@htekdev/actions-debugger 1.0.13 → 1.0.14

package/errors/runner-environment/az-powershell-14-to-15-breaking.yml

@@ -0,0 +1,108 @@
+id: runner-environment-034
+title: "Azure PowerShell Az Module Upgraded from 14.x to 15.x on All Runner Images"
+category: runner-environment
+severity: error
+tags:
+  - azure
+  - powershell
+  - az-module
+  - breaking-change
+  - runner-image
+  - migration
+patterns:
+  - regex: "Az\\.(?:Accounts|Compute|Storage|Network|Resources|KeyVault|Sql|Monitor).*not recognized|The term '.*-Az.*' is not recognized"
+    flags: "i"
+  - regex: "Install-Module.*Az.*RequiredVersion.*14"
+    flags: "i"
+  - regex: "Get-AzVM|Set-AzVMExtension|New-AzResourceGroup.*parameter.*was not found|does not exist in the cmdlet"
+    flags: "i"
+  - regex: "CommandNotFoundException.*Az\\.|ParameterBindingException.*Az\\."
+    flags: "i"
+error_messages:
+  - "The term 'Get-AzXxx' is not recognized as a name of a cmdlet"
+  - "A parameter cannot be found that matches parameter name"
+  - "Cannot process argument transformation on parameter"
+  - "Object reference not set to an instance of an object"
+root_cause: |
+  The Azure PowerShell (Az) module was upgraded from version 14.6.0 to 15.6.1 on all
+  GitHub-hosted runner images beginning June 8, 2026 (completing June 15, 2026).
+  This is a major version bump (14 → 15) and includes breaking changes:
+
+  - **Removed cmdlets**: Several deprecated cmdlets from Az 14.x were dropped with no
+    backward-compatible alias.
+  - **Parameter changes**: Some cmdlets have altered parameter names, types, or
+    removed optional parameters that were previously accepted.
+  - **Output type changes**: Return objects from certain cmdlets have changed shape,
+    breaking pipeline expressions like `(Get-AzXxx).Property`.
+  - **ARM64 images affected disproportionately**: windows-11-arm64 and
+    windows-11-vs2026-arm64 jumped from Az 12.5.0 directly to 15.6.1 — a 3-major-version
+    leap with significantly more accumulated breaking changes.
+
+  Unlike other software installed on runner images, the Az PowerShell module does NOT
+  have an LTS version — only the latest release receives security fixes and support.
+  Microsoft discontinued support for Az 14.x as of the 15.x release cycle.
+
+  The runner images affected and their before/after versions:
+  - ubuntu-22.04, ubuntu-24.04, macos-14/15/26, windows-2022/2025/2025-vs2026: 14.6.0 → 15.6.1
+  - windows-11-arm64, windows-11-vs2026-arm64: 12.5.0 → 15.6.1
+
+  Source: actions/runner-images#14104
+fix: |
+  **Option 1 — Pin to Az 14.6.0** (temporary fix while migrating):
+  Add an explicit Install-Module step at the start of any job using Az cmdlets.
+
+  **Option 2 — Migrate to Az 15.x** (recommended long-term):
+  Review the Az 15.x migration guide and update scripts to use the new cmdlet names,
+  parameters, and output types. Run `Get-AzVersion` to confirm the version in use.
+
+  **Diagnosis**: Use `Get-Module -Name Az.* -ListAvailable | Select Name, Version` to
+  confirm which Az module version is installed on the current runner.
+fix_code:
+  - language: yaml
+    label: "Pin Az module to 14.6.0 for immediate rollback"
+    code: |
+      jobs:
+        deploy:
+          runs-on: ubuntu-latest
+          steps:
+            - name: Pin Azure PowerShell to 14.6.0
+              shell: pwsh
+              run: |
+                Install-Module -Name Az -RequiredVersion 14.6.0 -Force -AllowClobber -Scope CurrentUser
+                Import-Module Az -RequiredVersion 14.6.0
+
+            - name: Azure login
+              uses: azure/login@v2
+              with:
+                client-id: ${{ secrets.AZURE_CLIENT_ID }}
+                tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+                subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+            - name: Run Azure operations
+              shell: pwsh
+              run: |
+                # Your existing Az 14.x scripts
+                Get-AzVM -ResourceGroupName $env:RG_NAME
+  - language: yaml
+    label: "Verify installed Az version (diagnosis step)"
+    code: |
+      - name: Check Az module version
+        shell: pwsh
+        run: |
+          Get-Module -Name Az.Accounts -ListAvailable | Select-Object Name, Version
+          Get-AzVersion
+prevention:
+  - "Subscribe to actions/runner-images announcements to get advance warning of Az module version changes."
+  - "Pin the Az module version explicitly in all CI workflows using `Install-Module -RequiredVersion` rather than relying on the runner image default."
+  - "Test Az-based workflows against the new version by temporarily installing Az 15.x before the runner image rollout date."
+  - "Review the Az 15.x migration guide (https://learn.microsoft.com/en-us/powershell/azure/migrate-az-15.0.0) when upgrading."
+  - "Use `Get-AzVersion` at the start of troublesome workflows to emit the exact Az version to logs."
+docs:
+  - url: "https://github.com/actions/runner-images/issues/14104"
+    label: "runner-images#14104 — Az module update announcement (14.6.0 → 15.6.1)"
+  - url: "https://learn.microsoft.com/en-us/powershell/azure/migrate-az-15.0.0"
+    label: "Az 15.x migration guide"
+  - url: "https://learn.microsoft.com/en-us/powershell/azure/azureps-support-lifecycle"
+    label: "Az PowerShell support lifecycle"
+  - url: "https://learn.microsoft.com/en-us/powershell/azure/release-notes-azureps"
+    label: "Az PowerShell release notes"

package/errors/runner-environment/ubuntu-2204-precached-docker-removed.yml

@@ -0,0 +1,110 @@
+id: runner-environment-035
+title: "ubuntu-22.04 Pre-Cached Docker Images Removed — Cold Pulls Now Required"
+category: runner-environment
+severity: warning
+tags:
+  - ubuntu
+  - docker
+  - pre-cached
+  - runner-image
+  - pull-rate
+  - performance
+patterns:
+  - regex: "Unable to find image '.*' locally"
+    flags: "i"
+  - regex: "Pulling from (?:library/)?(?:node|python|postgres|redis|mysql|nginx|ubuntu|alpine).*\nDigest:"
+    flags: "im"
+  - regex: "docker: Error response from daemon.*manifest.*not found"
+    flags: "i"
+error_messages:
+  - "Unable to find image 'node:lts-alpine' locally"
+  - "Unable to find image 'postgres:15' locally"
+  - "Unable to find image 'redis:7-alpine' locally"
+  - "Pulling from library/node"
+  - "Pulling from library/postgres"
+root_cause: |
+  Starting January 12, 2026, GitHub removed all pre-cached Docker images from the
+  ubuntu-22.04 runner image to address disk space limits. Previously, commonly used
+  Docker images (node, postgres, redis, mysql, python, nginx, alpine, etc.) were
+  pre-pulled into the runner's local Docker image cache, so `docker pull` or
+  `docker run` on those images started immediately without a network pull.
+
+  After the change, ALL Docker images must be pulled from the registry at runtime.
+  This has two main effects:
+
+  1. **Longer job times**: Cold pulls for large images (node, python, postgres) add
+     30-120+ seconds per job depending on image size and registry speed.
+
+  2. **DockerHub rate limit exposure**: Workflows that previously never hit the
+     DockerHub anonymous pull rate limit (100 pulls/6h per IP) may now exceed it
+     once caching is removed — especially on parallel matrix jobs all pulling the
+     same image from the same runner subnet IP.
+
+  The change only affects ubuntu-22.04. Ubuntu 24.04 and other images were not
+  pre-caching Docker images in the same way.
+
+  Source: actions/runner-images#13472
+fix: |
+  **Option 1 — Authenticate to DockerHub** to raise the rate limit to 200 pulls/6h
+  (free account) or unlimited (Pro/Team).
+
+  **Option 2 — Use GitHub Container Registry (ghcr.io)** for your own images —
+  these never count against DockerHub rate limits and pull faster from GitHub runners.
+
+  **Option 3 — Upgrade to ubuntu-24.04** if the workflow is not tied to ubuntu-22.04
+  specific packages. The 24.04 image has current tooling and better long-term support.
+
+  **Option 4 — Add a docker/login-action step** before any Docker operations to
+  authenticate even with a free DockerHub account, which 2x the anonymous rate limit.
+fix_code:
+  - language: yaml
+    label: "Authenticate to DockerHub to avoid rate limits on ubuntu-22.04"
+    code: |
+      jobs:
+        build:
+          runs-on: ubuntu-22.04
+          steps:
+            - name: Log in to DockerHub
+              uses: docker/login-action@v3
+              with:
+                username: ${{ secrets.DOCKERHUB_USERNAME }}
+                password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+            - name: Run tests with Postgres
+              run: |
+                docker run --rm -d -p 5432:5432 \
+                  -e POSTGRES_PASSWORD=test \
+                  postgres:15-alpine
+  - language: yaml
+    label: "Use GitHub Container Registry instead of DockerHub"
+    code: |
+      jobs:
+        build:
+          runs-on: ubuntu-22.04
+          permissions:
+            packages: read
+          steps:
+            - name: Log in to GHCR
+              uses: docker/login-action@v3
+              with:
+                registry: ghcr.io
+                username: ${{ github.actor }}
+                password: ${{ secrets.GITHUB_TOKEN }}
+
+            - name: Run service container from GHCR
+              run: docker run --rm ghcr.io/myorg/my-image:latest
+prevention:
+  - "Authenticate to DockerHub in all workflows that pull images on ubuntu-22.04 runners."
+  - "Consider migrating ubuntu-22.04 workflows to ubuntu-24.04 — it's the current default and avoids this issue."
+  - "Prefer GitHub Container Registry (ghcr.io) for your own images to eliminate DockerHub rate limits entirely."
+  - "Use `docker/login-action` as a standard first step in any workflow that involves Docker image pulls."
+  - "Monitor job durations after runner image updates — unexpected slowdowns often signal a caching change."
+docs:
+  - url: "https://github.com/actions/runner-images/issues/13472"
+    label: "runner-images#13472 — ubuntu-22.04 pre-cached Docker images removal announcement"
+  - url: "https://github.com/actions/runner-images/issues/1445"
+    label: "runner-images#1445 — DockerHub pull rate limit discussion"
+  - url: "https://docs.docker.com/docker-hub/download-rate-limit/"
+    label: "DockerHub pull rate limits documentation"
+  - url: "https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry"
+    label: "Working with GitHub Container Registry (ghcr.io)"

package/errors/runner-environment/windows-msvc-ltcg-mixed-image-versions.yml

@@ -0,0 +1,112 @@
+id: runner-environment-036
+title: "Windows MSVC LTCG Linker Fails When Jobs in Same Run Receive Different Image Versions"
+category: runner-environment
+severity: error
+tags:
+  - windows
+  - msvc
+  - ltcg
+  - linker
+  - runner-image
+  - build
+  - vs2026
+patterns:
+  - regex: "C1900.*Il mismatch between 'P1' version.*and 'P2' version"
+    flags: "i"
+  - regex: "LNK1257.*code generation failed"
+    flags: "i"
+  - regex: "LNK2001.*unresolved external symbol __std_"
+    flags: "i"
+  - regex: "fatal error C1900"
+    flags: "i"
+error_messages:
+  - "EXEC : fatal error C1900: Il mismatch between 'P1' version '20251208' and 'P2' version '20250730'"
+  - "LINK : fatal error LNK1257: code generation failed"
+  - "skia.lib(...) : error LNK2001: unresolved external symbol __std_minmax_element_f_"
+  - "skia.lib(...) : error LNK2001: unresolved external symbol __std_max_element_2u"
+root_cause: |
+  GitHub Actions does not guarantee that all jobs within a single workflow run receive
+  the same concrete runner image version. When a runner image is being rolled out
+  (e.g., during a VS 2026 update or patch cycle), some jobs may be assigned to runners
+  with image version 20260510.103.1 while others receive 20260518.113.1 — even for
+  jobs with the same `runs-on: windows-2025-vs2026` label.
+
+  This becomes a hard build failure for workflows that use MSVC Link-Time Code
+  Generation (LTCG / /GL):
+  - Job A (build) compiles .obj and .lib files with /GL on image version X
+    → MSVC compiler emits Intermediate Language (IL) artifacts stamped with version X.
+  - Job B (link) downloads those artifacts and attempts to link them using /LTCG on
+    image version Y (a different MSVC toolset patch version).
+  - MSVC detects the IL version mismatch (C1900) and aborts: the IL produced by
+    one toolset cannot be consumed by a different toolset version.
+
+  The same failure can occur for any build pipeline that:
+  - Splits compilation and linking across separate jobs
+  - Uses artifact upload/download to pass compiled objects between jobs
+  - Relies on LTCG, MSVC STL internals, or other IL-sensitive optimizations
+
+  This is a known limitation of the GitHub Actions runner assignment model — image
+  rollouts are gradual across the runner pool, and job assignments are not pinned
+  to a specific image version within a run.
+
+  Source: actions/runner-images#14140
+fix: |
+  **Option 1 — Combine compile and link in a single job** so all MSVC operations
+  run on the same runner image. This eliminates the cross-image artifact transfer.
+
+  **Option 2 — Disable LTCG for CI builds** (/GL is a release optimization; most
+  CI builds only need it for final release binaries, not PRs or branch builds).
+
+  **Option 3 — Add MSVC toolset version check** in the link job to detect mismatches
+  before the link fails, and fail fast with a clear diagnostic message.
+
+  **Option 4 — Use a self-hosted runner** with a pinned image version for builds
+  that require LTCG across jobs.
+fix_code:
+  - language: yaml
+    label: "Combine compile and link in one job to avoid image mismatch"
+    code: |
+      jobs:
+        build-and-link:
+          runs-on: windows-2025-vs2026
+          steps:
+            - uses: actions/checkout@v4
+
+            - name: Configure CMake
+              run: cmake -B build -DCMAKE_BUILD_TYPE=Release
+
+            # Compile AND link in the same job — same image version guaranteed
+            - name: Build (compile + link)
+              run: cmake --build build --config Release
+  - language: yaml
+    label: "Disable LTCG on CI builds, enable only for release"
+    code: |
+      jobs:
+        build:
+          runs-on: windows-2025-vs2026
+          steps:
+            - uses: actions/checkout@v4
+
+            - name: Build without LTCG (CI)
+              # Pass -DNO_LTCG=1 or equivalent CMake flag to disable /GL and /LTCG
+              # LTCG is only enabled in the separate release workflow
+              run: cmake -B build -DCMAKE_BUILD_TYPE=Release -DENABLE_LTCG=OFF
+              env:
+                # Alternatively: override CFLAGS/CXXFLAGS directly
+                CFLAGS: /O2     # Optimize without /GL
+                CXXFLAGS: /O2
+prevention:
+  - "Never split MSVC compilation and LTCG linking across separate jobs that upload/download artifacts."
+  - "Disable /GL (LTCG) in CI builds — reserve it for final release artifact builds on a single job."
+  - "Monitor runner image rollout announcements; if a new Windows image version is being deployed, LTCG cross-job builds are at risk during the rollout window."
+  - "Add a MSVC version check step at the start of link jobs to emit the toolset version to logs for post-failure diagnosis."
+  - "Use self-hosted runners with pinned image versions for release builds that require LTCG across jobs."
+docs:
+  - url: "https://github.com/actions/runner-images/issues/14140"
+    label: "runner-images#14140 — MSVC LTCG linker failure from mixed image versions in same run"
+  - url: "https://learn.microsoft.com/en-us/cpp/build/reference/gl-whole-program-optimization"
+    label: "MSVC /GL (Whole Program Optimization) documentation"
+  - url: "https://learn.microsoft.com/en-us/cpp/build/reference/ltcg-link-time-code-generation"
+    label: "MSVC /LTCG (Link-Time Code Generation) documentation"
+  - url: "https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners"
+    label: "About GitHub-hosted runners"

package/errors/silent-failures/app-store-ios26-sdk-required.yml

@@ -0,0 +1,113 @@
+id: silent-failures-017
+title: "iOS App Store Upload Fails Silently — macOS-latest Uses Xcode 16.4 but Apple Requires iOS 26 SDK"
+category: silent-failures
+severity: silent-failure
+tags:
+  - macos
+  - xcode
+  - ios
+  - app-store
+  - sdk
+  - silent-failure
+  - apple
+patterns:
+  - regex: "built with the iOS (?:18|17|16)\\.\\d SDK"
+    flags: "i"
+  - regex: "must be built with the iOS 26 SDK or later.*App Store"
+    flags: "i"
+  - regex: "Invalid Toolchain.*iOS.*SDK.*required"
+    flags: "i"
+  - regex: "ITMS-90725|ITMS-90206"
+    flags: "i"
+error_messages:
+  - "This app was built with the iOS 18.5 SDK. All iOS and iPadOS apps must be built with the iOS 26 SDK or later in order to be uploaded to App Store Connect."
+  - "ERROR ITMS-90725: SDK Version Issue - This app was built with the iOS 18.5 SDK"
+  - "Invalid Toolchain. New apps and app updates must be built with the public iOS 26 SDK or later"
+root_cause: |
+  Apple requires that all new iOS/iPadOS App Store submissions be built with the
+  iOS 26 SDK or later (enforced starting mid-2026). However, `macos-latest` currently
+  points to macOS 15 (until the macOS 26 migration completes in July 2026), and
+  macOS 15 runner images ship with Xcode 16.4 as the default — which includes the
+  iOS 18.5 SDK, NOT the iOS 26 SDK.
+
+  The failure is a classic silent-failure pattern:
+  - The build step SUCCEEDS with zero errors or warnings.
+  - The archive step SUCCEEDS.
+  - The upload/export to App Store Connect FAILS with the SDK version error.
+  - Because the failure occurs at the distribution stage (not compilation), it
+    can be misdiagnosed as a signing, provisioning, or network issue.
+
+  Workflows that use `uses: maxim-lobanov/setup-xcode` with an explicit 16.x version,
+  or that rely on `macos-latest` defaults without explicit Xcode pinning, will
+  silently produce an .ipa or .xcarchive that cannot be submitted to App Store Connect.
+
+  After the `macos-latest` migration to macOS 26 completes (July 15, 2026), the default
+  Xcode will be 26.4.1+, which includes the iOS 26 SDK and resolves this issue.
+  Until then, explicit Xcode pinning is required.
+
+  Source: actions/runner-images#14165
+fix: |
+  **Immediate fix**: Pin Xcode to 26.x explicitly using `maxim-lobanov/setup-xcode`
+  before any build or archive steps. Use `macos-26` as the runner to ensure Xcode 26
+  is available.
+
+  **For teams not ready to migrate to Xcode 26**: Use `macos-26` and pin to Xcode 26.4.1
+  or later — this is required by Apple regardless of code changes.
+
+  **Verify the SDK in use** by adding `xcodebuild -showsdks` before the build step.
+fix_code:
+  - language: yaml
+    label: "Pin to macOS 26 + Xcode 26 for App Store submissions"
+    code: |
+      jobs:
+        release:
+          runs-on: macos-26   # Explicit: don't rely on macos-latest during transition
+          steps:
+            - uses: actions/checkout@v4
+
+            # Explicitly select Xcode 26 (includes iOS 26 SDK required by App Store)
+            - uses: maxim-lobanov/setup-xcode@v1
+              with:
+                xcode-version: '26.4'   # or '26.5' once generally available
+
+            - name: Verify SDK
+              run: xcodebuild -showsdks | grep -i iphoneos
+
+            - name: Archive
+              run: |
+                xcodebuild archive \
+                  -scheme MyApp \
+                  -archivePath $RUNNER_TEMP/MyApp.xcarchive \
+                  -destination generic/platform=iOS
+
+            - name: Export for App Store
+              run: |
+                xcodebuild -exportArchive \
+                  -archivePath $RUNNER_TEMP/MyApp.xcarchive \
+                  -exportOptionsPlist ExportOptions.plist \
+                  -exportPath $RUNNER_TEMP/MyApp.ipa
+  - language: yaml
+    label: "Check installed Xcode versions and default SDK (diagnosis)"
+    code: |
+      - name: Diagnose Xcode and SDK versions
+        run: |
+          echo "=== Default Xcode ==="
+          xcode-select -p
+          xcodebuild -version
+          echo "=== Available SDKs ==="
+          xcodebuild -showsdks | grep -i iphone
+prevention:
+  - "Never rely on `macos-latest` default Xcode for App Store release builds — always pin the Xcode version explicitly."
+  - "Use `xcodebuild -showsdks` as an early workflow step to emit the active iOS SDK version to logs."
+  - "Run a smoke test of the App Store export (not just the build) in CI to catch SDK requirement errors before manual submission."
+  - "Subscribe to Apple Developer news for SDK requirement enforcement dates and plan runner image migrations in advance."
+  - "Pin `runs-on: macos-26` explicitly rather than `macos-latest` for release workflows during the macOS version transition period."
+docs:
+  - url: "https://github.com/actions/runner-images/issues/14165"
+    label: "runner-images#14165 — macOS-latest Xcode 16.4 breaks App Store submissions"
+  - url: "https://github.com/actions/runner-images/issues/14167"
+    label: "runner-images#14167 — macos-latest will use macos-26 in June 2026"
+  - url: "https://github.com/maxim-lobanov/setup-xcode"
+    label: "maxim-lobanov/setup-xcode — Pin Xcode version in workflows"
+  - url: "https://developer.apple.com/news/releases/"
+    label: "Apple Developer News — SDK requirement announcements"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@htekdev/actions-debugger",
-  "version": "1.0.13",
+  "version": "1.0.14",
   "description": "65+ real GitHub Actions errors, queryable by agents. MCP server + Copilot skills + error database.",
   "type": "module",
   "main": "./dist/index.js",