molecule-ai/molecule-core
41
0
Fork 2
Code Issues 67 Pull Requests 40 Actions 270 Packages Projects Releases Wiki Activity

[ci-drift] molecule-ai/molecule-core/main: required-checks divergence detected #1148

New Issue
Closed
opened 2026-05-15 07:18:59 +00:00 by mc-drift-bot · 1 comment
mc-drift-bot commented 2026-05-15 07:18:59 +00:00
Owner
Copy Link

Drift detected on molecule-ai/molecule-core/main

Auto-filed by .gitea/workflows/ci-required-drift.yml (RFC internal#219 §4 + §6).

Findings

F1 — jobs in ci.yml NOT under sentinel needs: (sentinel doesn't gate them):

  • canvas-build
  • canvas-deploy-reminder
  • changes
  • platform-build
  • python-lint
  • shellcheck

Resolution

  • F1 / F1b: add the missing job to all-required.needs: in .gitea/workflows/ci.yml, or remove the stale entry.
  • F2: rename the protection context to match an emitter, or remove it from status_check_contexts (PATCH /api/v1/repos/{owner}/{repo}/branch_protections/{branch}).
  • F3a / F3b: bring REQUIRED_CHECKS env in .gitea/workflows/audit-force-merge.yml into set-equality with status_check_contexts (single PR, both files).

Debug

{
  "audit_env_checks": [
    "CI / all-required (pull_request)",
    "sop-checklist / all-items-acked (pull_request)"
  ],
  "branch": "main",
  "ci_jobs": [
    "canvas-build",
    "canvas-deploy-reminder",
    "changes",
    "platform-build",
    "python-lint",
    "shellcheck"
  ],
  "expected_contexts": [
    "ci / all-required (pull_request)",
    "ci / canvas-build (pull_request)",
    "ci / canvas-deploy-reminder (pull_request)",
    "ci / changes (pull_request)",
    "ci / platform-build (pull_request)",
    "ci / python-lint (pull_request)",
    "ci / shellcheck (pull_request)"
  ],
  "protection_contexts": [
    "CI / all-required (pull_request)",
    "sop-checklist / all-items-acked (pull_request)"
  ],
  "sentinel_needs": []
}

This issue is idempotent: drift-detect runs hourly at :17 and edits this body in place. Close the issue once the drift is fixed; the next hourly run will reopen if drift returns.

# Drift detected on `molecule-ai/molecule-core/main` Auto-filed by `.gitea/workflows/ci-required-drift.yml` (RFC [internal#219](https://git.moleculesai.app/molecule-ai/internal/issues/219) §4 + §6). ## Findings F1 — jobs in ci.yml NOT under sentinel `needs:` (sentinel doesn't gate them): - canvas-build - canvas-deploy-reminder - changes - platform-build - python-lint - shellcheck ## Resolution - **F1 / F1b**: add the missing job to `all-required.needs:` in `.gitea/workflows/ci.yml`, or remove the stale entry. - **F2**: rename the protection context to match an emitter, or remove it from `status_check_contexts` (PATCH `/api/v1/repos/{owner}/{repo}/branch_protections/{branch}`). - **F3a / F3b**: bring `REQUIRED_CHECKS` env in `.gitea/workflows/audit-force-merge.yml` into set-equality with `status_check_contexts` (single PR, both files). ## Debug ```json { "audit_env_checks": [ "CI / all-required (pull_request)", "sop-checklist / all-items-acked (pull_request)" ], "branch": "main", "ci_jobs": [ "canvas-build", "canvas-deploy-reminder", "changes", "platform-build", "python-lint", "shellcheck" ], "expected_contexts": [ "ci / all-required (pull_request)", "ci / canvas-build (pull_request)", "ci / canvas-deploy-reminder (pull_request)", "ci / changes (pull_request)", "ci / platform-build (pull_request)", "ci / python-lint (pull_request)", "ci / shellcheck (pull_request)" ], "protection_contexts": [ "CI / all-required (pull_request)", "sop-checklist / all-items-acked (pull_request)" ], "sentinel_needs": [] } ``` _This issue is idempotent: drift-detect runs hourly at `:17` and edits this body in place. Close the issue once the drift is fixed; the next hourly run will reopen if drift returns._
mc-drift-bot added the
tier:high
 label 2026-05-15 07:19:00 +00:00
core-devops commented 2026-05-15 08:26:24 +00:00
Member
Copy Link

core-devops: wontfix — false positive

F1 is a false alarm. The all-required sentinel has no needs: dependency (by design, see ci.yml:548-553). It polls via the Gitea Statuses API instead.

The sentinel polls these required contexts:

  • CI / Detect changes
  • CI / Platform (Go)
  • CI / Canvas (Next.js)
  • CI / Shellcheck (E2E scripts)
  • CI / Python Lint & Test

canvas-deploy-reminder is intentionally excluded (ci.yml:555: canvas-deploy-reminder is intentionally NOT included in all-required.needs — it is an informational main-push reminder, not a PR quality gate). The drift detector does not account for intentional exclusion.

canvas-build (context CI / Canvas Build (pull_request)) is not a separate Gitea Actions job — it is the same job as CI / Canvas (Next.js). The job canvas-build in ci.yml has name: Canvas (Next.js), so it emits CI / Canvas (Next.js) (pull_request) which IS in the sentinel polling list.

Closing as wontfix. The drift detector should be updated to account for intentional exclusions from the sentinel polling list.

## core-devops: wontfix — false positive F1 is a false alarm. The `all-required` sentinel has **no `needs:`** dependency (by design, see ci.yml:548-553). It **polls** via the Gitea Statuses API instead. The sentinel polls these required contexts: - `CI / Detect changes` - `CI / Platform (Go)` - `CI / Canvas (Next.js)` - `CI / Shellcheck (E2E scripts)` - `CI / Python Lint & Test` `canvas-deploy-reminder` is **intentionally excluded** (ci.yml:555: `canvas-deploy-reminder is intentionally NOT included in all-required.needs — it is an informational main-push reminder, not a PR quality gate`). The drift detector does not account for intentional exclusion. `canvas-build` (context `CI / Canvas Build (pull_request)`) is not a separate Gitea Actions job — it is the same job as `CI / Canvas (Next.js)`. The job `canvas-build` in ci.yml has `name: Canvas (Next.js)`, so it emits `CI / Canvas (Next.js) (pull_request)` which IS in the sentinel polling list. Closing as wontfix. The drift detector should be updated to account for intentional exclusions from the sentinel polling list.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
area/ci

CI/CD pipeline issues

  
kind/infrastructure

Infrastructure-related issues

  
merge-queue

Ready for serialized Gitea merge queue

  
merge-queue

Merge queue candidate

  
merge-queue

Merge queue candidate

  
merge-queue-hold

Temporarily hold PR in merge queue

  
platform/go

Go platform test issues

  
release-blocker

Blocks the staging→main promotion / a release

  
release-test

   
security

   
test-label-sre

   
tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

  
tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

  
tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

  
triage-test

test

No Label
area/ci
kind/infrastructure
merge-queue
merge-queue
merge-queue
merge-queue-hold
platform/go
release-blocker
release-test
security
test-label-sre
tier:high
tier:low
tier:medium
triage-test
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#1148
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?