diff --git a/.gitea/workflows/publish-canvas-image.yml b/.gitea/workflows/publish-canvas-image.yml index 9aedadd6..818a4cad 100644 --- a/.gitea/workflows/publish-canvas-image.yml +++ b/.gitea/workflows/publish-canvas-image.yml @@ -49,13 +49,17 @@ jobs: # bp-exempt: post-merge image publication side effect; CI / all-required gates source changes. build-and-push: name: Build & push canvas image - # REVERTED (infra/revert-docker-runner-label): `runs-on: ubuntu-latest` restored. - # The `docker` label is not registered on any act_runner. `runs-on: [ubuntu-latest, docker]` - # causes jobs to queue indefinitely with zero eligible runners — strictly worse than the - # pre-#599 coin-flip (50% success rate). Once the `docker` label is registered on - # ≥2 runners, re-apply the fix from #599 (infra/docker-runner-label). - # See issue #576 + infra-lead pulse ~00:30Z. - runs-on: ubuntu-latest + # Dedicated publish/release lane (internal#462 / #394 / #399). Ship + # path (on: push:main, canvas/**) — reserved capacity so a merged + # canvas fix's image build never FIFO-queues behind PR required-CI. + # The `publish` label resolves ONLY to the molecule-runner-publish-* + # sub-pool (config.publish.yaml). HARD DEPENDENCY: this MUST land + # AFTER the publish-lane runners are registered/advertising `publish` + # — the earlier #599 `docker` label attempt queued indefinitely with + # zero eligible runners precisely because the label was targeted + # before any runner advertised it (see #576). The lane is registered + # in this rollout (internal#462) so the precondition holds. + runs-on: publish # Phase 3 (RFC #219 §1): surface broken workflows without blocking. # mc#774: pre-existing continue-on-error mask; root-fix and remove, do not renew silently. continue-on-error: true diff --git a/.gitea/workflows/publish-runtime.yml b/.gitea/workflows/publish-runtime.yml index fe46e812..c96307ab 100644 --- a/.gitea/workflows/publish-runtime.yml +++ b/.gitea/workflows/publish-runtime.yml @@ -66,7 +66,10 @@ concurrency: jobs: publish: - runs-on: ubuntu-latest + # Dedicated publish/release lane (internal#462 / #394 / #399). Ship + # path (on: push tag runtime-v*) — reserved capacity, never FIFO + # behind PR-CI. `publish` resolves only to molecule-runner-publish-*. + runs-on: publish outputs: version: ${{ steps.version.outputs.version }} wheel_sha256: ${{ steps.wheel_hash.outputs.wheel_sha256 }} @@ -166,7 +169,9 @@ jobs: cascade: needs: publish - runs-on: ubuntu-latest + # Publish/release lane (internal#462) — downstream of the runtime + # publish ship job; keep it on the reserved lane too. + runs-on: publish steps: - name: Wait for PyPI to propagate the new version env: diff --git a/.gitea/workflows/publish-workspace-server-image.yml b/.gitea/workflows/publish-workspace-server-image.yml index 02a42962..3f70ca2b 100644 --- a/.gitea/workflows/publish-workspace-server-image.yml +++ b/.gitea/workflows/publish-workspace-server-image.yml @@ -54,7 +54,14 @@ env: jobs: build-and-push: - runs-on: ubuntu-latest + # Dedicated publish/release lane (internal#462 / #394 / #399). This + # is a post-merge ship job (on: push:main) — it must NOT FIFO-compete + # with PR required-CI on the shared pool (PR#1350's prod image build + # was delayed ~25min this way). The `publish` label resolves ONLY to + # the reserved molecule-runner-publish-* sub-pool (config.publish.yaml, + # OUTSIDE the managed 1..20 range) so a merged fix's image build + # starts immediately while PR-CI keeps the general pool. + runs-on: publish steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -181,7 +188,9 @@ jobs: name: Production auto-deploy needs: build-and-push if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} - runs-on: ubuntu-latest + # Publish/release lane (internal#462) — production deploy of a merged + # fix; reserved capacity, never queued behind PR-CI. + runs-on: publish timeout-minutes: 75 env: CP_URL: ${{ vars.PROD_CP_URL || 'https://api.moleculesai.app' }} diff --git a/.gitea/workflows/redeploy-tenants-on-main.yml b/.gitea/workflows/redeploy-tenants-on-main.yml index 259df556..f458501c 100644 --- a/.gitea/workflows/redeploy-tenants-on-main.yml +++ b/.gitea/workflows/redeploy-tenants-on-main.yml @@ -68,7 +68,10 @@ jobs: # bp-exempt: production redeploy is a side-effect workflow, not a merge gate. redeploy: if: ${{ github.event_name == 'workflow_dispatch' }} - runs-on: ubuntu-latest + # Dedicated publish/release lane (internal#462 / #394 / #399). + # Production tenant redeploy — a deploy action, reserved capacity so + # it never queues behind PR-CI. `publish` -> molecule-runner-publish-*. + runs-on: publish # Phase 3 (RFC #219 §1): surface broken workflows without blocking. # mc#774: pre-existing continue-on-error mask; root-fix and remove, do not renew silently. continue-on-error: true diff --git a/.gitea/workflows/redeploy-tenants-on-staging.yml b/.gitea/workflows/redeploy-tenants-on-staging.yml index 98f6b227..534a977e 100644 --- a/.gitea/workflows/redeploy-tenants-on-staging.yml +++ b/.gitea/workflows/redeploy-tenants-on-staging.yml @@ -75,7 +75,10 @@ env: jobs: # bp-exempt: post-merge staging redeploy side effect; CI / all-required gates source changes. redeploy: - runs-on: ubuntu-latest + # Dedicated publish/release lane (internal#462 / #394 / #399). + # Post-merge staging redeploy — a deploy action, reserved capacity. + # `publish` -> molecule-runner-publish-* sub-pool. + runs-on: publish # Phase 3 (RFC #219 §1): surface broken workflows without blocking. # mc#774: pre-existing continue-on-error mask; root-fix and remove, do not renew silently. continue-on-error: true