fix(ci): install jq before sop-tier-check script runs
Root cause: the sop-tier-check.sh script uses jq extensively for all JSON API parsing (whoami, labels, team IDs, reviews). Gitea Actions runners (ubuntu-latest label) do not bundle jq — script exits at line 67 with "jq: command not found", producing "Failing after 1-3s" status on every staging PR. Symptom: all base=staging PRs failing sop-tier-check. Main-based PRs inconsistent — #341 passed because it ran on a runner that happened to have jq from a prior unrelated task. Secret-scan passes because it uses pure bash/grep (no jq dependency). Fix: add apt-get install -y jq step before the script run. pull_request_target loads the workflow from the base branch, so the fix only takes effect once this PR is merged. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
parent
de5d8585c7
commit
e6118b3a7f
@ -77,6 +77,13 @@ jobs:
|
||||
# works if we never check out PR HEAD. Same SHA the workflow
|
||||
# itself was loaded from.
|
||||
ref: ${{ github.event.pull_request.base.sha }}
|
||||
- name: Install jq
|
||||
# Gitea Actions runners (ubuntu-latest label) do not bundle jq.
|
||||
# The script uses jq extensively for all JSON parsing; install it
|
||||
# before the script runs. Using -qq for quiet output — diagnostic
|
||||
# info is already captured via SOP_DEBUG=1 on failure.
|
||||
run: apt-get update -qq && apt-get install -y -qq jq
|
||||
|
||||
- name: Verify tier label + reviewer team membership
|
||||
env:
|
||||
# SOP_TIER_CHECK_TOKEN is the org-level secret for the
|
||||
|
||||
Loading…
Reference in New Issue
Block a user