Gitea Actions runners (ubuntu-latest) do not bundle jq.
The sop-tier-check script uses jq for all JSON API parsing.
Install jq before the script runs so sop-tier-check can pass.
Uses direct binary download from GitHub releases (faster, more
reliable than apt-get in containerized environments) with
apt-get fallback and jq --version smoke test.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Mechanical porter inserted a duplicate `env:` block in
.gitea/workflows/canary-verify.yml — the file already had an
`env: { IMAGE_NAME, TENANT_IMAGE_NAME, CP_URL }` block so the
second `env: { GITHUB_SERVER_URL: ... }` block triggered Gitea's
parser error "yaml: mapping key 'env' already defined".
Merged GITHUB_SERVER_URL into the existing env block.
Verified via fresh `docker logs molecule-gitea-1 --since 5m` after
push — no new parser-rejection warnings for canary-verify.yml.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Mechanical porter inserted a duplicate `env:` block in
.gitea/workflows/publish-canvas-image.yml — the file already had
`env: { IMAGE_NAME: ghcr.io/molecule-ai/canvas }` so the second
`env: { GITHUB_SERVER_URL: ... }` block triggered Gitea's parser
error "yaml: mapping key 'env' already defined".
Merged the two blocks into one. Also clarified the dropped
workflow_dispatch comment that the porter left dangling above
`permissions:`.
Verified via fresh `docker logs molecule-gitea-1 --since 5m` after
push — no new parser-rejection warnings for publish-canvas-image.yml.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sweep companion to PR#372 (ci.yml), PR#378 (Cat A), PR#379 (Cat B),
PR#383 (Cat C-1), PR#386 (Cat C-2). Final port batch.
Ports 7 deploy/publish/janitor workflows from .github/workflows/ to
.gitea/workflows/. Each port applies the four-surface audit pattern;
every job has `continue-on-error: true` (RFC §1 contract).
Files ported:
- publish-canvas-image.yml — canvas Docker image build/push.
IMPORTANT OPEN QUESTION (flagged in file header): this workflow
pushes to ghcr.io. GHCR was retired during the 2026-05-06 Gitea
migration in favor of ECR. The pushed image may not be consumable
post-migration. Review needs to decide: retarget to ECR
(153263036946.dkr.ecr.us-east-2.amazonaws.com/molecule-ai/canvas)
or retire entirely and route canvas deploys via operator-host.
- redeploy-tenants-on-main.yml — prod tenant SSM redeploy on new
workspace-server image. workflow_run trigger retained (same
Gitea support caveat as canary-verify.yml — flagged in header).
Simplified the job `if:` condition by dropping the
`workflow_dispatch` branch.
- redeploy-tenants-on-staging.yml — staging mirror of above. Same
workflow_run caveat + same `if:` simplification.
- sweep-aws-secrets.yml — hourly AWS Secrets Manager tenant-secret
janitor. Dropped workflow_dispatch.inputs (dry_run/max_delete_pct/
grace_hours); cron triggers run with the script defaults instead.
if-step gates conditional on github.event_name=='workflow_dispatch'
are dead-code post-port but harmless.
- sweep-cf-orphans.yml — hourly CF DNS janitor. Same shape.
- sweep-cf-tunnels.yml — hourly CF Tunnels janitor. Same shape.
- sweep-stale-e2e-orgs.yml — every-15-min staging tenant cleanup.
Same shape.
Open questions for review:
1. workflow_run on redeploy-tenants-on-* — same caveat as
canary-verify.yml (Cat C-2). If Gitea ignores the event, the
follow-up triage PR replaces with push-with-paths-filter on
.gitea/workflows/publish-workspace-server-image.yml.
2. publish-canvas-image GHCR target — decide retarget-to-ECR vs
retire-entirely with reviewer.
3. workflow_dispatch.inputs replacements — the four janitor sweeps
lost their operator-facing dry_run/cap-override knobs. If a
manual override is needed today, edit the cron envs in the file
directly. Follow-up could add a "manual override commit" pattern
that the cron reads from a checked-in JSON.
DO NOT MERGE without orchestrator-dispatched Five-Axis review +
@hongmingwang chat-go.
Cross-links:
- RFC: molecule-ai/internal#219
- Companions: PR#372, PR#378, PR#379, PR#383, PR#386
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sweep companion to PR#372 (ci.yml port), PR#378 (Cat A), PR#379 (Cat B),
PR#383 (Cat C-1 gates/lints).
Ports 10 E2E-shaped workflow files from .github/workflows/ to
.gitea/workflows/. Each port applies the four-surface audit pattern.
Per RFC §1 contract: every job has `continue-on-error: true` so
surfaced defects do not block PRs. Follow-up PR flips to false after
triage.
Files ported:
- canary-staging.yml — every-30-min canary smoke against staging.
Two `actions/github-script@v9` blocks (open-issue-on-failure +
auto-close-on-success) replaced with curl calls to the Gitea REST
API (/api/v1/repos/.../issues|comments). Same single-issue +
comment-on-repeat semantics.
- canary-verify.yml — post-publish image promote-to-:latest. Still
uses workflow_run trigger; Gitea 1.22.6's support for that event
is partial — flagged in the file header. If review confirms it
doesn't fire, follow-up PR replaces with push-with-paths-filter
on .gitea/workflows/publish-workspace-server-image.yml. Removed
the `|| github.event_name == 'workflow_dispatch'` branch (this
port drops workflow_dispatch).
- continuous-synth-e2e.yml — synthetic E2E every 10 min cron.
Dropped workflow_dispatch.inputs. Real-cron paths intact.
- e2e-api.yml — API smoke. dorny/paths-filter@v4 replaced with
inline `git diff` per PR#372 pattern; detect-changes job +
per-step if-gate shape preserved for branch-protection check-name
parity.
- e2e-staging-canvas.yml — Playwright canvas E2E. dorny/paths-filter
replaced with inline git diff. upload-artifact@v3.2.2 kept (Gitea
1.22.x compatible per PR#372 notes; v4+ is not).
- e2e-staging-external.yml — workspace-status enum regression
coverage. Dropped workflow_dispatch.inputs + cron-trigger inputs.
- e2e-staging-saas.yml — full lifecycle E2E. Dropped
workflow_dispatch.inputs. Heaviest port; cleaned via mechanical
porter then manual review.
- e2e-staging-sanity.yml — weekly intentional-failure teardown
sanity. github-script issue block replaced with Gitea API curl.
- handlers-postgres-integration.yml — Postgres integration tests.
dorny/paths-filter replaced with inline git diff. Dropped
merge_group + workflow_dispatch.
- harness-replays.yml — tests/harness boot suite. Standard port.
Dropped merge_group + workflow_dispatch.
Open questions for review:
1. workflow_run trigger on canary-verify.yml — unconfirmed Gitea
1.22.6 support. continue-on-error+canary-verify-dead doesn't
block anything either way; review can validate.
2. github.event.before fallback in detect-changes paths — on Gitea
the event.before field is populated for push events but its
exact shape on initial pushes / forced updates differs from
GitHub. The shallow-fetch + cat-file recovery branch handles
the missing-base case correctly.
3. MOLECULE_STAGING_* secrets reused — verified at
/etc/molecule-bootstrap/all-credentials.env that the names are
defined. Tier-low because failure-mode is "smoke skip" + log
warning, not silent green.
DO NOT MERGE without orchestrator-dispatched Five-Axis review +
@hongmingwang chat-go.
Cross-links:
- RFC: molecule-ai/internal#219
- Companions: PR#372, PR#378, PR#379, PR#383
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sweep companion to PR#372 (ci.yml port), PR#378 (Cat A), PR#379 (Cat B).
Ports 9 workflow files from .github/workflows/ to .gitea/workflows/.
Each port applies the four-surface audit pattern per
feedback_gitea_actions_migration_audit_pattern:
1. YAML — dropped workflow_dispatch.inputs (Gitea 1.22.6 parser
rejects them per feedback_gitea_workflow_dispatch_inputs_unsupported),
dropped merge_group (no Gitea merge queue), workflow-level
env.GITHUB_SERVER_URL pinned per feedback_act_runner_github_server_url.
2. Cache — actions/setup-python cache:pip retained (works with Gitea
1.22.x cache server). No actions/cache@v4 usage in this batch.
3. Token — auto-injected GITHUB_TOKEN (Gitea-aliased) used; no
custom dispatch tokens.
4. Docs — top-of-file "Ported from .github/workflows/X.yml on
2026-05-11 per RFC internal#219 §1 sweep" comment on every file.
Per RFC §1: each job has `continue-on-error: true` so surfaced
defects do not block PRs. Follow-up PR (not in this sweep's scope)
flips to `continue-on-error: false` after triage.
Files ported:
- block-internal-paths.yml — forbidden-path PR gate. Standard port;
dropped merge_group + the merge_group-specific fetch step.
- cascade-list-drift-gate.yml — TEMPLATES vs manifest.json drift.
Passes WORKFLOW=.gitea/workflows/publish-runtime.yml to the script
(script's default is .github/... which Cat A removes).
- check-migration-collisions.yml — Postgres migration prefix
collision gate. The collision script already supports Gitea via
_gitea_api_url() / _gitea_token() — no script edit needed.
- lint-curl-status-capture.yml — workflow-bash anti-pattern lint.
Scanner glob and SELF self-skip path retargeted to .gitea/workflows/**.yml.
- runtime-pin-compat.yml — PyPI-latest install + import smoke.
Dropped workflow_dispatch + merge_group.
- runtime-prbuild-compat.yml — PR-built wheel import smoke.
dorny/paths-filter@v4 replaced with inline `git diff` per PR#372
pattern. detect-changes job + per-step if-gates retained.
- secret-pattern-drift.yml — canonical/consumer pattern set drift
lint. on.paths references the .gitea/ canonical path. Also edits
.github/scripts/lint_secret_pattern_drift.py CANONICAL_FILE
constant from `.github/workflows/secret-scan.yml` to
`.gitea/workflows/secret-scan.yml` (Cat A removes the .github/
one).
- test-ops-scripts.yml — scripts/ unittest runner. Dropped merge_group.
- railway-pin-audit.yml — daily Railway env var drift detection.
`actions/github-script@v9` blocks (which call github.rest.* — a
GitHub-specific JS API) replaced with curl calls against the
Gitea REST API (/api/v1/repos/.../issues|comments). Issue
open/comment-on-repeat/close-on-clean semantics preserved.
This Cat C-1 PR groups the "safer" gates/lints/audits. Categories
C-2 (E2E) and C-3 (deploy/publish/janitors) ship in separate PRs.
The original .github/ files are left in place per RFC §1 (deletion
is a Phase 4 follow-up). They are silently dead — Gitea Actions in
molecule-core only registers workflows under .gitea/workflows/ —
but keeping them documented in-repo eases the diff-review.
DO NOT MERGE without orchestrator-dispatched Five-Axis review +
@hongmingwang chat-go.
Cross-links:
- RFC: molecule-ai/internal#219
- Companion: PR#372 (ci.yml port), PR#378 (Cat A), PR#379 (Cat B)
- Runbook: runbooks/gitea-actions-migration-checklist.md (Cat B PR)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sweep companion to PR#372 + PR#378 (Cat A). These six .github/workflows
files depend on GitHub-specific surface that Gitea does not provide:
- auto-tag-runtime.yml — superseded by .gitea/publish-runtime-autobump.yml
for patch bumps. Release:minor/major label-driven bumps are lost;
follow-up issue suggested if anyone uses them.
- branch-protection-drift.yml — drift_check.sh + apply.sh target
Molecule-AI/molecule-core via `gh api` against GitHub's
branch-protection schema. Gitea's schema differs; rebuilding is
out of scope. Follow-up issue needed.
- check-merge-group-trigger.yml — file's own header documents this is
a structural no-op on Gitea (no merge queue, no `merge_group:`
event type, no gh-readonly-queue refs).
- codeql.yml — file's own header documents CodeQL Action incompatibility
(github/codeql-action hits api.github.com bundle endpoints not
implemented by Gitea). Per Hongming decision 2026-05-07 task #156
CodeQL is non-blocking until Gitea-compatible SAST lands.
- pr-guards.yml — file's own header documents that Gitea has no
`gh pr merge --auto` primitive; guard is a no-op. Branch protection
on main doesn't require the pr-guards check name.
- promote-latest.yml — uses imjasonh/setup-crane against ghcr.io,
which was retired during the 2026-05-06 migration in favor of ECR
(per canary-verify.yml header notes). Workflow has nothing left to
retag.
Also adds runbooks/gitea-actions-migration-checklist.md documenting:
- Four-surface audit pattern (feedback_gitea_actions_migration_audit_pattern)
- Category A/B/C/D file lists with rationale
- Verification steps after all sweep PRs land
- Cross-link to follow-up issues (label-driven bumps,
Gitea-compatible drift detection, ECR-based promote)
Branch protection check: required status checks on main are only
`Secret scan / Scan diff for credential-shaped strings (pull_request)`
and `sop-tier-check / tier-check (pull_request)`. No deleted file's
job name appears in required_status_checks.
DO NOT MERGE without orchestrator-dispatched Five-Axis review +
@hongmingwang chat-go.
Cross-links:
- RFC: molecule-ai/internal#219
- Companion: PR#372 (ci.yml port), PR#378 (Cat A mirrored deletions)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sweep companion to PR#372 (ci.yml port). These two .github/workflows/
files have working .gitea/workflows/ twins active on Gitea Actions:
- publish-runtime.yml — .gitea/ version is the canonical PyPI publisher
(ported 2026-05-10 in issue #206). The .github/ version explicitly
marks itself DEPRECATED in its own header comment and is kept "for
reference only". The .gitea/ port drops OIDC trusted publisher,
workflow_dispatch.inputs, merge_group, and the GitHub-only
pypa/gh-action-pypi-publish action.
- secret-scan.yml — .gitea/ version is the active branch-protection
gate (matches "Secret scan / Scan diff for credential-shaped strings
(pull_request)" required check name). The .github/ version retains a
workflow_call entry point for reusable cross-repo invocation, but per
saved memory feedback_gitea_cross_repo_uses_blocked cross-repo `uses:`
is blocked on Gitea 1.22.6 anyway (DEFAULT_ACTIONS_URL=self), so the
reusable shape no longer has callers.
Both files are silently dead — verified by reading the molecule-core
Gitea Actions page (only the 6 .gitea/ workflows appear in the workflow
filter sidebar; none of the .github/ files have ever produced a run).
Per RFC §1: this PR is a hygiene cleanup. Removing the dead .github/
copies eliminates the ongoing confusion of two workflow files claiming
the same job name and converges molecule-core toward a single source
of truth under .gitea/. Branch protection on main was checked and does
NOT reference any removed file — only the .gitea/ secret-scan and
sop-tier-check check names are required.
DO NOT MERGE without orchestrator-dispatched Five-Axis review +
@hongmingwang chat-go (per feedback_pr_review_via_other_agents).
Cross-links:
- RFC: molecule-ai/internal#219
- Companion: PR#372 (ci.yml port — Category C-style)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Phase 3 of RFC internal#219 (CI/CD hard-gate hardening). molecule-core's
branch protection on main currently requires only Secret scan +
sop-tier-check/tier-check — there is no required gate that asserts the
actual Go code builds. The .github/workflows/ci.yml has six jobs that
would catch build/test/lint/coverage regressions, but Gitea Actions
only reads .gitea/workflows/. So today every Go regression on
molecule-core merges through (recurrence of
feedback_phantom_required_check_after_gitea_migration).
This PR ports the workflow to .gitea/workflows/ci.yml. Per RFC §1, the
port lands with `continue-on-error: true` on every job so we surface
broken jobs without blocking PRs while the team triages anything that
falls out of "first contact with reality". A follow-up PR (Phase 4)
will flip continue-on-error to false, add the `ci/all-required`
aggregator sentinel (mirroring molecule-controlplane#89's pattern),
and PATCH branch protection to require it.
Four-surface migration audit performed
(feedback_gitea_actions_migration_audit_pattern):
1. YAML: dropped merge_group trigger (no Gitea merge queue); no
workflow_dispatch.inputs to worry about
(feedback_gitea_workflow_dispatch_inputs_unsupported); no
environment: blocks; runs-on: ubuntu-latest preserved. Set
workflow-level env.GITHUB_SERVER_URL as belt-and-suspenders
against runner-default regression
(feedback_act_runner_github_server_url +
feedback_act_runner_needs_config_file_env).
2. Cache + artifact: actions/upload-artifact pinned at v3.2.2
(original already had this — Gitea act_runner v0.6 doesn't speak
the v4 artifact protocol). setup-python cache: pip preserved.
3. Token: workflow uses no custom dispatch tokens; auto-injected
GITHUB_TOKEN (Gitea-scoped runner token) handles checkout against
this same repo.
4. Docs: no github.com docs/scripts references to swap. The
canvas-deploy-reminder step references ghcr.io/.../canvas — that's
external documentation prose, not a build dependency, and is a
separate ghcr→ECR sweep if in scope.
actions/* (checkout, setup-go, setup-node, setup-python,
upload-artifact) are verified mirrored on this Gitea instance
(git.moleculesai.app/actions/*); app.ini has
DEFAULT_ACTIONS_URL = self so the @SHA refs resolve locally.
Scope guard (per RFC):
- This PR ports ONLY ci.yml. The other 34 workflows in
.github/workflows/ get swept in a follow-up per the
runbooks/gitea-actions-migration-checklist.md.
- This PR does NOT add the all-required aggregator sentinel (Phase 4).
- This PR does NOT modify branch protection (Phase 4).
- This PR does NOT delete .github/workflows/ci.yml (RFC §1 leaves it
in place initially).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Add full HeartbeatPayload fields (active_tasks, current_task,
uptime_seconds, error_rate, runtime_state) instead of workspace_id only
- Add SDK tip showing run_heartbeat_loop(task_supplier=...) pattern
- Replace raw POST /a2a with fetch_inbound() SDK method
- Keep curl examples for conceptual clarity but mark SDK as recommended path
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Two vulnerable call sites confirmed on origin/main:
1. org_helpers.go:loadWorkspaceEnv (line 101): filesDir from untrusted org YAML
joined directly with orgBaseDir without traversal guard. A malicious filesDir
like "../../../etc" escapes the org root and reads arbitrary files.
2. org_import.go:createWorkspaceTree (line 494): same pattern directly in the
env-loading block — not covered by staging-targeted PR #345.
Fix (both locations): call resolveInsideRoot(orgBaseDir, filesDir) before
filepath.Join. On traversal detection, org_helpers.go returns an empty map
(caller contract); org_import.go silently skips the workspace .env override
(matches existing template-resolution pattern in the same function).
Tests: org_helpers_test.go — 3 cases covering traversal rejection,
workspace-override happy path, and empty filesDir edge case.
Closes: molecule-core#362, molecule-core#321
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Run 5196 (2026-05-11 02:46Z, first-ever successful publish) succeeded
the publish job but failed the cascade job at the wait-for-PyPI-
propagation step:
::error::PyPI propagated 0.1.130 but wheel content SHA256 mismatch.
::error::Expected: 536b123816f3c7fb54690b80be482b28cabd1874690e9e93d8586af3864c7fba
::error::Got: Collecting molecule-ai-workspace-runtime==0.1.130
::error::Fastly may be serving stale content. Refusing to fan out cascade.
The 'Got:' is pip's own stdout, not a SHA. Root cause:
HASH=$(python -m pip download ... 2>/dev/null && sha256sum ... | awk ...)
The shell pipeline captures BOTH commands' stdout into $HASH. `2>/dev/null`
only silences stderr, not stdout. pip download writes 'Collecting ...' to
stdout by default, so it leaks into HASH ahead of sha256sum's output.
Fix: split into two steps, redirect pip stdout to /dev/null explicitly,
capture only sha256sum's output into HASH.
Impact: cascade-to-8-template-repos failed, but PyPI publish itself
succeeded. Users (workspace-template-* maintainers) can pin manually
via 'docker build --build-arg RUNTIME_VERSION=X.Y.Z' until cascade is
healed. hongming-pc is doing exactly this for the plugins_registry rollout.
4th and likely last workflow defect after #353, #355, #357.
Refs: #351, #353, #355, #357, #348 Q3
Close the A2A delegation auto-resume gap.
Root cause: heartbeat.py's _check_delegations already writes completed
delegation rows to DELEGATION_RESULTS_FILE and sends a self-message to
wake the agent. executor_helpers.read_delegation_results() was defined to
atomically consume that file, but a2a_executor._core_execute() never
called it — so delegation results were written but the agent never saw
them.
Fix: call read_delegation_results() at the top of _core_execute() and
prepend the results to the user input context so the agent can act on
them without an explicit check_task_status call. The Temporal durable
workflow path is also covered because it calls _core_execute() directly.
Test: two new cases — delegation results injected when file exists;
user input passed through unchanged when file is empty.
Closes molecule-core#354.
Incorporates valuable extra coverage from fullstack-engineer's PR #336:
- test_push_queued_missing_queue_id_still_parsed: queue_id is optional,
absence must not break parsing
- test_push_queued_is_distinct_from_poll_queued: both envelope shapes
parse correctly and independently, with correct delivery_mode values
Also adds push_queued_no_queue_id fixture and regression gate entry.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Bug: a2a_response.py:197 returned Queued(method=method) without passing
delivery_mode, silently defaulting to "poll" for push-mode busy-queue
responses. Callers branching on v.delivery_mode would mis-identify push-mode
responses as poll-mode, causing wrong dispatch logic.
Fix: pass delivery_mode="push" explicitly in the push-mode branch.
Tests: add push_queued_full/notify/no_method fixtures and 4 test cases
asserting delivery_mode="push" for all three envelope shapes. Also add
adversarial {"queued": "yes"} and {"queued": False} → Malformed guards.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Run 5160 publish-runtime build step failed:
error: TOP_LEVEL_MODULES drifted from workspace/*.py contents:
in workspace/ but NOT in TOP_LEVEL_MODULES (will ship un-rewritten): ['_sanitize_a2a']
Edit scripts/build_runtime_package.py:TOP_LEVEL_MODULES to match.
workspace/_sanitize_a2a.py was added recently but the allowlist in
scripts/build_runtime_package.py was not updated. The build script
intentionally aborts (exit 3) when it detects the drift, because
shipping a module un-rewritten breaks the package's flat-layout import
contract.
Fix: add '_sanitize_a2a' to the set. Alphabetical order preserved
(it sorts before 'a2a_*').
Third workflow defect after #353 (workflow_dispatch.inputs parser) and
#355 (Publish step working-directory). After this lands, attempt #4 of
runtime-v0.1.130 should finally succeed.
Refs: #351, #353, #355, #348 Q3
First-ever publish-runtime.yml dispatch (run 5097 post-#353, 2026-05-11
02:06Z) failed at the twine upload step:
ERROR InvalidDistribution: Cannot find file (or expand pattern): 'dist/*'
Cause: the Publish step was missing 'working-directory: ${{ runner.temp
}}/runtime-build' while the preceding Build/Verify steps all had it.
Result: twine ran from the workspace checkout dir where dist/ doesn't
exist.
Fix: add working-directory to match the rest of the publish job.
This is the second of three workflow defects exposed by #353 finally
making the workflow run at all:
1. workflow_dispatch.inputs rejection → fixed in #353
2. Publish step missing working-directory → THIS PR
3. (anything else surfaced by 0.1.130 attempt #2)
After merge: push runtime-v0.1.130 again (tag was already pushed once
post-#353 but the run failed at publish; need a fresh trigger). Should
finally land 0.1.130 on PyPI.
Refs: #351, #348 Q3, #353
test_audit_ledger.py imports sqlalchemy directly (line 42).
Without an explicit sqlalchemy install, pip dependency resolution can
omit it when pytest/pytest-asyncio/pytest-cov are installed as a
separate step after requirements.txt.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Gitea Actions reads .gitea/workflows/, not .github/workflows/. The
.github/ copy of this workflow has been kept in lockstep with .gitea/
since the post-suspension migration (e.g. 6d94fd30, 5216e781, 67b2e488
all touch both files). The functional code is identical between the
two; the only differences are comment verbosity and the path-filter
self-reference (each version watches its own location).
Removing the .github/ copy:
- eliminates the dual-edit maintenance tax (two files touched per fix)
- prevents accidental drift where one is updated and the other isn't
- leaves a single source-of-truth at .gitea/workflows/
Cross-references confirmed safe:
- canary-verify.yml + redeploy-tenants-on-{staging,main}.yml all use
`workflows: ['publish-workspace-server-image']` (workflow name,
not file path) — they trigger off the workflow_run event keyed on
`name:`, which is identical in both files.
- No other workflow path-watches .github/workflows/publish-workspace-
server-image.yml.
Other two triplicates from task #287 (publish-runtime.yml and
secret-scan.yml) are NOT addressed in this PR — see PR description for
the ambiguity report flagging them for human review.
Refs: task #287
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Trivial empty commit to force a fresh workflow run now that the
PR has tier:low label and approvals on the rebased branch.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Root cause (from infra-lead PR#7 review id=724):
Sanitization in PR#7 wrapped peer text in [A2A_RESULT_FROM_PEER]
markers, but the markers themselves were not escaped — a malicious
peer could inject "[/A2A_RESULT_FROM_PEER]" to close the trust
boundary early, making subsequent text appear inside the trusted zone.
Fix:
- Create workspace/_sanitize_a2a.py (leaf module, no circular import
risk) with shared sanitize_a2a_result() + _escape_boundary_markers()
- _escape_boundary_markers() escapes boundary open/close markers in the
raw peer text before wrapping (primary security control)
- Defense-in-depth: also escapes SYSTEM/OVERRIDE/INSTRUCTIONS/IGNORE
ALL/YOU ARE NOW patterns (secondary, per PR#7 design intent)
- Update a2a_tools_delegation.py: import from _sanitize_a2a; wrap
tool_delegate_task return and tool_check_task_status response_preview
- Add 15 tests covering boundary escape, injection patterns, integration
shapes (workspace/tests/test_a2a_sanitization.py)
Follow-up (non-blocking, noted in PR#7 infra-lead review):
- Deduplicate if a2a_tools.py also wraps (currently handled in
delegation module only — callers get sanitized output regardless)
- tool_check_task_status: consider sanitizing 'summary' field too
Closes: molecule-ai/molecule-ai-workspace-runtime#7 (wrong-repo PR
that this supersedes)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
ROOT CAUSE found in Gitea server logs:
actions/workflows.go:DetectWorkflows() [W] ignore invalid workflow
"publish-runtime.yml": unknown on type:
map["version":{"description":...,"required":true,"type":"string"}]
Gitea 1.22.6's workflow parser flattens workflow_dispatch.inputs.* into
top-level 'on:' event-keys and rejects the workflow when it doesn't
recognize them. Once rejected, the workflow never registers — so NO
event triggers it. publish-runtime.yml has 0 runs in action_run since
the .gitea port for exactly this reason; the runtime-v1.0.0 tag from
yesterday and hongming-pc's runtime-v0.1.130 from tonight both pushed
successfully but went nowhere.
This supersedes the paths-vs-tags hypothesis from #351 (PR #352).
The split is still useful for clarity but was NOT the cause — even
the original tags-only port had this same parse failure.
Fix: drop the inputs block. workflow_dispatch in Gitea 1.22.6 supports
no-input dispatch only. The bash logic for version derivation now uses
just two cases: tag-push (strip prefix) or anything-else (PyPI auto-bump).
Post-merge verification:
- watch for first-ever publish-runtime.yml run in action_run
- check Gitea log no longer emits 'ignore invalid workflow' for this file
- push a runtime-v0.1.130 tag → workflow fires → PyPI 0.1.130
Refs: #351 (root cause), #348 Q3 (the blocker)
publish-runtime.yml has never fired since the .gitea port (0 rows in
action_run.workflow_id='publish-runtime.yml' ever), which is why PyPI
is still at 0.1.129 despite Gitea having a runtime-v1.0.0 tag.
Root cause hypothesis: Gitea Actions evaluates the on.push.paths filter
against tag-push events too (no path diff → workflow skipped). PR #349
made this visible by adding the paths trigger, but the same defect
existed for the originally-ported tags-only trigger on this Gitea version
— hence the runtime-v1.0.0 tag also never published.
Fix: split into two files, each with a single unambiguous trigger shape.
- publish-runtime.yml : on.push.tags only (the publisher)
- publish-runtime-autobump.yml : on.push.branches+paths (NEW; the bumper)
The autobump file computes next version from PyPI latest, pushes
'runtime-v$VERSION' tag via DISPATCH_TOKEN (not GITHUB_TOKEN — needed
to trigger downstream workflows on Gitea), and exits. The tag push
then triggers publish-runtime.yml.
Test plan after merge:
1. Push no-op commit to workspace/. Observe autobump fire, push tag.
2. Observe publish-runtime.yml fire on the tag, publish 0.1.130 to
PyPI, cascade to template repos.
3. Verify 'action_run' shows >0 rows for both workflow_ids.
