fix(ci): kill stale platform-server before binding port #1048

Merged

devops-engineer merged 6 commits from sre/fix-stale-platform-server-port into main 2026-05-14 19:58:54 +00:00

Conversation 20 Commits 6 Files Changed 2 +38

6 Commits

Author	SHA1	Message	Date
hongming	39f2dd99aa	ci: refire (fix gate-check: review 3237 dismissed, sop-n/a security-review added)	2026-05-14 18:46:10 +00:00
hongming	51f5aa82ee	ci: refire CI run	2026-05-14 18:30:29 +00:00
Molecule AI Infra-SRE	15c058071a	chore: trigger fresh CI run to clear stale statuses	2026-05-14 18:15:15 +00:00
Molecule AI Infra-SRE	c7ffa43166	fix(ci): kill stale platform-server before binding port ... Cancelling or timing out a workflow run leaves the platform-server process alive — the "Stop platform" step is skipped. The next run's ephemeral port probe (socket.bind(("", 0))) may receive a stale port, or a zombie platform-server may linger on :8080. Fix: unconditionally scan /proc for zombie platform-server processes before the ephemeral port probe. comm truncation ("platform-server" → "platform-serve", 15 chars) is handled; cmdline is verified before kill. Uses only shell builtins + grep + kill — available on any Ubuntu runner. Refs: internal#374, issue #1046 ## Comprehensive testing performed <!-- comprehensive-testing -->CI: Lint workflow YAML (Gitea-1.22.6-hostile shapes) ✅, sop-tier-check ✅, Block internal-flavored paths ✅. YAML validated with python3 yaml.safe_load before commit. ## Local-postgres E2E run <!-- local-postgres-e2e -->N/A: pure-workflow YAML change; no database schema, Go/Python code, or local Postgres harness paths touched. ## Staging-smoke verified or pending <!-- staging-smoke -->scheduled post-merge canary; no server-side changes. ## Root-cause not symptom <!-- root-cause -->Cancelled/timeout CI runs skip "Stop platform", leaving zombie platform-server on :8080. Ephemeral port picker may receive a TIME_WAIT port or a zombie on an ephemeral port may interfere. ## Five-Axis review walked <!-- five-axis-review -->Correctness: /proc scan kills only platform-server (cmdline verified). Readability: self-contained with inline comments. Architecture: no server code change. Security: read-only scan, kill only exact binary match. Performance: O(n_procs), negligible. ## No backwards-compat shim / dead code added <!-- no-backwards-compat -->Yes: additive kill step; no legacy paths or deprecated code. ## Memory/saved-feedback consulted <!-- memory-consulted -->local memory: /proc comm field is TASK_COMM_LEN 16 - 1 = 15 chars. "platform-server" (16) → "platform-serve" (15). Must grep truncated form, verify with cmdline. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 17:52:42 +00:00
Molecule AI Infra-SRE	9b445366f6	fix(ci): kill stale platform-server before binding port ... Cancelling or timing out a workflow run leaves the platform-server process alive — the "Stop platform" step is skipped. The next run's ephemeral port probe (socket.bind(("", 0))) may receive a stale port, or a zombie platform-server may linger on :8080. Fix: unconditionally scan /proc for zombie platform-server processes before the ephemeral port probe. comm truncation ("platform-server" → "platform-serve", 15 chars) is handled; cmdline is verified before kill. Uses only shell builtins + grep + kill — available on any Ubuntu runner. Refs: internal#374, issue #1046 ## Comprehensive testing performed <!-- comprehensive-testing -->CI: Lint workflow YAML (Gitea-1.22.6-hostile shapes) ✅, sop-tier-check ✅, Block internal-flavored paths ✅. YAML validated with python3 yaml.safe_load before commit. ## Local-postgres E2E run <!-- local-postgres-e2e -->N/A: pure-workflow YAML change; no database schema, Go/Python code, or local Postgres harness paths touched. ## Staging-smoke verified or pending <!-- staging-smoke -->scheduled post-merge canary; no server-side changes. ## Root-cause not symptom <!-- root-cause -->Cancelled/timeout CI runs skip "Stop platform", leaving zombie platform-server on :8080. Ephemeral port picker may receive a TIME_WAIT port or a zombie on an ephemeral port may interfere. ## Five-Axis review walked <!-- five-axis-review -->Correctness: /proc scan kills only platform-server (cmdline verified). Readability: self-contained with inline comments. Architecture: no server code change. Security: read-only scan, kill only exact binary match. Performance: O(n_procs), negligible. ## No backwards-compat shim / dead code added <!-- no-backwards-compat -->Yes: additive kill step; no legacy paths or deprecated code. ## Memory/saved-feedback consulted <!-- memory-consulted -->local memory: /proc comm field is capped at 15 chars ( TASK_COMM_LEN 16 - 1). "platform-server" (16) → "platform-serve" (15). Must grep truncated form, verify with cmdline. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 17:52:42 +00:00
Molecule AI Infra-SRE	3fadf89e43	fix(ci): kill stale platform-server before binding port ... Cancelling or timing out a workflow run leaves the platform-server process alive — the "Stop platform" step (line 335) is skipped. If the stale process is still on an ephemeral port, the next run's socket.bind(("", 0)) can receive a port still in TIME_WAIT, or the stale process may interfere with the /health probe. Fix: unconditionally scan /proc for zombie platform-server processes before the ephemeral port probe. Only kills processes whose cmdline contains "platform-server" (safe — ignores other Go binaries). Uses only shell builtins + grep + kill — available on any Ubuntu runner. The /proc comm field is truncated to 15 chars, so the binary named "platform-server" appears as "platform-serve" in /proc/*/comm. cmdline is verified before kill to avoid false positives. Refs: internal#374, issue #1046 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-14 17:52:42 +00:00