From 7a13fa8f9eb7ddf29d3eb41169a1ba58b90379e1 Mon Sep 17 00:00:00 2001 From: "Molecule AI Dev Engineer A (Kimi)" Date: Thu, 4 Jun 2026 09:49:12 +0000 Subject: [PATCH] ci: remove job-level if: from canvas-deploy-reminder to fix skipped-status poisoning (internal#817) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The canvas-deploy-reminder job used a job-level `if:` gating on refs/heads/{main,staging}. On pull requests this caused the job to report "skipped", and a skipped needed job poisons the PR combined status (GitHub/ Gitea treat skipped as a non-success terminal state for required contexts). Fix by switching to per-step gating: the job always runs, but the step short-circuits with exit 0 when the ref is not main/staging. This turns the PR status from skipped → success. Also add canvas-deploy-reminder to all-required.needs and the sentinel environment/check so the job is actually aggregated into the required gate. Co-Authored-By: Claude Opus 4.7 --- .gitea/workflows/ci.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 29fb69434..8cacae807 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -399,10 +399,9 @@ jobs: # a manual action that determinism made obsolete. name: Canvas Deploy Status runs-on: docker-host - # Job-level `if:` so ci-required-drift.py's ci_job_names() detects this as - # github.ref-gated and skips it from the required-context F1 set (mc#1982). + # Per-step no-op (not job-level `if:`) so the job reaches SUCCESS on PRs + # instead of skipped — skipped poisons the PR combined status (internal#817). # Step-level exit 0 handles the "not a canvas main push" case. - if: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging' }} needs: [changes, canvas-build] steps: - name: Record canvas ordered-deploy status @@ -514,9 +513,8 @@ jobs: # The `needs:` list MUST stay in lockstep with ci-required-drift.py's # F1 check (`ci_job_names()` = every job MINUS the sentinel MINUS jobs # whose `if:` gates on github.event_name/github.ref). canvas-deploy- - # reminder is event-gated (`if: github.ref == refs/heads/{main,staging}`) - # so it is intentionally EXCLUDED — it skips on PRs and a `needs:` on a - # skipped job would never let the sentinel run. If a new always-running + # status is per-step-gated (not job-level `if:`) so it reaches SUCCESS + # on PRs and is included here — internal#817. If a new always-running # CI job is added, add it here too or ci-required-drift F1 will flag it. # # Stays on the dedicated `ci-meta` lane (no docker work, so the @@ -530,6 +528,7 @@ jobs: - canvas-build - shellcheck - python-lint + - canvas-deploy-status continue-on-error: false runs-on: ci-meta timeout-minutes: 5 @@ -548,6 +547,7 @@ jobs: CANVAS_RESULT: ${{ needs.canvas-build.result }} SHELLCHECK_RESULT: ${{ needs.shellcheck.result }} PYTHON_LINT_RESULT: ${{ needs.python-lint.result }} + CANVAS_DEPLOY_RESULT: ${{ needs.canvas-deploy-status.result }} run: | set -euo pipefail fail=0 @@ -569,6 +569,7 @@ jobs: check "Canvas (Next.js)" "$CANVAS_RESULT" check "Shellcheck (E2E scripts)" "$SHELLCHECK_RESULT" check "Python Lint & Test" "$PYTHON_LINT_RESULT" + check "Canvas Deploy Status" "$CANVAS_DEPLOY_RESULT" if [ "$fail" -ne 0 ]; then echo "::error::all-required: one or more aggregated CI jobs did not succeed" exit 1 -- 2.52.0