|
|
|
@@ -44,7 +44,10 @@ REQUIRED_CONTEXTS_RAW = _env(
|
|
|
|
|
"REQUIRED_CONTEXTS",
|
|
|
|
|
default=(
|
|
|
|
|
"CI / all-required (pull_request),"
|
|
|
|
|
"sop-checklist / all-items-acked (pull_request)"
|
|
|
|
|
"sop-checklist / all-items-acked (pull_request),"
|
|
|
|
|
"E2E Chat / E2E Chat (pull_request),"
|
|
|
|
|
"qa-review / approved (pull_request),"
|
|
|
|
|
"security-review / approved (pull_request)"
|
|
|
|
|
),
|
|
|
|
|
)
|
|
|
|
|
# Required contexts for push (main/staging) runs. The push CI uses the same
|
|
|
|
@@ -153,15 +156,38 @@ def latest_statuses_by_context(statuses: list[dict]) -> dict[str, dict]:
|
|
|
|
|
return latest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _is_tier_low_pending_ok(
|
|
|
|
|
latest_statuses: dict[str, dict],
|
|
|
|
|
context: str,
|
|
|
|
|
pr_labels: set[str],
|
|
|
|
|
) -> bool:
|
|
|
|
|
"""Return True if tier:low PR can tolerate sop-checklist pending state.
|
|
|
|
|
|
|
|
|
|
Per sop-checklist-config.yaml tier_failure_mode, tier:low uses soft-fail:
|
|
|
|
|
sop-checklist posts state=pending when acks are satisfied (missing
|
|
|
|
|
manager/ceo acks are informational only). The queue should accept
|
|
|
|
|
pending instead of waiting for success.
|
|
|
|
|
"""
|
|
|
|
|
if "tier:low" not in pr_labels:
|
|
|
|
|
return False
|
|
|
|
|
if "sop-checklist" not in context:
|
|
|
|
|
return False
|
|
|
|
|
status = latest_statuses.get(context) or {}
|
|
|
|
|
return status_state(status) == "pending"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def required_contexts_green(
|
|
|
|
|
latest_statuses: dict[str, dict],
|
|
|
|
|
contexts: list[str],
|
|
|
|
|
pr_labels: set[str] | None = None,
|
|
|
|
|
) -> tuple[bool, list[str]]:
|
|
|
|
|
missing_or_bad: list[str] = []
|
|
|
|
|
for context in contexts:
|
|
|
|
|
status = latest_statuses.get(context)
|
|
|
|
|
state = status_state(status or {})
|
|
|
|
|
if state != "success":
|
|
|
|
|
if pr_labels and _is_tier_low_pending_ok(latest_statuses, context, pr_labels):
|
|
|
|
|
continue # tier:low soft-fail: accept pending sop-checklist
|
|
|
|
|
missing_or_bad.append(f"{context}={state or 'missing'}")
|
|
|
|
|
return not missing_or_bad, missing_or_bad
|
|
|
|
|
|
|
|
|
@@ -214,6 +240,7 @@ def evaluate_merge_readiness(
|
|
|
|
|
pr_status: dict,
|
|
|
|
|
required_contexts: list[str],
|
|
|
|
|
pr_has_current_base: bool,
|
|
|
|
|
pr_labels: set[str] | None = None,
|
|
|
|
|
) -> MergeDecision:
|
|
|
|
|
# Check push-required contexts explicitly instead of combined state.
|
|
|
|
|
# Combined state can be "failure" due to non-blocking jobs
|
|
|
|
@@ -233,7 +260,7 @@ def evaluate_merge_readiness(
|
|
|
|
|
# The required_contexts list is the authoritative gate — it includes only
|
|
|
|
|
# the checks that actually block merges.
|
|
|
|
|
latest = latest_statuses_by_context(pr_status.get("statuses") or [])
|
|
|
|
|
ok, missing_or_bad = required_contexts_green(latest, required_contexts)
|
|
|
|
|
ok, missing_or_bad = required_contexts_green(latest, required_contexts, pr_labels)
|
|
|
|
|
if not ok:
|
|
|
|
|
return MergeDecision(False, "wait", "required contexts not green: " + ", ".join(missing_or_bad))
|
|
|
|
|
return MergeDecision(True, "merge", "ready")
|
|
|
|
@@ -258,27 +285,32 @@ def get_combined_status(sha: str) -> dict:
|
|
|
|
|
_, combined = api("GET", f"/repos/{OWNER}/{NAME}/commits/{sha}/status")
|
|
|
|
|
if not isinstance(combined, dict):
|
|
|
|
|
raise ApiError(f"status for {sha} response not object")
|
|
|
|
|
# Fetch full statuses list; 200 covers >99% of real-world runs.
|
|
|
|
|
# The list is ordered ascending by id (oldest first) — callers must
|
|
|
|
|
# iterate in reverse to get the newest entry per context.
|
|
|
|
|
# Best-effort: large repos (main with 550+ statuses) may time out.
|
|
|
|
|
# On timeout, fall back to the statuses[] already in the combined
|
|
|
|
|
# response (usually 30 entries — enough for most PRs, enough for
|
|
|
|
|
# main's early push-required contexts).
|
|
|
|
|
combined_statuses: list[dict] = combined.get("statuses") or []
|
|
|
|
|
try:
|
|
|
|
|
_, all_statuses = api(
|
|
|
|
|
_, all_statuses_raw = api(
|
|
|
|
|
"GET",
|
|
|
|
|
f"/repos/{OWNER}/{NAME}/commits/{sha}/statuses",
|
|
|
|
|
query={"limit": "50"},
|
|
|
|
|
)
|
|
|
|
|
if isinstance(all_statuses, list):
|
|
|
|
|
combined["statuses"] = all_statuses
|
|
|
|
|
if isinstance(all_statuses_raw, list):
|
|
|
|
|
all_statuses: list[dict] = list(all_statuses_raw)
|
|
|
|
|
else:
|
|
|
|
|
all_statuses = []
|
|
|
|
|
except (ApiError, urllib.error.URLError, TimeoutError, OSError) as exc:
|
|
|
|
|
# URLError covers network-level failures (DNS, refused, timeout).
|
|
|
|
|
# TimeoutError and OSError cover socket-level timeouts.
|
|
|
|
|
sys.stderr.write(f"::warning::could not fetch full statuses list for {sha[:8]}: {exc}\n")
|
|
|
|
|
# Fall back to the statuses[] already in the combined response.
|
|
|
|
|
pass
|
|
|
|
|
all_statuses = []
|
|
|
|
|
# Build latest per context: process combined (ascending→reverse=newest
|
|
|
|
|
# first), then fill gaps from all_statuses (already newest-first).
|
|
|
|
|
latest: dict[str, dict] = {}
|
|
|
|
|
for status in reversed(sorted(combined_statuses, key=lambda s: s.get("id") or 0)):
|
|
|
|
|
ctx = status.get("context")
|
|
|
|
|
if isinstance(ctx, str) and ctx not in latest:
|
|
|
|
|
latest[ctx] = status
|
|
|
|
|
for status in all_statuses:
|
|
|
|
|
ctx = status.get("context")
|
|
|
|
|
if isinstance(ctx, str) and ctx not in latest:
|
|
|
|
|
latest[ctx] = status
|
|
|
|
|
combined["statuses"] = list(latest.values())
|
|
|
|
|
return combined
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@@ -319,6 +351,25 @@ def post_comment(pr_number: int, body: str, *, dry_run: bool) -> None:
|
|
|
|
|
api("POST", f"/repos/{OWNER}/{NAME}/issues/{pr_number}/comments", body={"body": body})
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def add_hold_label(pr_number: int, *, dry_run: bool) -> None:
|
|
|
|
|
"""Apply the hold label so the queue skips this PR and processes the next."""
|
|
|
|
|
print(f"::notice::adding `{HOLD_LABEL}` to PR #{pr_number}")
|
|
|
|
|
if dry_run:
|
|
|
|
|
return
|
|
|
|
|
try:
|
|
|
|
|
api(
|
|
|
|
|
"POST",
|
|
|
|
|
f"/repos/{OWNER}/{NAME}/issues/{pr_number}/labels",
|
|
|
|
|
body={"labels": [HOLD_LABEL]},
|
|
|
|
|
)
|
|
|
|
|
except ApiError as exc:
|
|
|
|
|
# 404 = PR already closed/deleted; 422 = label already present (Gitea
|
|
|
|
|
# returns 422 for duplicate label assignment — not a real error).
|
|
|
|
|
if "404" in str(exc) or "422" in str(exc):
|
|
|
|
|
return
|
|
|
|
|
sys.stderr.write(f"::warning::could not add hold label to PR #{pr_number}: {exc}\n")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def update_pull(pr_number: int, *, dry_run: bool) -> None:
|
|
|
|
|
print(f"::notice::updating PR #{pr_number} with base branch via style={UPDATE_STYLE}")
|
|
|
|
|
if dry_run:
|
|
|
|
@@ -394,11 +445,13 @@ def process_once(*, dry_run: bool = False) -> int:
|
|
|
|
|
commits = get_pull_commits(pr_number)
|
|
|
|
|
current_base = pr_has_current_base(pr, commits, main_sha)
|
|
|
|
|
pr_status = get_combined_status(head_sha)
|
|
|
|
|
pr_labels = label_names(pr)
|
|
|
|
|
decision = evaluate_merge_readiness(
|
|
|
|
|
main_status=main_status,
|
|
|
|
|
pr_status=pr_status,
|
|
|
|
|
required_contexts=contexts,
|
|
|
|
|
pr_has_current_base=current_base,
|
|
|
|
|
pr_labels=pr_labels,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
print(f"::notice::PR #{pr_number} decision={decision.action}: {decision.reason}")
|
|
|
|
@@ -413,6 +466,22 @@ def process_once(*, dry_run: bool = False) -> int:
|
|
|
|
|
dry_run=dry_run,
|
|
|
|
|
)
|
|
|
|
|
return 0
|
|
|
|
|
if decision.action == "wait":
|
|
|
|
|
# Required contexts are not green. Auto-hold so the queue stops cycling
|
|
|
|
|
# on this PR and processes the next. Holds are removed manually once the
|
|
|
|
|
# blocker (e.g. qa/sec gate, missing SOP_TIER_CHECK_TOKEN) is resolved.
|
|
|
|
|
add_hold_label(pr_number, dry_run=dry_run)
|
|
|
|
|
post_comment(
|
|
|
|
|
pr_number,
|
|
|
|
|
(
|
|
|
|
|
f"merge-queue: auto-held — required contexts not green: "
|
|
|
|
|
f"{decision.reason}. "
|
|
|
|
|
"Remove the `merge-queue-hold` label and re-label `merge-queue` "
|
|
|
|
|
"to restart queue processing once the blocker is resolved."
|
|
|
|
|
),
|
|
|
|
|
dry_run=dry_run,
|
|
|
|
|
)
|
|
|
|
|
return 0
|
|
|
|
|
if decision.ready:
|
|
|
|
|
latest_main_sha = get_branch_head(WATCH_BRANCH)
|
|
|
|
|
if latest_main_sha != main_sha:
|
|
|
|
@@ -424,10 +493,29 @@ def process_once(*, dry_run: bool = False) -> int:
|
|
|
|
|
try:
|
|
|
|
|
merge_pull(pr_number, dry_run=dry_run)
|
|
|
|
|
except MergePermissionError as exc:
|
|
|
|
|
# Permanent merge failure (HTTP 403/404/405). Post a comment so
|
|
|
|
|
# maintainers know why, then return 0 so this tick is done.
|
|
|
|
|
# The PR stays in the queue; future ticks can retry after the
|
|
|
|
|
# permission issue is resolved.
|
|
|
|
|
# HTTP 403/404/405. Distinguish status-check gate (405 with
|
|
|
|
|
# "Not all required status checks") from a genuine permission
|
|
|
|
|
# error. Case-insensitive match — Gitea uses "Not all required..."
|
|
|
|
|
# (capital N) while other paths may return lowercase.
|
|
|
|
|
msg_lower = str(exc).lower()
|
|
|
|
|
is_status_check_failure = "not all required status checks successful" in msg_lower
|
|
|
|
|
if is_status_check_failure:
|
|
|
|
|
# Gitea's merge gate blocked us — a required context (e.g.
|
|
|
|
|
# E2E Chat, qa-review, security-review) is failing. Auto-add
|
|
|
|
|
# hold so the queue skips this PR and processes the next.
|
|
|
|
|
add_hold_label(pr_number, dry_run=dry_run)
|
|
|
|
|
post_comment(
|
|
|
|
|
pr_number,
|
|
|
|
|
(
|
|
|
|
|
"merge-queue: merge blocked by Gitea's status-check gate "
|
|
|
|
|
"(E2E Chat, qa-review, security-review, or other required "
|
|
|
|
|
"context failing). Auto-held via `merge-queue-hold`. "
|
|
|
|
|
"Remove the hold label to requeue once CI is green."
|
|
|
|
|
),
|
|
|
|
|
dry_run=dry_run,
|
|
|
|
|
)
|
|
|
|
|
return 0
|
|
|
|
|
# Genuine permission error — token lacks Can-merge.
|
|
|
|
|
sys.stderr.write(f"::error::merge permission error for PR #{pr_number}: {exc}\n")
|
|
|
|
|
post_comment(
|
|
|
|
|
pr_number,
|
|
|
|
|
infra-runtime-be
core-devops
hongming-pc2
core-uiux