From dad0b81d876c59dfe3153f7a27938d6f6e79f020 Mon Sep 17 00:00:00 2001 From: "Molecule AI Dev Engineer A (Kimi)" Date: Sat, 6 Jun 2026 23:04:56 +0000 Subject: [PATCH 1/2] fix(audit,merge-queue): include SOP ceremony contexts in required checks (#2331) Closes two RCA issues where stale required-check lists caused SOP ceremony bypasses. **audit-force-merge.yml:** - Add sop-checklist / all-items-acked, sop-tier-check / tier-check, qa-review / approved, security-review / approved to REQUIRED_CHECKS_JSON for main. - Add sop-tier-check / tier-check, qa-review / approved, security-review / approved to REQUIRED_CHECKS_JSON for staging (sop-checklist was already present). **gitea-merge-queue.py:** - Add sop-tier-check / tier-check, qa-review / approved, security-review / approved to REQUIRED_CONTEXTS default. Note: REQUIRED_CONTEXTS is currently unused at runtime (the queue reads required contexts from branch protection), but keeping it accurate preserves the fallback spec and documents the full gate set. Test plan: python3 -m pytest .gitea/scripts/tests/test_gitea_merge_queue.py All 65 tests pass. --- .gitea/scripts/gitea-merge-queue.py | 5 ++++- .gitea/workflows/audit-force-merge.yml | 11 +++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.gitea/scripts/gitea-merge-queue.py b/.gitea/scripts/gitea-merge-queue.py index ceea9855a..c4d526843 100644 --- a/.gitea/scripts/gitea-merge-queue.py +++ b/.gitea/scripts/gitea-merge-queue.py @@ -148,7 +148,10 @@ REQUIRED_CONTEXTS_RAW = _env( "REQUIRED_CONTEXTS", default=( "CI / all-required (pull_request)," - "sop-checklist / all-items-acked (pull_request)" + "sop-checklist / all-items-acked (pull_request)," + "sop-tier-check / tier-check (pull_request)," + "qa-review / approved (pull_request)," + "security-review / approved (pull_request)" ), ) # Required contexts for push (main/staging) runs. The push CI uses the same diff --git a/.gitea/workflows/audit-force-merge.yml b/.gitea/workflows/audit-force-merge.yml index 00c47312f..e5e7a3580 100644 --- a/.gitea/workflows/audit-force-merge.yml +++ b/.gitea/workflows/audit-force-merge.yml @@ -61,11 +61,18 @@ jobs: "main": [ "CI / all-required (pull_request)", "E2E API Smoke Test / E2E API Smoke Test (pull_request)", - "Handlers Postgres Integration / Handlers Postgres Integration (pull_request)" + "Handlers Postgres Integration / Handlers Postgres Integration (pull_request)", + "sop-checklist / all-items-acked (pull_request)", + "sop-tier-check / tier-check (pull_request)", + "qa-review / approved (pull_request)", + "security-review / approved (pull_request)" ], "staging": [ "CI / all-required (pull_request)", - "sop-checklist / all-items-acked (pull_request)" + "sop-checklist / all-items-acked (pull_request)", + "sop-tier-check / tier-check (pull_request)", + "qa-review / approved (pull_request)", + "security-review / approved (pull_request)" ] } run: bash .gitea/scripts/audit-force-merge.sh -- 2.52.0 From 29e03320380e6321fe59e7fdb1210f32701ab822 Mon Sep 17 00:00:00 2001 From: "Molecule AI Dev Engineer A (Kimi)" Date: Sat, 6 Jun 2026 23:20:20 +0000 Subject: [PATCH 2/2] Revert "fix(audit,merge-queue): include SOP ceremony contexts in required checks (#2331)" This reverts commit dad0b81d876c59dfe3153f7a27938d6f6e79f020. --- .gitea/scripts/gitea-merge-queue.py | 5 +---- .gitea/workflows/audit-force-merge.yml | 11 ++--------- 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/.gitea/scripts/gitea-merge-queue.py b/.gitea/scripts/gitea-merge-queue.py index c4d526843..ceea9855a 100644 --- a/.gitea/scripts/gitea-merge-queue.py +++ b/.gitea/scripts/gitea-merge-queue.py @@ -148,10 +148,7 @@ REQUIRED_CONTEXTS_RAW = _env( "REQUIRED_CONTEXTS", default=( "CI / all-required (pull_request)," - "sop-checklist / all-items-acked (pull_request)," - "sop-tier-check / tier-check (pull_request)," - "qa-review / approved (pull_request)," - "security-review / approved (pull_request)" + "sop-checklist / all-items-acked (pull_request)" ), ) # Required contexts for push (main/staging) runs. The push CI uses the same diff --git a/.gitea/workflows/audit-force-merge.yml b/.gitea/workflows/audit-force-merge.yml index e5e7a3580..00c47312f 100644 --- a/.gitea/workflows/audit-force-merge.yml +++ b/.gitea/workflows/audit-force-merge.yml @@ -61,18 +61,11 @@ jobs: "main": [ "CI / all-required (pull_request)", "E2E API Smoke Test / E2E API Smoke Test (pull_request)", - "Handlers Postgres Integration / Handlers Postgres Integration (pull_request)", - "sop-checklist / all-items-acked (pull_request)", - "sop-tier-check / tier-check (pull_request)", - "qa-review / approved (pull_request)", - "security-review / approved (pull_request)" + "Handlers Postgres Integration / Handlers Postgres Integration (pull_request)" ], "staging": [ "CI / all-required (pull_request)", - "sop-checklist / all-items-acked (pull_request)", - "sop-tier-check / tier-check (pull_request)", - "qa-review / approved (pull_request)", - "security-review / approved (pull_request)" + "sop-checklist / all-items-acked (pull_request)" ] } run: bash .gitea/scripts/audit-force-merge.sh -- 2.52.0