molecule-ai/.github
41
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

ci: add SOP checklist gate #5

Open
hongming wants to merge 1 commits from chore/sop-checklist-gate into main
pull from: chore/sop-checklist-gate
merge into: molecule-ai:main
Conversation 0 Commits 1 Files Changed 3
+1053
hongming commented 2026-05-13 03:38:19 +00:00
Owner
Copy Link
Copy Source

Summary

  • add the org-wide SOP checklist gate workflow
  • consume the SSOT-backed SOP_TIER_CHECK_TOKEN org Actions secret
  • require PR body checklist answers plus peer /sop-ack comments

Root cause

The SOP checklist merge gate was piloted in molecule-core, but the quality bar should apply consistently across Molecule repositories. This PR installs the same local Gitea Actions workflow and script in this repo while keeping the secret source centralized through operator-config and Infisical/SSOT.

Verification

  • generated by /opt/operator-config/bin/sync-sop-checklist-gate.py
  • canonical gate files copied from operator-config/ops/sop-checklist-gate

SOP-Checklist

  • Comprehensive testing performed: Rollout generated from canonical operator-config source; target repo diff is limited to SOP gate files.
  • Local-postgres E2E run: N/A for CI workflow/script rollout.
  • Staging-smoke verified or pending: Pending on this repo's CI after PR creation.
  • Root-cause not symptom: Installs the gate in-repo and consumes centralized key-management-backed Actions secret.
  • Five-Axis review walked: Correctness, readability, architecture, security, and operations reviewed at the canonical source.
  • No backwards-compat shim / dead code added: Adds the required gate directly; no advisory-only fallback.
  • Memory/saved-feedback consulted: Follows the current Molecule SOP gate rollout decision.
## Summary - add the org-wide SOP checklist gate workflow - consume the SSOT-backed `SOP_TIER_CHECK_TOKEN` org Actions secret - require PR body checklist answers plus peer `/sop-ack` comments ## Root cause The SOP checklist merge gate was piloted in `molecule-core`, but the quality bar should apply consistently across Molecule repositories. This PR installs the same local Gitea Actions workflow and script in this repo while keeping the secret source centralized through operator-config and Infisical/SSOT. ## Verification - generated by `/opt/operator-config/bin/sync-sop-checklist-gate.py` - canonical gate files copied from `operator-config/ops/sop-checklist-gate` ## SOP-Checklist - [x] **Comprehensive testing performed**: Rollout generated from canonical operator-config source; target repo diff is limited to SOP gate files. - [x] **Local-postgres E2E run**: N/A for CI workflow/script rollout. - [x] **Staging-smoke verified or pending**: Pending on this repo's CI after PR creation. - [x] **Root-cause not symptom**: Installs the gate in-repo and consumes centralized key-management-backed Actions secret. - [x] **Five-Axis review walked**: Correctness, readability, architecture, security, and operations reviewed at the canonical source. - [x] **No backwards-compat shim / dead code added**: Adds the required gate directly; no advisory-only fallback. - [x] **Memory/saved-feedback consulted**: Follows the current Molecule SOP gate rollout decision.
hongming added 1 commit 2026-05-13 03:38:19 +00:00
ci: add SOP checklist gate 3c7208aaba
This pull request doesn't have enough required approvals yet. 0 of 2 official approvals granted.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin chore/sop-checklist-gate:chore/sop-checklist-gate
git checkout chore/sop-checklist-gate
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
agent-dev-a agent-dev-b agent-pm app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) hongming hongming-codex-laptop hongming-kimi-laptop hongming-pc2 infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) plugin-dev (Molecule AI · plugin-dev) pm release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: molecule-ai/.github#5
Delete Branch "chore/sop-checklist-gate"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?