fix(ci): revert MOLECULE_STAGING_ADMIN_TOKEN → CP_STAGING_ADMIN_API_TOKEN
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 15s
CI / Detect changes (pull_request) Successful in 52s
Harness Replays / detect-changes (pull_request) Failing after 19s
Harness Replays / Harness Replays (pull_request) Has been skipped
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 14s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 1m2s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 18s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 1m2s
sop-tier-check / tier-check (pull_request) Successful in 21s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 47s
CI / Platform (Go) (pull_request) Successful in 7s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 5s
CI / Python Lint & Test (pull_request) Successful in 7s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 9s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 8s
E2E API Smoke Test / detect-changes (pull_request) Failing after 10m47s
CI / Canvas (Next.js) (pull_request) Failing after 9m30s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7m41s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Has been cancelled
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 15s
CI / Detect changes (pull_request) Successful in 52s
Harness Replays / detect-changes (pull_request) Failing after 19s
Harness Replays / Harness Replays (pull_request) Has been skipped
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 14s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 1m2s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 18s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 1m2s
sop-tier-check / tier-check (pull_request) Successful in 21s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 47s
CI / Platform (Go) (pull_request) Successful in 7s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 5s
CI / Python Lint & Test (pull_request) Successful in 7s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 9s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 8s
E2E API Smoke Test / detect-changes (pull_request) Failing after 10m47s
CI / Canvas (Next.js) (pull_request) Failing after 9m30s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7m41s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Has been cancelled
Empirical verification (claude-ceo-assistant, hongming-pc2 reviews): MOLECULE_STAGING_ADMIN_TOKEN does NOT exist in the Gitea org/repo secret store. The confirmed-existing staging admin token is CP_STAGING_ADMIN_API_TOKEN (populated during the Class-A run from staging-CP's CP_ADMIN_API_TOKEN Railway env). Revert the MOLECULE_STAGING_ADMIN_TOKEN secret reference in continuous-synth-e2e.yml and redeploy-tenants-on-staging.yml back to CP_STAGING_ADMIN_API_TOKEN. Keep the env-var names the script uses internally (MOLECULE_ADMIN_TOKEN / MOLECULE_STAGING_ADMIN_TOKEN) since those are just variable names — what matters is which Gitea secret provides the value. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
parent
5caa1a8548
commit
28f5f9b97e
@ -131,7 +131,7 @@ jobs:
|
||||
# Forced false for cron; respected for manual dispatch
|
||||
E2E_KEEP_ORG: ${{ github.event.inputs.keep_org == 'true' && '1' || '' }}
|
||||
MOLECULE_CP_URL: ${{ vars.STAGING_CP_URL || 'https://staging-api.moleculesai.app' }}
|
||||
MOLECULE_ADMIN_TOKEN: ${{ secrets.MOLECULE_STAGING_ADMIN_TOKEN }}
|
||||
MOLECULE_ADMIN_TOKEN: ${{ secrets.CP_STAGING_ADMIN_API_TOKEN }}
|
||||
# MiniMax key is the canary's PRIMARY auth path. claude-code
|
||||
# template's `minimax` provider routes ANTHROPIC_BASE_URL to
|
||||
# api.minimax.io/anthropic and reads MINIMAX_API_KEY at boot.
|
||||
@ -168,8 +168,8 @@ jobs:
|
||||
# can read the verify-secrets step's stderr — the failure is
|
||||
# itself the verification signal.
|
||||
if [ -z "${MOLECULE_ADMIN_TOKEN:-}" ]; then
|
||||
echo "::error::MOLECULE_STAGING_ADMIN_TOKEN secret missing — synth E2E cannot run"
|
||||
echo "::error::Set it at Settings → Secrets and Variables → Actions (same secret used by canary-staging.yml and all e2e-staging workflows)."
|
||||
echo "::error::CP_STAGING_ADMIN_API_TOKEN secret missing — synth E2E cannot run"
|
||||
echo "::error::Set it at Settings → Secrets and Variables → Actions; pull from staging-CP's CP_ADMIN_API_TOKEN env in Railway."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
@ -90,16 +90,13 @@ jobs:
|
||||
run: sleep 30
|
||||
|
||||
- name: Call staging-CP redeploy-fleet
|
||||
# MOLECULE_STAGING_ADMIN_TOKEN must be set as a repo/org secret
|
||||
# CP_STAGING_ADMIN_API_TOKEN must be set as a repo/org secret
|
||||
# on molecule-ai/molecule-core. This is the confirmed-existing
|
||||
# staging CP admin token (also used by canary-staging.yml and
|
||||
# all e2e-staging-*.yml workflows). The alternative name
|
||||
# CP_STAGING_ADMIN_API_TOKEN (per the original port comment) was
|
||||
# never populated in Gitea per issue #425 §425 audit. Using the
|
||||
# confirmed-working MOLECULE_STAGING_ADMIN_TOKEN instead.
|
||||
# staging CP admin token. Pull the value from staging-CP's
|
||||
# CP_ADMIN_API_TOKEN env in Railway (per the original port comment).
|
||||
env:
|
||||
CP_URL: ${{ vars.STAGING_CP_URL || 'https://staging-api.moleculesai.app' }}
|
||||
MOLECULE_STAGING_ADMIN_TOKEN: ${{ secrets.MOLECULE_STAGING_ADMIN_TOKEN }}
|
||||
MOLECULE_STAGING_ADMIN_TOKEN: ${{ secrets.CP_STAGING_ADMIN_API_TOKEN }}
|
||||
TARGET_TAG: ${{ inputs.target_tag || 'staging-latest' }}
|
||||
CANARY_SLUG: ${{ inputs.canary_slug || '' }}
|
||||
SOAK_SECONDS: ${{ inputs.soak_seconds || '60' }}
|
||||
@ -114,13 +111,13 @@ jobs:
|
||||
# serve stale staging tenants. Soft-skip on operator dispatch.
|
||||
if [ -z "${MOLECULE_STAGING_ADMIN_TOKEN:-}" ]; then
|
||||
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
|
||||
echo "::warning::MOLECULE_STAGING_ADMIN_TOKEN secret not set — skipping redeploy"
|
||||
echo "::warning::Set MOLECULE_STAGING_ADMIN_TOKEN in repo secrets to enable auto-redeploy."
|
||||
echo "::notice::This secret is shared with canary-staging.yml and all e2e-staging workflows."
|
||||
echo "::warning::CP_STAGING_ADMIN_API_TOKEN secret not set — skipping redeploy"
|
||||
echo "::warning::Set CP_STAGING_ADMIN_API_TOKEN in repo secrets to enable auto-redeploy."
|
||||
echo "::notice::Pull the value from staging-CP's CP_ADMIN_API_TOKEN env in Railway."
|
||||
exit 0
|
||||
fi
|
||||
echo "::error::staging redeploy cannot run — MOLECULE_STAGING_ADMIN_TOKEN secret missing"
|
||||
echo "::error::set it at Settings → Secrets and Variables → Actions (same secret used by canary-staging.yml)."
|
||||
echo "::error::staging redeploy cannot run — CP_STAGING_ADMIN_API_TOKEN secret missing"
|
||||
echo "::error::set it at Settings → Secrets and Variables → Actions; pull from staging-CP's CP_ADMIN_API_TOKEN env in Railway."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user