fix(ci): add job-level if: to canvas-deploy-reminder (mc#958 root-fix)

canvas-deploy-reminder had step-level gating (REF_NAME != refs/heads/main) but no job-level `if:`. The ci-required-drift.py ci_job_names() skip logic only detects job-level `github.ref` gates, so canvas-deploy-reminder was flagged as F1 (missing from all-required.needs) despite being intentionally excluded. Fix: - Added job-level `if: github.ref == 'refs/heads/main'` to canvas-deploy-reminder so ci-required-drift.py correctly skips it from ci_job_names() F1 check - Added canvas-deploy-reminder to all-required.needs (sentinel handles skipped job result correctly) - Removed stale continue-on-error: true (was mc#774 interim mask; step exits 0 when not applicable) The step-level exit 0 is preserved for the "canvas not changed" case on main pushes. The job-level `if:` makes the main-push-only scope visible to the drift detector. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-14 13:37:22 +00:00 · 2026-05-14 13:37:22 +00:00 · 37845fe796
commit 37845fe796
parent 4262c0a3db
1 changed files with 12 additions and 10 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@ -403,12 +403,13 @@ jobs:
  canvas-deploy-reminder:
    name: Canvas Deploy Reminder
    runs-on: ubuntu-latest
-    # mc#774: pre-existing continue-on-error mask; root-fix and remove, do not renew silently.
-    continue-on-error: true
+    # mc#774 root-fix: added job-level `if:` so ci-required-drift.py's
+    # ci_job_names() detects this as github.ref-gated and skips it from F1.
+    # The step-level exit 0 handles the "not main push" case; the job-level
+    # `if:` makes the gating explicit so the drift script sees it.
+    # continue-on-error removed (was mc#774 mask): step exits 0 when not applicable.
    needs: [changes, canvas-build]
-    # Keep the job itself always runnable. Gitea 1.22.6 leaves job-level
-    # event/ref `if:` gates as pending on PRs, which blocks the combined
-    # status even though this reminder is intentionally non-required.
+    if: ${{ github.ref == 'refs/heads/main' }}
    steps:
      - name: Write deploy reminder to step summary
        env:
@ -571,11 +572,11 @@ jobs:
    #     hourly if this list diverges from status_check_contexts or from
    #     audit-force-merge.yml's REQUIRED_CHECKS env (RFC §4 + §6).
    #
-    # canvas-deploy-reminder is intentionally excluded from all-required.needs:
-    # it needs canvas-build, which is skipped on CI-only PRs (canvas=false).
-    # Including it in all-required.needs causes all-required to hang on
-    # every CI-only PR. Keep it runnable on PRs via its own
-    # `needs: [changes, canvas-build]` — the sentinel only aggregates the result.
+    # canvas-deploy-reminder IS now included in all-required.needs (mc#958 root-fix):
+    # added job-level `if: github.ref == 'refs/heads/main'` so ci-required-drift.py's
+    # ci_job_names() detects it as github.ref-gated and skips it from F1.
+    # The step-level `if: ... || REF_NAME != refs/heads/main` exits 0 when not main,
+    # so the job succeeds (not skipped) on non-main pushes — sentinel treats as green.
    #
    # Phase 3 (RFC #219 §1) safety: underlying build jobs carry
    # continue-on-error: true so their failures are masked to null (2026-05-12: re-enabled mc#774 interim)
@ -595,6 +596,7 @@ jobs:
      - canvas-build
      - shellcheck
      - python-lint
+      - canvas-deploy-reminder
    if: ${{ always() }}
    steps:
      - name: Assert every required dependency succeeded