e92bdeca58
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 19s
CI / Detect changes (pull_request) Successful in 48s
E2E API Smoke Test / detect-changes (pull_request) Successful in 33s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 30s
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 15s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 29s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 12s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 32s
sop-checklist / all-items-acked (pull_request) [soft-fail tier:low] acked: 0/7 — missing: comprehensive-testing, local-postgres-e2e, staging-smoke, +4 — body-unfilled: 7
qa-review / approved (pull_request) Failing after 22s
gate-check-v3 / gate-check (pull_request) Failing after 27s
security-review / approved (pull_request) Failing after 16s
sop-checklist-gate / gate (pull_request) Successful in 12s
sop-tier-check / tier-check (pull_request) Successful in 14s
lint-continue-on-error-tracking / lint-continue-on-error-tracking (pull_request) Failing after 1m14s
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m14s
Lint pre-flip continue-on-error / Verify continue-on-error flips have run-log proof (pull_request) Successful in 1m33s
Lint workflow YAML (Gitea-1.22.6-hostile shapes) / Lint workflow YAML for Gitea-1.22.6-hostile shapes (pull_request) Successful in 1m32s
CI / Platform (Go) (pull_request) Successful in 5s
CI / Canvas (Next.js) (pull_request) Successful in 4s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 3s
CI / Python Lint & Test (pull_request) Successful in 3s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 6s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 7s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 4s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
CI / all-required (pull_request) Successful in 5s
Daily scheduled lint detecting drift between
`branch_protections/<branch>.status_check_contexts` and the contexts
emitted by `.gitea/workflows/*.yml`. Files/PATCHes a `[ci-bp-drift]`
issue (idempotent) on mismatch.
The class this prevents
-----------------------
A BP-required context with no emitting workflow blocks merges
forever — Gitea 1.22.6 treats absent-as-`pending`, NOT
absent-as-`skipped`. Previously surfaced as
feedback_phantom_required_check_after_gitea_migration (a port that
kept the GitHub context name after rename to Gitea).
Implementation
--------------
- `.gitea/scripts/lint_bp_context_emit_match.py` — PyYAML walk of
every workflow's `on:` block + `jobs.*.name:` (or job-key fallback)
to enumerate emitted contexts. Compares against BP. Two directions:
(a) BP→emitter: required by BP, no emitter → ERROR + drift issue.
(b) Emitter→BP: emitter exists, BP doesn't list → NOTICE only
(Tier 2g handles at PR-time; scheduled-flag would noisily
flag every transitional state during a BP rollout).
Event-suffix match strict: `(push)` and `(pull_request)` are
distinct. `pull_request_target` maps to `(pull_request)` per
Gitea convention.
- `.gitea/workflows/lint-bp-context-emit-match.yml` — schedule
`31 3 * * *` + workflow_dispatch. NO pull_request / push triggers
(Tier 2g owns those). Phase 3 (continue-on-error: true) per
RFC #219 §1.
- `tests/test_lint_bp_context_emit_match.py` — 10 unit tests:
perfect match, BP-orphan fail, emitter-orphan notice-only,
multi-orphan aggregation, empty-BP skip, 403/404 graceful,
event-suffix mismatch flag, pull_request_target mapping,
idempotent PATCH-on-existing-issue.
Auth uses DRIFT_BOT_TOKEN (same as ci-required-drift.yml) — Gitea
1.22.6 requires repo-admin scope on `/branch_protections/*`. Graceful
degrade on 403 per Tier 2a contract.
Refs: #350
|
||
|---|---|---|
| .. | ||
| audit-force-merge.yml | ||
| block-internal-paths.yml | ||
| cascade-list-drift-gate.yml | ||
| check-migration-collisions.yml | ||
| ci-required-drift.yml | ||
| ci.yml | ||
| continuous-synth-e2e.yml | ||
| e2e-api.yml | ||
| e2e-staging-canvas.yml | ||
| e2e-staging-external.yml | ||
| e2e-staging-saas.yml | ||
| e2e-staging-sanity.yml | ||
| gate-check-v3.yml | ||
| handlers-postgres-integration.yml | ||
| harness-replays.yml | ||
| lint-bp-context-emit-match.yml | ||
| lint-continue-on-error-tracking.yml | ||
| lint-curl-status-capture.yml | ||
| lint-mask-pr-atomicity.yml | ||
| lint-pre-flip-continue-on-error.yml | ||
| lint-required-no-paths.yml | ||
| lint-workflow-yaml.yml | ||
| main-red-watchdog.yml | ||
| publish-canvas-image.yml | ||
| publish-runtime-autobump.yml | ||
| publish-runtime.yml | ||
| publish-workspace-server-image.yml | ||
| qa-review.yml | ||
| railway-pin-audit.yml | ||
| redeploy-tenants-on-main.yml | ||
| redeploy-tenants-on-staging.yml | ||
| review-check-tests.yml | ||
| runtime-pin-compat.yml | ||
| runtime-prbuild-compat.yml | ||
| secret-pattern-drift.yml | ||
| secret-scan.yml | ||
| security-review.yml | ||
| sop-checklist-gate.yml | ||
| sop-tier-check.yml | ||
| sop-tier-refire.yml | ||
| staging-smoke.yml | ||
| staging-verify.yml | ||
| status-reaper.yml | ||
| sweep-aws-secrets.yml | ||
| sweep-cf-orphans.yml | ||
| sweep-cf-tunnels.yml | ||
| sweep-stale-e2e-orgs.yml | ||
| test-ops-scripts.yml | ||
| weekly-platform-go.yml | ||