test(e2e): support empty auth headers on mac bash

Merge pull request 'chore(ci): mirror tenant image to staging ecr' (#1647 ) from chore/mirror-tenant-image-staging-ecr into main
chore(ci): mirror tenant image to staging ecr\n\nAdds optional staging ECR tags to the tenant image publish build. The primary publish path remains unchanged when staging publisher secrets are absent.
2026-05-21 12:41:04 -07:00 · 2026-05-21 19:39:14 +00:00 · 2026-05-21 12:31:54 -07:00 · 2026-05-21 18:38:11 +00:00 · 2026-05-21 18:21:40 +00:00 · 2026-05-21 11:18:34 -07:00
5 changed files with 42 additions and 12 deletions
@@ -44,6 +44,8 @@ name: E2E Peer Visibility (literal MCP list_peers)
 #   - No cross-repo `uses:` (feedback_gitea_cross_repo_uses_blocked). The
 #     actions/checkout SHA is the one e2e-staging-canvas.yml already uses
 #     successfully (a mirrored SHA — see #1277/PR#1292 root-cause).
+#   - 2026-05-21 retrigger: verify fresh platform-tenant image after the
+#     publish Buildx DOCKER_CONFIG fix restored staging-latest image updates.
 #   - Per-SHA concurrency, not global (feedback_concurrency_group_per_sha).
 #   - Workflow-level GITHUB_SERVER_URL pinned
 #     (feedback_act_runner_github_server_url).
@@ -25,8 +25,11 @@ name: publish-workspace-server-image
 #   staging-<sha>. Set repo variable or secret PROD_AUTO_DEPLOY_DISABLED=true
 #   to stop production rollout while keeping image publishing enabled.
 #
-# ECR target: 153263036946.dkr.ecr.us-east-2.amazonaws.com/molecule-ai/*
+# Primary ECR target: 153263036946.dkr.ecr.us-east-2.amazonaws.com/molecule-ai/*
+# Optional staging tenant mirror target:
+#   004947743811.dkr.ecr.us-east-2.amazonaws.com/molecule-ai/platform-tenant
 # Required secrets: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AUTO_SYNC_TOKEN
+# Optional secrets: AWS_STAGING_ECR_ACCESS_KEY_ID, AWS_STAGING_ECR_SECRET_ACCESS_KEY
 #
 # mc#711: Docker daemon not accessible on ubuntu-latest runner (molecule-canonical-1
 # shows client-only in `docker info` — daemon not running). DinD mount is present but
@@ -65,6 +68,7 @@ env:
  # use below in this repo's staging-verify.yml.
  IMAGE_NAME: ${{ vars.ECR_REGISTRY || '153263036946.dkr.ecr.us-east-2.amazonaws.com' }}/molecule-ai/platform
  TENANT_IMAGE_NAME: ${{ vars.ECR_REGISTRY || '153263036946.dkr.ecr.us-east-2.amazonaws.com' }}/molecule-ai/platform-tenant
+  STAGING_TENANT_IMAGE_NAME: ${{ vars.STAGING_ECR_REGISTRY || '004947743811.dkr.ecr.us-east-2.amazonaws.com' }}/molecule-ai/platform-tenant

 jobs:
  build-and-push:
@@ -182,21 +186,46 @@ jobs:
            --push .

      # Build + push tenant image (Go platform + Next.js canvas in one image).
+      # When staging ECR publisher credentials are configured, push the same
+      # build to the staging account too so fresh staging/E2E tenants can pull
+      # without cross-account ECR permissions.
      - name: Build & push tenant image to ECR (staging-<sha> + staging-latest)
        env:
          TENANT_IMAGE_NAME: ${{ env.TENANT_IMAGE_NAME }}
+          STAGING_TENANT_IMAGE_NAME: ${{ env.STAGING_TENANT_IMAGE_NAME }}
          TAG_SHA: staging-${{ steps.tags.outputs.sha }}
          TAG_LATEST: staging-latest
          GIT_SHA: ${{ github.sha }}
          REPO: ${{ github.repository }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_STAGING_ECR_ACCESS_KEY_ID: ${{ secrets.AWS_STAGING_ECR_ACCESS_KEY_ID }}
+          AWS_STAGING_ECR_SECRET_ACCESS_KEY: ${{ secrets.AWS_STAGING_ECR_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: us-east-2
        run: |
          set -euo pipefail
          ECR_REGISTRY="${TENANT_IMAGE_NAME%%/*}"
          aws ecr get-login-password --region us-east-2 | \
            docker login --username AWS --password-stdin "${ECR_REGISTRY}"
+
+          build_tags=(
+            --tag "${TENANT_IMAGE_NAME}:${TAG_SHA}"
+            --tag "${TENANT_IMAGE_NAME}:${TAG_LATEST}"
+          )
+          if [ -n "${AWS_STAGING_ECR_ACCESS_KEY_ID:-}" ] && [ -n "${AWS_STAGING_ECR_SECRET_ACCESS_KEY:-}" ]; then
+            STAGING_ECR_REGISTRY="${STAGING_TENANT_IMAGE_NAME%%/*}"
+            AWS_ACCESS_KEY_ID="${AWS_STAGING_ECR_ACCESS_KEY_ID}" \
+            AWS_SECRET_ACCESS_KEY="${AWS_STAGING_ECR_SECRET_ACCESS_KEY}" \
+              aws ecr get-login-password --region us-east-2 | \
+              docker login --username AWS --password-stdin "${STAGING_ECR_REGISTRY}"
+            build_tags+=(
+              --tag "${STAGING_TENANT_IMAGE_NAME}:${TAG_SHA}"
+              --tag "${STAGING_TENANT_IMAGE_NAME}:${TAG_LATEST}"
+            )
+          else
+            echo "::notice::Skipping staging ECR tenant push; AWS_STAGING_ECR_ACCESS_KEY_ID/AWS_STAGING_ECR_SECRET_ACCESS_KEY are not configured."
+          fi
+
          docker buildx build \
            --file ./workspace-server/Dockerfile.tenant \
            --build-arg NEXT_PUBLIC_PLATFORM_URL= \
@@ -205,8 +234,7 @@ jobs:
            --label "org.opencontainers.image.revision=${GIT_SHA}" \
            --label "org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
            --label "molecule.workflow.run_id=${GITHUB_RUN_ID}" \
-            --tag "${TENANT_IMAGE_NAME}:${TAG_SHA}" \
-            --tag "${TENANT_IMAGE_NAME}:${TAG_LATEST}" \
+            "${build_tags[@]}" \
            --push .

  # bp-exempt: production deploy side-effect; merge is gated by CI / all-required and this job waits for push CI before acting.
@@ -36,7 +36,7 @@ e2e_mint_test_token() {
  local admin_bearer="${MOLECULE_ADMIN_TOKEN:-${ADMIN_TOKEN:-}}"
  local admin_auth=()
  [ -n "$admin_bearer" ] && admin_auth=(-H "Authorization: Bearer $admin_bearer")
-  body=$(curl -s -w "\n%{http_code}" "$BASE/admin/workspaces/$wid/test-token" "${admin_auth[@]}")
+  body=$(curl -s -w "\n%{http_code}" "$BASE/admin/workspaces/$wid/test-token" ${admin_auth[@]+"${admin_auth[@]}"})
  local code
  code=$(printf '%s' "$body" | tail -n1)
  local json
@@ -71,7 +71,7 @@ pv_assert_runtime() {
  set +e
  resp=$(curl -sS -X POST "$base_url/workspaces/$wid/mcp" \
    -H "Authorization: Bearer $wtok" \
-    "${org_header[@]}" \
+    ${org_header[@]+"${org_header[@]}"} \
    -H "Content-Type: application/json" \
    -d "$PV_RPC_BODY" \
    -o /tmp/pv_mcp_body.json -w "%{http_code}" 2>/dev/null)
@@ -104,7 +104,7 @@ teardown() {
  log "[teardown] deleting ${#CREATED_WSIDS[@]} workspace(s) this run created (scoped)"
  for wid in ${CREATED_WSIDS[@]+"${CREATED_WSIDS[@]}"}; do
    [ -n "$wid" ] || continue
-    curl -s -X DELETE "$BASE/workspaces/$wid?confirm=true" "${ADMIN_AUTH[@]}" >/dev/null 2>&1 || true
+    curl -s -X DELETE "$BASE/workspaces/$wid?confirm=true" ${ADMIN_AUTH[@]+"${ADMIN_AUTH[@]}"} >/dev/null 2>&1 || true
  done
  exit $rc
 }
@@ -113,7 +113,7 @@ trap teardown EXIT INT TERM
 # Pre-sweep workspaces a prior crashed run of THIS script left behind
 # (name prefix match only — never a blanket delete). The trap fires on
 # normal exit, but a kill -9 / SIGPIPE can bypass it.
-PRIOR=$(curl -s "$BASE/workspaces" "${ADMIN_AUTH[@]}" | python3 -c '
+PRIOR=$(curl -s "$BASE/workspaces" ${ADMIN_AUTH[@]+"${ADMIN_AUTH[@]}"} | python3 -c '
 import json, sys
 try:
    print(" ".join(w["id"] for w in json.load(sys.stdin) if w.get("name","").startswith("PV-Local-")))
@@ -122,7 +122,7 @@ except Exception:
 ' 2>/dev/null)
 for _wid in $PRIOR; do
  log "Pre-sweeping prior PV-Local workspace: $_wid"
-  curl -s -X DELETE "$BASE/workspaces/$_wid?confirm=true" "${ADMIN_AUTH[@]}" >/dev/null 2>&1 || true
+  curl -s -X DELETE "$BASE/workspaces/$_wid?confirm=true" ${ADMIN_AUTH[@]+"${ADMIN_AUTH[@]}"} >/dev/null 2>&1 || true
 done

 # ─── Local-stack preflight ─────────────────────────────────────────────
@@ -133,10 +133,10 @@ if ! curl -fsS "$BASE/health" -m 5 >/dev/null 2>&1; then
 fi
 # admin/test-token is the local MCP-bearer mint path; it 404s in
 # production. If it is off, this gate cannot drive the literal call.
-if ! curl -fsS "$BASE/admin/workspaces/preflight-probe/test-token" "${ADMIN_AUTH[@]}" -m 5 >/dev/null 2>&1; then
+if ! curl -fsS "$BASE/admin/workspaces/preflight-probe/test-token" ${ADMIN_AUTH[@]+"${ADMIN_AUTH[@]}"} -m 5 >/dev/null 2>&1; then
  # A 404 here is EITHER "no such ws" (fine — endpoint is enabled) OR the
  # endpoint is disabled (MOLECULE_ENV=production). Distinguish by body.
-  PROBE=$(curl -s "$BASE/admin/workspaces/preflight-probe/test-token" "${ADMIN_AUTH[@]}" -m 5 2>/dev/null)
+  PROBE=$(curl -s "$BASE/admin/workspaces/preflight-probe/test-token" ${ADMIN_AUTH[@]+"${ADMIN_AUTH[@]}"} -m 5 2>/dev/null)
  if echo "$PROBE" | grep -qi 'production\|disabled\|not found.*endpoint'; then
    echo "::error::GET /admin/workspaces/:id/test-token disabled (MOLECULE_ENV=production?). Cannot mint a local MCP bearer." >&2
    exit 1
@@ -241,7 +241,7 @@ else
 fi
 log "1/5 provisioning parent ($PARENT_RUNTIME, mode=$PV_LOCAL_PROVISION_MODE) + one sibling per runtime under test..."

-P_RESP=$(curl -s -X POST "$BASE/workspaces" "${ADMIN_AUTH[@]}" -H "Content-Type: application/json" \
+P_RESP=$(curl -s -X POST "$BASE/workspaces" ${ADMIN_AUTH[@]+"${ADMIN_AUTH[@]}"} -H "Content-Type: application/json" \
  -d "{\"name\":\"${NAME_PREFIX}-parent\",\"runtime\":\"$PARENT_RUNTIME\",\"tier\":3$PARENT_EXTRA,\"secrets\":$PARENT_SECRETS}")
 PARENT_ID=$(echo "$P_RESP" | python3 -c 'import json,sys;print(json.load(sys.stdin).get("id",""))' 2>/dev/null)
 if [ -z "$PARENT_ID" ]; then
@@ -291,7 +291,7 @@ for rt in $PV_RUNTIMES; do
    CREATE_RUNTIME="$rt"
    CREATE_EXTRA=""
  fi
-  R=$(curl -s -X POST "$BASE/workspaces" "${ADMIN_AUTH[@]}" -H "Content-Type: application/json" \
+  R=$(curl -s -X POST "$BASE/workspaces" ${ADMIN_AUTH[@]+"${ADMIN_AUTH[@]}"} -H "Content-Type: application/json" \
    -d "{\"name\":\"${NAME_PREFIX}-$rt\",\"runtime\":\"$CREATE_RUNTIME\",\"tier\":2,\"parent_id\":\"$PARENT_ID\"$CREATE_EXTRA,\"secrets\":$SEC}")
  WID=$(echo "$R" | python3 -c 'import json,sys;print(json.load(sys.stdin).get("id",""))' 2>/dev/null)
  if [ -z "$WID" ]; then
Author	SHA1	Message	Date
core-devops	eb21a02b6d	test(e2e): support empty auth headers on mac bash Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Waiting to run Details Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 6s Details CI / Detect changes (pull_request) Successful in 10s Details CI / Python Lint & Test (pull_request) Successful in 11s Details E2E API Smoke Test / detect-changes (pull_request) Successful in 14s Details E2E Chat / detect-changes (pull_request) Successful in 13s Details E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Has been skipped Details E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 8s Details E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Successful in 1m3s Details Handlers Postgres Integration / detect-changes (pull_request) Successful in 6s Details Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 4s Details Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 5s Details lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m12s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 5s Details qa-review / approved (pull_request) Failing after 4s Details security-review / approved (pull_request) Failing after 3s Details CI / Platform (Go) (pull_request) Successful in 1s Details CI / Canvas (Next.js) (pull_request) Successful in 2s Details CI / Shellcheck (E2E scripts) (pull_request) Successful in 9s Details CI / all-required (pull_request) Successful in 3m40s Details E2E Chat / E2E Chat (pull_request) Successful in 5s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 3s Details Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 3s Details CI / Canvas Deploy Reminder (pull_request) Has been skipped Details E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 59s Details sop-checklist / na-declarations (pull_request) N/A: (none) Details sop-checklist / review-refire (pull_request) Has been skipped Details sop-checklist / all-items-acked (pull_request) Successful in 4s Details gate-check-v3 / gate-check (pull_request) Successful in 4s Details sop-tier-check / tier-check (pull_request) Successful in 5s Details audit-force-merge / audit (pull_request) Successful in 6s Details	2026-05-21 12:41:04 -07:00
hongming	498ce4e287	Merge pull request 'chore(ci): mirror tenant image to staging ecr' (#1647 ) from chore/mirror-tenant-image-staging-ecr into main Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (push) Waiting to run Details Block internal-flavored paths / Block forbidden paths (push) Successful in 5s Details CI / Python Lint & Test (push) Successful in 6s Details CI / Detect changes (push) Successful in 10s Details E2E Chat / detect-changes (push) Successful in 13s Details E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 12s Details E2E API Smoke Test / detect-changes (push) Successful in 14s Details Handlers Postgres Integration / detect-changes (push) Successful in 8s Details Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Successful in 4s Details Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (push) Successful in 3s Details Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (push) Successful in 4s Details lint-required-workflows-docker-host-pinned / Lint docker-host pin on docker-touching workflows (push) Successful in 6s Details Secret scan / Scan diff for credential-shaped strings (push) Successful in 11s Details lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Successful in 1m30s Details Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Successful in 1m26s Details CI / Shellcheck (E2E scripts) (push) Successful in 19s Details E2E API Smoke Test / E2E API Smoke Test (push) Successful in 4s Details E2E Chat / E2E Chat (push) Successful in 3s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 3s Details publish-workspace-server-image / build-and-push (push) Successful in 2m42s Details Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 2m4s Details CI / Platform (Go) (push) Successful in 5m8s Details Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 9s Details Sweep stale Cloudflare Tunnels / Sweep CF tunnels (push) Successful in 8s Details CI / Canvas (Next.js) (push) Successful in 6m21s Details CI / Canvas Deploy Reminder (push) Successful in 1s Details CI / all-required (push) Successful in 7m12s Details publish-workspace-server-image / Production auto-deploy (push) Successful in 6m6s Details chore(ci): mirror tenant image to staging ecr\n\nAdds optional staging ECR tags to the tenant image publish build. The primary publish path remains unchanged when staging publisher secrets are absent.	2026-05-21 19:39:14 +00:00
core-fe	7081a8e900	chore(ci): mirror tenant image to staging ecr Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Waiting to run Details Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 3s Details CI / Python Lint & Test (pull_request) Successful in 4s Details CI / Detect changes (pull_request) Successful in 6s Details E2E API Smoke Test / detect-changes (pull_request) Successful in 6s Details E2E Chat / detect-changes (pull_request) Successful in 5s Details Handlers Postgres Integration / detect-changes (pull_request) Successful in 4s Details E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 6s Details Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 4s Details Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 5s Details Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 7s Details lint-required-workflows-docker-host-pinned / Lint docker-host pin on docker-touching workflows (pull_request) Successful in 3s Details lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 1m10s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 5s Details Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m9s Details gate-check-v3 / gate-check (pull_request) Successful in 6s Details lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 1m22s Details sop-checklist / na-declarations (pull_request) N/A: (none) Details sop-checklist / all-items-acked (pull_request) Successful in 3s Details sop-checklist / review-refire (pull_request) Has been skipped Details lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m9s Details sop-tier-check / tier-check (pull_request) Successful in 5s Details CI / Platform (Go) (pull_request) Successful in 1s Details CI / Canvas (Next.js) (pull_request) Successful in 3s Details CI / Shellcheck (E2E scripts) (pull_request) Successful in 2s Details E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 2s Details Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 2s Details E2E Chat / E2E Chat (pull_request) Successful in 3s Details CI / all-required (pull_request) Successful in 2m4s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 2s Details CI / Canvas Deploy Reminder (pull_request) Has been skipped Details Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m19s Details qa-review / approved (pull_request) Refired via /qa-recheck by unknown Details security-review / approved (pull_request) Refired via /security-recheck by unknown Details audit-force-merge / audit (pull_request) Successful in 6s Details	2026-05-21 12:31:54 -07:00
hongming	da4b86a159	Merge pull request #1643 from fix/mcp-delegate-platform-path Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (push) Waiting to run Details Block internal-flavored paths / Block forbidden paths (push) Successful in 8s Details CI / Detect changes (push) Successful in 9s Details CI / Python Lint & Test (push) Successful in 8s Details E2E API Smoke Test / detect-changes (push) Successful in 13s Details E2E Chat / detect-changes (push) Successful in 14s Details E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 15s Details E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (push) Successful in 43s Details E2E Staging SaaS (full lifecycle) / pr-validate (push) Successful in 31s Details Handlers Postgres Integration / detect-changes (push) Successful in 3s Details Harness Replays / detect-changes (push) Successful in 3s Details Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (push) Successful in 3s Details Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (push) Successful in 3s Details Secret scan / Scan diff for credential-shaped strings (push) Successful in 4s Details publish-workspace-server-image / build-and-push (push) Successful in 2m46s Details E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (push) Failing after 2m14s Details CI / Shellcheck (E2E scripts) (push) Successful in 13s Details E2E API Smoke Test / E2E API Smoke Test (push) Successful in 1m46s Details E2E Staging External Runtime / E2E Staging External Runtime (push) Successful in 5m12s Details CI / Platform (Go) (push) Successful in 4m58s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 6s Details E2E Chat / E2E Chat (push) Successful in 3m7s Details E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (push) Successful in 7m43s Details Harness Replays / Harness Replays (push) Successful in 5s Details Sweep stale Cloudflare Tunnels / Sweep CF tunnels (push) Successful in 6s Details Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 1m40s Details CI / Canvas (Next.js) (push) Successful in 6m1s Details CI / Canvas Deploy Reminder (push) Successful in 2s Details CI / all-required (push) Successful in 9m31s Details publish-workspace-server-image / Production auto-deploy (push) Successful in 8m48s Details main-red-watchdog / watchdog (push) Successful in 2m21s Details gate-check-v3 / gate-check (push) Successful in 29s Details Sweep stale Cloudflare DNS records / Sweep CF orphans (push) Successful in 7s Details ci-required-drift / drift (push) Successful in 1m42s Details Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 4s Details Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Failing after 4m26s Details Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Failing after 6m14s Details fix: route MCP delegation through platform A2A	2026-05-21 18:38:11 +00:00
hongming	c9795a6c4d	Merge pull request #1642 from chore/retrigger-peer-visibility-after-publish Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (push) Waiting to run Details Block internal-flavored paths / Block forbidden paths (push) Successful in 6s Details CI / Python Lint & Test (push) Successful in 5s Details CI / Detect changes (push) Successful in 10s Details E2E API Smoke Test / detect-changes (push) Successful in 8s Details E2E Chat / detect-changes (push) Successful in 6s Details Handlers Postgres Integration / detect-changes (push) Successful in 5s Details E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 12s Details Lint curl status-code capture / Scan workflows for curl status-capture pollution (push) Successful in 10s Details Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (push) Successful in 4s Details Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (push) Successful in 6s Details lint-required-workflows-docker-host-pinned / Lint docker-host pin on docker-touching workflows (push) Successful in 8s Details Secret scan / Scan diff for credential-shaped strings (push) Successful in 4s Details E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (push) Successful in 51s Details lint-continue-on-error-tracking / lint-continue-on-error-tracking (push) Successful in 1m12s Details CI / Shellcheck (E2E scripts) (push) Successful in 19s Details E2E API Smoke Test / E2E API Smoke Test (push) Successful in 5s Details Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (push) Successful in 1m25s Details E2E Chat / E2E Chat (push) Successful in 10s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 9s Details E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (push) Failing after 2m20s Details publish-workspace-server-image / build-and-push (push) Successful in 2m56s Details Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 2m39s Details CI / Platform (Go) (push) Successful in 5m35s Details CI / Canvas (Next.js) (push) Successful in 6m28s Details CI / all-required (push) Successful in 7m35s Details publish-workspace-server-image / Production auto-deploy (push) Successful in 6m17s Details CI / Canvas Deploy Reminder (push) Successful in 1s Details Sweep stale e2e-* orgs (staging) / Sweep e2e orgs (push) Successful in 3s Details Staging SaaS smoke (every 30 min) / Staging SaaS smoke (push) Successful in 4m34s Details Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Successful in 5m37s Details chore(e2e): retrigger peer visibility after publish fix	2026-05-21 18:21:40 +00:00
core-fe	f5dc55f1d1	chore(e2e): retrigger peer visibility after publish fix Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Waiting to run Details Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 3s Details CI / Python Lint & Test (pull_request) Successful in 5s Details CI / Detect changes (pull_request) Successful in 6s Details E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Successful in 8s Details E2E API Smoke Test / detect-changes (pull_request) Successful in 9s Details E2E Chat / detect-changes (pull_request) Successful in 10s Details E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 12s Details Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 10s Details Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 5s Details Handlers Postgres Integration / detect-changes (pull_request) Successful in 10s Details Lint no tenant GITEA or GITHUB token write / Scan for repo-host token write into tenant workspace surface (pull_request) Successful in 11s Details E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Successful in 58s Details lint-required-workflows-docker-host-pinned / Lint docker-host pin on docker-touching workflows (pull_request) Successful in 3s Details lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 1m14s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s Details gate-check-v3 / gate-check (pull_request) Successful in 3s Details qa-review / approved (pull_request) Failing after 4s Details Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m20s Details security-review / approved (pull_request) Failing after 5s Details sop-checklist / review-refire (pull_request) Has been skipped Details sop-checklist / na-declarations (pull_request) N/A: (none) Details lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m13s Details sop-checklist / all-items-acked (pull_request) Successful in 4s Details sop-tier-check / tier-check (pull_request) Successful in 5s Details CI / Canvas (Next.js) (pull_request) Successful in 2s Details CI / Platform (Go) (pull_request) Successful in 2s Details CI / Shellcheck (E2E scripts) (pull_request) Successful in 1s Details E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 3s Details lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 1m33s Details E2E Chat / E2E Chat (pull_request) Successful in 5s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 3s Details CI / Canvas Deploy Reminder (pull_request) Has been skipped Details Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 2s Details CI / all-required (pull_request) Successful in 2m5s Details Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m23s Details audit-force-merge / audit (pull_request) Successful in 5s Details	2026-05-21 11:18:34 -07:00