core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
1f52e43d87
molecule-core/.github
History
dev-lead f0745619d2 ci: retire 6 .github/workflows GitHub-only files + add migration runbook (RFC internal#219 §1, Category B) 
Sweep companion to PR#372 + PR#378 (Cat A). These six .github/workflows
files depend on GitHub-specific surface that Gitea does not provide:

- auto-tag-runtime.yml — superseded by .gitea/publish-runtime-autobump.yml
  for patch bumps. Release:minor/major label-driven bumps are lost;
  follow-up issue suggested if anyone uses them.

- branch-protection-drift.yml — drift_check.sh + apply.sh target
  Molecule-AI/molecule-core via `gh api` against GitHub's
  branch-protection schema. Gitea's schema differs; rebuilding is
  out of scope. Follow-up issue needed.

- check-merge-group-trigger.yml — file's own header documents this is
  a structural no-op on Gitea (no merge queue, no `merge_group:`
  event type, no gh-readonly-queue refs).

- codeql.yml — file's own header documents CodeQL Action incompatibility
  (github/codeql-action hits api.github.com bundle endpoints not
  implemented by Gitea). Per Hongming decision 2026-05-07 task #156
  CodeQL is non-blocking until Gitea-compatible SAST lands.

- pr-guards.yml — file's own header documents that Gitea has no
  `gh pr merge --auto` primitive; guard is a no-op. Branch protection
  on main doesn't require the pr-guards check name.

- promote-latest.yml — uses imjasonh/setup-crane against ghcr.io,
  which was retired during the 2026-05-06 migration in favor of ECR
  (per canary-verify.yml header notes). Workflow has nothing left to
  retag.

Also adds runbooks/gitea-actions-migration-checklist.md documenting:
- Four-surface audit pattern (feedback_gitea_actions_migration_audit_pattern)
- Category A/B/C/D file lists with rationale
- Verification steps after all sweep PRs land
- Cross-link to follow-up issues (label-driven bumps,
  Gitea-compatible drift detection, ECR-based promote)

Branch protection check: required status checks on main are only
`Secret scan / Scan diff for credential-shaped strings (pull_request)`
and `sop-tier-check / tier-check (pull_request)`. No deleted file's
job name appears in required_status_checks.

DO NOT MERGE without orchestrator-dispatched Five-Axis review +
@hongmingwang chat-go.

Cross-links:
- RFC: molecule-ai/internal#219
- Companion: PR#372 (ci.yml port), PR#378 (Cat A mirrored deletions)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-10 21:12:29 -07:00
..
scripts fix(scripts): migrate ghcr.io→ECR + raw.githubusercontent.com→Gitea (#46) 2026-05-07 00:56:23 -07:00
workflows ci: retire 6 .github/workflows GitHub-only files + add migration runbook (RFC internal#219 §1, Category B) 2026-05-10 21:12:29 -07:00
CODEOWNERS chore: add CODEOWNERS to auto-route agent PRs to personal review account 2026-04-26 13:40:13 -07:00
dependabot.yml chore(security): pin Actions to SHAs + enable Dependabot auto-bumps 2026-04-28 15:37:06 -07:00