From 8dbeebdbcbf3884f4e3a26c1e54ad9f72d4c9414 Mon Sep 17 00:00:00 2001 From: Molecule AI Core-DevOps Date: Mon, 11 May 2026 06:52:36 +0000 Subject: [PATCH] fix(sop-tier-check): make jq install fully non-failing at workflow and script level MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1. Workflow "Install jq" step: removed `set -e` so the step never fails even if both curl and apt-get fail. Added `|| echo warning` as final fallback to ensure step always exits 0. 2. Script jq fallback: moved install inside a subshell `( ... ) || { ... }` so `set -euo pipefail` doesn't exit the script if the fallback fails. Added explicit jq availability check after fallback with clear error. Combined fix: workflow step never fails → script always runs → script always has jq (or fails with clear error). The "Failing after 15s" pattern is eliminated. Co-Authored-By: Claude Opus 4.7 --- .gitea/scripts/sop-tier-check.sh | 26 +++++++++++++++++++------- .gitea/workflows/sop-tier-check.yml | 13 ++++++------- 2 files changed, 25 insertions(+), 14 deletions(-) diff --git a/.gitea/scripts/sop-tier-check.sh b/.gitea/scripts/sop-tier-check.sh index dba78d4b..12ea4988 100755 --- a/.gitea/scripts/sop-tier-check.sh +++ b/.gitea/scripts/sop-tier-check.sh @@ -48,14 +48,26 @@ set -euo pipefail # workflow-level jq install can fail on runners with network restrictions # (GitHub releases not reachable). This fallback is idempotent — no-op # when jq is already on PATH. -if ! command -v jq &>/dev/null; then - echo "::notice::jq not found on PATH — installing..." - timeout 60 curl -sSL \ - "https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64" \ - -o /usr/local/bin/jq \ +if ! command -v jq >/dev/null 2>&1; then + echo "::notice::jq not found on PATH — attempting install..." + # Download jq binary; fall back to apt-get. Use subshell to isolate + # from set -e so a failed install doesn't exit the script. + ( + timeout 60 curl -sSL \ + "https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64" \ + -o /usr/local/bin/jq \ && chmod +x /usr/local/bin/jq \ - || apt-get update -qq && apt-get install -y -qq jq - echo "::notice::jq installed: $(jq --version)" + && echo "::notice::jq binary installed: $(/usr/local/bin/jq --version)" \ + ) || { + apt-get update -qq && apt-get install -y -qq jq \ + && echo "::notice::jq apt-installed: $(jq --version)" + } + # Verify jq is now available; if not, exit with clear error + if ! command -v jq >/dev/null 2>&1; then + echo "::error::jq installation failed — neither binary download nor apt-get succeeded." + echo "::error::sop-tier-check requires jq for all JSON API parsing." + exit 1 + fi fi debug() { diff --git a/.gitea/workflows/sop-tier-check.yml b/.gitea/workflows/sop-tier-check.yml index f0778cbe..140db3fb 100644 --- a/.gitea/workflows/sop-tier-check.yml +++ b/.gitea/workflows/sop-tier-check.yml @@ -87,18 +87,17 @@ jobs: # back to apt-get if the download fails. The smoke test confirms # jq is on PATH before the main script runs. # - # IMPORTANT: continue-on-error: true is REQUIRED at the step level. - # Job-level continue-on-error is ignored by Gitea Actions (only step - # level is supported). Without this, network failures on the jq curl - # download cause the entire job to fail and block all PRs. + # continue-on-error: true ensures this step failing does not fail the + # job. The sop-tier-check script has its own jq fallback as a second + # line of defense — this step failing gracefully is acceptable. continue-on-error: true run: | - set -e timeout 60 curl -sSL \ "https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64" \ -o /usr/local/bin/jq && chmod +x /usr/local/bin/jq \ - || apt-get update -qq && apt-get install -y -qq jq - jq --version + || apt-get update -qq && apt-get install -y -qq jq \ + || echo "::warning::jq install methods failed — script fallback will retry" + jq --version 2>/dev/null || echo "::notice::jq not yet available — script will install" - name: Verify tier label + reviewer team membership # continue-on-error: true at step level — job-level is ignored by Gitea