fix(ci): pre-start E2E stack, free BDD disk, harden pinact/IPR#1669
Open
mkostromin-sigma wants to merge 8 commits into
Open
fix(ci): pre-start E2E stack, free BDD disk, harden pinact/IPR#1669mkostromin-sigma wants to merge 8 commits into
mkostromin-sigma wants to merge 8 commits into
Conversation
This was referenced Jul 16, 2026
fix(ci): E2E stack readiness — wait for all services; decouple setup from pytest --timeout=300
#1666
Open
mkostromin-sigma
marked this pull request as draft
July 16, 2026 18:27
This was referenced Jul 16, 2026
mkostromin-sigma
marked this pull request as ready for review
July 16, 2026 19:20
mkostromin-sigma
added a commit
to mkostromin-sigma/salesagent
that referenced
this pull request
Jul 16, 2026
Extract shared runner reclaim into .github/actions/_free-disk, document E2E pre-start + ADCP_TESTING=true verify-only path, and tighten the pytest ADCP_TESTING contract (must stay true, not merely non-empty).
mkostromin-sigma
added a commit
to mkostromin-sigma/salesagent
that referenced
this pull request
Jul 16, 2026
Pin ADCP_TESTING on the pytest step and require proxy to wait for a healthy adcp-server so compose up --wait cannot flake on 502s.
mkostromin-sigma
added a commit
to mkostromin-sigma/salesagent
that referenced
this pull request
Jul 16, 2026
Split verify (read-only signatures check + retries) from sign (CLA Assistant after API health wait). Use pull_request so the PR workflow applies; avoid Unicorn HTML failures on comments.
Stop clearing ADCP_TESTING in the E2E job (that forced fixture cold build under pytest --timeout=300). CI now builds creative-agent + compose, ups with --wait (healthchecks), then pytest verify-only. Tighten adcp-server healthcheck probes for reliable compose --wait.
Image build + /opt/venv + a second full tox env under tox_data overflowed ubuntu-latest after prebid#1613/prebid#1634, ENOSPCing uv sync. Reclaim runner disk, prune the builder cache, and cap PGDATA tmpfs for the serial e2e_rest leg.
Extract shared runner reclaim into .github/actions/_free-disk, document E2E pre-start + ADCP_TESTING=true verify-only path, and tighten the pytest ADCP_TESTING contract (must stay true, not merely non-empty).
Pin ADCP_TESTING on the pytest step and require proxy to wait for a healthy adcp-server so compose up --wait cannot flake on 502s.
Security Audit / pip-audit fail on mcp 1.27.2 (GHSA-vj7q-gjh5-988w).
pinact list-tags calls flake the Security gate when api.github.com returns 503; retry with backoff before failing.
Retries still failed on persistent list-tags 503; pinact v4 -no-api enforces SHA pins without calling api.github.com.
Split verify (read-only signatures check + retries) from sign (CLA Assistant after API health wait). Use pull_request so the PR workflow applies; avoid Unicorn HTML failures on comments.
mkostromin-sigma
force-pushed
the
fix/1667-e2e-prestart-stack
branch
from
July 16, 2026 23:32
0e2b293 to
a879fe9
Compare
mkostromin-sigma
added a commit
to mkostromin-sigma/salesagent
that referenced
this pull request
Jul 17, 2026
Port pinact v4 -no-api from prebid#1669 so SHA-pin checks do not call api.github.com and flake on Unicorn/503.
This was referenced Jul 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Unblocks red
mainCI after #1613/#1634 and hardens flaky required checks:ADCP_TESTING=true; pre-start compose (up -d --wait --wait-timeout 600) before pytest so--timeout=300only covers test bodies; tightenadcp-serverhealthcheck; proxydepends_on: service_healthy.PGDATA_TMPFS_SIZE=2gbefore in-network tox sync (folded from fix(ci): free disk before BDD In-Network tox sync #1663)._free-diskcomposite (DRY) + arch guards +docs/development/ci-pipeline.md.ADCP_TESTINGpin; stronger proxy-health / ADCP_TESTING guards.mcp>=1.28.1for CVE-2026-59950 / GHSA-vj7q-gjh5-988w (Security Audit / pip-audit).pinact run -offline=false -no-apiso GitHub API 503s do not fail the required Security job.pull_request, read-only againstsignatures/ipr-signatures.json+ghretries) from sign (issue_comment→ CLA Assistant after API health wait). Removes verify from relying on PR-comments API (Unicorn/HTML 503). Until this merges,main's legacypull_request_targetCLA check can still flake independently.Closes #1667. Closes #1662.
Test plan
make quality-ciafter rebase onto tipmain(incl. feat: validation-harness base — adcp 6.6 consolidation, e2e fixture dedup, CI e2e_rest hardening (stacked on #1417/#1430/#1567) #1585 conflict resolution)_free-disk, docs, stronger ADCP_TESTING assert