fix(sre): add explicit 15s timeout to gate-check-v3 HTTP calls

gate-check-v3 workflow is failing ~15s on main with "Failing after 15s" (job-level failure). Root cause is likely SOP_TIER_CHECK_TOKEN not provisioned (confirmed absent from repo Actions secrets), causing unauthenticated API calls to hang or fail. Without an explicit timeout, urllib uses the OS TCP default (~60s on some platforms, ~15s on others). Fix: add DEFAULT_TIMEOUT=15 to gate_check.py and pass it to all urllib.request.urlopen() calls (api_get + comment POST/PATCH). Cron step inline Python gets socket.setdefaulttimeout(15). This is defense-in-depth. The real fix is provisioning SOP_TIER_CHECK_TOKEN (tracked separately). The timeout ensures a missing/invalid token causes a fast failure rather than an indefinite hang that blocks the job for minutes. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-11 23:23:34 +00:00 · 2026-05-11 23:23:34 +00:00 · da1487adad
commit da1487adad
parent 8bd3585f55
2 changed files with 10 additions and 4 deletions
--- a/.gitea/workflows/gate-check-v3.yml
+++ b/.gitea/workflows/gate-check-v3.yml
@ -72,7 +72,8 @@ jobs:
          set -euo pipefail
          # Fetch all open PRs and run gate-check on each
          pr_numbers=$(python3 -c "
-            import urllib.request, json, os
+            import urllib.request, json, os, socket
+            socket.setdefaulttimeout(15)
            token = os.environ['GITEA_TOKEN']
            req = urllib.request.Request(
                'https://git.moleculesai.app/api/v1/repos/${{ github.repository }}/pulls?state=open&limit=100',
--- a/tools/gate-check-v3/gate_check.py
+++ b/tools/gate-check-v3/gate_check.py
@ -35,6 +35,11 @@ GITEA_HOST = os.environ.get("GITEA_HOST", "git.moleculesai.app")
 GITEA_TOKEN = os.environ.get("GITEA_TOKEN", os.environ.get("GITHUB_TOKEN", ""))
 API_BASE = f"https://{GITEA_HOST}/api/v1"

+# Timeout for all HTTP requests (seconds). Prevents indefinite hangs when the
+# Gitea instance is slow or unreachable. Must be short enough that a timeout
+# failure doesn't block the overall job beyond a reasonable window.
+DEFAULT_TIMEOUT = 15
+

 def api_get(path: str) -> dict | list:
    url = f"{API_BASE}{path}"
@ -46,7 +51,7 @@ def api_get(path: str) -> dict | list:
        },
    )
    try:
-        with urllib.request.urlopen(req) as r:
+        with urllib.request.urlopen(req, timeout=DEFAULT_TIMEOUT) as r:
            return json.loads(r.read())
    except urllib.error.HTTPError as e:
        body = e.read().decode(errors="replace")
@ -521,12 +526,12 @@ def run(repo: str, pr_number: int, post_comment: bool = False) -> dict:
                    comment_id = our_comments[-1]["id"]
                    url = f"{API_BASE}/repos/{owner}/{name}/issues/comments/{comment_id}"
                    req = urllib.request.Request(url, data=json.dumps({"body": comment_body}).encode(), headers=headers, method="PATCH")
-                    with urllib.request.urlopen(req) as r:
+                    with urllib.request.urlopen(req, timeout=DEFAULT_TIMEOUT) as r:
                        r.read()
                else:
                    url = f"{API_BASE}/repos/{owner}/{name}/issues/{pr_number}/comments"
                    req = urllib.request.Request(url, data=json.dumps({"body": comment_body}).encode(), headers=headers, method="POST")
-                    with urllib.request.urlopen(req) as r:
+                    with urllib.request.urlopen(req, timeout=DEFAULT_TIMEOUT) as r:
                        r.read()
            except urllib.error.HTTPError as e:
                if e.code == 403: