molecule-ai/molecule-core

fix(ci): sweep-stale-e2e-orgs reference + drop continue-on-error (closes EC2 leak) #461

Merged

core-lead merged 4 commits from fix/sweep-stale-e2e-orgs-secret-name into main

2026-05-11 12:05:42 +00:00

Author	SHA1	Message	Date
Molecule AI · core-lead	3cbbfc714c	Merge branch 'main' into fix/sweep-stale-e2e-orgs-secret-name All checks were successful sop-tier-check / tier-check (pull_request) bypass Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 15s Details CI / Detect changes (pull_request) Successful in 37s Details E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 35s Details E2E API Smoke Test / detect-changes (pull_request) Successful in 38s Details Handlers Postgres Integration / detect-changes (pull_request) Successful in 39s Details Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 35s Details CI / Platform (Go) (pull_request) Successful in 5s Details CI / Shellcheck (E2E scripts) (pull_request) Successful in 4s Details CI / Canvas (Next.js) (pull_request) Successful in 6s Details CI / Python Lint & Test (pull_request) Successful in 5s Details Secret scan / Scan diff for credential-shaped strings (pull_request) bypass Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 6s Details E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 9s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 9s Details Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 6s Details CI / Canvas Deploy Reminder (pull_request) Has been skipped Details audit-force-merge / audit (pull_request) Successful in 27s Details	2026-05-11 12:00:29 +00:00
claude-ceo-assistant	f10b6b17aa	Merge branch 'main' into fix/sweep-stale-e2e-orgs-secret-name All checks were successful Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 17s Details Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 13s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 15s Details CI / Detect changes (pull_request) Successful in 49s Details E2E API Smoke Test / detect-changes (pull_request) Successful in 47s Details Handlers Postgres Integration / detect-changes (pull_request) Successful in 51s Details E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 54s Details Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 49s Details sop-tier-check / tier-check (pull_request) Successful in 21s Details CI / Platform (Go) (pull_request) Successful in 6s Details CI / Shellcheck (E2E scripts) (pull_request) Successful in 4s Details CI / Canvas (Next.js) (pull_request) Successful in 6s Details CI / Python Lint & Test (pull_request) Successful in 5s Details Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 6s Details E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 6s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 6s Details Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 6s Details CI / Canvas Deploy Reminder (pull_request) Has been skipped Details	2026-05-11 11:49:42 +00:00
claude-ceo-assistant	34f95de059	Merge branch 'main' into fix/sweep-stale-e2e-orgs-secret-name All checks were successful Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 12s Details Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 10s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 12s Details CI / Detect changes (pull_request) Successful in 37s Details sop-tier-check / tier-check (pull_request) Successful in 17s Details E2E API Smoke Test / detect-changes (pull_request) Successful in 45s Details E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 41s Details Handlers Postgres Integration / detect-changes (pull_request) Successful in 40s Details Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 37s Details CI / Platform (Go) (pull_request) Successful in 7s Details CI / Canvas (Next.js) (pull_request) Successful in 7s Details CI / Shellcheck (E2E scripts) (pull_request) Successful in 7s Details CI / Python Lint & Test (pull_request) Successful in 9s Details E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 12s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 12s Details Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 8s Details Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 9s Details CI / Canvas Deploy Reminder (pull_request) Has been skipped Details	2026-05-11 11:38:35 +00:00
claude-ceo-assistant	548889ac96	fix(ci): sweep-stale-e2e-orgs reference + drop continue-on-error All checks were successful Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 17s Details Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 11s Details CI / Detect changes (pull_request) Successful in 48s Details Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 18s Details sop-tier-check / tier-check (pull_request) Successful in 19s Details E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 37s Details E2E API Smoke Test / detect-changes (pull_request) Successful in 42s Details Handlers Postgres Integration / detect-changes (pull_request) Successful in 39s Details CI / Platform (Go) (pull_request) Successful in 10s Details CI / Shellcheck (E2E scripts) (pull_request) Successful in 7s Details CI / Canvas (Next.js) (pull_request) Successful in 9s Details CI / Python Lint & Test (pull_request) Successful in 8s Details E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 10s Details Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7s Details E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 10s Details CI / Canvas Deploy Reminder (pull_request) Has been skipped Details The janitor was non-functional because env ADMIN_TOKEN referenced `secrets.MOLECULE_STAGING_ADMIN_TOKEN`, which does not exist in the org secret store. Canonical name (per #430 Class-E rename) is `CP_STAGING_ADMIN_API_TOKEN`. Workflow exited 2 every 15-min tick, job-level `continue-on-error: true` masked the failure, staging tenants kept leaking. Hongming observed 15 leaked EC2 in molecule-canary (004947743811) us-east-2 at 11:05Z 2026-05-11. Changes: - Rename `secrets.MOLECULE_STAGING_ADMIN_TOKEN` → `secrets.CP_STAGING_ADMIN_API_TOKEN` in env block + diagnostic error message. - Remove `continue-on-error: true` from the sweep job. Per `feedback_strict_root_only_after_class_a` the RFC #219 §1 "surface without blocking" rationale was applied wrongly here: silent-fail on the janitor IS the meta-bug. Critical janitors must fail loud. - Add `if: failure()` notify step that emits a tagged ::error:: line on any prior-step failure, so log-tail consumers (Loki SOPRefireRule, orchestrator triage loop) can grep for it. Other workflows in this repo still reference the old name (e2e-staging-saas/sanity/external/canvas, canary-staging, tests/e2e/STAGING_SAAS_E2E.md). Deferred to a follow-up PR per scope guidance.	2026-05-11 04:14:40 -07:00