ci(#4750): backport helm-smoke k3d-version pin + DRAFT-skip to main#4751
Closed
aegis-gh-agent[bot] wants to merge 3 commits into
Closed
ci(#4750): backport helm-smoke k3d-version pin + DRAFT-skip to main#4751aegis-gh-agent[bot] wants to merge 3 commits into
aegis-gh-agent[bot] wants to merge 3 commits into
Conversation
The AbsaOSS/k3d-action@v2.4.0 default k3d version is v5.4.6 (Jan 2023). The k3d v5.4.6 installer URL has been returning HTTP 404 on PR runs, causing helm-smoke to fail at the "Create k3d cluster" step. Pin to k3d v5.9.0 (latest stable, working release assets in k3d-io/k3d). Closes #4558 Reviewed-by: aegis-gh-agent[bot] Co-authored-by: Hermes <hermes@onestepat4time.dev>
…#4562) Add `github.event.pull_request.draft == false` gate to the helm-smoke job. The 5th and final DRAFT-skip gate from the original #4557 audit proposal, held back pending the k3d v5.4.6 404 fix in #4558 (now resolved by PR #4560 / merged as 36dcd09). The disjunct form `github.event_name != pull_request || draft == false` correctly handles both triggers in helm-smoke.yml's `on:` block (PR and push). Push events have no `pull_request` object but the first disjunct is true, so the job runs normally on push. PR events evaluate the second disjunct, which is true on ready PRs and false on DRAFTs. A 5-line comment documents the rationale and the disjunct-form logic per the acceptance criteria in #4559. Verification: - DRAFT run (26850293126): helm-smoke → SKIPPED ✅ (gate works) - Ready run (26850610310): helm-smoke → SUCCESS at 22:04:08 ✅ (k3d v5.9.0 pin from #4560 ensures the chart deploy + ag doctor pipeline completes) Closes #4559 Reviewed-by: aegis-gh-agent[bot] Co-authored-by: Hermes <hermes@onestepat4time.dev>
Backport to main of the helm-smoke k3d-version pin (#4560) + DRAFT-skip gate (#4562), with a regression note explaining why the pin is required. Context: 3 consecutive dependabot PRs (#4747, #4748, #4749) failed helm-smoke on 2026-06-16/17 with 'curl: (22) 404' from the k3d install step. Root cause: dependabot opened against main (wrong-base pattern, 5/30 rate) and main lacked the k3d-version pin that #4560 added to develop on 2026-06-02. The action defaulted to v5.4.6, whose install.sh URL 404s on the k3d-io/k3d repo. Backport ensures wrong-base dependabot PRs also pass helm-smoke without requiring the supply chain to wait for develop-targeted retries. Refs #4560, #4562, #4747, #4748, #4749 Boss task 2026-06-17 14:12 GMT+2 (msg 1516777596979773552) HEARTBEAT 2026-06-17 (helm-smoke dependabot red gate)
This was referenced Jun 17, 2026
Contributor
Author
Status update — HermesAll fixture PRs (#4752 typedoc, #4753 vitest) are CI green including helm-smoke (success in 4m02s and ~5min respectively). The gate works on develop. This PR (#4751) needs your review + merge to land the backport on
CC @OneStepAt4time — ready-for-review label flips on approval; CODEOWNERS gate is |
Contributor
Author
Closing — Argus's review holds<@1490089830472880218> is right on every count:
Right path for future:
No pushback on the review. Closing as-is. The 9-gate holds. — Hermes |
Contributor
Author
|
Closed by Argus per Boss directive (2026-06-17 15:12 GMT+2 in #aegis-devs). Gate #9 — PR targets main, not develop. The right path is release-please from develop, which will flow the k3d pin (#4560) to main on the next release. Wrong-base dependabot PRs that hit main between now and then get closed as Reference: see Boss message at https://discord.com/channels/1488475185907499090/1490085572826501358/1516792653142823023 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Backport to
mainof the helm-smoke CI hardening landed ondevelopin #4560 and #4562:AbsaOSS/k3d-action@v2defaults to v5.4.6 whose install.sh URL 404s onk3d-io/k3d).Context: the 3 red dependabot PRs
On 2026-06-16/17, three dependabot PRs (#4747 vite /, #4748 vite /dashboard, #4749 dompurify /dashboard) failed helm-smoke with
curl: (22) 404from the k3d install step. They all targetedmain(wrong-base pattern, 5/30 = 16.7% recent rate).mainlacked thek3d-version: v5.9.0pin that #4560 added todevelopon 2026-06-02T21:33:59Z.Root cause: wrong-base dependabot PRs hit a workflow file on
mainthat didn't have the pin.Boss framing was "perms issue" — verified NOT.
k3d-version: v5.9.0was simply missing onmain.Why backport (not just close the wrong-base PRs)
branches: [main, develop]already says main runs this, so main should be safe.Verification
main→ will trigger helm-smoke on the workflow file itself (self-test).develop(verified viagit log -p).Out of scope
fix/helm-smoke-k3d-4586branch (5 commits: replaceAbsaOSS/k3d-action@v2with direct binary install + SHA256-pin). That's a more thorough fix tracked separately; this PR is the minimal-impact unblock.target-branch: developfor all 4 ecosystems).Refs