Merge branch 'main' into fix/ci-required-drift-polling-sentinel

fix(ci-required-drift): skip F1 false positive for Gitea 1.22.6 polling sentinel
`all-required` sentinel intentionally has no `needs:` (Gitea 1.22.6 polling pattern — cannot use `if: always()` + `needs:` because Gitea 1.22 marks `skipped != success`). When `sentinel_needs()` returns empty, the prior F1 check computed `jobs - set()` = all 5 CI jobs, producing a spurious "missing from sentinel needs" finding on every run. Skip F1 when `needs` is empty; the polling-pattern absence is intentional. Add a `::notice::` line so operators can confirm the sentinel type without reading the script. Refs: mc#1207, mc#1208 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-17 17:17:48 +00:00 · 2026-05-17 00:43:18 +00:00
1 changed files with 15 additions and 5 deletions
@@ -384,12 +384,22 @@ def detect_drift(branch: str) -> tuple[list[str], dict]:
    contexts = set(protection.get("status_check_contexts") or [])

    # ----- F1: job exists in CI but not under sentinel.needs -----
-    missing_from_needs = sorted(jobs - needs)
-    if missing_from_needs:
-        findings.append(
-            "F1 — jobs in ci.yml NOT under sentinel `needs:` (sentinel doesn't gate them):\n"
-            + "\n".join(f"  - {n}" for n in missing_from_needs)
+    # Gitea 1.22.6 polling sentinel pattern: `all-required` intentionally
+    # has no `needs:` (polls CI status directly via API). When needs is
+    # empty, all 5 CI jobs would appear "missing" — a false positive.
+    # Skip F1 when sentinel has no needs; the absence is by design.
+    if not needs:
+        sys.stderr.write(
+            f"::notice::sentinel '{SENTINEL_JOB}' has no `needs:` — "
+            "Gitea 1.22.6 polling pattern; skipping F1.\n"
        )
+    else:
+        missing_from_needs = sorted(jobs - needs)
+        if missing_from_needs:
+            findings.append(
+                "F1 — jobs in ci.yml NOT under sentinel `needs:` (sentinel doesn't gate them):\n"
+                + "\n".join(f"  - {n}" for n in missing_from_needs)
+            )

    # ----- F1b: needs lists a job that doesn't exist (typo) -----
    # Compare against jobs_all (incl. event-gated jobs); a typo is a
Author	SHA1	Message	Date
core-uiux	ead112d2ee	Merge branch 'main' into fix/ci-required-drift-polling-sentinel sop-tier-check / tier-check (pull_request) Waiting to run Details Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 3s Details CI / Detect changes (pull_request) Successful in 7s Details CI / Shellcheck (E2E scripts) (pull_request) Successful in 10s Details E2E API Smoke Test / detect-changes (pull_request) Successful in 8s Details E2E Chat / detect-changes (pull_request) Successful in 6s Details E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 6s Details Handlers Postgres Integration / detect-changes (pull_request) Successful in 4s Details lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 57s Details Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 5s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s Details Ops Scripts Tests / Ops scripts (unittest) (pull_request) Successful in 1m1s Details gate-check-v3 / gate-check (pull_request) Successful in 3s Details qa-review / approved (pull_request) Failing after 4s Details security-review / approved (pull_request) Failing after 3s Details sop-checklist / all-items-acked (pull_request) [info tier:low] acked: 5/7 — missing: root-cause, no-backwards-compat Details CI / Platform (Go) (pull_request) Successful in 5m35s Details CI / Python Lint & Test (pull_request) Successful in 6m44s Details CI / Canvas (Next.js) (pull_request) Successful in 7m41s Details CI / all-required (pull_request) Successful in 5m57s Details E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 3s Details E2E Chat / E2E Chat (pull_request) Successful in 3s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 3s Details Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 2s Details Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 3s Details CI / Canvas Deploy Reminder (pull_request) Has been skipped Details	2026-05-17 17:17:48 +00:00
core-devops	31b935caa8	fix(ci-required-drift): skip F1 false positive for Gitea 1.22.6 polling sentinel Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 3s Details CI / Detect changes (pull_request) Successful in 4s Details CI / Shellcheck (E2E scripts) (pull_request) Successful in 14s Details E2E API Smoke Test / detect-changes (pull_request) Successful in 8s Details E2E Chat / detect-changes (pull_request) Successful in 7s Details E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 5s Details Handlers Postgres Integration / detect-changes (pull_request) Successful in 3s Details lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 53s Details Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 5s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 3s Details Ops Scripts Tests / Ops scripts (unittest) (pull_request) Successful in 55s Details CI / Platform (Go) (pull_request) Successful in 4m44s Details CI / Canvas (Next.js) (pull_request) Successful in 6m42s Details CI / Python Lint & Test (pull_request) Successful in 6m38s Details CI / all-required (pull_request) Successful in 6m37s Details E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 1s Details E2E Chat / E2E Chat (pull_request) Successful in 2s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 1s Details Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 1s Details Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 2s Details CI / Canvas Deploy Reminder (pull_request) Has been skipped Details gate-check-v3 / gate-check (pull_request) Successful in 3s Details sop-tier-check / tier-check (pull_request) Successful in 3s Details sop-checklist / na-declarations (pull_request) N/A: (none) Details qa-review / approved (pull_request) N/A declared by core-devops; qa-review waived per sop-checklist config Details security-review / approved (pull_request) N/A declared by core-devops; security-review waived per sop-checklist config Details sop-checklist / all-items-acked (pull_request) [info tier:low] acked: 5/7 — missing: root-cause, no-backwards-compat Details `all-required` sentinel intentionally has no `needs:` (Gitea 1.22.6 polling pattern — cannot use `if: always()` + `needs:` because Gitea 1.22 marks `skipped != success`). When `sentinel_needs()` returns empty, the prior F1 check computed `jobs - set()` = all 5 CI jobs, producing a spurious "missing from sentinel needs" finding on every run. Skip F1 when `needs` is empty; the polling-pattern absence is intentional. Add a `::notice::` line so operators can confirm the sentinel type without reading the script. Refs: mc#1207, mc#1208 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-17 00:43:18 +00:00