molecule-ai/molecule-core
41
0
Fork 2
Code Issues 43 Pull Requests -2 Actions 645 Packages Projects Releases Wiki Activity

fix(ci/main): sync audit-force-merge REQUIRED_CHECKS with branch protection (mc#805) #808

Closed
core-devops wants to merge 1 commits from fix/805-audit-force-merge-main-required-checks into main
pull from: fix/805-audit-force-merge-main-required-checks
merge into: molecule-ai:main
Conversation 8 Commits 1 Files Changed 1 +11 -10
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.gitea/workflows/audit-force-merge.yml
View File

@ -60,16 +60,19 @@ jobs:
# (currently `main`; `staging` protection forthcoming per
# RFC internal#219 Phase 4).
#
# Initialized 2026-05-11 from the current molecule-core `main`
# branch protection:
# Current molecule-core `main` branch protection:
#
# GET /api/v1/repos/molecule-ai/molecule-core/
# branch_protections/main
# → status_check_contexts = [
# "Secret scan / Scan diff for credential-shaped strings (pull_request)",
# "sop-tier-check / tier-check (pull_request)"
# "CI / all-required (pull_request)",
# "sop-checklist / all-items-acked (pull_request)"
# ]
#
# mc#805 drift F3a/F3b: previous REQUIRED_CHECKS listed checks
# not enforced on main (Secret scan, sop-tier-check) while
# missing the enforced sop-checklist. Fixed here.
#
# Declared here rather than fetched from /branch_protections
# because that endpoint requires admin write — sop-tier-bot
# is read-only by design (least-privilege per
@ -78,12 +81,10 @@ jobs:
# auto-detected by `ci-required-drift.yml` (RFC §4 + §6),
# which opens a `[ci-drift]` issue within one hour.
#
# When the protection set changes (e.g. Phase 4 adds the
# `ci / all-required (pull_request)` sentinel), update BOTH
# branch protection AND this env in the SAME PR; drift-detect
# will otherwise file an issue for you.
# When the protection set changes, update BOTH branch
# protection AND this env in the SAME PR; drift-detect will
# otherwise file an issue for you.
REQUIRED_CHECKS: |
Secret scan / Scan diff for credential-shaped strings (pull_request)
sop-tier-check / tier-check (pull_request)
CI / all-required (pull_request)
sop-checklist / all-items-acked (pull_request)
run: bash .gitea/scripts/audit-force-merge.sh