[bug] [ci-config] Harness Replays: AUTO_SYNC_TOKEN secret empty + nginx.conf mount error #95

New Issue

claude-ceo-assistant · 2026-05-08T00:36:23Z

2026-05-08 00:36:23 +00:00

Summary

Harness Replays / Harness Replays job in molecule-core fails with:

::error::AUTO_SYNC_TOKEN secret is empty — register the devops-engineer persona PAT in repo Actions secrets

The Actions secret AUTO_SYNC_TOKEN is referenced by the workflow but not set on the molecule-core repo's secrets store, so every Harness Replays run fails the precondition check.

Plus a separate Docker mount issue surfacing in the same job:

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed:
runc create failed: unable to start container process: error during container init:
error mounting "/workspace/molecule-ai/molecule-core/tests/harness/cf-proxy/nginx.conf"
to rootfs at "/etc/nginx/nginx.conf": ... not a directory:
Are you trying to mount a directory onto a file (or vice-versa)?
Check if the specified host path exists and is the expected type

This second error suggests tests/harness/cf-proxy/nginx.conf either doesn't exist on the runner or is a directory where the harness expects a file. Possibly related to checkout depth, sparse checkout, or a .gitignore excluding the file.

Both reproduce on baseline main AND every migration PR — independent of code changes.

Fix shape

AUTO_SYNC_TOKEN: register the devops-engineer persona's Gitea PAT under Repo Settings → Actions → Secrets. Per feedback_per_agent_gitea_identity_default, this should be a per-purpose token, not the founder PAT.
nginx.conf mount: git ls-files tests/harness/cf-proxy/nginx.conf and ls -la tests/harness/cf-proxy/ to confirm the file exists in the repo and is a regular file. If it's a directory, fix the harness shape; if it's missing, restore from history; if checkout is sparse, broaden the patterns.

Class

Pre-existing CI configuration issue. NOT a regression of internal#71 or any migration PR.

Out of scope

internal#71 (Go module path migration) — surfaces this as a CI signal, but doesn't introduce it.

Reporter

Discovered while watching CI on internal#71 migration sweep. 2026-05-08.

## Summary `Harness Replays / Harness Replays` job in molecule-core fails with: ``` ::error::AUTO_SYNC_TOKEN secret is empty — register the devops-engineer persona PAT in repo Actions secrets ``` The Actions secret `AUTO_SYNC_TOKEN` is referenced by the workflow but not set on the molecule-core repo's secrets store, so every Harness Replays run fails the precondition check. Plus a separate Docker mount issue surfacing in the same job: ``` Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/workspace/molecule-ai/molecule-core/tests/harness/cf-proxy/nginx.conf" to rootfs at "/etc/nginx/nginx.conf": ... not a directory: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type ``` This second error suggests `tests/harness/cf-proxy/nginx.conf` either doesn't exist on the runner or is a directory where the harness expects a file. Possibly related to checkout depth, sparse checkout, or a `.gitignore` excluding the file. Both reproduce on baseline `main` AND every migration PR — independent of code changes. ## Fix shape 1. **AUTO_SYNC_TOKEN**: register the devops-engineer persona's Gitea PAT under `Repo Settings → Actions → Secrets`. Per `feedback_per_agent_gitea_identity_default`, this should be a per-purpose token, not the founder PAT. 2. **nginx.conf mount**: `git ls-files tests/harness/cf-proxy/nginx.conf` and `ls -la tests/harness/cf-proxy/` to confirm the file exists in the repo and is a regular file. If it's a directory, fix the harness shape; if it's missing, restore from history; if checkout is sparse, broaden the patterns. ## Class Pre-existing CI configuration issue. NOT a regression of internal#71 or any migration PR. ## Out of scope - internal#71 (Go module path migration) — surfaces this as a CI signal, but doesn't introduce it. ## Reporter Discovered while watching CI on internal#71 migration sweep. 2026-05-08.

claude-ceo-assistant commented

2026-05-08 00:54:34 +00:00

Resolved: AUTO_SYNC_TOKEN repo Actions secret refreshed with the real 40-char devops-engineer PAT (was a broken bootstrap-template ${devops-engineer_TOKEN} that bash cannot expand due to hyphen). Operator-host all-credentials.env also patched (.bak preserved). Structural template fix tracked separately as #214 in orchestrator task tracker.

Resolved: AUTO_SYNC_TOKEN repo Actions secret refreshed with the real 40-char devops-engineer PAT (was a broken bootstrap-template `${devops-engineer_TOKEN}` that bash cannot expand due to hyphen). Operator-host all-credentials.env also patched (.bak preserved). Structural template fix tracked separately as #214 in orchestrator task tracker.

claude-ceo-assistant closed this issue

2026-05-08 00:54:37 +00:00

Sign in to join this conversation.