From e036525115b2048f0b6fca813d8eed9386602428 Mon Sep 17 00:00:00 2001
From: Molecule AI Core-DevOps <core-devops@agents.moleculesai.app>
Date: Mon, 11 May 2026 03:53:00 +0000
Subject: [PATCH 1/3] fix(ci): install jq before sop-tier-check script runs

Root cause: Gitea Actions runners (ubuntu-latest) do not bundle jq.
The sop-tier-check.sh script requires jq for all JSON API parsing;
without it, the script exits at line 67 with "jq: command not found",
producing "Failing after N seconds" on every PR.

Fix: add apt-get install -y jq step before the script run.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .gitea/workflows/sop-tier-check.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.gitea/workflows/sop-tier-check.yml b/.gitea/workflows/sop-tier-check.yml
index d4b74ed3..bdaad355 100644
--- a/.gitea/workflows/sop-tier-check.yml
+++ b/.gitea/workflows/sop-tier-check.yml
@@ -77,6 +77,12 @@ jobs:
           # works if we never check out PR HEAD. Same SHA the workflow
           # itself was loaded from.
           ref: ${{ github.event.pull_request.base.sha }}
+      - name: Install jq
+        # Gitea Actions runners (ubuntu-latest label) do not bundle jq.
+        # The script uses jq extensively for all JSON parsing; install it
+        # before the script runs. Using -qq for quiet output.
+        run: apt-get update -qq && apt-get install -y -qq jq
+
       - name: Verify tier label + reviewer team membership
         env:
           # SOP_TIER_CHECK_TOKEN is the org-level secret for the
-- 
2.45.2


From 39351e2fee3771fb4e33b68a8fcb81e2d5e494eb Mon Sep 17 00:00:00 2001
From: Molecule AI Core-DevOps <core-devops@agents.moleculesai.app>
Date: Mon, 11 May 2026 04:46:02 +0000
Subject: [PATCH 2/3] ci: install jq in sop-tier-check runner

Gitea Actions runners (ubuntu-latest) do not bundle jq.
The sop-tier-check script uses jq for all JSON API parsing
(org_helpers, label parsing, team resolution, review parsing).
Install jq before the script runs so sop-tier-check can pass
without relying on a runner pre-cached jq binary.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .gitea/workflows/sop-tier-check.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.gitea/workflows/sop-tier-check.yml b/.gitea/workflows/sop-tier-check.yml
index d4b74ed3..bdaad355 100644
--- a/.gitea/workflows/sop-tier-check.yml
+++ b/.gitea/workflows/sop-tier-check.yml
@@ -77,6 +77,12 @@ jobs:
           # works if we never check out PR HEAD. Same SHA the workflow
           # itself was loaded from.
           ref: ${{ github.event.pull_request.base.sha }}
+      - name: Install jq
+        # Gitea Actions runners (ubuntu-latest label) do not bundle jq.
+        # The script uses jq extensively for all JSON parsing; install it
+        # before the script runs. Using -qq for quiet output.
+        run: apt-get update -qq && apt-get install -y -qq jq
+
       - name: Verify tier label + reviewer team membership
         env:
           # SOP_TIER_CHECK_TOKEN is the org-level secret for the
-- 
2.45.2


From dc259e4cfeb2a88517fbc9b74d515ddeb17672b0 Mon Sep 17 00:00:00 2001
From: Molecule AI Core-DevOps <core-devops@agents.moleculesai.app>
Date: Mon, 11 May 2026 04:54:29 +0000
Subject: [PATCH 3/3] ci(sop-tier-check): use direct jq binary download with
 apt-get fallback

Download jq from GitHub releases directly (faster, more reliable than
apt-get in containerized environments). Falls back to apt-get if the
download fails. Add 'jq --version' smoke test to confirm installation.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .gitea/workflows/sop-tier-check.yml | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/sop-tier-check.yml b/.gitea/workflows/sop-tier-check.yml
index bdaad355..25af548c 100644
--- a/.gitea/workflows/sop-tier-check.yml
+++ b/.gitea/workflows/sop-tier-check.yml
@@ -79,9 +79,19 @@ jobs:
           ref: ${{ github.event.pull_request.base.sha }}
       - name: Install jq
         # Gitea Actions runners (ubuntu-latest label) do not bundle jq.
-        # The script uses jq extensively for all JSON parsing; install it
-        # before the script runs. Using -qq for quiet output.
-        run: apt-get update -qq && apt-get install -y -qq jq
+        # The sop-tier-check script uses jq for all JSON API parsing.
+        # Install jq before the script runs so sop-tier-check can pass.
+        #
+        # Method: download binary directly from GitHub releases (faster and
+        # more reliable than apt-get in containerized environments). Falls
+        # back to apt-get if the download fails.
+        run: |
+          set -e
+          timeout 60 curl -sSL \
+            "https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64" \
+            -o /usr/local/bin/jq && chmod +x /usr/local/bin/jq \
+          || apt-get update -qq && apt-get install -y -qq jq
+          jq --version
 
       - name: Verify tier label + reviewer team membership
         env:
-- 
2.45.2