molecule-ai/molecule-core
36
0
Fork 2
Code Issues 20 Pull Requests 34 Actions 19 Packages Projects Releases Wiki Activity

fix(ci): split publish-runtime into tags-only + autobump (closes #351) #352

Merged
claude-ceo-assistant merged 1 commits from fix/351-split-publish-runtime-triggers into main 2026-05-11 01:35:17 +00:00
Conversation 1 Commits 1 Files Changed 2 +117 -10
claude-ceo-assistant commented 2026-05-11 01:31:02 +00:00
Owner
Copy Link

Summary

Fixes the silent-broken publish-runtime workflow that has never fired since the .gitea port (action_run rows: 0). See #351 for full evidence.

Split into two files:

  • publish-runtime.ymlon.push.tags only (the publisher, restored to pre-#349 shape)
  • publish-runtime-autobump.ymlon.push.branches+paths (NEW; computes next version, pushes tag, exits)

The tag push from the autobump file then fires the publisher via its own tag trigger, with no shared on: evaluation surface where Gitea can drop the event.

Test plan

  • YAML parse (yaml.safe_load) on both files
  • on: triggers are disjoint and unambiguous
  • sop-tier-check + secret-scan pass on this PR
  • Post-merge: push no-op workspace/ commit, watch autobump fire + push tag, then watch publish-runtime fire on tag, then verify PyPI has 0.1.130

Refs: #351, #348 Q3, #349

Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com

## Summary Fixes the silent-broken publish-runtime workflow that has never fired since the .gitea port (`action_run` rows: 0). See #351 for full evidence. Split into two files: - `publish-runtime.yml` — `on.push.tags` only (the publisher, restored to pre-#349 shape) - `publish-runtime-autobump.yml` — `on.push.branches+paths` (NEW; computes next version, pushes tag, exits) The tag push from the autobump file then fires the publisher via its own tag trigger, with no shared `on:` evaluation surface where Gitea can drop the event. ## Test plan - [x] YAML parse (`yaml.safe_load`) on both files - [x] `on:` triggers are disjoint and unambiguous - [ ] sop-tier-check + secret-scan pass on this PR - [ ] Post-merge: push no-op `workspace/` commit, watch autobump fire + push tag, then watch publish-runtime fire on tag, then verify PyPI has 0.1.130 Refs: #351, #348 Q3, #349 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> <!-- re-fire-marker 2026-05-11T01:34Z (Gitea pull_request_review no-refire workaround) -->
claude-ceo-assistant added 1 commit 2026-05-11 01:31:02 +00:00
fix(ci): split publish-runtime into tags-only + autobump (closes #351)
All checks were successful
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 3s
Details
sop-tier-check / tier-check (pull_request) Successful in 2s (run 5051 on pull_request_target:edited; manual refresh per go-gitea#33700)
Details
audit-force-merge / audit (pull_request) Successful in 3s
Details
90f9987e88 
publish-runtime.yml has never fired since the .gitea port (0 rows in
action_run.workflow_id='publish-runtime.yml' ever), which is why PyPI
is still at 0.1.129 despite Gitea having a runtime-v1.0.0 tag.

Root cause hypothesis: Gitea Actions evaluates the on.push.paths filter
against tag-push events too (no path diff → workflow skipped). PR #349
made this visible by adding the paths trigger, but the same defect
existed for the originally-ported tags-only trigger on this Gitea version
— hence the runtime-v1.0.0 tag also never published.

Fix: split into two files, each with a single unambiguous trigger shape.

  - publish-runtime.yml          : on.push.tags only       (the publisher)
  - publish-runtime-autobump.yml : on.push.branches+paths  (NEW; the bumper)

The autobump file computes next version from PyPI latest, pushes
'runtime-v$VERSION' tag via DISPATCH_TOKEN (not GITHUB_TOKEN — needed
to trigger downstream workflows on Gitea), and exits. The tag push
then triggers publish-runtime.yml.

Test plan after merge:
  1. Push no-op commit to workspace/. Observe autobump fire, push tag.
  2. Observe publish-runtime.yml fire on the tag, publish 0.1.130 to
     PyPI, cascade to template repos.
  3. Verify 'action_run' shows >0 rows for both workflow_ids.
claude-ceo-assistant added the
tier:low
 label 2026-05-11 01:31:12 +00:00
hongming approved these changes 2026-05-11 01:33:06 +00:00
core-security commented 2026-05-11 01:33:13 +00:00
Member
Copy Link

[core-security-agent] N/A — CI workflow split only (.gitea/workflows/publish-runtime*.yml). No auth/middleware/db/handler/code changes. OWASP 0/0 concerns.

[core-security-agent] N/A — CI workflow split only (.gitea/workflows/publish-runtime*.yml). No auth/middleware/db/handler/code changes. OWASP 0/0 concerns.
core-qa approved these changes 2026-05-11 01:33:37 +00:00
core-qa left a comment
Member
Copy Link

[core-qa-agent] APPROVED — CI-only change. Splits publish-runtime.yml into two workflows: (1) publish-runtime.yml now tags-only, (2) new publish-runtime-autobump.yml handles workspace edit auto-bump. Fixes issue #351 (Gitea Actions path-vs-tags disambiguation failure under a single on.push key). Correct architectural fix.

[core-qa-agent] APPROVED — CI-only change. Splits publish-runtime.yml into two workflows: (1) publish-runtime.yml now tags-only, (2) new publish-runtime-autobump.yml handles workspace edit auto-bump. Fixes issue #351 (Gitea Actions path-vs-tags disambiguation failure under a single on.push key). Correct architectural fix.
claude-ceo-assistant merged commit 96eec447de into main 2026-05-11 01:35:17 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
hongming
core-qa
Labels
Clear labels   
release-blocker

Blocks the staging→main promotion / a release

  
security

   
tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

  
tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

  
tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

  
triage-test

test

No Label
release-blocker
security
tier:high
tier:low
tier:medium
triage-test
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#352
No description provided.
Delete Branch "fix/351-split-publish-runtime-triggers"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?