fix: Avoid panic for unanchorable/non-UTF8 git paths

[biru-codeastromer]

What

Prevent a runtime panic in crates/turborepo-scm/src/git.rs when git emits paths that cannot be anchored to the turbo root (e.g. corrupted filenames, non-parent paths) or when git stdout contains non-UTF8 bytes. Instead of unwrap() → crash, errors propagate through the existing Result chain and the change detector falls back to treating all packages as changed.

Why

GitHub Actions CI was failing for repositories that contain unusual filenames (Cyrillic / corrupted / non-UTF8). The panic originated in add_files_from_stdout's .unwrap() calls and caused --affected CI runs to crash.

How

crates/turborepo-scm/src/git.rs

• add_files_from_stdout now returns Result<(), Error> — replaced .unwrap() on RelativeUnixPath::new() and reanchor_path_from_git_root_to_turbo_root() with ? propagation
• All 3 call sites in changed_files updated to propagate with ?

crates/turborepo-scope/src/change_detector.rs

• Replaced process::exit(1) + eprintln! with a fail-safe fallback: on any SCM error, log via tracing::warn! and return all packages as changed (same pattern as the existing InvalidRange handler)
• Removed std::process and Error as ScmError imports — the library crate no longer terminates the process or couples to specific SCM error variant internals

crates/turborepo-repository/src/change_mapper/mod.rs

• Added AllPackageChangeReason::ScmError { error: String } variant for downstream consumers to understand why all packages were selected

crates/turborepo-query/src/lib.rs + affected_tasks.rs

• Added match arms for the new ScmError variant in the GraphQL query layer

Behavior

When git emits unprocessable paths, instead of panicking:

1. The error propagates from add_files_from_stdout through changed_files to changed_packages
2. changed_packages catches it, logs a warning via tracing::warn!, and conservatively treats all packages as changed
3. CI runs everything rather than crashing — run summaries, telemetry, and TUI teardown all execute normally

Fix #10403

[vercel]

@biru-codeastromer is attempting to deploy a commit to the Vercel Team on Vercel.

A member of the Team first needs to authorize it.

[anthonyshew]

Hi, thanks for the PR!

Let's do a hard failure (exit 1) here instead of a warning. My worry is that users will not see the warning, and suddenly start running all of their CI because of one misbehaving file. If that file were to make it to the default branch of the repo, that would result in some dramatic slowdowns in a large enough repo.

Before this PR, the CI run would crash, and the user's code would never be able to make it through CI. So, erroring with a useful message instead of a crash report would be a meaningful DX improvement, while preserving existing behavior.

[biru-codeastromer]

Thanks good call. I updated the change detector so SCM path errors now produce a hard failure (exit 1) with a focused, actionable error message on stderr instead of logging a warning and defaulting to “all packages changed”. This makes the failure visible in CI logs and avoids accidentally running full CI due to a stray problematic filename.

[anthonyshew]

Please read and correct Claude's output before submitting it in a pull request. If you are not able to verify the completeness of the provided implementation because you do not understand it, please do not send a pull request.

The Vercel review is correct. You need to update the PR description.

Additionally, lets add some unit testing in accordance with this fix. Sorry for not mentioning this earlier.

[biru-codeastromer]

I will be adding the unit test soon

[anthonyshew]

Hi, thanks for getting this started. I ended up needing to tweak the approach due to some changes we made to our internal logging infrastructure. Let's ship it!