core-devops
afaf0a1e54
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 12s
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 13s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 16s
security-review / approved (pull_request) Failing after 18s
CI / Detect changes (pull_request) Successful in 30s
sop-tier-check / tier-check (pull_request) Successful in 11s
qa-review / approved (pull_request) Failing after 18s
gate-check-v3 / gate-check (pull_request) Successful in 29s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 33s
E2E API Smoke Test / detect-changes (pull_request) Successful in 34s
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 36s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 34s
CI / Platform (Go) (pull_request) Successful in 7s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 6s
CI / Canvas (Next.js) (pull_request) Successful in 8s
CI / Python Lint & Test (pull_request) Successful in 7s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 8s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 8s
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 9s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 6s
CI / all-required (pull_request) Successful in 3s
audit-force-merge / audit (pull_request) Successful in 21s
Root cause (verified via runs 14525 + 14526):
Gitea 1.22.6 emits commit-status context as
<workflow_name> / <job_name> (push)
for ANY workflow run on the default-branch HEAD, REGARDLESS of the
trigger event. Schedule- and workflow_dispatch-triggered runs
therefore paint main red via a fake-push status. No upstream fix
in 1.23-1.26.1 (sibling a6f20db1 research; internal#80 RFC).
Design — Option B (b2 cron-based compensating-status POST):
workflow_run is NOT supported on Gitea 1.22.6 (verified via
modules/actions/workflows.go enumeration); cron is the only
event-shaped option that fires reliably.
Every 5min, .gitea/workflows/status-reaper.yml runs a stdlib +
PyYAML scanner that:
1. Walks .gitea/workflows/*.yml. Resolves each workflow_id from
top-level 'name:' (else filename stem). Fails LOUD on
name-collision OR '/' in name (would break ' / ' context
parsing downstream). Classifies each by 'push:' trigger
presence (str / list / dict on: shapes all handled).
2. Reads main HEAD's combined commit status.
3. For each failure-state context ending ' (push)':
- parses '<workflow_name> / <job_name> (push)';
- skips if workflow not in scan map (conservative);
- preserves if workflow has push: trigger (real defect);
- else POSTs state=success with the same context to
/repos/{o}/{r}/statuses/{sha}, with a description that
documents the workaround.
Safety:
- Only failure-state contexts whose suffix is ' (push)' are
compensated. Branch_protections required checks on main (Secret
scan, sop-tier-check) have ' (pull_request)' suffix — UNREACHABLE
from this code path. Verified 2026-05-11 + test
test_reap_required_check_pull_request_suffix_never_touched.
- publish-workspace-server-image has a real push: trigger →
PRESERVED. mc#576's docker-socket failure stays visible as
intended. Explicit test fixture.
- api() raises ApiError on non-2xx + JSON-decode failure per
feedback_api_helper_must_raise_not_return_dict. Pre-fix
'soft-fail' would silently paint main green via omission.
Persona:
claude-status-reaper (Gitea uid 94, write:repository) — provisioned
2026-05-11 21:39Z by sub-agent aefaac1b. Token under
secrets.STATUS_REAPER_TOKEN (no other write surface touched).
Acceptance (post-merge verify, Step-5):
Trigger one class-O workflow via workflow_dispatch (e.g.
sweep-cf-tunnels). Observe reaper compensate the resulting
(push)-suffix failure on the next 5-min tick. Real
push-triggered failures (publish-workspace-server-image) MUST
still red main.
Removal path:
Drop this workflow + script + tests when Gitea is upgraded to
>= 1.24 with a fix for the hardcoded-suffix bug, OR when an
upstream patch lands (internal#80 RFC). Tracked in
post-merge audit issue.
Cross-links:
- sibling internal#327 (publish-runtime-bot)
- sibling internal#328 (mc-drift-bot)
- sibling internal#329 (Gitea dispatcher race)
- sibling internal#330 (disk-GC cron Gitea-class bug)
- upstream internal#80 (Gitea hardcoded-suffix RFC)
- mc#576 (preserved by design — real push-trigger failure)
- sub-agent aefaac1b (provisioning sibling)
- sub-agent a6f20db1 (Option A research — no upstream fix)
Tests: 37 pytest cases pass (incl. hongming-pc 22:08Z review's 3
design checks: name-collision fail-loud, '/' in name lint, name vs
filename fallback).
|
||
|---|---|---|
| .. | ||
| e2e | ||
| harness | ||
| ops | ||
| README.md | ||
| test_ci_required_drift.py | ||
| test_main_red_watchdog.py | ||
| test_status_reaper.py | ||
Tests
This repo uses the standard monorepo testing convention: unit tests live with their package, cross-component E2E tests live here.
Where to find tests
| Scope | Location |
|---|---|
| Go unit + integration (platform, CLI, handlers) | workspace-server/**/*_test.go — run with cd workspace-server && go test -race ./... |
| TypeScript unit (canvas components, hooks, store) | canvas/src/**/__tests__/ — run with cd canvas && npm test -- --run |
| TypeScript unit (MCP server handlers) | mcp-server/src/__tests__/ — run with cd mcp-server && npx jest |
| Python unit (workspace runtime, adapters) | workspace/tests/ — run with cd workspace && python3 -m pytest |
| Python unit (SDK: plugin + remote agent) | sdk/python/tests/ — run with cd sdk/python && python3 -m pytest |
| Cross-component E2E (spans platform + runtime + HTTP) | tests/e2e/ ← you are here |
Why split this way
- Go requires co-located
_test.gofiles to access unexported symbols. - Per-package test commands keep the inner loop fast — changing canvas doesn't re-run Go tests.
tests/e2e/covers scenarios that no single package owns: a full workspace lifecycle, A2A across two provisioned agents, delegation chains, bundle round-trips.
Running E2E
Every E2E script here assumes the platform is running at localhost:8080 and (where noted) provisioned agents are online. See the header comment of each .sh for specifics.
Cleaning up rogue test workspaces
If an E2E run aborts before its teardown runs (Ctrl-C, crash, CI timeout),
the platform can be left with workspaces whose config volume is stale or
empty — Docker's unless-stopped restart policy then spins those
containers in a FileNotFoundError loop. The platform's pre-flight check
(#17) marks such workspaces failed on the next restart, but a manual
cleanup is useful:
bash scripts/cleanup-rogue-workspaces.sh # deletes ws with id/name starting aaaaaaaa-, bbbbbbbb-, cccccccc-, test-ws-
MOLECULE_URL=http://host:8080 bash scripts/cleanup-rogue-workspaces.sh
The script DELETEs each matching workspace via the API and
force-removes the ws-<id[:12]> container as a belt-and-suspenders
fallback.