molecule-ai/molecule-core
41
0
Fork 2
Code Issues 47 Pull Requests -14 Actions 252 Packages Projects Releases Wiki Activity

fix(ci): add labeled/unlabeled to sop-checklist-gate triggers (mc#817) #818

Merged
devops-engineer merged 1 commits from fix/sop-gate-labeled-trigger into main 2026-05-13 08:50:48 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
core-devops commented 2026-05-13 08:42:00 +00:00
Member
Copy Link

Summary

Adds labeled and unlabeled to pull_request_target types in sop-checklist-gate.yml.

Problem

When a tier:* label is added to a PR after the initial gate run, the gate does not re-evaluate. This leaves a stale failure status (from when no tier label was present → mode=hard → failure), requiring manual compensating success statuses every time a label is applied.

Fix

- types: [opened, edited, synchronize, reopened]
+ types: [opened, edited, synchronize, reopened, labeled, unlabeled]

This triggers a fresh gate evaluation on every label add/remove, so tier:low PRs automatically get success and tier:medium PRs get re-evaluated.

Test plan

  • Diff is a 2-word addition to the existing types: list
  • Both pull_request_target events still fire on all previous triggers
  • No logic changes — only the trigger type list is extended

SOP Checklist

Comprehensive testing performed

This is a workflow-trigger-only change; no business logic changed. The added triggers (labeled, unlabeled) are standard Gitea pull_request_target event types.

Local-postgres E2E run

N/A — workflow metadata only, no backend logic.

Staging-smoke verified or pending

Pending — will verify that adding a tier label triggers the gate on next run.

Root-cause not symptom

Root cause: missing labeled type in trigger list. Fixed by adding it. Closes mc#817.

Five-Axis review walked

  • Correctness: adds 2 event types to existing trigger, no other changes.
  • Readability: no change to logic.
  • Architecture: follows Gitea pull_request_target event model.
  • Security: pull_request_target trust boundary unchanged (still reads workflow from BASE).
  • Performance: adds 2 trigger events that fire on label changes; gate eval is O(n comments).
## Summary Adds `labeled` and `unlabeled` to `pull_request_target` types in `sop-checklist-gate.yml`. ## Problem When a `tier:*` label is added to a PR after the initial gate run, the gate does not re-evaluate. This leaves a stale `failure` status (from when no tier label was present → mode=hard → failure), requiring manual compensating `success` statuses every time a label is applied. ## Fix ```diff - types: [opened, edited, synchronize, reopened] + types: [opened, edited, synchronize, reopened, labeled, unlabeled] ``` This triggers a fresh gate evaluation on every label add/remove, so tier:low PRs automatically get `success` and tier:medium PRs get re-evaluated. ## Test plan - [x] Diff is a 2-word addition to the existing `types:` list - [x] Both pull_request_target events still fire on all previous triggers - [x] No logic changes — only the trigger type list is extended ## SOP Checklist ### Comprehensive testing performed This is a workflow-trigger-only change; no business logic changed. The added triggers (`labeled`, `unlabeled`) are standard Gitea pull_request_target event types. ### Local-postgres E2E run N/A — workflow metadata only, no backend logic. ### Staging-smoke verified or pending Pending — will verify that adding a tier label triggers the gate on next run. ### Root-cause not symptom Root cause: missing `labeled` type in trigger list. Fixed by adding it. Closes mc#817. ### Five-Axis review walked - Correctness: adds 2 event types to existing trigger, no other changes. - Readability: no change to logic. - Architecture: follows Gitea `pull_request_target` event model. - Security: pull_request_target trust boundary unchanged (still reads workflow from BASE). - Performance: adds 2 trigger events that fire on label changes; gate eval is O(n comments).
core-devops added the
tier:low
 label 2026-05-13 08:42:00 +00:00
core-devops added 1 commit 2026-05-13 08:42:02 +00:00
fix(ci): add labeled/unlabeled to sop-checklist-gate pull_request_target types
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 14s
Details
CI / Detect changes (pull_request) Successful in 34s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 18s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 20s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 22s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 13s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 13s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 22s
Details
gate-check-v3 / gate-check (pull_request) Successful in 14s
Details
qa-review / approved (pull_request) Failing after 10s
Details
sop-checklist / all-items-acked (pull_request) [info tier:low] acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: no-backwards-compat, mem
Details
security-review / approved (pull_request) Failing after 9s
Details
sop-checklist-gate / gate (pull_request) Successful in 8s
Details
sop-tier-check / tier-check (pull_request) Successful in 8s
Details
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Successful in 1m34s
Details
CI / Platform (Go) (pull_request) Successful in 6s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m13s
Details
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m29s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 5s
Details
CI / Canvas (Next.js) (pull_request) Successful in 6s
Details
CI / Python Lint & Test (pull_request) Successful in 3s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 5s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 6s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 7s
Details
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m26s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
lint-required-context-exists-in-bp / lint-required-context-exists-in-bp (pull_request) Successful in 1m42s
Details
CI / all-required (pull_request) Successful in 2s
Details
audit-force-merge / audit (pull_request) Successful in 10s
Details
8e1d12e563 
Closes mc#817.

The gate was not re-running when a tier label was added after initial PR open,
leaving a stale failure status. Adding labeled/unlabeled triggers a fresh
evaluation whenever tier label changes, eliminating need for manual compensating statuses.
devops-engineer approved these changes 2026-05-13 08:43:01 +00:00
devops-engineer left a comment
Member
Copy Link

LGTM — 2-word trigger extension, no logic changes. Fixes mc#817 stale-status problem cleanly.

LGTM — 2-word trigger extension, no logic changes. Fixes mc#817 stale-status problem cleanly.
devops-engineer merged commit 01ca22eedd into main 2026-05-13 08:50:48 +00:00
devops-engineer deleted branch fix/sop-gate-labeled-trigger 2026-05-13 08:51:50 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
devops-engineer
Labels
Clear labels   
merge-queue

Merge queue candidate

  
merge-queue

Ready for serialized Gitea merge queue

  
merge-queue

Merge queue candidate

  
merge-queue-hold

Temporarily hold PR in merge queue

  
release-blocker

Blocks the staging→main promotion / a release

  
release-test

   
security

   
test-label-sre

   
tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

  
tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

  
tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

  
triage-test

test

No Label
merge-queue
merge-queue
merge-queue
merge-queue-hold
release-blocker
release-test
security
test-label-sre
tier:high
tier:low
tier:medium
triage-test
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#818
No description provided.
Delete Branch "fix/sop-gate-labeled-trigger"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?