Compare commits

...

3 Commits

Author SHA1 Message Date
Barcode Betty 8ed8226e20 ci: never hard-fail deploy-dev/deploy-uat on infra-PR merge outcome (CAR-1216)
CI / test (pull_request) Successful in 13s
CI / lint (pull_request) Successful in 14s
CI / audit (pull_request) Failing after 13s
CI / build-and-push-receiptwitness (pull_request) Has been skipped
CI / build-and-push-api (pull_request) Has been skipped
CI / build-and-push-auth (pull_request) Has been skipped
CI / e2e (pull_request) Successful in 53s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
CI / lighthouse (pull_request) Failing after 1m24s
The CI bot cannot self-approve cartsnitch/infra main's required human
review, so the in-job auto-merge attempt is structurally impossible
and would always fail with SOME message (checks-pending, then
approvals, then transient errors). Special-casing individual error
strings is fragile — CAR-1212's 'Does not have enough approvals' branch
proved it (deploy-dev run 4999 hit the final else-branch instead).

Make job success depend only on the infra PR being OPENED (and
cs_savannah review requested), NOT on the merge outcome. Replace both
the approvals-elif branch and the final else (exit 1) branch with a
single non-failing branch: emit a ::notice:: with the merge response
and exit 0. The ONLY remaining hard-fail is the empty PR_NUM check
(PR could not be created).

Same change applied symmetrically to deploy-uat.

Refs CAR-1195, CAR-1194, CAR-1212, CAR-1216.
2026-06-03 22:05:37 +00:00
Savannah Savings 284b361f9b Merge pull request 'ci: deploy-dev/deploy-uat: report success on infra-main approval gate (CAR-1212)' (#276) from betty/car-1212-approval-gate-exit0 into dev
CI / lint (push) Successful in 14s
CI / audit (push) Failing after 13s
CI / test (push) Successful in 14s
CI / lint (pull_request) Successful in 12s
CI / e2e (push) Successful in 42s
CI / build-and-push-api (push) Successful in 1m2s
CI / build-and-push-auth (push) Successful in 32s
CI / lighthouse (push) Failing after 1m21s
CI / audit (pull_request) Failing after 13s
CI / test (pull_request) Successful in 16s
CI / build-and-push-receiptwitness (push) Successful in 1m52s
CI / e2e (pull_request) Successful in 47s
CI / build-and-push-receiptwitness (pull_request) Has been skipped
CI / build-and-push-api (pull_request) Has been skipped
CI / build-and-push-auth (pull_request) Has been skipped
CI / build-and-push (push) Successful in 50s
CI / lighthouse (pull_request) Failing after 1m16s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-uat (push) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
CI / deploy-dev (push) Failing after 8s
2026-06-03 21:49:04 +00:00
Barcode Betty 3dcf0ce021 ci: treat infra PR approvals gate as success in deploy jobs (CAR-1212)
CI / lint (pull_request) Successful in 12s
CI / test (pull_request) Successful in 12s
CI / audit (pull_request) Failing after 12s
CI / build-and-push-receiptwitness (pull_request) Has been skipped
CI / build-and-push-api (pull_request) Has been skipped
CI / build-and-push-auth (pull_request) Has been skipped
CI / e2e (pull_request) Successful in 43s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
CI / lighthouse (pull_request) Failing after 1m17s
Per the spec for CAR-1212 (CAR-1195 follow-up):

- deploy-dev and deploy-uat now request cs_savannah as a reviewer on the
  cartsnitch/infra PR (best-effort, log on non-2xx, never fail the job).
- After the merge attempt, classify the response:
  * .merged == true                      -> success notice
  * 'Does not have enough approvals'     -> ::notice:: + exit 0
                                           (GitOps approval gate, not a
                                           failure; the PR is correctly
                                           opened and surfaces in the CTO
                                           queue)
  * anything else                        -> keep the existing ::error::
                                           and exit 1 (genuine unexpected
                                           failure)

This unblocks the deploy jobs that were hard-failing on the branch-protection
approvals requirement, which a CI bot cannot self-satisfy. The CTO (cs_savannah)
already backstop-approves+merges these infra PRs by hand (e.g. #321, #322).

- 'No image changes to deploy' early-exit preserved.
- Still uses secrets.CI_GITEA_TOKEN for the PR/reviewer/merge API calls.
- No git push origin main: only the API path is used.

Refs CAR-1195, CAR-1194.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-06-03 21:34:18 +00:00
+46 -10
View File
@@ -567,18 +567,36 @@ jobs:
exit 1
fi
echo "Opened cartsnitch/infra PR #${PR_NUM} (head=${BRANCH})"
# Request CTO (cs_savannah) review as the GitOps hand-off. Best-effort:
# log on non-2xx but never fail the job for this.
REVIEW_HTTP=$(curl -sS -o /dev/null -w '%{http_code}' -X POST \
-H "Authorization: token ${CI_GITEA_TOKEN}" \
-H "Content-Type: application/json" \
-d '{"reviewers":["cs_savannah"]}' \
"https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/requested_reviewers")
if [ "${REVIEW_HTTP}" -lt 200 ] || [ "${REVIEW_HTTP}" -ge 300 ]; then
echo "::notice::Failed to request reviewers for cartsnitch/infra PR #${PR_NUM} (HTTP ${REVIEW_HTTP}); continuing"
fi
MERGE_RESP=$(curl -sS -X POST \
-H "Authorization: token ${CI_GITEA_TOKEN}" \
-H "Content-Type: application/json" \
-d '{"Do":"merge","delete_branch_after_merge":true}' \
"https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/merge")
MERGED=$(echo "$MERGE_RESP" | jq -r '.merged // false')
if [ "$MERGED" != "true" ]; then
echo "::error::Auto-merge of cartsnitch/infra PR #${PR_NUM} failed: $MERGE_RESP"
echo "::error::Reassign to cs_savannah (authorized merger for cartsnitch/infra main) for backstop merge."
exit 1
if [ "$MERGED" = "true" ]; then
echo "PR #${PR_NUM} merged into cartsnitch/infra main"
else
# GitOps approval gate (CAR-1216): the CI bot cannot self-approve
# cartsnitch/infra main's required human review, so the in-job
# auto-merge is structurally impossible and will always fail with
# SOME message (checks-pending, then approvals, then transient
# errors). Special-casing individual messages is fragile. The PR
# is correctly opened, cs_savannah is requested as reviewer, and
# the CTO will backstop-merge — that is the success condition.
# Treat every merge-outcome failure as success (exit 0).
echo "::notice::infra PR #${PR_NUM} opened and awaiting CTO (cs_savannah) approve+merge — GitOps approval gate, not a failure: $MERGE_RESP"
exit 0
fi
echo "PR #${PR_NUM} merged into cartsnitch/infra main"
deploy-uat:
runs-on: ubuntu-latest
@@ -693,15 +711,33 @@ jobs:
exit 1
fi
echo "Opened cartsnitch/infra PR #${PR_NUM} (head=${BRANCH})"
# Request CTO (cs_savannah) review as the GitOps hand-off. Best-effort:
# log on non-2xx but never fail the job for this.
REVIEW_HTTP=$(curl -sS -o /dev/null -w '%{http_code}' -X POST \
-H "Authorization: token ${CI_GITEA_TOKEN}" \
-H "Content-Type: application/json" \
-d '{"reviewers":["cs_savannah"]}' \
"https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/requested_reviewers")
if [ "${REVIEW_HTTP}" -lt 200 ] || [ "${REVIEW_HTTP}" -ge 300 ]; then
echo "::notice::Failed to request reviewers for cartsnitch/infra PR #${PR_NUM} (HTTP ${REVIEW_HTTP}); continuing"
fi
MERGE_RESP=$(curl -sS -X POST \
-H "Authorization: token ${CI_GITEA_TOKEN}" \
-H "Content-Type: application/json" \
-d '{"Do":"merge","delete_branch_after_merge":true}' \
"https://git.farh.net/api/v1/repos/cartsnitch/infra/pulls/${PR_NUM}/merge")
MERGED=$(echo "$MERGE_RESP" | jq -r '.merged // false')
if [ "$MERGED" != "true" ]; then
echo "::error::Auto-merge of cartsnitch/infra PR #${PR_NUM} failed: $MERGE_RESP"
echo "::error::Reassign to cs_savannah (authorized merger for cartsnitch/infra main) for backstop merge."
exit 1
if [ "$MERGED" = "true" ]; then
echo "PR #${PR_NUM} merged into cartsnitch/infra main"
else
# GitOps approval gate (CAR-1216): the CI bot cannot self-approve
# cartsnitch/infra main's required human review, so the in-job
# auto-merge is structurally impossible and will always fail with
# SOME message (checks-pending, then approvals, then transient
# errors). Special-casing individual messages is fragile. The PR
# is correctly opened, cs_savannah is requested as reviewer, and
# the CTO will backstop-merge — that is the success condition.
# Treat every merge-outcome failure as success (exit 0).
echo "::notice::infra PR #${PR_NUM} opened and awaiting CTO (cs_savannah) approve+merge — GitOps approval gate, not a failure: $MERGE_RESP"
exit 0
fi
echo "PR #${PR_NUM} merged into cartsnitch/infra main"