feat(ci): add all-required sentinel job (RFC#219 Phase 4 / closes internal#286) #553
Merged
core-lead
merged 1 commits from 2026-05-11 19:46:02 +00:00
infra/rfc-219-phase-4-all-required-sentinel into main
1 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
| 22a1752eb3 |
feat(ci): add all-required sentinel job (RFC#219 Phase 4 / closes internal#286)
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 16s
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 14s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 18s
qa-review / approved (pull_request) Failing after 19s
security-review / approved (pull_request) Failing after 19s
gate-check-v3 / gate-check (pull_request) Successful in 27s
sop-tier-check / tier-check (pull_request) Successful in 20s
E2E API Smoke Test / detect-changes (pull_request) Successful in 46s
CI / Detect changes (pull_request) Successful in 49s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 48s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 43s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 48s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 8s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 11s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 9s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 9s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 26s
audit-force-merge / audit (pull_request) Successful in 23s
CI / Python Lint & Test (pull_request) Successful in 8m6s
CI / Platform (Go) (pull_request) Failing after 13m40s
CI / Canvas (Next.js) (pull_request) Failing after 13m49s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
CI / all-required (pull_request) Failing after 5s
Adds the `all-required` aggregator sentinel job to .gitea/workflows/ci.yml,
mirroring the molecule-controlplane Phase 2a impl. The sentinel needs every
non-event-gated job (changes, platform-build, canvas-build, shellcheck,
python-lint) and asserts result==success per dep so skipped-as-green can't
sneak through.
Two immediate effects:
1. .gitea/workflows/ci-required-drift.yml stops hard-failing with exit 3
on the missing sentinel (see comment lines 26-31 of that workflow).
2. Branch protection can now (Step 5 follow-up, separate PR per
feedback_never_admin_merge_bypass) point status_check_contexts at the
single 'ci / all-required (pull_request)' name and CI churn underneath
no longer requires protection edits.
NOT in this PR (deferred Step 5 follow-up):
- PATCH branch_protections/main to add 'ci / all-required (pull_request)'
to status_check_contexts — Owners-tier change, separate PR.
- Mirror the same context into audit-force-merge.yml REQUIRED_CHECKS env
(RFC §6 — drift detector F3 will flag if the two diverge).
Refs:
- internal#219 (parent RFC, §2 Aggregator sentinel)
- internal#286 (Phase 4 emergency bump — 2026-05-11 broken-merge evidence)
- molecule-controlplane Phase 2a (reference impl, CP PR#112)
- feedback_phantom_required_check_after_gitea_migration (incident class)
- feedback_path_filtered_workflow_cant_be_required (sentinel has no
paths: filter; fires on every push/PR per RFC §2)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
