From 5c9758013301204dfa5a8895d50279af331edc79 Mon Sep 17 00:00:00 2001 From: Molecule AI Core-DevOps Date: Mon, 11 May 2026 16:48:58 +0000 Subject: [PATCH] fix(ci): scope operational workflows to intended trigger windows (#504, #419) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Issue #504: e2e-staging-saas.yml had BOTH push:[main] + pull_request:[main]. This caused the full 25-35 min staging provision+teardown cycle to fire on every PR push to main (in addition to the push trigger). The pull_request trigger is removed — branch protection ensures only merged code reaches main, so push:[main] is sufficient. Pre-merge E2E for provisioning paths is better served by local harness-replays.yml (which stays push+pull_request). Issue #419: gate-check-v3.yml had workflow_dispatch.inputs which Gitea 1.22.6 parser rejects with "unknown on type" (it mis-treats the inputs sub-keys as top-level on: event types). The entire workflow was silently ignored. Dropping the inputs block restores parsing. Manual dispatch from the Gitea UI works without the schema (github.event.inputs.X returns empty; the script iterates all open PRs when PR_NUMBER is empty). Co-Authored-By: Claude Opus 4.7 --- .gitea/workflows/e2e-staging-saas.yml | 25 +++++++++---------------- .gitea/workflows/gate-check-v3.yml | 17 +++++++---------- 2 files changed, 16 insertions(+), 26 deletions(-) diff --git a/.gitea/workflows/e2e-staging-saas.yml b/.gitea/workflows/e2e-staging-saas.yml index bfc83b82..bbd6ca0a 100644 --- a/.gitea/workflows/e2e-staging-saas.yml +++ b/.gitea/workflows/e2e-staging-saas.yml @@ -24,17 +24,19 @@ name: E2E Staging SaaS (full lifecycle) # PRs don't need to read. # # Triggers: -# - Push to main (regression guard) +# - Push to main (regression guard — fires on merges to main, not on PR updates) # - workflow_dispatch (manual re-run from UI) # - Nightly cron (catches drift even when no pushes land) -# - Changes to any provisioning-critical file under PR review (opt-in -# via the same paths watcher that e2e-api.yml uses) +# +# NOTE: `pull_request` trigger intentionally omitted. This workflow runs a +# full 25-35 min staging provision + teardown cycle. Firing it on every +# PR push to main (in addition to the push trigger) causes duplicate runs +# and wastes runner minutes. Branch protection ensures only merged code +# reaches main, so the push trigger is sufficient. Pre-merge E2E validation +# for provisioning-critical paths is better served by local `harness-replays.yml`. on: # Trunk-based (Phase 3 of internal#81): main is the only branch. - # Previously this fired on staging push too because staging was a - # superset of main and ran the gate ahead of auto-promote; with no - # staging branch, main is where E2E gates the deploy. push: branches: [main] paths: @@ -45,16 +47,7 @@ on: - 'workspace-server/internal/provisioner/**' - 'tests/e2e/test_staging_full_saas.sh' - '.gitea/workflows/e2e-staging-saas.yml' - pull_request: - branches: [main] - paths: - - 'workspace-server/internal/handlers/registry.go' - - 'workspace-server/internal/handlers/workspace_provision.go' - - 'workspace-server/internal/handlers/a2a_proxy.go' - - 'workspace-server/internal/middleware/**' - - 'workspace-server/internal/provisioner/**' - - 'tests/e2e/test_staging_full_saas.sh' - - '.gitea/workflows/e2e-staging-saas.yml' + workflow_dispatch: schedule: # 07:00 UTC every day — catches AMI drift, WorkOS cert rotation, # Cloudflare API regressions, etc. even on quiet days. diff --git a/.gitea/workflows/gate-check-v3.yml b/.gitea/workflows/gate-check-v3.yml index 406704c9..d860397e 100644 --- a/.gitea/workflows/gate-check-v3.yml +++ b/.gitea/workflows/gate-check-v3.yml @@ -23,17 +23,14 @@ on: schedule: # Hourly: refresh all open PRs - cron: '8 * * * *' + # NOTE: `workflow_dispatch.inputs` block intentionally omitted. + # Gitea 1.22.6 parser rejects `workflow_dispatch.inputs.X` with + # "unknown on type" — it mis-treats the inputs sub-keys as top-level + # `on:` event types. Dropping the inputs block restores parsing. + # Manual dispatch from the Gitea UI works without the inputs schema + # (github.event.inputs.X returns empty); the script falls back to + # iterating all open PRs when PR_NUMBER is empty. workflow_dispatch: - inputs: - pr_number: - description: 'PR number to check (omit for all open PRs)' - required: false - type: string - post_comment: - description: 'Post comment on PR' - required: false - type: string - default: 'true' env: GITHUB_SERVER_URL: https://git.moleculesai.app