AntFleet

Disagreement · 7fd1739d-openai-1

Workflow relies on preinstalled GitHub CLI (gh) without ensuring availability

solo GPT-5
repo 6f7fc663·PR #17·reviewed 1 week ago

GPT-5 finding

Workflow relies on preinstalled GitHub CLI (gh) without ensuring availability

mediumbuild-releasehigh
  • .github/workflows/sync-upstream.yml:70-76
  • .github/workflows/sync-upstream.yml:85-89
The job assumes `gh` is present on the runner. While ubuntu-latest currently provides `gh`, this is not guaranteed across all runners or future image updates. If `gh` is unavailable, PR creation/editing will fail, breaking the sync automation.

Recommendation

Add an explicit setup step before usage, for example: - `uses: cli/cli-action@v2` (or the current official action) to install `gh`, or - `sudo apt-get update && sudo apt-get install -y gh` on ubuntu. Alternatively, replace the `gh` usage with a maintained action such as `peter-evans/create-pull-request` to remove the dependency on a preinstalled CLI.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗