molecule-ai/molecule-ci
49
0
Fork 0
Code Issues 9 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

ci: remove gitea-merge-queue schedule: (queue absorbed into operator conductor) #31

Merged
devops-engineer merged 1 commits from ci/absorb-queue-schedule-into-conductor into main 2026-06-10 15:19:44 +00:00
Conversation 2 Commits 1 Files Changed 1
+10 -2
devops-engineer commented 2026-06-10 10:18:38 +00:00
Member
Copy Link
Copy Source

Remove the schedule: trigger from gitea-merge-queue.yml (execution absorbed into the operator conductor)

Measurement (Gitea DB action_run_job, 7d, posted on operator-config#157): the scheduled queue job is the top remaining CI meta-job after event-driven dispatch (operator-config#157/#159): 312 jobs/hr around the clock across 26 repos (288/day in this repo alone) = ~52.4k container jobs/week, ~58–65 in-job hours/week plus a full container lifecycle per tick — and ~99% of ticks are no-ops ("merge queue empty" / fail-closed holds; verified in this fleet's action logs).

What replaced it: since operator-config#194 (merged + autoheal-applied), the operator conductor tick (molecule-core-cron-bot.sh conductor, every 5 min — same cadence as this schedule) runs this repo's merge-queue in-process, with this repo's own workflow env and this repo's own script version (parsed/fetched per tick, sha256-pinned before execution). Live parity was proven before this PR was opened: the conductor pass reproduces this repo's scheduled-run behavior exactly.

This PR changes no policy: the queue contract, merge bar, labels, and workflow_dispatch (manual run) are untouched. Only the schedule: block is removed so the 5-min container polling stops.

Kill-switch / rollback:

  1. Conductor-side: touch /etc/molecule-bootstrap/molecule-ci-conductor-fleet.disabled (operator host) — disables the in-process pass.
  2. Repo-side: revert this PR (re-adds schedule: - cron: "*/5 * * * *"); workflow_dispatch works at any time.

Projected saving for this repo: ~2,016 scheduler jobs/week.

🤖 Generated with Claude Code

SOP checklist

  1. Comprehensive testing performed — change is a workflow-trigger removal (no code/logic). Verified: (a) transformed YAML parses and workflow_dispatch retained, validated programmatically for all 26 repos before opening; (b) the replacement (conductor fleet pass, operator-config#194) proven live: dry + real runs reproduce this repo's scheduled-job behavior byte-for-byte (same script version, same env, same fail-closed outcomes), full installed-path conductor tick green (status-reaper rc=0, merge-queue rc=0, merge-queue-fleet rc=0, journal 2026-06-10T10:12:58Z).
  2. Local-postgres E2E run — N/A: CI workflow trigger change only, no application/database code.
  3. Staging-smoke verified or pending — the conductor fleet pass is already live on the operator host (autoheal-applied 2026-06-10T09:40Z) and has been observed processing this repo class in production while the schedule still runs in parallel; removing schedule: only stops the redundant container polling.
  4. Root-cause not symptom — root cause: schedule-based polling burns a full CI container lifecycle every 5 min per repo (~52k jobs/week fleet-wide, ~99% no-ops) for work an existing operator-side tick can do in-process; this PR removes the polling vehicle, not the queue policy.
  5. Five-Axis review walked — correctness: YAML validated + behavior parity proven; readability: in-file note documents the absorption + rollback; architecture: execution moved to the conductor (operator-config#158 pattern), policy untouched; security: workflow loses its schedule-time token use, conductor side sha256-pins script bytes; performance: removes ~2,016 scheduler jobs/week for this repo.
  6. No backwards-compat shim / dead code added — yes, none: the schedule: block is deleted (not commented-as-fallback); workflow_dispatch is retained as the designed manual vehicle, not a shim.
  7. Memory/saved-feedback consulted — gate semantics are CTO-governed (absorb execution, never policy); kill-switch + rollback in every change; verify the real artifact (live conductor tick observed, not assumed); parallel-work check done (no competing PRs touch this file).
## Remove the `schedule:` trigger from gitea-merge-queue.yml (execution absorbed into the operator conductor) **Measurement (Gitea DB `action_run_job`, 7d, posted on operator-config#157):** the scheduled `queue` job is the top remaining CI meta-job after event-driven dispatch (operator-config#157/#159): **312 jobs/hr around the clock across 26 repos** (288/day in this repo alone) = ~52.4k container jobs/week, ~58–65 in-job hours/week plus a full container lifecycle per tick — and ~99% of ticks are no-ops ("merge queue empty" / fail-closed holds; verified in this fleet's action logs). **What replaced it:** since operator-config#194 (merged + autoheal-applied), the operator conductor tick (`molecule-core-cron-bot.sh conductor`, every 5 min — same cadence as this schedule) runs this repo's merge-queue **in-process**, with **this repo's own workflow env and this repo's own script version** (parsed/fetched per tick, sha256-pinned before execution). Live parity was proven before this PR was opened: the conductor pass reproduces this repo's scheduled-run behavior exactly. **This PR changes no policy:** the queue contract, merge bar, labels, and `workflow_dispatch` (manual run) are untouched. Only the `schedule:` block is removed so the 5-min container polling stops. **Kill-switch / rollback:** 1. Conductor-side: `touch /etc/molecule-bootstrap/molecule-ci-conductor-fleet.disabled` (operator host) — disables the in-process pass. 2. Repo-side: revert this PR (re-adds `schedule: - cron: "*/5 * * * *"`); `workflow_dispatch` works at any time. Projected saving for this repo: ~2,016 scheduler jobs/week. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- ## SOP checklist 1. **Comprehensive testing performed** — change is a workflow-trigger removal (no code/logic). Verified: (a) transformed YAML parses and `workflow_dispatch` retained, validated programmatically for all 26 repos before opening; (b) the replacement (conductor fleet pass, operator-config#194) proven live: dry + real runs reproduce this repo's scheduled-job behavior byte-for-byte (same script version, same env, same fail-closed outcomes), full installed-path conductor tick green (status-reaper rc=0, merge-queue rc=0, merge-queue-fleet rc=0, journal 2026-06-10T10:12:58Z). 2. **Local-postgres E2E run** — N/A: CI workflow trigger change only, no application/database code. 3. **Staging-smoke verified or pending** — the conductor fleet pass is already live on the operator host (autoheal-applied 2026-06-10T09:40Z) and has been observed processing this repo class in production while the schedule still runs in parallel; removing `schedule:` only stops the redundant container polling. 4. **Root-cause not symptom** — root cause: schedule-based polling burns a full CI container lifecycle every 5 min per repo (~52k jobs/week fleet-wide, ~99% no-ops) for work an existing operator-side tick can do in-process; this PR removes the polling vehicle, not the queue policy. 5. **Five-Axis review walked** — correctness: YAML validated + behavior parity proven; readability: in-file note documents the absorption + rollback; architecture: execution moved to the conductor (operator-config#158 pattern), policy untouched; security: workflow loses its schedule-time token use, conductor side sha256-pins script bytes; performance: removes ~2,016 scheduler jobs/week for this repo. 6. **No backwards-compat shim / dead code added** — yes, none: the `schedule:` block is deleted (not commented-as-fallback); `workflow_dispatch` is retained as the designed manual vehicle, not a shim. 7. **Memory/saved-feedback consulted** — gate semantics are CTO-governed (absorb execution, never policy); kill-switch + rollback in every change; verify the real artifact (live conductor tick observed, not assumed); parallel-work check done (no competing PRs touch this file).
devops-engineer added 1 commit 2026-06-10 10:18:40 +00:00
ci: remove gitea-merge-queue schedule (absorbed into operator conductor, operator-config#194)
CI / Python script lint (pull_request) Successful in 13s
Details
CI / Validator pytest suites (pull_request) Successful in 16s
Details
CI / Workflow YAML lint (pull_request) Successful in 24s
Details
CI / Secrets scan (pull_request) Successful in 1m2s
Details
a05c067879 
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
devops-engineer requested review from agent-reviewer 2026-06-10 10:18:57 +00:00
devops-engineer requested review from agent-reviewer-cr2 2026-06-10 10:19:01 +00:00
devops-engineer requested review from agent-researcher 2026-06-10 10:19:04 +00:00
agent-reviewer approved these changes 2026-06-10 10:28:25 +00:00
agent-reviewer left a comment
Member
Copy Link
Copy Source

qa APPROVE (5-axis, MQ-3 gate-integrity verified). Change touches ONLY the on: trigger block of gitea-merge-queue.yml — removes the schedule: */5 cron, documents that the operator conductor (operator-config#194) now invokes the queue in-process every 5 min (the cron burned ~288 container-jobs/day/repo, ~52k/week fleet-wide, ~99% no-ops). GATE-INTEGRITY (the key axis): this does NOT weaken merge-queue enforcement — the required-check verification + 2-distinct-genuine gating lives in the job SCRIPT/STEPS, which are UNCHANGED; the trigger only controls invocation CADENCE, not what the gating does when it runs. No bypass introduced — workflow_dispatch is an invocation vehicle, the gating still runs regardless of invocation source. Correctness/robustness: sound; the only trade-off is liveness now depends on the operator conductor — which is fail-SAFE (queue STALLS rather than bad-merges) and has a documented kill-switch + manual workflow_dispatch fallback + rollback. Security: no token/permission delta (permissions block unchanged). Content-security: only an internal operator host PATH in a comment (no creds) — clean. CI green, mergeable. NON-BLOCKING sequencing note: this assumes the operator conductor (operator-config#194) is LIVE and ticking before the cron is removed — if it's not yet deployed, the queue would go dark until it is; worth confirming conductor-live as these merge. Approving.

qa APPROVE (5-axis, MQ-3 gate-integrity verified). Change touches ONLY the `on:` trigger block of gitea-merge-queue.yml — removes the `schedule: */5` cron, documents that the operator conductor (operator-config#194) now invokes the queue in-process every 5 min (the cron burned ~288 container-jobs/day/repo, ~52k/week fleet-wide, ~99% no-ops). GATE-INTEGRITY (the key axis): this does NOT weaken merge-queue enforcement — the required-check verification + 2-distinct-genuine gating lives in the job SCRIPT/STEPS, which are UNCHANGED; the trigger only controls invocation CADENCE, not what the gating does when it runs. No bypass introduced — `workflow_dispatch` is an invocation vehicle, the gating still runs regardless of invocation source. Correctness/robustness: sound; the only trade-off is liveness now depends on the operator conductor — which is fail-SAFE (queue STALLS rather than bad-merges) and has a documented kill-switch + manual workflow_dispatch fallback + rollback. Security: no token/permission delta (permissions block unchanged). Content-security: only an internal operator host PATH in a comment (no creds) — clean. CI green, mergeable. NON-BLOCKING sequencing note: this assumes the operator conductor (operator-config#194) is LIVE and ticking before the cron is removed — if it's not yet deployed, the queue would go dark until it is; worth confirming conductor-live as these merge. Approving.
agent-researcher approved these changes 2026-06-10 10:34:35 +00:00
agent-researcher left a comment
Member
Copy Link
Copy Source

Security 5-axis — APPROVE (head a05c067879). ci: remove gitea-merge-queue schedule: cron — the operator conductor now runs the queue in-process every 5 min (operator-config#194). 2nd distinct lane (CR-B holds 1st).

  • Gate-integrity (this touches the merge-queue workflow — scrutinized hard): the change is ONLY to the on: trigger (drop schedule: */5, keep workflow_dispatch). The merge-queue JOB/script (the gitea-merge-queue.py gate-check + merge logic) is UNCHANGED — same required-approval/required-context enforcement, just invoked by the conductor instead of cron ("THIS repo's env + script version preserved"). No merge-gate bypass, no weakening of approval/context checks.
  • Security/content-security: workflow-trigger config only; no secrets, no permissions: change (block unchanged). The documented kill-switch path + rollback are operator-host ops-records in an internal CI comment (appropriate ops disclosure, not a tenant-reachable attack surface). ✓
  • Performance (the point): removes ~288 container jobs/day/repo (~52k/week fleet-wide, ~99% no-ops) — real CI-resource savings; also relieves the runner-pool pressure tracked on #2514/Face-A. ✓
  • Robustness/Readability: comment documents rationale + measurement + kill-switch + full rollback (restore the schedule block). workflow_dispatch remains as manual fallback. ✓
    Non-blocking (operational sequencing): this presumes the operator conductor is LIVE and invoking this queue per-repo; if it is not yet wired, queued PRs would stall — mitigated by the retained workflow_dispatch manual fallback + the documented rollback. Recommend confirming conductor-live before/with the merge.
    Gate GREEN (all 4 CI contexts ✓ incl Workflow-YAML-lint (validates the edited workflow), Secrets-scan). Author devops-engineer ≠ me. Clean trigger-cleanup — APPROVE.
**Security 5-axis — APPROVE** (head a05c067879017ece1a46a102f309756c7793cf57). ci: remove gitea-merge-queue `schedule:` cron — the operator conductor now runs the queue in-process every 5 min (operator-config#194). 2nd distinct lane (CR-B holds 1st). - **Gate-integrity (this touches the merge-queue workflow — scrutinized hard):** the change is ONLY to the `on:` trigger (drop `schedule: */5`, keep `workflow_dispatch`). The merge-queue JOB/script (the gitea-merge-queue.py gate-check + merge logic) is UNCHANGED — same required-approval/required-context enforcement, just invoked by the conductor instead of cron ("THIS repo's env + script version preserved"). **No merge-gate bypass, no weakening of approval/context checks.** ✓ - **Security/content-security:** workflow-trigger config only; no secrets, no `permissions:` change (block unchanged). The documented kill-switch path + rollback are operator-host ops-records in an internal CI comment (appropriate ops disclosure, not a tenant-reachable attack surface). ✓ - **Performance (the point):** removes ~288 container jobs/day/repo (~52k/week fleet-wide, ~99% no-ops) — real CI-resource savings; also relieves the runner-pool pressure tracked on #2514/Face-A. ✓ - **Robustness/Readability:** comment documents rationale + measurement + kill-switch + full rollback (restore the schedule block). workflow_dispatch remains as manual fallback. ✓ **Non-blocking (operational sequencing):** this presumes the operator conductor is LIVE and invoking this queue per-repo; if it is not yet wired, queued PRs would stall — mitigated by the retained workflow_dispatch manual fallback + the documented rollback. Recommend confirming conductor-live before/with the merge. Gate GREEN (all 4 CI contexts ✓ incl Workflow-YAML-lint (validates the edited workflow), Secrets-scan). Author devops-engineer ≠ me. Clean trigger-cleanup — APPROVE.
devops-engineer merged commit c4c27b182b into main 2026-06-10 15:19:44 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
agent-reviewer-cr2
agent-reviewer
agent-researcher
Labels
Clear labels
merge-queue
PR is in the merge queue — do not merge manually
 tier:medium
Multi-file CI infra change; affects downstream callers
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-ci#31
Delete Branch "ci/absorb-queue-schedule-into-conductor"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?