molecule-ai/molecule-core
39
0
Fork 2
Code Issues 44 Pull Requests 33 Actions 19 Packages Projects Releases Wiki Activity

feat(ci)(hard-gate): lint-continue-on-error-tracking (Tier 2e) #689

Merged
core-devops merged 1 commits from feat/tier-2e-tracking-issue into main 2026-05-12 07:18:51 +00:00
Conversation 0 Commits 1 Files Changed 3 +996

1 Commits

Author SHA1 Message Date
core-devops
0dae4b8eb0 feat(ci)(hard-gate): lint-continue-on-error-tracking (Tier 2e)
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 4s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 8s
Details
sop-checklist / all-items-acked (pull_request) [soft-fail tier:low] acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: 7
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 11s
Details
qa-review / approved (pull_request) Failing after 11s
Details
CI / Detect changes (pull_request) Successful in 15s
Details
sop-checklist-gate / gate (pull_request) Successful in 13s
Details
security-review / approved (pull_request) Failing after 13s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 17s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 19s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 19s
Details
gate-check-v3 / gate-check (pull_request) Successful in 18s
Details
sop-tier-check / tier-check (pull_request) Successful in 12s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 21s
Details
CI / Canvas (Next.js) (pull_request) Successful in 6s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 4s
Details
CI / Python Lint & Test (pull_request) Successful in 5s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 6s
Details
CI / Platform (Go) (pull_request) Successful in 11s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 6s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 26s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Failing after 1m10s
Details
CI / all-required (pull_request) Successful in 6s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Failing after 1m12s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m25s
Details
audit-force-merge / audit (pull_request) Successful in 4s
Details 
Every `continue-on-error: true` in `.gitea/workflows/*.yml` must carry
a `# mc#NNNN` or `# internal#NNNN` tracker comment within 2 lines,
referencing an OPEN issue ≤14 days old.

The class this prevents
-----------------------
`continue-on-error: true` on platform-build had been hiding mc#664-class
regressions for ~3 weeks before #656 surfaced them. A 14-day cap on
tracker age forces a review cycle: close-or-renew.

Implementation
--------------
- `.gitea/scripts/lint_continue_on_error_tracking.py` — PyYAML
  line-tracking loader to find every job-level
  `continue-on-error: <truthy>`. Treats string `"true"` as truthy
  (Gitea evaluator coerces). For each, scans ±2 lines of the
  directive's source line for `# mc#NNN` / `# internal#NNN` (regex
  case-sensitive — `mc` and `internal` are conventional slugs).
  GETs each issue from the Gitea API; valid = exists + state=open +
  `age.days <= MAX_AGE_DAYS` (inclusive 14d boundary).
  Graceful-degrades on 403 (token-scope) per Tier 2a contract.
- `.gitea/workflows/lint-continue-on-error-tracking.yml` —
  pull_request + push + daily 13:11Z schedule. Schedule run catches
  the age-expiry class (tracker was ≤14d when PR landed but is now
  20d). Phase 3 (continue-on-error: true) per RFC #219 §1.
- `tests/test_lint_continue_on_error_tracking.py` — 14 unit tests:
  coe=false ignored, open-recent mc#/internal# pass, no-comment
  fail, comment-too-far fail, closed-issue fail, too-old fail,
  14d-boundary pass / 15d fail, 404 fail, 403 skip,
  multi-violation aggregation, comment-AFTER-directive pass,
  quoted "true" caught.

Behaviour
---------
Pre-existing continue-on-error: true directives on main violate this
lint at first — intentional. They are the masked defects this lint
exists to surface (see mc#664). Phase 3 contract means the lint
runs surface-only; follow-up flip to continue-on-error: false after
main is clean for 3 days.

Auth uses DRIFT_BOT_TOKEN (same as ci-required-drift.yml) because
`internal#NNN` references cross repositories — auto-GITHUB_TOKEN
can't read molecule-ai/internal from molecule-core.

Refs: #350
 2026-05-12 07:05:07 +00:00