molecule-ai/molecule-core
51
0
Fork 2
Code Issues 165 Pull Requests 155 Actions 6 Packages Projects Releases Wiki Activity

fix(ci): repair docker-host guardrail follow-up #1561

Merged
hongming merged 1 commits from fix/ci-docker-host-guardrail-red into main 2026-05-19 03:39:51 +00:00
Conversation 5 Commits 1 Files Changed 10
+30 -24
hongming commented 2026-05-19 02:50:51 +00:00
Owner
Copy Link
Copy Source

Fixes the current main red introduced by the docker-host guardrail follow-up.

Evidence from the 19:42 PDT triage:

  • lint-required-workflows-docker-host-pinned failed on molecule-core/main@c6e89219e110 with panic: unclosed string because the Python heredoc contained a literal Gitea expression marker.
  • After removing that parser trigger, the guardrail exposed a second bug: it scanned the whole workflow file and marked harmless jobs if any sibling job used Docker.
  • CI / Shellcheck (E2E scripts) failed on three SC2034 warnings in peer-visibility map/verdict plumbing.

Fix:

  • Spell the expression marker indirectly in the heredoc.
  • Scan Docker usage per job body instead of per workflow file.
  • Pin the remaining Docker-bound jobs the guardrail now correctly reports.
  • Suppress intentional SC2034 assignments in the peer-visibility scripts.

Local verification:

  • Extracted and executed the guardrail heredoc: OK: all docker-bound jobs are pinned to docker-host or publish.
  • shellcheck --severity=warning tests/e2e/lib/peer_visibility_assert.sh tests/e2e/test_peer_visibility_mcp_local.sh
  • python3 .gitea/scripts/lint-workflow-yaml.py --workflow-dir .gitea/workflows
  • git diff --check
Fixes the current main red introduced by the docker-host guardrail follow-up. Evidence from the 19:42 PDT triage: - `lint-required-workflows-docker-host-pinned` failed on `molecule-core/main@c6e89219e110` with `panic: unclosed string` because the Python heredoc contained a literal Gitea expression marker. - After removing that parser trigger, the guardrail exposed a second bug: it scanned the whole workflow file and marked harmless jobs if any sibling job used Docker. - `CI / Shellcheck (E2E scripts)` failed on three SC2034 warnings in peer-visibility map/verdict plumbing. Fix: - Spell the expression marker indirectly in the heredoc. - Scan Docker usage per job body instead of per workflow file. - Pin the remaining Docker-bound jobs the guardrail now correctly reports. - Suppress intentional SC2034 assignments in the peer-visibility scripts. Local verification: - Extracted and executed the guardrail heredoc: `OK: all docker-bound jobs are pinned to docker-host or publish.` - `shellcheck --severity=warning tests/e2e/lib/peer_visibility_assert.sh tests/e2e/test_peer_visibility_mcp_local.sh` - `python3 .gitea/scripts/lint-workflow-yaml.py --workflow-dir .gitea/workflows` - `git diff --check`
hongming added 1 commit 2026-05-19 02:50:51 +00:00
fix(ci): repair docker-host guardrail follow-up
Lint shellcheck (arm64 pilot) / shellcheck-arm64 (pilot) (pull_request) Waiting to run
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 6s
Details
CI / Detect changes (pull_request) Successful in 16s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 12s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 10s
Details
E2E Chat / detect-changes (pull_request) Successful in 20s
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (pull_request) Has been skipped
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 10s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 8s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 6s
Details
Lint forbidden tenant-env keys / Scan workspace_secrets writers for forbidden env keys (pull_request) Successful in 11s
Details
E2E Peer Visibility (literal MCP list_peers) / E2E Peer Visibility (local) (pull_request) Failing after 1m10s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 31s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 1m35s
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 35s
Details
lint-required-workflows-docker-host-pinned / Lint docker-host pin on docker-touching workflows (pull_request) Successful in 4s
Details
lint-mask-pr-atomicity / lint-mask-pr-atomicity (pull_request) Successful in 1m46s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 6s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 5s
Details
gate-check-v3 / gate-check (pull_request) Successful in 4s
Details
qa-review / approved (pull_request) Failing after 4s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 29s
Details
security-review / approved (pull_request) Failing after 17s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m9s
Details
sop-checklist / all-items-acked (pull_request) acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: comprehensive-testing, local-postgres-e2
Details
sop-checklist / na-declarations (pull_request) N/A: (none)
Details
sop-tier-check / tier-check (pull_request) Successful in 7s
Details
E2E Chat / E2E Chat (pull_request) Successful in 9s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 6s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 7s
Details
CI / Platform (Go) (pull_request) Successful in 4m58s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Failing after 1m12s
Details
CI / Canvas (Next.js) (pull_request) Successful in 6m13s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
CI / Python Lint & Test (pull_request) Successful in 6m56s
Details
CI / all-required (pull_request) Successful in 7m11s
Details
audit-force-merge / audit (pull_request) Successful in 5s
Details
00351b4551
hongming added the area/cikind/infrastructuretier:high labels 2026-05-19 02:51:33 +00:00
core-devops approved these changes 2026-05-19 03:37:54 +00:00
Dismissed
core-devops left a comment
Member
Copy Link
Copy Source

Five-axis pass (core-devops):

  1. Correctness: docker-host lint script previously scanned the entire workflow body for docker-exec usage and matched any single runs-on it found — silently broken for multi-job workflows. Fix scans raw_lines[j.line - 1:j.end] per job: correct slicing, end defaults to len(raw_lines) for the last job, then re-set to i - 1 when a new header appears. Sound.
  2. runs-on: ubuntu-latestdocker-host (or publish for the canvas image build) migration on 7 workflows aligns with mc#1529 + internal#512 + feedback_cp_workspaces_must_run_as_docker_not_native_systemd. Docker-bound jobs that drift onto the Windows act_runner break non-deterministically — pinning to the dedicated host label is the durable fix.
  3. expression_marker = '$' + '{{' indirection sidesteps the Gitea-1.22.6-hostile workflow-yaml linter literal that would parse the embedded Python heredoc. Cheap, local, correct.
  4. shellcheck SC2034 disables on indirect-eval map vars (WS_IDS_MAP / VERDICT_MAP / PV_VERDICT) are accurate — these ARE read through portable bash-3.2 eval shims; suppression is targeted, not file-wide.
  5. CI CI / all-required is green on the head commit (id=80, 2026-05-19T02:58:21Z), proving the new lint logic passes on the very workflows it migrates.

LGTM. Unblocks the shared upstream failure for mc#1559 + mc#1563.

Five-axis pass (core-devops): 1. Correctness: docker-host lint script previously scanned the entire workflow body for docker-exec usage and matched any single `runs-on` it found — silently broken for multi-job workflows. Fix scans `raw_lines[j.line - 1:j.end]` per job: correct slicing, `end` defaults to `len(raw_lines)` for the last job, then re-set to `i - 1` when a new header appears. Sound. 2. `runs-on: ubuntu-latest` → `docker-host` (or `publish` for the canvas image build) migration on 7 workflows aligns with mc#1529 + internal#512 + feedback_cp_workspaces_must_run_as_docker_not_native_systemd. Docker-bound jobs that drift onto the Windows act_runner break non-deterministically — pinning to the dedicated host label is the durable fix. 3. `expression_marker = '$' + '{{'` indirection sidesteps the Gitea-1.22.6-hostile workflow-yaml linter literal that would parse the embedded Python heredoc. Cheap, local, correct. 4. shellcheck SC2034 disables on indirect-eval map vars (`WS_IDS_MAP` / `VERDICT_MAP` / `PV_VERDICT`) are accurate — these ARE read through portable bash-3.2 eval shims; suppression is targeted, not file-wide. 5. CI `CI / all-required` is green on the head commit (id=80, 2026-05-19T02:58:21Z), proving the new lint logic passes on the very workflows it migrates. LGTM. Unblocks the shared upstream failure for mc#1559 + mc#1563.
core-devops approved these changes 2026-05-19 03:38:09 +00:00
Dismissed
core-devops left a comment
Member
Copy Link
Copy Source

Five-axis pass (core-devops):

  1. Correctness: docker-host lint script previously scanned the entire workflow body for docker-exec usage and matched any single runs-on it found — silently broken for multi-job workflows. Fix scans raw_lines[j.line - 1:j.end] per job: correct slicing, end defaults to len(raw_lines) for the last job, then re-set to i - 1 when a new header appears. Sound.
  2. runs-on: ubuntu-latest -> docker-host (or publish for the canvas image build) migration on 7 workflows aligns with mc#1529 + internal#512 + feedback_cp_workspaces_must_run_as_docker_not_native_systemd. Docker-bound jobs that drift onto the Windows act_runner break non-deterministically — pinning to the dedicated host label is the durable fix.
  3. expression_marker = '$' + '{{' indirection sidesteps the Gitea-1.22.6-hostile workflow-yaml linter literal that would parse the embedded Python heredoc. Cheap, local, correct.
  4. shellcheck SC2034 disables on indirect-eval map vars (WS_IDS_MAP / VERDICT_MAP / PV_VERDICT) are accurate — these ARE read through portable bash-3.2 eval shims; suppression is targeted, not file-wide.
  5. CI CI / all-required is green on the head commit (id=80, 2026-05-19T02:58:21Z), proving the new lint logic passes on the very workflows it migrates.

LGTM. Unblocks the shared upstream failure for mc#1559 + mc#1563.

Five-axis pass (core-devops): 1. Correctness: docker-host lint script previously scanned the entire workflow body for docker-exec usage and matched any single `runs-on` it found — silently broken for multi-job workflows. Fix scans `raw_lines[j.line - 1:j.end]` per job: correct slicing, `end` defaults to `len(raw_lines)` for the last job, then re-set to `i - 1` when a new header appears. Sound. 2. `runs-on: ubuntu-latest` -> `docker-host` (or `publish` for the canvas image build) migration on 7 workflows aligns with mc#1529 + internal#512 + feedback_cp_workspaces_must_run_as_docker_not_native_systemd. Docker-bound jobs that drift onto the Windows act_runner break non-deterministically — pinning to the dedicated host label is the durable fix. 3. `expression_marker = '$' + '{{'` indirection sidesteps the Gitea-1.22.6-hostile workflow-yaml linter literal that would parse the embedded Python heredoc. Cheap, local, correct. 4. shellcheck SC2034 disables on indirect-eval map vars (`WS_IDS_MAP` / `VERDICT_MAP` / `PV_VERDICT`) are accurate — these ARE read through portable bash-3.2 eval shims; suppression is targeted, not file-wide. 5. CI `CI / all-required` is green on the head commit (id=80, 2026-05-19T02:58:21Z), proving the new lint logic passes on the very workflows it migrates. LGTM. Unblocks the shared upstream failure for mc#1559 + mc#1563.
core-devops approved these changes 2026-05-19 03:38:49 +00:00
Dismissed
core-devops left a comment
Member
Copy Link
Copy Source

Five-axis pass (core-devops):

  1. Correctness: docker-host lint script previously scanned the entire workflow body for docker-exec usage and matched any single runs-on it found — silently broken for multi-job workflows. Fix scans raw_lines[j.line - 1:j.end] per job: correct slicing, end defaults to len(raw_lines) for the last job, then re-set to i - 1 when a new header appears. Sound.
  2. runs-on: ubuntu-latest -> docker-host (or publish for the canvas image build) migration on 7 workflows aligns with mc#1529 + internal#512 + feedback_cp_workspaces_must_run_as_docker_not_native_systemd. Docker-bound jobs that drift onto the Windows act_runner break non-deterministically — pinning to the dedicated host label is the durable fix.
  3. expression_marker = '$' + '{{' indirection sidesteps the Gitea-1.22.6-hostile workflow-yaml linter literal that would parse the embedded Python heredoc. Cheap, local, correct.
  4. shellcheck SC2034 disables on indirect-eval map vars (WS_IDS_MAP / VERDICT_MAP / PV_VERDICT) are accurate — these ARE read through portable bash-3.2 eval shims; suppression is targeted, not file-wide.
  5. CI CI / all-required is green on the head commit (id=80, 2026-05-19T02:58:21Z), proving the new lint logic passes on the very workflows it migrates.

LGTM. Unblocks the shared upstream failure for mc#1559 + mc#1563.

Five-axis pass (core-devops): 1. Correctness: docker-host lint script previously scanned the entire workflow body for docker-exec usage and matched any single `runs-on` it found — silently broken for multi-job workflows. Fix scans `raw_lines[j.line - 1:j.end]` per job: correct slicing, `end` defaults to `len(raw_lines)` for the last job, then re-set to `i - 1` when a new header appears. Sound. 2. `runs-on: ubuntu-latest` -> `docker-host` (or `publish` for the canvas image build) migration on 7 workflows aligns with mc#1529 + internal#512 + feedback_cp_workspaces_must_run_as_docker_not_native_systemd. Docker-bound jobs that drift onto the Windows act_runner break non-deterministically — pinning to the dedicated host label is the durable fix. 3. `expression_marker = '$' + '{{'` indirection sidesteps the Gitea-1.22.6-hostile workflow-yaml linter literal that would parse the embedded Python heredoc. Cheap, local, correct. 4. shellcheck SC2034 disables on indirect-eval map vars (`WS_IDS_MAP` / `VERDICT_MAP` / `PV_VERDICT`) are accurate — these ARE read through portable bash-3.2 eval shims; suppression is targeted, not file-wide. 5. CI `CI / all-required` is green on the head commit (id=80, 2026-05-19T02:58:21Z), proving the new lint logic passes on the very workflows it migrates. LGTM. Unblocks the shared upstream failure for mc#1559 + mc#1563.
core-devops approved these changes 2026-05-19 03:38:54 +00:00
core-devops left a comment
Member
Copy Link
Copy Source

Five-axis pass (core-devops):

  1. Correctness: docker-host lint script previously scanned the entire workflow body for docker-exec usage and matched any single runs-on it found — silently broken for multi-job workflows. Fix scans raw_lines[j.line - 1:j.end] per job: correct slicing, end defaults to len(raw_lines) for the last job, then re-set to i - 1 when a new header appears. Sound.
  2. runs-on: ubuntu-latest -> docker-host (or publish for the canvas image build) migration on 7 workflows aligns with mc#1529 + internal#512 + feedback_cp_workspaces_must_run_as_docker_not_native_systemd. Docker-bound jobs that drift onto the Windows act_runner break non-deterministically — pinning to the dedicated host label is the durable fix.
  3. expression_marker = '$' + '{{' indirection sidesteps the Gitea-1.22.6-hostile workflow-yaml linter literal that would parse the embedded Python heredoc. Cheap, local, correct.
  4. shellcheck SC2034 disables on indirect-eval map vars (WS_IDS_MAP / VERDICT_MAP / PV_VERDICT) are accurate — these ARE read through portable bash-3.2 eval shims; suppression is targeted, not file-wide.
  5. CI CI / all-required is green on the head commit (id=80, 2026-05-19T02:58:21Z), proving the new lint logic passes on the very workflows it migrates.

LGTM. Unblocks the shared upstream failure for mc#1559 + mc#1563.

Five-axis pass (core-devops): 1. Correctness: docker-host lint script previously scanned the entire workflow body for docker-exec usage and matched any single `runs-on` it found — silently broken for multi-job workflows. Fix scans `raw_lines[j.line - 1:j.end]` per job: correct slicing, `end` defaults to `len(raw_lines)` for the last job, then re-set to `i - 1` when a new header appears. Sound. 2. `runs-on: ubuntu-latest` -> `docker-host` (or `publish` for the canvas image build) migration on 7 workflows aligns with mc#1529 + internal#512 + feedback_cp_workspaces_must_run_as_docker_not_native_systemd. Docker-bound jobs that drift onto the Windows act_runner break non-deterministically — pinning to the dedicated host label is the durable fix. 3. `expression_marker = '$' + '{{'` indirection sidesteps the Gitea-1.22.6-hostile workflow-yaml linter literal that would parse the embedded Python heredoc. Cheap, local, correct. 4. shellcheck SC2034 disables on indirect-eval map vars (`WS_IDS_MAP` / `VERDICT_MAP` / `PV_VERDICT`) are accurate — these ARE read through portable bash-3.2 eval shims; suppression is targeted, not file-wide. 5. CI `CI / all-required` is green on the head commit (id=80, 2026-05-19T02:58:21Z), proving the new lint logic passes on the very workflows it migrates. LGTM. Unblocks the shared upstream failure for mc#1559 + mc#1563.
core-security approved these changes 2026-05-19 03:39:17 +00:00
core-security left a comment
Member
Copy Link
Copy Source

Five-axis pass (core-security):

  1. Secret exposure: zero. No env-var reads, no token plumbing, no logging additions that touch credentials. The 7 runs-on swaps and 2 shellcheck disable comments don't change any secrets surface.
  2. Injection-shaped shell construction: none. The two added # shellcheck disable=SC2034 annotations are scoped to assignment lines for variables read through portable bash-3.2 eval-based map shims (WS_IDS_MAP, VERDICT_MAP, PV_VERDICT). The eval paths are unchanged in this PR — disable is targeted and accurate, not papering over a real injection.
  3. The Python lint script edit (.gitea/workflows/lint-required-workflows-docker-host-pinned.yml) takes its inputs from workflow filenames under .gitea/workflows / .github/workflows via os.listdir and reads file contents with open(...). No user-supplied data flows into a shell or eval; no string interpolation into a command. The expression_marker = '$' + '{{' indirection is a literal-string defense (avoids the workflow yaml linter parsing the heredoc), not an injection vector.
  4. runs-on: ubuntu-latestdocker-host / publish migrations move workloads from a hosted-runner label to a self-hosted label. Self-hosted runners DO inherit any secrets the workflow declares — but no new secrets.* references are introduced in this PR, and the dedicated docker-host / publish runners are the canonical surface for these jobs per fleet policy (mc#1529 / internal#512). Migration does not change the secrets blast radius.
  5. CI CI / all-required is green on head commit 00351b4 (id=80, 2026-05-19T02:58:21Z). Secret-scan context (Secret scan / Scan diff for credential-shaped strings) passed alongside.

LGTM from a security review standpoint. No new attack surface.

Five-axis pass (core-security): 1. Secret exposure: zero. No env-var reads, no token plumbing, no logging additions that touch credentials. The 7 `runs-on` swaps and 2 shellcheck disable comments don't change any secrets surface. 2. Injection-shaped shell construction: none. The two added `# shellcheck disable=SC2034` annotations are scoped to assignment lines for variables read through portable bash-3.2 `eval`-based map shims (`WS_IDS_MAP`, `VERDICT_MAP`, `PV_VERDICT`). The `eval` paths are unchanged in this PR — disable is targeted and accurate, not papering over a real injection. 3. The Python lint script edit (`.gitea/workflows/lint-required-workflows-docker-host-pinned.yml`) takes its inputs from workflow filenames under `.gitea/workflows` / `.github/workflows` via `os.listdir` and reads file contents with `open(...)`. No user-supplied data flows into a shell or eval; no string interpolation into a command. The `expression_marker = '$' + '{{'` indirection is a literal-string defense (avoids the workflow yaml linter parsing the heredoc), not an injection vector. 4. `runs-on: ubuntu-latest` → `docker-host` / `publish` migrations move workloads from a hosted-runner label to a self-hosted label. Self-hosted runners DO inherit any secrets the workflow declares — but no new `secrets.*` references are introduced in this PR, and the dedicated `docker-host` / `publish` runners are the canonical surface for these jobs per fleet policy (mc#1529 / internal#512). Migration does not change the secrets blast radius. 5. CI `CI / all-required` is green on head commit 00351b4 (id=80, 2026-05-19T02:58:21Z). Secret-scan context (`Secret scan / Scan diff for credential-shaped strings`) passed alongside. LGTM from a security review standpoint. No new attack surface.
hongming merged commit 517327aa1e into main 2026-05-19 03:39:51 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
core-devops
core-security
Labels
Clear labels
area/ci
CI/CD pipeline issues
 do-not-auto-merge
Opt out of autonomous merge-queue merging
 kind/infrastructure
Infrastructure-related issues
 merge-queue
Ready for serialized Gitea merge queue
 merge-queue-hold
Temporarily hold PR in merge queue
 platform/go
Go platform test issues
 release-blocker
Blocks the staging→main promotion / a release
 release-test
security
test-label-sre
tier:high
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
 tier:low
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
 tier:medium
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
 triage-test
test
 wip
Work in progress — do not auto-merge
No Label area/ci kind/infrastructure tier:high
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#1561
Delete Branch "fix/ci-docker-host-guardrail-red"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?