@htekdev/actions-debugger 1.0.27 → 1.0.28

package/errors/runner-environment/container-job-entrypoint-overridden.yml

@@ -0,0 +1,90 @@
+id: runner-environment-080
+title: "Container job ENTRYPOINT silently overridden by GitHub Actions runner"
+category: runner-environment
+severity: silent-failure
+tags:
+  - container
+  - docker
+  - entrypoint
+  - job-container
+  - dockerfile
+  - initialization
+patterns:
+  - regex: 'ENTRYPOINT.*not.*execut|entrypoint.*not.*run|entrypoint.*overrid|custom.*entrypoint.*skip'
+    flags: 'i'
+  - regex: 'container.*init.*fail|setup.*script.*not.*run'
+    flags: 'i'
+error_messages:
+  - "Custom initialization script did not run in container job"
+  - "Expected environment setup from ENTRYPOINT was missing"
+  - "Docker container ENTRYPOINT not executing in GitHub Actions"
+root_cause: |
+  When a workflow job uses a container image via the container: key, the GitHub
+  Actions runner creates the container with --entrypoint "", explicitly replacing
+  any ENTRYPOINT defined in the Docker image with an empty string. This is by
+  design: the runner must inject its own workspace setup and process management
+  before any user steps run.
+
+  As a result, ENTRYPOINT instructions in the container Dockerfile are silently
+  ignored. Steps then run via docker exec into the already-running container, so
+  the ENTRYPOINT never fires. Initialization logic that developers expect to run
+  (environment setup, tool configuration, user switching) simply does not happen.
+
+  This is distinct from Docker container ACTIONS (action.yml with runs.using:
+  docker), which DO execute ENTRYPOINT as specified. The override only applies to
+  workflow job containers (jobs.<id>.container:).
+fix: |
+  Choose one of these approaches:
+
+  1. Move initialization to CMD. GitHub Actions does not override CMD, and the
+     docker container options: field lets you pass --entrypoint pointing to your
+     init script.
+
+  2. Use the container options: field to specify the entrypoint explicitly:
+     options: --entrypoint /path/to/init.sh
+
+  3. Add an explicit initialization step at the top of the job. This is the most
+     transparent approach: the step runs before other steps and is visible in logs.
+
+  4. Switch to a Docker container ACTION (action.yml) if you need ENTRYPOINT
+     semantics and own the action definition.
+fix_code:
+  - language: yaml
+    label: "Option A: Override entrypoint via container options"
+    code: |
+      jobs:
+        build:
+          runs-on: ubuntu-latest
+          container:
+            image: my-custom-image:latest
+            options: --entrypoint /usr/local/bin/my-init.sh
+          steps:
+            - name: Run build
+              run: make build
+
+  - language: yaml
+    label: "Option B: Run initialization as an explicit first step (most transparent)"
+    code: |
+      jobs:
+        build:
+          runs-on: ubuntu-latest
+          container:
+            image: my-custom-image:latest
+          steps:
+            - name: Initialize environment
+              run: /usr/local/bin/my-init.sh
+            - name: Run build
+              run: make build
+prevention:
+  - "Do not rely on ENTRYPOINT for initialization in workflow job containers"
+  - "Use CMD for default command arguments; keep setup in workflow steps or the options: field"
+  - "Test container behavior locally with docker run --entrypoint '' myimage bash to simulate GitHub Actions"
+  - "Use Docker container actions (action.yml with runs.using: docker) when ENTRYPOINT execution is required"
+  - "Document any ENTRYPOINT logic removal in a comment in the Dockerfile"
+docs:
+  - url: "https://docs.github.com/en/actions/reference/dockerfile-support-for-github-actions"
+    label: "Dockerfile support for GitHub Actions"
+  - url: "https://docs.github.com/en/actions/using-jobs/running-jobs-in-a-container"
+    label: "Running jobs in a container"
+  - url: "https://github.com/actions/runner/issues/1964"
+    label: "actions/runner#1964: Docker entrypoint not executing in container jobs (open, 8 reactions)"

package/errors/runner-environment/github-path-prepend-breaks-container-no-path-env.yml

@@ -0,0 +1,80 @@
+id: runner-environment-081
+title: "GITHUB_PATH prepend breaks container job when image has no PATH environment variable"
+category: runner-environment
+severity: error
+tags:
+  - container
+  - GITHUB_PATH
+  - PATH
+  - docker
+  - minimal-image
+  - distroless
+patterns:
+  - regex: 'PATH=:[^:"\s]|PATH=\s*:'
+    flags: ''
+  - regex: '(bash|sh|python|node|java).*not found|exec.*No such file|cannot execute binary'
+    flags: 'i'
+error_messages:
+  - "bash: command not found"
+  - "sh: 1: /usr/local/bin/bash: not found"
+  - "exec: /bin/sh: no such file or directory"
+  - "OCI runtime exec failed: exec failed: unable to start container process"
+  - "/bin/bash: No such file or directory"
+root_cause: |
+  When a workflow step uses echo /new/path >> $GITHUB_PATH to add a directory to
+  PATH in a container job, the Actions runner prepends the new path to the
+  container's existing PATH. If the container image was built without an explicit
+  ENV PATH=... Dockerfile instruction, the container has no PATH environment
+  variable at startup.
+
+  The runner's prepend operation results in PATH=:/new/path — a leading colon
+  that causes the shell to treat an empty string as the first search directory.
+  Worse, standard system paths (/usr/bin, /bin, etc.) are no longer in PATH at
+  all, so subsequent steps cannot find any commands including bash itself.
+
+  Affected images include OpenSUSE, Alpine-based images that inherit from scratch,
+  distroless containers, and any custom image that does not explicitly set PATH.
+  The issue was reported in actions/runner#3210 and closed as not_planned — the
+  runner will not fix this behavior; images must include PATH in their ENV.
+fix: |
+  Add an explicit ENV PATH= instruction to the container Dockerfile. This gives
+  the runner a non-empty base PATH to prepend to, preserving the standard system
+  paths.
+
+  If you cannot modify the container image, set PATH in a step before any
+  GITHUB_PATH usage, or use absolute executable paths in subsequent steps.
+fix_code:
+  - language: yaml
+    label: "Fix 1: Add ENV PATH to Dockerfile (recommended)"
+    code: |
+      # Dockerfile fix — add explicit PATH before your custom layers
+      FROM opensuse/leap:15.5
+      ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+  - language: yaml
+    label: "Fix 2: Set PATH in a workflow step before adding to GITHUB_PATH"
+    code: |
+      jobs:
+        build:
+          runs-on: ubuntu-latest
+          container: opensuse/leap
+          steps:
+            - name: Initialize PATH for container
+              run: |
+                # Set base PATH first so prepend works correctly
+                echo "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/my/tool" >> $GITHUB_PATH
+            - name: Use tool
+              run: my-tool --version
+prevention:
+  - "Always add ENV PATH=... to custom Docker images used in GitHub Actions container jobs"
+  - "Test container images with docker run --entrypoint '' myimage bash -c 'echo $PATH' to verify PATH is set"
+  - "Prefer official base images (debian, ubuntu, alpine) that include PATH in their default ENV"
+  - "Avoid echo path >> $GITHUB_PATH in minimal, scratch-based, or distroless container images"
+  - "Pin to base image versions that explicitly document their ENV PATH value"
+docs:
+  - url: "https://github.com/actions/runner/issues/3210"
+    label: "actions/runner#3210: Prepending PATH breaks container if image has no PATH env (closed not_planned)"
+  - url: "https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#adding-a-system-path"
+    label: "Adding a system path — Workflow commands for GitHub Actions"
+  - url: "https://docs.github.com/en/actions/using-jobs/running-jobs-in-a-container"
+    label: "Running jobs in a container"

package/errors/silent-failures/event-inputs-empty-workflow-call.yml

@@ -0,0 +1,81 @@
+id: silent-failures-035
+title: "github.event.inputs empty in workflow_call context — use inputs context instead"
+category: silent-failures
+severity: silent-failure
+tags:
+  - workflow_call
+  - workflow_dispatch
+  - inputs-context
+  - reusable-workflow
+  - dual-trigger
+  - event-inputs
+patterns:
+  - regex: 'github\.event\.inputs\.[a-zA-Z_][a-zA-Z0-9_]*'
+    flags: ''
+error_messages:
+  - "Input parameter evaluated to empty string"
+  - "Expected value from github.event.inputs but got empty"
+  - "Workflow input undefined in reusable call context"
+root_cause: |
+  github.event.inputs is only populated when a workflow is triggered by a
+  workflow_dispatch event. When the same workflow is triggered as a reusable
+  workflow via workflow_call, github.event.inputs is an empty object {} — all
+  property lookups silently return empty string.
+
+  This is a frequent silent failure in dual-trigger workflows designed to be both
+  manually triggered and called as reusable workflows. Developers who write
+  ${{ github.event.inputs.MY_PARAM }} based on older tutorials or pre-2022 docs
+  find that the workflow_call path silently gets empty values, causing wrong
+  conditionals, empty environment variables, or unintended default behaviors.
+
+  In June 2022, GitHub introduced the unified inputs context that works for both
+  workflow_dispatch and workflow_call. Using ${{ inputs.PARAM }} is the correct
+  cross-trigger approach. github.event.inputs is preserved only for backwards
+  compatibility with pure workflow_dispatch workflows.
+fix: |
+  Replace all instances of ${{ github.event.inputs.PARAM }} with
+  ${{ inputs.PARAM }}. The inputs context resolves correctly for both
+  workflow_dispatch and workflow_call triggers since the June 2022 unification.
+
+  Declare the same input names in both workflow_dispatch.inputs and
+  workflow_call.inputs sections of the dual-trigger workflow.
+fix_code:
+  - language: yaml
+    label: "Dual-trigger workflow using inputs context (correct)"
+    code: |
+      on:
+        workflow_dispatch:
+          inputs:
+            environment:
+              description: 'Target environment'
+              required: true
+              type: string
+        workflow_call:
+          inputs:
+            environment:
+              description: 'Target environment'
+              required: true
+              type: string
+
+      jobs:
+        deploy:
+          runs-on: ubuntu-latest
+          steps:
+            # Correct: inputs context works for both workflow_dispatch and workflow_call
+            - name: Deploy
+              run: echo "Deploying to ${{ inputs.environment }}"
+
+            # Wrong: github.event.inputs is always empty on workflow_call
+            # - run: echo "Deploying to ${{ github.event.inputs.environment }}"
+prevention:
+  - "Always use ${{ inputs.PARAM }} in reusable or dual-trigger workflows"
+  - "Never use github.event.inputs in any workflow that may be triggered via workflow_call"
+  - "Search for github.event.inputs when converting a standalone workflow to also support workflow_call"
+  - "Run the workflow via workflow_call in CI to catch empty-input failures early"
+docs:
+  - url: "https://github.blog/changelog/2022-06-09-github-actions-inputs-unified-across-manual-and-reusable-workflows/"
+    label: "GitHub Changelog: Inputs unified across manual and reusable workflows"
+  - url: "https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs#inputs-context"
+    label: "Inputs context reference — GitHub Docs"
+  - url: "https://docs.github.com/en/actions/how-tos/reuse-automations/reuse-workflows"
+    label: "Reusing workflows — GitHub Docs"

package/errors/triggers/workflow-dispatch-button-missing-not-default-branch.yml

@@ -0,0 +1,94 @@
+id: triggers-025
+title: "workflow_dispatch Run Workflow button missing — file must exist in default branch"
+category: triggers
+severity: silent-failure
+tags:
+  - workflow_dispatch
+  - manual-trigger
+  - default-branch
+  - actions-tab
+  - ui
+  - run-workflow-button
+patterns:
+  - regex: 'workflow.*dispatch.*not.*show|run workflow.*button.*miss|workflow.*not.*appear.*action'
+    flags: 'i'
+  - regex: 'workflow_dispatch.*feature.*branch|dispatch.*not.*available'
+    flags: 'i'
+error_messages:
+  - "Run workflow button not visible in Actions tab"
+  - "workflow_dispatch workflow not appearing in Actions"
+  - "Cannot trigger workflow manually — Run workflow button missing"
+  - "Workflow with workflow_dispatch not showing in GitHub UI"
+root_cause: |
+  For a workflow with on: workflow_dispatch to appear in the GitHub Actions tab
+  with a Run workflow button, the workflow file must exist in the repository default
+  branch (typically main or master). GitHub reads the list of available manual
+  workflows exclusively from the default branch at page load time.
+
+  Common scenarios that cause the button to be missing:
+  - Adding workflow_dispatch to a workflow file only in a feature branch, before
+    merging to the default branch
+  - Creating a new workflow in a PR that has not yet merged
+  - Renaming the default branch without updating any cached references
+  - Working in a fork where the default branch differs from upstream
+
+  Once the workflow file exists in the default branch, the Run workflow button
+  appears and you can select any branch to run it against using the branch
+  dropdown. The trigger definition must be in the default branch; the execution
+  can target any branch.
+
+  This is the same constraint as on: schedule — both triggers only activate from
+  the default branch. The constraint is by design to prevent security issues from
+  untrusted branch code running with elevated permissions.
+fix: |
+  Merge the workflow file containing on: workflow_dispatch to the default branch.
+  The Run workflow button appears immediately after the merge.
+
+  For testing before merge, trigger the workflow via the GitHub API or CLI, which
+  does not require the UI button and can target any branch.
+fix_code:
+  - language: yaml
+    label: "Workflow file structure — must be in default branch for UI button"
+    code: |
+      # .github/workflows/deploy.yml — merge this to main/default branch first
+      name: Deploy
+      on:
+        workflow_dispatch:
+          inputs:
+            environment:
+              description: 'Target environment'
+              type: choice
+              options:
+                - staging
+                - production
+              required: true
+
+      jobs:
+        deploy:
+          runs-on: ubuntu-latest
+          steps:
+            - uses: actions/checkout@v4
+            - name: Deploy
+              run: echo "Deploying to ${{ inputs.environment }}"
+
+  - language: yaml
+    label: "Trigger via CLI during feature branch development (no UI button needed)"
+    code: |
+      # Trigger from feature branch while workflow file is still in that branch:
+      # gh workflow run deploy.yml --ref feature/my-branch -f environment=staging
+      #
+      # This works even before the workflow is merged to the default branch.
+      # Replace 'deploy.yml' with your workflow filename.
+prevention:
+  - "Merge workflow files to the default branch before relying on the Run workflow UI button"
+  - "Use the GitHub CLI to trigger workflows during development before merging"
+  - "Remember: the trigger definition must be in the default branch; the run can target any branch"
+  - "Check Settings > Branches to confirm which branch is the repository default branch"
+  - "Use a draft PR to stage the workflow file while keeping it reviewable before merge"
+docs:
+  - url: "https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#workflow_dispatch"
+    label: "workflow_dispatch — Events that trigger workflows"
+  - url: "https://stackoverflow.com/questions/67523882/workflow-is-not-shown-so-i-cannot-run-it-manually-github-actions"
+    label: "Stack Overflow: Workflow not shown so I cannot run it manually (53 votes, 63K views)"
+  - url: "https://docs.github.com/en/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow"
+    label: "Manually running a workflow — GitHub Docs"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@htekdev/actions-debugger",
-  "version": "1.0.27",
+  "version": "1.0.28",
   "description": "65+ real GitHub Actions errors, queryable by agents. CLI + MCP server + Copilot skills + error database.",
   "type": "module",
   "main": "./dist/index.js",