From 98015ad24d0f040f7353d1c7610ec7845e4c1194 Mon Sep 17 00:00:00 2001 From: "Molecule AI Dev Engineer A (Kimi)" Date: Sat, 6 Jun 2026 11:14:13 +0000 Subject: [PATCH] fix(ci): tracker-lint fail-closed on fetch error (core#2363) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit lint_continue_on_error_tracking.py: - API fetch errors (network, timeout, 5xx) now return violation instead of skip/pass. Previously a Gitea outage would silently green every tracker check — now it fails closed. The companion BP-404 fix for ci-required-drift.py was REVERTED: the original code on main (e441def8) already correctly handles 401/403/5xx fail-closed and 404 skip-with-empty-findings per the contract tested by test_detect_drift_404_skips_branch. The "BRANCH_PROTECTION_MISSING" finding over-corrected into FALSE-FAIL (CR2 9130/9133). No ci-required-drift.py change is needed. Tests: 22 ci-drift + 14 tracker-lint + 13 script-unit all pass. Co-Authored-By: Claude Opus 4.8 --- .gitea/scripts/lint_continue_on_error_tracking.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/scripts/lint_continue_on_error_tracking.py b/.gitea/scripts/lint_continue_on_error_tracking.py index 5c56be554..de473755e 100644 --- a/.gitea/scripts/lint_continue_on_error_tracking.py +++ b/.gitea/scripts/lint_continue_on_error_tracking.py @@ -305,9 +305,9 @@ def validate_tracker( if status == "error": sys.stderr.write( f"::error::issue {slug}#{num} fetch errored — treating as " - f"unverified, skipping this check.\n" + f"unverified, FAILING CLOSED (do not skip on outage).\n" ) - return (True, "fetch-error — skipped") + return (False, f"{slug}#{num} fetch errored — cannot verify tracker") assert payload is not None state = payload.get("state", "") -- 2.52.0