npm - @htekdev/actions-debugger - Versions diffs - 1.0.118 → 1.0.120 - Mend

@htekdev/actions-debugger 1.0.118 → 1.0.120

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/errors/yaml-syntax/yaml-syntax-073.yml ADDED Viewed

@@ -0,0 +1,103 @@
+id: yaml-syntax-073
+title: "setup-python 'python-version: 3.10' Parsed as YAML Float 3.1 — Wrong Python Version Installed"
+category: yaml-syntax
+severity: silent-failure
+tags:
+  - setup-python
+  - yaml-float
+  - python-version
+  - version-mismatch
+  - silent-failure
+patterns:
+  - regex: 'Version 3\.1 with arch .{0,20} not found'
+    flags: 'i'
+  - regex: "Installed Python 3\\.1\\."
+    flags: 'i'
+  - regex: 'python.version.*3\.10.*3\.1|3\.10.*yaml.*float'
+    flags: 'i'
+error_messages:
+  - "Version 3.1 with arch x64 not found in the local, remote file."
+  - "Version 3.1 with arch x64 not found"
+  - "Installed Python 3.1.5"
+  - "Error: Version 3.1 was not found in the local cache"
+root_cause: |
+  When 'python-version' is specified as a bare unquoted decimal like 3.10
+  in a workflow YAML file, the YAML parser interprets the value as a
+  floating-point number. The float representation of 3.10 is 3.1 (the
+  trailing zero is dropped during float-to-string conversion).
+  actions/setup-python then receives the string "3.1" and attempts to
+  install Python version 3.1.x. Python 3.1 is an extremely old release
+  from 2009 and is not available in the tool cache. The action either:
+  a) Fails with "Version 3.1 with arch x64 not found" — if the version
+     is not in the manifest (common on GitHub-hosted runners).
+  b) Silently installs the latest 3.1.x if one happens to be cached,
+     giving developers an unexpectedly old Python environment with no
+     warning.
+  Affected version strings: any Python version where the minor version
+  ends in zero (3.10, 3.20 if it existed, etc.) or has trailing decimal
+  zeros (3.10.0 → still has the problem if written unquoted as 3.10).
+  The same YAML float coercion affects other setup-* actions:
+  - setup-go with go-version: 1.20 → "1.2" (yaml-syntax-027)
+  - setup-node with node-version: 18.10 → "18.1"
+  This entry specifically covers setup-python.
+fix: |
+  Always quote the python-version value in YAML to force the parser to
+  treat it as a string, not a number.
+fix_code:
+  - language: yaml
+    label: "Wrong — unquoted 3.10 parsed as float 3.1"
+    code: |
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.10   # ❌ YAML parses as float → installs 3.1.x
+  - language: yaml
+    label: "Fixed — quoted string forces correct version"
+    code: |
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'   # ✅ Quoted string → installs 3.10.x
+  - language: yaml
+    label: "Fixed — matrix with quoted python versions"
+    code: |
+      jobs:
+        test:
+          strategy:
+            matrix:
+              python-version: ['3.9', '3.10', '3.11', '3.12']
+              #               ^^^^^^  ^^^^^^  ^^^^^^  ^^^^^^
+              # All quoted — prevents YAML float coercion for any version
+          steps:
+            - uses: actions/setup-python@v5
+              with:
+                python-version: ${{ matrix.python-version }}
+  - language: yaml
+    label: "Alternative — use python-version-file to avoid manual version strings"
+    code: |
+      - uses: actions/setup-python@v5
+        with:
+          python-version-file: '.python-version'
+          # .python-version file contains: 3.10.14
+          # File-based version is read as plain text, not YAML — no float risk
+prevention:
+  - "Always quote python-version values in YAML: '3.10' not 3.10."
+  - "Use python-version-file: '.python-version' or pyproject.toml to read version from a non-YAML source."
+  - "Apply the same quoting rule to all setup-* version inputs: '1.20' for Go, '18.10' for Node."
+  - "Run actionlint — it warns about unquoted version strings in matrix definitions."
+  - "Check 'Set up Python' step output in the Actions log — it shows the resolved version string."
+docs:
+  - url: "https://github.com/actions/setup-python/issues/160"
+    label: "actions/setup-python#160 — python-version 3.10 parsed as float 3.1 (109 reactions)"
+  - url: "https://yaml.org/spec/1.2.2/#floating-point-scalars"
+    label: "YAML spec — floating-point scalar parsing rules"
+  - url: "https://github.com/actions/setup-python#supported-version-syntax"
+    label: "actions/setup-python — supported version syntax"

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@htekdev/actions-debugger",
-  "version": "1.0.118",
+  "version": "1.0.120",
   "description": "65+ real GitHub Actions errors, queryable by agents. CLI + MCP server + Copilot skills + error database.",
   "type": "module",
   "main": "./dist/index.js",