molecule-ci

History

Hongming Wang 375bcc4376 ci(validate-workspace-template): add Template validation aggregator The workflow was refactored from one `validate` job (display name "Template validation") into matrix-named validate-static + validate-runtime jobs ("(static)" / "(runtime)" suffixes) for fork-PR security. The new check names — `validate / Template validation (static)` and `validate / Template validation (runtime)` — never match the original `validate / Template validation` that template-repo branch protection requires. Result: auto-merge silently hangs in BLOCKED forever on every template repo because the required check never reports. Add a third aggregator job `template-validation` (display name "Template validation") that depends on both real jobs and emits the original check name. `if: always()` so it reports out even when validate-static fails — without that GitHub marks the aggregator SKIPPED and branch protection still blocks because the required check never reaches a final state. Treats `skipped` as pass for validate-runtime so fork PRs (where runtime is intentionally skipped on the security gate) don't become un-mergeable. Caught while shipping the boot-smoke fixes for openclaw#11 and hermes#29 — both PRs sat BLOCKED with all real checks green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-30 23:01:01 -07:00
..
workflows	ci(validate-workspace-template): add Template validation aggregator	2026-04-30 23:01:01 -07:00

Hongming Wang 375bcc4376 ci(validate-workspace-template): add Template validation aggregator

The workflow was refactored from one `validate` job (display name
"Template validation") into matrix-named validate-static +
validate-runtime jobs ("(static)" / "(runtime)" suffixes) for
fork-PR security. The new check names — `validate / Template
validation (static)` and `validate / Template validation
(runtime)` — never match the original `validate / Template
validation` that template-repo branch protection requires. Result:
auto-merge silently hangs in BLOCKED forever on every template
repo because the required check never reports.

Add a third aggregator job `template-validation` (display name
"Template validation") that depends on both real jobs and emits
the original check name. `if: always()` so it reports out even
when validate-static fails — without that GitHub marks the
aggregator SKIPPED and branch protection still blocks because the
required check never reaches a final state.

Treats `skipped` as pass for validate-runtime so fork PRs (where
runtime is intentionally skipped on the security gate) don't
become un-mergeable.

Caught while shipping the boot-smoke fixes for openclaw#11 and
hermes#29 — both PRs sat BLOCKED with all real checks green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-30 23:01:01 -07:00

workflows

ci(validate-workspace-template): add Template validation aggregator

2026-04-30 23:01:01 -07:00