key"
+root_cause: |
+  When using actions/cache/save and actions/cache/restore as separate actions (split across
+  different jobs), the cache archive is indexed by BOTH the cache key AND the path provided
+  to the save action. The restore action must specify the EXACT same path as the save action
+  or no cache will be found, even when the key matches perfectly.
+
+  This is undocumented behaviour: the path is part of the cache version hash used to locate
+  the archive, not just the key. Using a relative vs absolute path, a trailing slash, or any
+  variation in path formatting between save and restore results in "Cache not found for input
+  keys" with no hint that path mismatch is the cause.
+
+  This differs from using the combined actions/cache action in a single job, where the path
+  is always consistent between save and restore. Reported in actions/cache#1444.
+fix: |
+  Ensure the path: value in actions/cache/restore exactly matches the path: value used in
+  actions/cache/save — including the same relative-vs-absolute format and no trailing slash
+  differences.
+
+  Best practice: extract the path into a shared env variable or workflow-level output, or
+  document the exact path string in both jobs.
+fix_code:
+  - language: yaml
+    label: "Wrong: different paths between save and restore jobs"
+    code: |
+      jobs:
+        build:
+          runs-on: ubuntu-latest
+          steps:
+            - name: Create files
+              run: mkdir my-files && echo "data" > my-files/data.txt
+            - uses: actions/cache/save@v4
+              with:
+                path: my-files           # saved with relative path
+                key: my-cache-${{ github.run_id }}
+
+        deploy:
+          needs: build
+          runs-on: ubuntu-latest
+          steps:
+            - uses: actions/cache/restore@v4
+              with:
+                path: ./my-files         # WRONG: './my-files' != 'my-files' -- cache not found
+                key: my-cache-${{ github.run_id }}
+  - language: yaml
+    label: "Correct: identical path strings in save and restore"
+    code: |
+      jobs:
+        build:
+          runs-on: ubuntu-latest
+          steps:
+            - name: Create files
+              run: mkdir my-files && echo "data" > my-files/data.txt
+            - uses: actions/cache/save@v4
+              with:
+                path: my-files           # use identical path
+                key: my-cache-${{ github.run_id }}
+
+        deploy:
+          needs: build
+          runs-on: ubuntu-latest
+          steps:
+            - uses: actions/cache/restore@v4
+              with:
+                path: my-files           # exact match — cache found
+                key: my-cache-${{ github.run_id }}
+prevention:
+  - "Copy the exact path: string from your save step into your restore step — do not retype it"
+  - "Avoid mixing relative (my-dir) and absolute (${{ github.workspace }}/my-dir) paths across jobs"
+  - "If in doubt, use the combined actions/cache@v4 action in a single job instead of split save/restore"
+  - "Print the cache key and path in both jobs to make debugging easier"
+docs:
+  - url: "https://github.com/actions/cache/issues/1444"
+    label: "actions/cache#1444 — Restore reports cache not found when path differs from save path"
+  - url: "https://github.com/actions/cache/tree/main/save"
+    label: "actions/cache/save — Split save/restore documentation"
+  - url: "https://github.com/actions/cache/tree/main/restore"
+    label: "actions/cache/restore — Split save/restore documentation"

package/errors/caching-artifacts/setup-java-gradle-windows-lock-files-device-busy.yml

@@ -0,0 +1,81 @@
+id: caching-artifacts-061
+title: "setup-java cache: 'gradle' Silently Corrupts Cache on Windows — Gradle Lock Files Device or Resource Busy"
+category: caching-artifacts
+severity: silent-failure
+tags:
+  - setup-java
+  - gradle
+  - windows
+  - cache
+  - lock-files
+  - device-busy
+patterns:
+  - regex: '\.lock.*Read error.*Device or resource busy'
+    flags: i
+  - regex: 'fileContent\.lock.*Device or resource busy'
+    flags: i
+  - regex: '\.gradle/caches.*Read error.*byte 0'
+    flags: i
+error_messages:
+  - "/usr/bin/tar: C\\:/Users/runneradmin/.gradle/caches/8.7/fileContent/fileContent.lock: Read error at byte 0, while reading 38 bytes: Device or resource busy"
+  - "/usr/bin/tar: Exiting with failure status due to previous errors"
+  - "Warning: Failed to save: ... failed with exit code 2"
+root_cause: |
+  On Windows runners, actions/setup-java with cache: 'gradle' triggers a cache save in its
+  post-job step. At that point, the Gradle daemon process started during the build step may
+  still be running and holding open file locks on these cache directories:
+    - .gradle/caches/*/fileContent.lock
+    - .gradle/caches/*/fileHashes.lock
+    - .gradle/caches/*/generated-gradle-jars.lock
+    - .gradle/caches/*/javaCompile.lock
+    - .gradle/caches/journal-1/journal-1.lock
+    - .gradle/caches/modules-*/modules-*.lock
+
+  The GNU tar bundled with Git for Windows (used by the GitHub Actions runner) cannot read
+  Windows-locked files and exits with code 2. Despite this failure, setup-java logs
+  "Cache saved with the key: ..." because the cache service accepted a partial archive.
+
+  The silent failure: subsequent runs restore the partial cache, missing the locked files.
+  Gradle then redownloads dependencies on every run, and the cache save repeats the same
+  error. Cache size appears normal in the UI but the archive contents are incomplete.
+  Reported in actions/setup-java#633.
+fix: |
+  Stop the Gradle daemon explicitly before the post-job step fires. The setup-java
+  post-step runs after all workflow steps complete, so stopping the daemon in the last
+  step ensures no lock files are held when the post-step archives the cache:
+fix_code:
+  - language: yaml
+    label: "Fix: stop Gradle daemon before post-step cache save"
+    code: |
+      jobs:
+        build:
+          runs-on: windows-latest
+          steps:
+            - uses: actions/checkout@v4
+            - uses: actions/setup-java@v4
+              with:
+                java-version: '21'
+                distribution: 'temurin'
+                cache: 'gradle'
+            - name: Build with Gradle
+              run: ./gradlew build
+            - name: Stop Gradle daemon before cache save
+              if: always()
+              run: ./gradlew --stop
+  - language: yaml
+    label: "Alternative: build with --no-daemon (no daemon started, no lock files)"
+    code: |
+      - name: Build with Gradle (no daemon)
+        run: ./gradlew build --no-daemon
+prevention:
+  - "Always add a './gradlew --stop' step (with if: always()) after your build step on Windows runners"
+  - "Use --no-daemon for Gradle builds in CI to avoid daemon lock file issues entirely"
+  - "Verify cache usefulness by checking whether Gradle redownloads dependencies on runs after cache save"
+  - "Consider using the official gradle/actions/setup-gradle action which handles daemon lifecycle better"
+docs:
+  - url: "https://github.com/actions/setup-java/issues/633"
+    label: "actions/setup-java#633 — Gradle caching post-task fails on Windows with 'device or resource busy'"
+  - url: "https://docs.gradle.org/current/userguide/gradle_daemon.html"
+    label: "Gradle Daemon documentation — stopping and disabling"
+  - url: "https://github.com/gradle/actions/blob/main/docs/setup-gradle.md"
+    label: "gradle/actions — recommended Gradle CI caching action"

package/errors/runner-environment/checkout-lfs-double-authorization-header-non-github-host.yml

@@ -0,0 +1,70 @@
+id: runner-environment-175
+title: "checkout@v4 LFS with Non-GitHub Host Sends Double Authorization Header -- 400 Bad Request"
+category: runner-environment
+severity: error
+tags:
+  - checkout
+  - lfs
+  - git-lfs
+  - non-github-host
+  - authorization-header
+  - submodule
+patterns:
+  - regex: 'Authorization.*Authorization'
+    flags: i
+  - regex: 'HTTP.*400.*lfs'
+    flags: i
+error_messages:
+  - "trace git-lfs: HTTP: 400"
+  - "batch request failed with status 400"
+root_cause: |
+  When actions/checkout is used with lfs: true and the repository contains submodules
+  pointing to a non-GitHub host (Gitea, Bitbucket, self-hosted GitLab, etc.), the checkout
+  action writes an HTTP Authorization header into .git/config via http.<url>.extraheader.
+  For GitHub.com remotes this works correctly. However, for submodule remotes on other hosts,
+  the git-lfs client then sends BOTH this injected header AND its own credential-helper-derived
+  Authorization header in the same LFS batch request.
+
+  Most non-GitHub servers reject duplicate Authorization headers with HTTP 400 Bad Request,
+  as the HTTP spec treats repeated Authorization headers as ambiguous. GitHub.com silently
+  deduplicates them, hiding the problem. Only non-GitHub hosts expose this bug.
+
+  Diagnosed by enabling GIT_CURL_VERBOSE: 1 and GIT_TRACE: 1 in the workflow environment,
+  which reveals two Authorization: Basic lines in the same LFS request headers.
+  Reported in actions/checkout#1830 (15 reactions).
+fix: |
+  Use SSH key authentication for the non-GitHub submodule remote — no HTTP Authorization
+  header is injected for SSH remotes, eliminating the conflict:
+fix_code:
+  - language: yaml
+    label: "Recommended: use ssh-key for non-GitHub submodule host"
+    code: |
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          lfs: true
+          ssh-key: ${{ secrets.SUBMODULE_SSH_KEY }}
+  - language: yaml
+    label: "Alternative: disable lfs on checkout and pull LFS per-host manually"
+    code: |
+      steps:
+        - uses: actions/checkout@v4
+          with:
+            submodules: recursive
+            lfs: false   # prevents checkout from injecting LFS auth header
+        - name: Clear injected extraheader and pull LFS for non-GitHub host
+          env:
+            GIT_CURL_VERBOSE: "1"
+          run: |
+            cd path/to/non-github-submodule
+            git config --unset http.https://your-host.example.com/.extraheader || true
+            git lfs pull
+prevention:
+  - "Use SSH keys for non-GitHub submodule remotes to avoid HTTP credential injection conflicts"
+  - "Enable GIT_CURL_VERBOSE=1 to diagnose duplicate Authorization headers in LFS requests"
+  - "Test LFS workflows after upgrading checkout to a new major version"
+docs:
+  - url: "https://github.com/actions/checkout/issues/1830"
+    label: "actions/checkout#1830 -- LFS fails with double auth header on non-GitHub host"
+  - url: "https://github.com/actions/checkout#readme"
+    label: "actions/checkout -- lfs and submodules input documentation"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@htekdev/actions-debugger",
-  "version": "1.0.105",
+  "version": "1.0.106",
   "description": "65+ real GitHub Actions errors, queryable by agents. CLI + MCP server + Copilot skills + error database.",
   "type": "module",
   "main": "./dist/index.js",