e92bdeca58
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 19s
CI / Detect changes (pull_request) Successful in 48s
E2E API Smoke Test / detect-changes (pull_request) Successful in 33s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 30s
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 15s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 29s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 12s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 32s
sop-checklist / all-items-acked (pull_request) [soft-fail tier:low] acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: 7
qa-review / approved (pull_request) Failing after 22s
gate-check-v3 / gate-check (pull_request) Failing after 27s
security-review / approved (pull_request) Failing after 16s
sop-checklist-gate / gate (pull_request) Successful in 12s
sop-tier-check / tier-check (pull_request) Successful in 14s
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Failing after 1m14s
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m14s
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m33s
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m32s
CI / Platform (Go) (pull_request) Successful in 5s
CI / Canvas (Next.js) (pull_request) Successful in 4s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 3s
CI / Python Lint & Test (pull_request) Successful in 3s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 6s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 4s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
CI / all-required (pull_request) Successful in 5s
Daily scheduled lint detecting drift between
`branch_protections/<branch>.status_check_contexts` and the contexts
emitted by `.gitea/workflows/*.yml`. Files/PATCHes a `[ci-bp-drift]`
issue (idempotent) on mismatch.
The class this prevents
-----------------------
A BP-required context with no emitting workflow blocks merges
forever — Gitea 1.22.6 treats absent-as-`pending`, NOT
absent-as-`skipped`. Previously surfaced as
feedback_phantom_required_check_after_gitea_migration (a port that
kept the GitHub context name after rename to Gitea).
Implementation
--------------
- `.gitea/scripts/lint_bp_context_emit_match.py` — PyYAML walk of
every workflow's `on:` block + `jobs.*.name:` (or job-key fallback)
to enumerate emitted contexts. Compares against BP. Two directions:
(a) BP→emitter: required by BP, no emitter → ERROR + drift issue.
(b) Emitter→BP: emitter exists, BP doesn't list → NOTICE only
(Tier 2g handles at PR-time; scheduled-flag would noisily
flag every transitional state during a BP rollout).
Event-suffix match strict: `(push)` and `(pull_request)` are
distinct. `pull_request_target` maps to `(pull_request)` per
Gitea convention.
- `.gitea/workflows/lint-bp-context-emit-match.yml` — schedule
`31 3 * * *` + workflow_dispatch. NO pull_request / push triggers
(Tier 2g owns those). Phase 3 (continue-on-error: true) per
RFC #219 §1.
- `tests/test_lint_bp_context_emit_match.py` — 10 unit tests:
perfect match, BP-orphan fail, emitter-orphan notice-only,
multi-orphan aggregation, empty-BP skip, 403/404 graceful,
event-suffix mismatch flag, pull_request_target mapping,
idempotent PATCH-on-existing-issue.
Auth uses DRIFT_BOT_TOKEN (same as ci-required-drift.yml) — Gitea
1.22.6 requires repo-admin scope on `/branch_protections/*`. Graceful
degrade on 403 per Tier 2a contract.
Refs: #350
|
||
|---|---|---|
| .. | ||
| tests | ||
| audit-force-merge.sh | ||
| ci-required-drift.py | ||
| compare-api-diff-files.py | ||
| lint_bp_context_emit_match.py | ||
| lint_continue_on_error_tracking.py | ||
| lint_mask_pr_atomicity.py | ||
| lint_pre_flip_continue_on_error.py | ||
| lint-required-no-paths.py | ||
| lint-workflow-yaml.py | ||
| main-red-watchdog.py | ||
| push-commits-diff-files.py | ||
| review-check.sh | ||
| sop-checklist-gate.py | ||
| sop-tier-check.sh | ||
| sop-tier-refire.sh | ||
| status-reaper.py | ||