2 changed files with 30 additions and 14 deletions
@@ -8,7 +8,9 @@ name: E2E API Smoke Test
 #   - Dropped `environment:` blocks (Gitea has no environments).
 #   - Workflow-level env.GITHUB_SERVER_URL pinned per
 #     feedback_act_runner_github_server_url.
-#   - `continue-on-error: true` on each job (RFC §1 contract).
+#   - `continue-on-error: false` on each job (mc#1982 un-mask; was `true`
+#     under the RFC §1 surface-without-block contract — now this required
+#     real-infra gate is allowed to actually block).
 #
 # Extracted from ci.yml so workflow-level concurrency can protect this job
 # from run-level cancellation (issue #458).
@@ -122,9 +124,12 @@ jobs:
    # discoverable in one place. Mirror of mc#1543 (handlers-postgres-
    # integration). See internal#512 for the class defect.
    runs-on: docker-host
-    # Phase 3 (RFC #219 §1): surface broken workflows without blocking.
-    # mc#1982: pre-existing continue-on-error mask; root-fix and remove, do not renew silently.
-    continue-on-error: true
+    # mc#1982 un-mask (was continue-on-error: true): this is an ALREADY-REQUIRED
+    # real-infra context. The mask let a red run still post a green commit
+    # status, so branch protection could never actually block on it. Flipping
+    # to false lets the gate do its job. If this PR's own CI goes red, that is
+    # the point — it surfaces the real underlying test failures.
+    continue-on-error: false
    outputs:
      api: ${{ steps.decide.outputs.api }}
    steps:
@@ -159,9 +164,12 @@ jobs:
    # docker.sock + `molecule-core-net` + `aws ecr ...` work). See
    # detect-changes for the full rationale.
    runs-on: docker-host
-    # Phase 3 (RFC #219 §1): surface broken workflows without blocking.
-    # mc#1982: pre-existing continue-on-error mask; root-fix and remove, do not renew silently.
-    continue-on-error: true
+    # mc#1982 un-mask (was continue-on-error: true): this is an ALREADY-REQUIRED
+    # real-infra context. The mask let a red run still post a green commit
+    # status, so branch protection could never actually block on it. Flipping
+    # to false lets the gate do its job. If this PR's own CI goes red, that is
+    # the point — it surfaces the real underlying test failures.
+    continue-on-error: false
    timeout-minutes: 15
    env:
      # Unique per-run container names so concurrent runs on the host-
@@ -8,7 +8,9 @@ name: Handlers Postgres Integration
 #   - Dropped `environment:` blocks (Gitea has no environments).
 #   - Workflow-level env.GITHUB_SERVER_URL pinned per
 #     feedback_act_runner_github_server_url.
-#   - `continue-on-error: true` on each job (RFC §1 contract).
+#   - `continue-on-error: false` on each job (mc#1982 un-mask; was `true`
+#     under the RFC §1 surface-without-block contract — now this required
+#     real-infra gate is allowed to actually block).
 #

 # Real-Postgres integration tests for workspace-server/internal/handlers/.
@@ -87,9 +89,12 @@ jobs:
    # both jobs on the same label avoids workspace-volume cross-host
    # surprises and keeps the routing rule discoverable in one place.
    runs-on: docker-host
-    # mc#1982 Phase 3 (RFC §1): surface broken workflows without blocking.
-    # mc#1982: pre-existing continue-on-error mask; root-fix and remove, do not renew silently.
-    continue-on-error: true
+    # mc#1982 un-mask (was continue-on-error: true): this is an ALREADY-REQUIRED
+    # real-infra context. The mask let a red run still post a green commit
+    # status, so branch protection could never actually block on it. Flipping
+    # to false lets the gate do its job. If this PR's own CI goes red, that is
+    # the point — it surfaces the real underlying test failures.
+    continue-on-error: false
    outputs:
      handlers: ${{ steps.filter.outputs.handlers }}
    steps:
@@ -118,9 +123,12 @@ jobs:
    # mc#1529 §1: must run on operator-host (where `molecule-core-net`
    # exists). See detect-changes for the full routing rationale.
    runs-on: docker-host
-    # mc#1982 Phase 3 (RFC §1): surface broken workflows without blocking.
-    # mc#1982: pre-existing continue-on-error mask; root-fix and remove, do not renew silently.
-    continue-on-error: true
+    # mc#1982 un-mask (was continue-on-error: true): this is an ALREADY-REQUIRED
+    # real-infra context. The mask let a red run still post a green commit
+    # status, so branch protection could never actually block on it. Flipping
+    # to false lets the gate do its job. If this PR's own CI goes red, that is
+    # the point — it surfaces the real underlying test failures.
+    continue-on-error: false
    env:
      # Unique name per run so concurrent jobs don't collide on the
      # bridge network. ${RUN_ID}-${RUN_ATTEMPT} is unique even across