ci/woodpecker/push/woodpecker Pipeline failed

Details

fix: convert skill submodules to plain directories

stop-slop, taste-skill, terrashark had embedded .git dirs causing
Woodpecker clone to fail on submodule update.

2026-05-30 15:44:44 -07:00

2.2 KiB

Raw Blame History

Bad Examples

1) List-driven `count` for mutable identities

variable "queue_names" {
  type = list(string)
}

resource "aws_sqs_queue" "worker" {
  count = length(var.queue_names)
  name  = var.queue_names[count.index]
}

Why this fails:

reordering list entries can force unexpected replacements
object identity is tied to index, not business key

2) No type constraints on critical input

variable "network" {
  default = {}
}

Why this fails:

consumer mistakes surface late and noisily
module contract is ambiguous

3) Sensitive defaults committed in code

variable "api_token" {
  type    = string
  default = "token-please-change"
}

Why this fails:

secret can leak via VCS and logs
violates basic secret hygiene

4) Floating provider versions

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
    }
  }
}

Why this fails:

pulls latest provider implicitly
increases non-deterministic CI behavior

5) Blanket `ignore_changes`

resource "aws_db_instance" "main" {
  identifier = "core-db"
  engine     = "postgres"

  lifecycle {
    ignore_changes = all
  }
}

Why this fails:

masks drift and important config regressions
erodes trust in plan output

6) Dynamic block with wrong iterator reference

variable "ports" {
  type = list(number)
}

resource "aws_security_group" "app" {
  name = "app-sg"

  dynamic "ingress" {
    for_each = var.ports
    content {
      from_port   = ports.value   # WRONG: should be ingress.value
      to_port     = ports.value   # WRONG: should be ingress.value
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    }
  }
}

Why this fails:

iterator name defaults to the dynamic block label (ingress), not the variable name
using ports.value causes an unknown reference error
common LLM hallucination pattern

7) Hidden ordering via unrelated `depends_on`

resource "aws_iam_role" "app" {
  name = "app-role"
}

resource "aws_cloudwatch_log_group" "app" {
  name       = "/app/runtime"
  depends_on = [aws_iam_role.app]
}

Why this fails:

artificial dependency reduces parallelism
hides poor interface boundaries

2.2 KiB Raw Blame History

Bad Examples

1) List-driven count for mutable identities

2) No type constraints on critical input

3) Sensitive defaults committed in code

4) Floating provider versions

5) Blanket ignore_changes

6) Dynamic block with wrong iterator reference

7) Hidden ordering via unrelated depends_on

2.2 KiB

Raw Blame History

1) List-driven `count` for mutable identities

5) Blanket `ignore_changes`

7) Hidden ordering via unrelated `depends_on`