molecule-ai/molecule-core
40
0
Fork 2
Code Issues 49 Pull Requests 31 Actions 10 Packages Projects Releases Wiki Activity
bfc393c065
molecule-core/.github/workflows
History
claude-ceo-assistant bfc393c065
Some checks failed
CodeQL / Analyze (${{ matrix.language }}) (python) (pull_request) Successful in 1s
Details
Retarget main PRs to staging / Retarget to staging (pull_request) Has been skipped
Details
Check merge_group trigger on required workflows / Required workflows have merge_group trigger (pull_request) Successful in 5s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 6s
Details
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 5s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 7s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 3s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 3s
Details
CI / Detect changes (pull_request) Successful in 7s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 8s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 8s
Details
CI / Python Lint & Test (pull_request) Successful in 4s
Details
CI / Canvas (Next.js) (pull_request) Successful in 6s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 4s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Failing after 6s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 7s
Details
CodeQL / Analyze (${{ matrix.language }}) (go) (pull_request) Successful in 1s
Details
CodeQL / Analyze (${{ matrix.language }}) (javascript-typescript) (pull_request) Successful in 1s
Details
CI / Platform (Go) (pull_request) Successful in 4s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 4s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 5s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
ci: add AUTO_SYNC_TOKEN rotation drift canary (#72) 
Adds a 6h-cron synthetic check that fires the auth surface used by
auto-sync-main-to-staging.yml (PR #66) and emits a red workflow
status when AUTO_SYNC_TOKEN has drifted out of validity. Closes
hostile-self-review weakest-spot #3 from PR #66 (token-rotation
detection latency).

Read-only verification — no writes, no synthetic merge commits, no
canary branch noise. Three probes:
  1. GET /api/v1/user → token authenticates as devops-engineer
  2. GET /api/v1/repos/molecule-ai/molecule-core → read:repository scope
  3. git ls-remote refs/heads/staging → exact HTTPS auth path used by
     actions/checkout in the real auto-sync workflow

Hard-fail on missing AUTO_SYNC_TOKEN secret on both schedule and
workflow_dispatch — per feedback_schedule_vs_dispatch_secrets_hardening,
a silent soft-skip would make the canary itself drift-invisible (the
sweep-cf-orphans #2088 lesson). Operator runbook in workflow header.

Token reuse: same AUTO_SYNC_TOKEN as the workflow under monitor; no
new credential introduced. Read-only paths only.

Refs: #72, hostile-self-review #66
2026-05-07 15:23:03 -07:00
..
auto-promote-on-e2e.yml fix(auto-promote): treat E2E completed/cancelled as defer, not failure 2026-05-04 19:26:29 -07:00
auto-promote-staging.yml fix(auto-promote): skip empty-tree promotes to break perpetual cycle 2026-05-03 08:56:44 -07:00
auto-promote-stale-alarm.yml feat(ops): hourly alarm for auto-promote PR stuck on REVIEW_REQUIRED (#2975) 2026-05-05 17:55:27 -07:00
auto-sync-canary.yml ci: add AUTO_SYNC_TOKEN rotation drift canary (#72) 2026-05-07 15:23:03 -07:00
auto-sync-main-to-staging.yml fix(ci): rewrite auto-sync main→staging for Gitea direct push 2026-05-07 15:04:12 -07:00
auto-tag-runtime.yml chore(deps)(deps): bump actions/checkout from 4 to 6 2026-05-02 19:23:01 +00:00
block-internal-paths.yml fix(ci): lowercase 'molecule-ai/' in cross-repo workflow refs 2026-05-07 01:00:10 -07:00
branch-protection-drift.yml fix(branch-protection-drift): hard-fail on schedule only, soft-skip + warn on PR 2026-05-04 21:20:30 -07:00
canary-staging.yml fix(workflows): preserve curl stderr in 8 status-capture sites 2026-05-04 18:54:50 -07:00
canary-verify.yml fix(ci): lowercase 'molecule-ai/' in cross-repo workflow refs 2026-05-07 01:00:10 -07:00
cascade-list-drift-gate.yml feat(ci): structural drift gate for cascade list vs manifest (RFC #388 PR-3) 2026-05-03 03:52:39 -07:00
check-merge-group-trigger.yml chore(deps)(deps): bump actions/checkout from 4 to 6 2026-05-02 19:23:01 +00:00
check-migration-collisions.yml chore(deps)(deps): bump actions/checkout from 4 to 6 2026-05-02 19:23:01 +00:00
ci.yml fix(ci): lowercase 'molecule-ai/' in cross-repo workflow refs 2026-05-07 01:00:10 -07:00
codeql.yml fix(ci): convert CodeQL workflow to no-op stub on Gitea (#156) 2026-05-07 14:26:57 -07:00
continuous-synth-e2e.yml ci(canary): bump timeout-minutes 12 → 20 to absorb apt tail latency 2026-05-04 07:02:12 -07:00
e2e-api.yml test(e2e): add poll-mode chat upload E2E and wire into e2e-api.yml 2026-05-05 13:08:55 -07:00
e2e-staging-canvas.yml fix(workflows): preserve curl stderr in 8 status-capture sites 2026-05-04 18:54:50 -07:00
e2e-staging-external.yml fix(workflows): preserve curl stderr in 8 status-capture sites 2026-05-04 18:54:50 -07:00
e2e-staging-saas.yml fix(workflows): preserve curl stderr in 8 status-capture sites 2026-05-04 18:54:50 -07:00
e2e-staging-sanity.yml fix(workflows): preserve curl stderr in 8 status-capture sites 2026-05-04 18:54:50 -07:00
handlers-postgres-integration.yml ci(handlers-postgres-integration): apply legacy *.sql migrations too 2026-05-05 22:02:24 -07:00
harness-replays.yml chore: drop github-app-auth + swap GHCR→ECR (closes #157, #161) 2026-05-07 07:48:51 -07:00
lint-curl-status-capture.yml fix(workflows): rewrite curl status-capture to prevent exit-code pollution 2026-05-04 18:29:38 -07:00
pr-guards.yml fix(ci): lowercase 'molecule-ai/' in cross-repo workflow refs 2026-05-07 01:00:10 -07:00
promote-latest.yml chore(deps)(deps): bump imjasonh/setup-crane from 0.4 to 0.5 2026-05-02 19:23:13 +00:00
publish-canvas-image.yml Merge pull request #2521 from Molecule-AI/dependabot/github_actions/actions/checkout-6 2026-05-03 01:36:57 +00:00
publish-runtime.yml fix(ci): lowercase 'molecule-ai/' in cross-repo workflow refs 2026-05-07 01:00:10 -07:00
publish-workspace-server-image.yml chore(ci): retrigger publish-workspace-server-image after ECR repo create (#173) 2026-05-07 13:54:11 -07:00
railway-pin-audit.yml Merge pull request #2523 from Molecule-AI/dependabot/github_actions/actions/github-script-9.0.0 2026-05-03 01:37:00 +00:00
redeploy-tenants-on-main.yml fix(ci): lowercase 'molecule-ai/' in cross-repo workflow refs 2026-05-07 01:00:10 -07:00
redeploy-tenants-on-staging.yml fix(ci): lowercase 'molecule-ai/' in cross-repo workflow refs 2026-05-07 01:00:10 -07:00
retarget-main-to-staging.yml fix(ci): lowercase 'molecule-ai/' in cross-repo workflow refs 2026-05-07 01:00:10 -07:00
runtime-pin-compat.yml chore(deps)(deps): bump actions/checkout from 4 to 6 2026-05-02 19:23:01 +00:00
runtime-prbuild-compat.yml fix(ci): include event_name in runtime-prbuild-compat concurrency group 2026-05-05 04:01:20 -07:00
secret-pattern-drift.yml chore(deps)(deps): bump actions/checkout from 4 to 6 2026-05-02 19:23:01 +00:00
secret-scan.yml fix(ci): lowercase 'molecule-ai/' in cross-repo workflow refs 2026-05-07 01:00:10 -07:00
sweep-aws-secrets.yml feat(ops): add sweep-aws-secrets janitor — orphan tenant bootstrap secrets 2026-05-03 02:38:08 -07:00
sweep-cf-orphans.yml chore(deps)(deps): bump actions/checkout from 4 to 6 2026-05-02 19:23:01 +00:00
sweep-cf-tunnels.yml chore(deps)(deps): bump actions/checkout from 4 to 6 2026-05-02 19:23:01 +00:00
sweep-stale-e2e-orgs.yml chore(sweep): add orphan-tunnel cleanup step (#2987 / #340) 2026-05-05 19:36:20 -07:00
test-ops-scripts.yml chore(deps)(deps): bump actions/checkout from 4 to 6 2026-05-02 19:23:01 +00:00