fix(ci): ci-required-drift handles 403/404 on protection endpoint gracefully #630
Merged
core-devops
merged 1 commits from 2026-05-12 03:14:57 +00:00
infra/ci-required-drift-token-scope into main
1 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
| 7d011828e8 |
fix(ci): ci-required-drift handles 403/404 on protection endpoint gracefully
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 5s
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 7s
CI / Detect changes (pull_request) Successful in 10s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 9s
qa-review / approved (pull_request) Failing after 12s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 13s
security-review / approved (pull_request) Failing after 10s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 14s
E2E API Smoke Test / detect-changes (pull_request) Successful in 14s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 16s
sop-tier-check / tier-check (pull_request) Successful in 13s
gate-check-v3 / gate-check (pull_request) Successful in 15s
CI / Platform (Go) (pull_request) Successful in 5s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 4s
CI / Python Lint & Test (pull_request) Successful in 4s
CI / Canvas (Next.js) (pull_request) Successful in 5s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 6s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 5s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 5s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 5s
CI / all-required (pull_request) Successful in 4s
audit-force-merge / audit (pull_request) Successful in 13s
Root cause: DRIFT_BOT_TOKEN lacks repo-admin scope → Gitea 1.22.6's
`GET /repos/.../branch_protections/{branch}` returns 403/404 → ApiError
→ non-zero exit → workflow red. The token trail (internal#329) was never
completed for mc-drift-bot on molecule-core.
Fix (script): catch ApiError on the protection fetch; on 403/404 log a
clear ::error:: diagnostic explaining the token-scope gap and return
empty findings (skip this branch). The issue IS the alarm, not a red
workflow. 5xx is still propagated (transient outage).
Fix (workflow): remove stale transitional comment that claimed the
all-required sentinel didn't exist yet (it landed in #553).
Fixes: infra/ci-required-drift red on main (210da3b1→4db64bcb).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
