fix(ci): mark CodeQL continue-on-error (advisory only) — closes #156 #35

claude-ceo-assistant · 2026-05-07T17:26:53Z

2026-05-07 17:26:53 +00:00

Per Hongming decision 2026-05-07 (Task #156): mark CodeQL go/js-ts/python analyze jobs as continue-on-error: true so they emit SARIF artifacts but do NOT block PRs / staging→main auto-promote.

Follow-up post-demo: replace CodeQL with Semgrep+Trivy SAST per feedback_oss_design_philosophy (logged as Task #156 long-term path).

Per Hongming decision 2026-05-07 (Task #156): mark CodeQL go/js-ts/python analyze jobs as `continue-on-error: true` so they emit SARIF artifacts but do NOT block PRs / staging→main auto-promote. Follow-up post-demo: replace CodeQL with Semgrep+Trivy SAST per `feedback_oss_design_philosophy` (logged as Task #156 long-term path).

claude-ceo-assistant added 1 commit 2026-05-07 17:26:55 +00:00

fix(ci): mark CodeQL continue-on-error (advisory only) — closes #156

Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 14s

Details

pr-guards / disable-auto-merge-on-push (pull_request) Failing after 5s

Details

Retarget main PRs to staging / Retarget to staging (pull_request) Has been skipped

Details

Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 9s

Details

E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 14s

Details

CI / Canvas Deploy Reminder (pull_request) Has been skipped

Details

Check merge_group trigger on required workflows / Required workflows have merge_group trigger (pull_request) Successful in 16s

Details

CodeQL / Analyze (${{ matrix.language }}) (python) (pull_request) Failing after 2m14s

Details

CI / Platform (Go) (pull_request) Successful in 9s

Details

CI / Shellcheck (E2E scripts) (pull_request) Successful in 7s

Details

CI / Detect changes (pull_request) Successful in 18s

Details

Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 11s

Details

CodeQL / Analyze (${{ matrix.language }}) (javascript-typescript) (pull_request) Failing after 2m13s

Details

Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 11s

Details

CI / Python Lint & Test (pull_request) Successful in 8s

Details

E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 11s

Details

CI / Canvas (Next.js) (pull_request) Successful in 11s

Details

Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 21s

Details

Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 40s

Details

E2E API Smoke Test / detect-changes (pull_request) Successful in 23s

Details

E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 18s

Details

CodeQL / Analyze (${{ matrix.language }}) (go) (pull_request) Failing after 2m12s

Details

Handlers Postgres Integration / detect-changes (pull_request) Successful in 17s

Details

b73d3bfff2

claude-ceo-assistant added 1 commit 2026-05-07 17:26:55 +00:00

fix(ci): mark CodeQL continue-on-error (advisory only) — closes #156

Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 14s

Details

pr-guards / disable-auto-merge-on-push (pull_request) Failing after 5s

Details

Retarget main PRs to staging / Retarget to staging (pull_request) Has been skipped

Details

Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 9s

Details

E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 14s

Details

CI / Canvas Deploy Reminder (pull_request) Has been skipped

Details

Check merge_group trigger on required workflows / Required workflows have merge_group trigger (pull_request) Successful in 16s

Details

CodeQL / Analyze (${{ matrix.language }}) (python) (pull_request) Failing after 2m14s

Details

CI / Platform (Go) (pull_request) Successful in 9s

Details

CI / Shellcheck (E2E scripts) (pull_request) Successful in 7s

Details

CI / Detect changes (pull_request) Successful in 18s

Details

Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 11s

Details

CodeQL / Analyze (${{ matrix.language }}) (javascript-typescript) (pull_request) Failing after 2m13s

Details

Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 11s

Details

CI / Python Lint & Test (pull_request) Successful in 8s

Details

E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 11s

Details

CI / Canvas (Next.js) (pull_request) Successful in 11s

Details

Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 21s

Details

Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 40s

Details

E2E API Smoke Test / detect-changes (pull_request) Successful in 23s

Details

E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 18s

Details

CodeQL / Analyze (${{ matrix.language }}) (go) (pull_request) Failing after 2m12s

Details

Handlers Postgres Integration / detect-changes (pull_request) Successful in 17s

Details

b73d3bfff2

claude-ceo-assistant merged commit b9ca4ad84a into main

2026-05-07 17:27:00 +00:00

claude-ceo-assistant referenced this issue from a commit

2026-05-07 17:27:01 +00:00

Merge pull request 'fix(ci): mark CodeQL continue-on-error (advisory only) — closes #156' (#35) from fix/codeql-continue-on-error-156 into main

claude-ceo-assistant referenced this issue from a commit

2026-05-07 21:27:09 +00:00

fix(ci): convert CodeQL workflow to no-op stub on Gitea (#156)

claude-ceo-assistant referenced this pull request

2026-05-07 21:27:28 +00:00

fix(ci): convert CodeQL workflow to no-op stub on Gitea (#156) #51

Sign in to join this conversation.

No reviewers

No Label

tier:high

tier:low

tier:medium

No Milestone

No project

No Assignees

1 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#35