Skip to content

validate: ignore cla-bot status when gating release builds#21

Merged
ValentaTomas merged 1 commit into
mainfrom
skip-cla-bot-status-check
May 12, 2026
Merged

validate: ignore cla-bot status when gating release builds#21
ValentaTomas merged 1 commit into
mainfrom
skip-cla-bot-status-check

Conversation

@ValentaTomas
Copy link
Copy Markdown
Member

@ValentaTomas ValentaTomas commented May 12, 2026

Summary

check_ci_status() in the release workflow refuses to build when upstream CI is red. cla-bot publishes verification/cla-signed via the legacy commit-status API and that status is permanently failing on every direct-mem / hint backport branch in e2b-dev/firecracker (e.g. PR #8) because the backport commits are authored by upstream maintainers we don't have a CLA for (ilstam, ShadowCurse, JackThomson2, Manciukic, zulinx86). Those contributors aren't going to sign our CLA, so we need a way to ship the build anyway.

This PR filters an IGNORED_STATUS_CONTEXTS set (currently just verification/cla-signed) out of the combined-status response before rolling up pass/fail/pending. Real CI failures alongside the CLA failure still block — covered by a regression test. IGNORED_CHECK_NAMES is the parallel knob for the Checks API if a check-run-based bot ever lands in the same situation.

Test plan

  • Manual run of the relevant cases (cla-only filtered → pass; cla + real failure → blocks; pre-existing no-statuses-array fallback → unchanged).
  • Unit tests pass in CI (cannot run pytest locally; verified the logic with a mocked-out smoke script).
  • Trigger release.yml against the firecracker-v1.14-direct-mem branch's HEAD and confirm it gets past the validate step.

@ValentaTomas
validate: ignore cla-bot status when gating release builds
443e71c 
The release workflow calls check_ci_status() to refuse builds when
upstream CI is red. cla-bot reports verification/cla-signed via the
legacy commit-status API and that status is permanently red on every
direct-mem / hint backport branch in e2b-dev/firecracker because the
backports carry commits authored by upstream maintainers we don't have
a CLA for (ilstam, ShadowCurse, JackThomson2, Manciukic, zulinx86).
Those contributors aren't going to sign our CLA, so the status will
stay red and we still need to ship those builds.

Filter IGNORED_STATUS_CONTEXTS out of the combined-status response and
recompute the rollup. Real CI failures alongside the CLA failure still
block (test covers it). IGNORED_CHECK_NAMES gives a parallel knob for
the Checks API if a check-run-based bot ever ends up in the same spot.
@cla-bot cla-bot Bot added the cla-signed label May 12, 2026
@cursor
Copy link
Copy Markdown

cursor Bot commented May 12, 2026
edited
Loading

PR Summary

Medium Risk
Moderate risk because it changes the CI-gating logic for release builds and could allow builds to proceed when GitHub status rollups are miscomputed or ignored contexts expand unintentionally.

Overview
The CI gate in check_ci_status() now filters out verification/cla-signed (and has a parallel hook for Checks API) and recomputes the combined status rollup, which can let a build proceed even when the GitHub combined-status endpoint reports failure.

The new GitHub API calls use leading-slash endpoints (unlike other calls in the file), which may break gh api depending on how it normalizes paths, and the new behavior depends on the presence/shape of the statuses array in the combined-status response.

Reviewed by Cursor Bugbot for commit 443e71c. Bugbot is set up for automated code reviews on this repo. Configure here.

@ValentaTomas ValentaTomas marked this pull request as ready for review May 12, 2026 22:24
@ValentaTomas ValentaTomas requested a review from djeebus May 12, 2026 22:37
@ValentaTomas ValentaTomas enabled auto-merge (squash) May 12, 2026 22:37
@ValentaTomas ValentaTomas merged commit eeb7fd4 into main May 12, 2026
7 checks passed
@ValentaTomas ValentaTomas deleted the skip-cla-bot-status-check branch May 12, 2026 22:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@djeebus djeebus djeebus approved these changes

Assignees

No one assigned

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ValentaTomas @djeebus