From ff44598b589280dd3f324b4d9f367b06d42784f9 Mon Sep 17 00:00:00 2001 From: Your Name Date: Tue, 30 Jun 2026 00:24:51 +0800 Subject: [PATCH] fix(ci): keep warning-step workflow parseable --- .gitea/workflows/awoooi-onboarding-warning-step.yaml | 12 +++++++++++- .../test_p0_cicd_baseline_source_readiness_api.py | 2 ++ ...woooi-gitea-onboarding-warning-step.workflow.yaml | 12 +++++++++++- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/awoooi-onboarding-warning-step.yaml b/.gitea/workflows/awoooi-onboarding-warning-step.yaml index 59c7aa18..4ac65c2e 100644 --- a/.gitea/workflows/awoooi-onboarding-warning-step.yaml +++ b/.gitea/workflows/awoooi-onboarding-warning-step.yaml @@ -3,7 +3,7 @@ # Controlled-copy default: # - no push / pull_request / pull_request_target trigger # - no generic runner labels -# - job is disabled until a separate controlled gate changes the switch +# - runtime warning-step job is disabled until a separate controlled gate changes the switch # - no secrets, host writes, workflow dispatch from Codex, or runtime apply name: AWOOOI Onboarding Warning Step @@ -15,6 +15,16 @@ env: AWOOOI_ONBOARDING_WARNING_STEP_EXECUTION_ENABLED: "0" jobs: + workflow-shape: + # Gitea 1.25 can mark a workflow invalid when every root job has a job-level + # `if`. Keep this no-op root job so the template remains parseable while + # the runtime warning-step job below stays fail-closed. + runs-on: awoooi-non110-host + timeout-minutes: 1 + steps: + - name: Confirm fail-closed warning-step workflow shape + run: echo "warning-step runtime job remains disabled by default." + warning-step: if: ${{ env.AWOOOI_ONBOARDING_WARNING_STEP_EXECUTION_ENABLED == '1' }} runs-on: awoooi-non110-host diff --git a/apps/api/tests/test_p0_cicd_baseline_source_readiness_api.py b/apps/api/tests/test_p0_cicd_baseline_source_readiness_api.py index 52418637..c3cdf3b4 100644 --- a/apps/api/tests/test_p0_cicd_baseline_source_readiness_api.py +++ b/apps/api/tests/test_p0_cicd_baseline_source_readiness_api.py @@ -271,6 +271,8 @@ def test_warning_step_template_copy_is_fail_closed_and_pressure_guarded(): assert forbidden not in workflow assert "workflow_dispatch:" in workflow + assert "workflow-shape:" in workflow + assert "Confirm fail-closed warning-step workflow shape" in workflow assert "runs-on: awoooi-non110-host" in workflow assert 'AWOOOI_ONBOARDING_WARNING_STEP_EXECUTION_ENABLED: "0"' in workflow assert "ops/runner/guard-gitea-runner-pressure.py --root ." in workflow diff --git a/docs/operations/templates/awoooi-gitea-onboarding-warning-step.workflow.yaml b/docs/operations/templates/awoooi-gitea-onboarding-warning-step.workflow.yaml index 59c7aa18..4ac65c2e 100644 --- a/docs/operations/templates/awoooi-gitea-onboarding-warning-step.workflow.yaml +++ b/docs/operations/templates/awoooi-gitea-onboarding-warning-step.workflow.yaml @@ -3,7 +3,7 @@ # Controlled-copy default: # - no push / pull_request / pull_request_target trigger # - no generic runner labels -# - job is disabled until a separate controlled gate changes the switch +# - runtime warning-step job is disabled until a separate controlled gate changes the switch # - no secrets, host writes, workflow dispatch from Codex, or runtime apply name: AWOOOI Onboarding Warning Step @@ -15,6 +15,16 @@ env: AWOOOI_ONBOARDING_WARNING_STEP_EXECUTION_ENABLED: "0" jobs: + workflow-shape: + # Gitea 1.25 can mark a workflow invalid when every root job has a job-level + # `if`. Keep this no-op root job so the template remains parseable while + # the runtime warning-step job below stays fail-closed. + runs-on: awoooi-non110-host + timeout-minutes: 1 + steps: + - name: Confirm fail-closed warning-step workflow shape + run: echo "warning-step runtime job remains disabled by default." + warning-step: if: ${{ env.AWOOOI_ONBOARDING_WARNING_STEP_EXECUTION_ENABLED == '1' }} runs-on: awoooi-non110-host