From b5151db0acc2d32c8d30108a8a94138f06143f41 Mon Sep 17 00:00:00 2001 From: Barcode Betty <32+cs_betty@noreply.git.farh.net> Date: Tue, 23 Jun 2026 00:14:25 +0000 Subject: [PATCH] fix: resolve ci.yml merge conflict (CAR-994+CAR-1423+CAR-1270) --- .gitea/workflows/ci.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 17e72a7..6bba354 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -93,7 +93,7 @@ jobs: with: repository: cartsnitch/infra token: ${{ secrets.CI_GITEA_TOKEN }} - ref: ${{ github.ref == 'refs/heads/main' && 'main' || (github.ref == 'refs/heads/uat' && 'uat' || 'dev') }} + ref: main path: infra - name: Install kustomize @@ -142,8 +142,8 @@ jobs: echo "::notice::Refusing to push directly to protected branch — falling back to contents API" exit 0 fi - PR_BODY=$(jq -n --arg head "cartsnitch:${BRANCH}" --arg base dev --arg title ("ci(dev): update auth image (" + env.GITHUB_SHA[:12] + ")") --arg body "Bumps apps/overlays/dev/kustomization.yaml auth newTag to \`${{ steps.tag.outputs.tag }}\` from cartsnitch/auth CI build $GITHUB_SHA." \ - '{head: $head, base: $base, title: $title, body: $body}') + PR_BODY=$(jq -n --arg head "$BRANCH" --arg body "Bumps apps/overlays/dev/kustomization.yaml auth newTag to \`${{ steps.tag.outputs.tag }}\` from cartsnitch/auth CI build $GITHUB_SHA." \ + '{head: $head, base: "main", title: ("ci(dev): update auth image (" + env.GITHUB_SHA[:12] + ")"), body: $body}') PR_JSON=$(curl -sS -X POST \ -H "Authorization: token ${CI_GITEA_TOKEN}" \ -H "Content-Type: application/json" \ @@ -163,11 +163,6 @@ jobs: if [ "${REVIEW_HTTP}" -lt 200 ] || [ "${REVIEW_HTTP}" -ge 300 ]; then echo "::notice::Failed to request reviewers for cartsnitch/infra PR #${PR_NUM} (HTTP ${REVIEW_HTTP}); continuing" fi - # CAR-1216: the in-job merge attempt is a best-effort fast-path only. - # `cartsnitch/infra` main requires a human approving review; the CI bot - # cannot self-approve. Treat any non-merged outcome (approvals pending, - # checks pending, any other Gitea message) as the GitOps approval gate - # — the PR is already opened and cs_savannah is requested as reviewer. MERGE_RESP=$(curl -sS -X POST \ -H "Authorization: token ${CI_GITEA_TOKEN}" \ -H "Content-Type: application/json" \ @@ -175,8 +170,11 @@ jobs: "https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/merge") MERGED=$(echo "$MERGE_RESP" | jq -r '.merged // false') if [ "$MERGED" = "true" ]; then - echo "PR #${PR_NUM} merged into cartsnitch/infra dev" + echo "PR #${PR_NUM} merged into cartsnitch/infra main" elif echo "$MERGE_RESP" | grep -qi 'does not have enough approvals'; then + # GitOps approval gate: PR is correctly opened and surfaces in + # CTO queue via the reviewers request above. Treat as success + # so the job does not hard-fail on approvals. echo "::notice::infra PR #${PR_NUM} opened and awaiting CTO (cs_savannah) approve+merge — GitOps approval gate, not a failure" exit 0 else @@ -194,7 +192,7 @@ jobs: with: repository: cartsnitch/infra token: ${{ secrets.CI_GITEA_TOKEN }} - ref: ${{ github.ref == 'refs/heads/main' && 'main' || (github.ref == 'refs/heads/uat' && 'uat' || 'dev') }} + ref: main path: infra - name: Install kustomize @@ -243,8 +241,8 @@ jobs: echo "::notice::Refusing to push directly to protected branch — falling back to contents API" exit 0 fi - PR_BODY=$(jq -n --arg head "cartsnitch:${BRANCH}" --arg base uat --arg title ("ci(uat): update auth image (" + env.GITHUB_SHA[:12] + ")") --arg body "Bumps apps/overlays/uat/kustomization.yaml auth newTag to \`${{ steps.tag.outputs.tag }}\` from cartsnitch/auth CI build $GITHUB_SHA." \ - '{head: $head, base: $base, title: $title, body: $body}') + PR_BODY=$(jq -n --arg head "$BRANCH" --arg body "Bumps apps/overlays/uat/kustomization.yaml auth newTag to \`${{ steps.tag.outputs.tag }}\` from cartsnitch/auth CI build $GITHUB_SHA." \ + '{head: $head, base: "main", title: ("ci(uat): update auth image (" + env.GITHUB_SHA[:12] + ")"), body: $body}') PR_JSON=$(curl -sS -X POST \ -H "Authorization: token ${CI_GITEA_TOKEN}" \ -H "Content-Type: application/json" \ @@ -264,7 +262,6 @@ jobs: if [ "${REVIEW_HTTP}" -lt 200 ] || [ "${REVIEW_HTTP}" -ge 300 ]; then echo "::notice::Failed to request reviewers for cartsnitch/infra PR #${PR_NUM} (HTTP ${REVIEW_HTTP}); continuing" fi - # CAR-1216: see deploy-dev — same never-fail on merge outcome. MERGE_RESP=$(curl -sS -X POST \ -H "Authorization: token ${CI_GITEA_TOKEN}" \ -H "Content-Type: application/json" \ @@ -272,8 +269,11 @@ jobs: "https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/merge") MERGED=$(echo "$MERGE_RESP" | jq -r '.merged // false') if [ "$MERGED" = "true" ]; then - echo "PR #${PR_NUM} merged into cartsnitch/infra uat" + echo "PR #${PR_NUM} merged into cartsnitch/infra main" elif echo "$MERGE_RESP" | grep -qi 'does not have enough approvals'; then + # GitOps approval gate: PR is correctly opened and surfaces in + # CTO queue via the reviewers request above. Treat as success + # so the job does not hard-fail on approvals. echo "::notice::infra PR #${PR_NUM} opened and awaiting CTO (cs_savannah) approve+merge — GitOps approval gate, not a failure" exit 0 else