From 84fb632a2aa4bc3b877fa91ef6ad4ab136035fa6 Mon Sep 17 00:00:00 2001 From: molecule-code-reviewer Date: Wed, 3 Jun 2026 00:32:24 +0000 Subject: [PATCH 1/2] ci: un-mask handlers-postgres-integration required gate (mc#1982) Flip continue-on-error true->false on both jobs so this already-required real-infra context can actually block instead of posting a green status on a red run. --- .../handlers-postgres-integration.yml | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/.gitea/workflows/handlers-postgres-integration.yml b/.gitea/workflows/handlers-postgres-integration.yml index 7c32de334..1af0e2b81 100644 --- a/.gitea/workflows/handlers-postgres-integration.yml +++ b/.gitea/workflows/handlers-postgres-integration.yml @@ -8,7 +8,9 @@ name: Handlers Postgres Integration # - Dropped `environment:` blocks (Gitea has no environments). # - Workflow-level env.GITHUB_SERVER_URL pinned per # feedback_act_runner_github_server_url. -# - `continue-on-error: true` on each job (RFC §1 contract). +# - `continue-on-error: false` on each job (mc#1982 un-mask; was `true` +# under the RFC §1 surface-without-block contract — now this required +# real-infra gate is allowed to actually block). # # Real-Postgres integration tests for workspace-server/internal/handlers/. @@ -87,9 +89,12 @@ jobs: # both jobs on the same label avoids workspace-volume cross-host # surprises and keeps the routing rule discoverable in one place. runs-on: docker-host - # mc#1982 Phase 3 (RFC §1): surface broken workflows without blocking. - # mc#1982: pre-existing continue-on-error mask; root-fix and remove, do not renew silently. - continue-on-error: true + # mc#1982 un-mask (was continue-on-error: true): this is an ALREADY-REQUIRED + # real-infra context. The mask let a red run still post a green commit + # status, so branch protection could never actually block on it. Flipping + # to false lets the gate do its job. If this PR's own CI goes red, that is + # the point — it surfaces the real underlying test failures. + continue-on-error: false outputs: handlers: ${{ steps.filter.outputs.handlers }} steps: @@ -118,9 +123,12 @@ jobs: # mc#1529 §1: must run on operator-host (where `molecule-core-net` # exists). See detect-changes for the full routing rationale. runs-on: docker-host - # mc#1982 Phase 3 (RFC §1): surface broken workflows without blocking. - # mc#1982: pre-existing continue-on-error mask; root-fix and remove, do not renew silently. - continue-on-error: true + # mc#1982 un-mask (was continue-on-error: true): this is an ALREADY-REQUIRED + # real-infra context. The mask let a red run still post a green commit + # status, so branch protection could never actually block on it. Flipping + # to false lets the gate do its job. If this PR's own CI goes red, that is + # the point — it surfaces the real underlying test failures. + continue-on-error: false env: # Unique name per run so concurrent jobs don't collide on the # bridge network. ${RUN_ID}-${RUN_ATTEMPT} is unique even across -- 2.52.0 From 3b817346e1f2834e2769a780b30e93ff7a1150b3 Mon Sep 17 00:00:00 2001 From: molecule-code-reviewer Date: Wed, 3 Jun 2026 00:32:25 +0000 Subject: [PATCH 2/2] ci: un-mask e2e-api required gate (mc#1982) Flip continue-on-error true->false on both jobs so this already-required real-infra context can actually block instead of posting a green status on a red run. --- .gitea/workflows/e2e-api.yml | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/.gitea/workflows/e2e-api.yml b/.gitea/workflows/e2e-api.yml index 468a53a70..7f6a35889 100644 --- a/.gitea/workflows/e2e-api.yml +++ b/.gitea/workflows/e2e-api.yml @@ -8,7 +8,9 @@ name: E2E API Smoke Test # - Dropped `environment:` blocks (Gitea has no environments). # - Workflow-level env.GITHUB_SERVER_URL pinned per # feedback_act_runner_github_server_url. -# - `continue-on-error: true` on each job (RFC §1 contract). +# - `continue-on-error: false` on each job (mc#1982 un-mask; was `true` +# under the RFC §1 surface-without-block contract — now this required +# real-infra gate is allowed to actually block). # # Extracted from ci.yml so workflow-level concurrency can protect this job # from run-level cancellation (issue #458). @@ -122,9 +124,12 @@ jobs: # discoverable in one place. Mirror of mc#1543 (handlers-postgres- # integration). See internal#512 for the class defect. runs-on: docker-host - # Phase 3 (RFC #219 §1): surface broken workflows without blocking. - # mc#1982: pre-existing continue-on-error mask; root-fix and remove, do not renew silently. - continue-on-error: true + # mc#1982 un-mask (was continue-on-error: true): this is an ALREADY-REQUIRED + # real-infra context. The mask let a red run still post a green commit + # status, so branch protection could never actually block on it. Flipping + # to false lets the gate do its job. If this PR's own CI goes red, that is + # the point — it surfaces the real underlying test failures. + continue-on-error: false outputs: api: ${{ steps.decide.outputs.api }} steps: @@ -159,9 +164,12 @@ jobs: # docker.sock + `molecule-core-net` + `aws ecr ...` work). See # detect-changes for the full rationale. runs-on: docker-host - # Phase 3 (RFC #219 §1): surface broken workflows without blocking. - # mc#1982: pre-existing continue-on-error mask; root-fix and remove, do not renew silently. - continue-on-error: true + # mc#1982 un-mask (was continue-on-error: true): this is an ALREADY-REQUIRED + # real-infra context. The mask let a red run still post a green commit + # status, so branch protection could never actually block on it. Flipping + # to false lets the gate do its job. If this PR's own CI goes red, that is + # the point — it surfaces the real underlying test failures. + continue-on-error: false timeout-minutes: 15 env: # Unique per-run container names so concurrent runs on the host- -- 2.52.0