molecule-ai/molecule-ai-workspace-runtime
50
0
Fork 0
Code Issues 9 Pull Requests 5 Actions Packages Projects Releases 1 Wiki Activity

publish-runtime cascade must open PRs instead of pushing protected template main branches #40

New Issue
Closed
opened 2026-05-21 22:19:41 +00:00 by hongming · 1 comment
hongming commented 2026-05-21 22:19:41 +00:00
Owner
Copy Link
Copy Source

Problem

Runtime publish runtime-v0.2.0 published the wheel successfully, but the cascade job failed when it tried to push .runtime-version directly to protected template main branches.

Observed run:

  • molecule-ai-workspace-runtime publish-runtime.yml run 91776
  • publish job succeeded
  • cascade job failed
  • failure line: Gitea: Not allowed to push to protected branch main
  • templates reported: claude-code:push hermes:push openclaw:push langgraph:push autogen:push

Why this matters

The runtime repo is SSOT. If publish succeeds but the template pins do not update, adapters can drift silently or consume an older runtime despite source being merged and packaged.

Fix direction

Change .gitea/workflows/publish-runtime.yml cascade from direct push to protected main into one PR per template repo, e.g. branch chore/runtime-<version> with .runtime-version update, PR title chore(runtime): bump runtime to <version>. If the PR already exists, update/reuse it.

Acceptance

  • publish cascade no longer pushes directly to protected main.
  • cascade creates or updates PRs for claude-code, hermes, openclaw, codex, langgraph, autogen.
  • cascade reports PR URLs in the workflow summary.
  • missing/no-op pins are treated explicitly: if template is already at the version, report no-op; otherwise PR must exist.

Parent: internal#638
Related runtime PR: molecule-ai-workspace-runtime#39
Related Hermes manual pin PR: molecule-ai-workspace-template-hermes#48

## Problem Runtime publish `runtime-v0.2.0` published the wheel successfully, but the cascade job failed when it tried to push `.runtime-version` directly to protected template `main` branches. Observed run: - molecule-ai-workspace-runtime publish-runtime.yml run 91776 - publish job succeeded - cascade job failed - failure line: `Gitea: Not allowed to push to protected branch main` - templates reported: `claude-code:push hermes:push openclaw:push langgraph:push autogen:push` ## Why this matters The runtime repo is SSOT. If publish succeeds but the template pins do not update, adapters can drift silently or consume an older runtime despite source being merged and packaged. ## Fix direction Change `.gitea/workflows/publish-runtime.yml` cascade from direct push to protected `main` into one PR per template repo, e.g. branch `chore/runtime-<version>` with `.runtime-version` update, PR title `chore(runtime): bump runtime to <version>`. If the PR already exists, update/reuse it. ## Acceptance - publish cascade no longer pushes directly to protected main. - cascade creates or updates PRs for claude-code, hermes, openclaw, codex, langgraph, autogen. - cascade reports PR URLs in the workflow summary. - missing/no-op pins are treated explicitly: if template is already at the version, report no-op; otherwise PR must exist. Parent: internal#638 Related runtime PR: molecule-ai-workspace-runtime#39 Related Hermes manual pin PR: molecule-ai-workspace-template-hermes#48
hongming commented 2026-05-21 22:41:50 +00:00
Author
Owner
Copy Link
Copy Source

Resolved by PR #41: publish-runtime cascade now opens template PRs instead of pushing protected main branches directly. PR CI was green and merged; no further direct-push path remains in the workflow.

Resolved by PR #41: publish-runtime cascade now opens template PRs instead of pushing protected main branches directly. PR CI was green and merged; no further direct-push path remains in the workflow.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) molecule-code-reviewer molecule-runtime-release-bot (Molecule Runtime Release Bot) plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-ai-workspace-runtime#40
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?