Skip to content

[ci-scan-feedback] Route crypto platform-config failures to loop-in #130683

Description

@github-actions

Caution

agentic threat detected
Threat detection flagged this output in warn mode. Manual review is REQUIRED before any follow-up automation.

Details

The threat detection results could not be parsed.

Review the workflow run logs for details.

Triggering signals

Proposed edits

  • (.github/workflows/ci-failure-fix.md, new Step 5.1.2, ~lines 218–234) — Add a mandatory security/crypto platform-expectation gate before Step 5.2. Rationale: route System.Security.Cryptography* failures on distro/provider-config legs (Azure Linux/AZL, SymCrypt-OpenSSL, FIPS, Mariner) whose only candidate change would weaken a test's crypto platform-capability expectations (KeySizes/PlatformKeySizeRequirements, IsSymCryptOpenSsl/provider-detection branches, supported-algorithm flags) to a loop-in comment instead of a speculative PR — directly targets the [ci-fix] Needs review: apply KMAC key-size requirements on SymCrypt-OpenSSL (refs #129939) #130594 rejection.

Expected behavior change

The next fixer run will no longer open a fix or help-wanted PR that silently relaxes a cryptography test's expected platform capabilities to make a distro/provider-configuration leg green. Such failures — which mask a real platform-config discrepancy an area owner must investigate — will instead produce a root-cause loop-in comment, avoiding the "not the right fix" pushback seen on #130594.

Note

This PR was generated by the CI Outer-Loop Failure Scanner — Feedback agentic workflow. Content is AI/Copilot-generated.

Generated by CI Outer-Loop Failure Scanner — Feedback · 238.9 AIC · ⊞ 19K ·


Note

This was originally intended as a pull request, but the git push operation failed.

Original error: The process '/usr/bin/git' failed with exit code 1

Workflow Run: View run details and download bundle artifact

The bundle file is available in the agent artifact in the workflow run linked above.

To create a pull request with the changes:

# Download the artifact from the workflow run
gh run download 29336084240 -n agent -D /tmp/agent-29336084240

# Fetch the bundle into a temporary ref, then update the local branch
git fetch /tmp/agent-29336084240/aw-ci-scan-feedback-crypto-platform-config-gate.bundle refs/heads/ci-scan-feedback/crypto-platform-config-gate:refs/bundles/create-pr-ci-scan-feedback-crypto-platform-config-gate-2e3f127c7a580589-bcc88a2c
git update-ref refs/heads/ci-scan-feedback/crypto-platform-config-gate-2e3f127c7a580589 refs/bundles/create-pr-ci-scan-feedback-crypto-platform-config-gate-2e3f127c7a580589-bcc88a2c
git checkout ci-scan-feedback/crypto-platform-config-gate-2e3f127c7a580589
# Ensure the working tree matches the updated branch
git reset --hard
# Remove the temporary bundle ref
git update-ref -d refs/bundles/create-pr-ci-scan-feedback-crypto-platform-config-gate-2e3f127c7a580589-bcc88a2c

# Push the branch to origin
git push origin ci-scan-feedback/crypto-platform-config-gate-2e3f127c7a580589

# Create the pull request
gh pr create --title '[ci-scan-feedback] Route crypto platform-config failures to loop-in' --base main --head ci-scan-feedback/crypto-platform-config-gate-2e3f127c7a580589 --repo dotnet/runtime

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions