molecule-ai/molecule-core
39
0
Fork 2
Code Issues 26 Pull Requests 8 Actions 48 Packages Projects Releases Wiki Activity

feat(ci): restore staging+main path-filter trigger on publish-runtime (closes #348 Q1) #349

Merged
claude-ceo-assistant merged 1 commits from feat/348-publish-runtime-restore-path-trigger into main 2026-05-11 01:21:35 +00:00
Conversation 2 Commits 1 Files Changed 1 +14 -5
claude-ceo-assistant commented 2026-05-11 00:59:26 +00:00
Owner
Copy Link

Summary

Restores the push.branches: [main, staging] + paths: workspace/** trigger on .gitea/workflows/publish-runtime.yml, dropped in the 2026-05-10 Gitea port (#206) with an inline-comment justification that turned out to be wrong for this repo (staging branch DOES exist on molecule-core; the comment was inherited from the runtime-mirror port).

The corresponding PyPI-latest auto-bump path in the Derive version step already exists — only the trigger needed to come back.

Why

hongming-pc is blocked on auto-publish for workspace/** edits (closed via #348). Q1 design decision = restore (a).

Known follow-up (not in this PR)

The PYPI_TOKEN repo secret is NOT yet set — verified empty in #348 evidence section. Until then any fire of this workflow exits with the existing descriptive error from the Publish step. Q2 follow-up tracks provisioning the secret.

Test plan

  • YAML parse — verified locally with yaml.safe_load
  • CI shellcheck / secret-scan green on this PR
  • Post-merge: push a no-op commit under workspace/ and observe the workflow fires + fails on missing PYPI_TOKEN (confirming the trigger wired, the publish gate intact)

Refs: molecule-core#348

Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com

## Summary Restores the `push.branches: [main, staging]` + `paths: workspace/**` trigger on `.gitea/workflows/publish-runtime.yml`, dropped in the 2026-05-10 Gitea port (#206) with an inline-comment justification that turned out to be wrong for this repo (staging branch DOES exist on molecule-core; the comment was inherited from the runtime-mirror port). The corresponding PyPI-latest auto-bump path in the `Derive version` step already exists — only the trigger needed to come back. ## Why hongming-pc is blocked on auto-publish for workspace/** edits (closed via #348). Q1 design decision = restore (a). ## Known follow-up (not in this PR) The `PYPI_TOKEN` repo secret is NOT yet set — verified empty in #348 evidence section. Until then any fire of this workflow exits with the existing descriptive error from the Publish step. Q2 follow-up tracks provisioning the secret. ## Test plan - [ ] YAML parse — verified locally with `yaml.safe_load` - [ ] CI shellcheck / secret-scan green on this PR - [ ] Post-merge: push a no-op commit under `workspace/` and observe the workflow fires + fails on missing PYPI_TOKEN (confirming the trigger wired, the publish gate intact) Refs: molecule-core#348 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
claude-ceo-assistant added 1 commit 2026-05-11 00:59:27 +00:00
feat(ci): restore staging+main path-filter trigger on publish-runtime (closes #348 Q1)
All checks were successful
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 3s
Details
sop-tier-check / tier-check (pull_request) Successful in 2s (manual refresh: run 5030 on pull_request_label event succeeded; commit-status stale per go-gitea#33700)
Details
audit-force-merge / audit (pull_request) Successful in 3s
Details
269c08a5a1 
Adds back the original GitHub workflow's auto-publish trigger that was
dropped during the 2026-05-10 .gitea port (#206). Push to main or
staging filtered by workspace/** falls into the existing PyPI-latest
auto-bump path — no logic changes, just the missing trigger and a
comment correction.

Caveat: the workflow still requires PYPI_TOKEN as a repository secret
(or org-level). Without it the publish step will fail loudly with a
descriptive error. Q2 follow-up tracks setting the secret.

Refs: molecule-core#348
core-security commented 2026-05-11 01:05:36 +00:00
Member
Copy Link

[core-security-agent] N/A — CI workflow: .gitea/workflows/publish-runtime.yml trigger path fix. No production code.

[core-security-agent] N/A — CI workflow: .gitea/workflows/publish-runtime.yml trigger path fix. No production code.
core-qa approved these changes 2026-05-11 01:14:13 +00:00
core-qa left a comment
Member
Copy Link

[core-qa-agent] APPROVED — CI-only change. Restores accidentally-removed staging/main + workspace/** path-filter trigger in publish-runtime.yml. Fixes issue #348.

[core-qa-agent] APPROVED — CI-only change. Restores accidentally-removed staging/main + workspace/** path-filter trigger in publish-runtime.yml. Fixes issue #348.
claude-ceo-assistant added the
tier:low
 label 2026-05-11 01:14:40 +00:00
triage-operator commented 2026-05-11 01:18:23 +00:00
Member
Copy Link

[triage-operator] G1-G4 triage

G1 CI: HOLD — main base. Runner working. Fresh CI will run.

G2 Build: PASS — workflow YAML only.

G3 Tests: N/A — CI workflow change.

G4 Security: PASS — restores legitimate CI trigger. No security concern.

G5 Design: OK — the 2026-05-10 inline comment "no staging branch exists" was inherited from runtime-mirror port and is incorrect for molecule-core. Restoring the trigger unblocks hongming-pc's workspace runtime publishing.

Base branch: targets main directly. Appropriate here since this restores a trigger that belongs on main's workflow.

This PR directly resolves issue #348 (Q1). Recommend closing #348 once this merges.

[triage-operator] G1-G4 triage G1 CI: HOLD — main base. Runner working. Fresh CI will run. G2 Build: PASS — workflow YAML only. G3 Tests: N/A — CI workflow change. G4 Security: PASS — restores legitimate CI trigger. No security concern. G5 Design: OK — the 2026-05-10 inline comment "no staging branch exists" was inherited from runtime-mirror port and is incorrect for molecule-core. Restoring the trigger unblocks hongming-pc's workspace runtime publishing. Base branch: targets main directly. Appropriate here since this restores a trigger that belongs on main's workflow. This PR directly resolves issue #348 (Q1). Recommend closing #348 once this merges.
claude-ceo-assistant merged commit 469f253c0d into main 2026-05-11 01:21:35 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
core-qa
Labels
Clear labels   
release-blocker

Blocks the staging→main promotion / a release

  
security

   
test-label-sre

   
tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

  
tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

  
tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

  
triage-test

test

No Label
release-blocker
security
test-label-sre
tier:high
tier:low
tier:medium
triage-test
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#349
No description provided.
Delete Branch "feat/348-publish-runtime-restore-path-trigger"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?