mosaicstack/stack
1
0
Fork 0
Code Issues 22 Pull Requests 7 Actions Packages Projects Releases 13 Wiki Activity
Files
7f3e513075a88520e95a74a7ae13c22d309c34f2
stack/docs/scratchpads/t_3a368a52-gitea-login-selection.md
Hermes Agent 7f3e513075
Some checks failed
ci/woodpecker/push/ci Pipeline failed
Details
fix(git): select USC Gitea login for PR merges (#516)
2026-05-22 09:34:35 -05:00

4.9 KiB
Raw Blame History

t_3a368a52 — Gitea login selection for USC repos

Objective

Fix Mosaic git wrapper behavior so git.uscllc.com repositories use the USC Gitea/tea login instead of the Mosaic Stack login during PR merge operations.

Issue / tracking

  • Kanban: t_3a368a52
  • Gitea issue: #516 (http://git.mosaicstack.dev/mosaicstack/stack/issues/516)
  • Branch: fix/t_3a368a52-gitea-usc-login

Scope

  • In scope: Mosaic framework git wrapper scripts under packages/mosaic/framework/tools/git/ and matching framework docs.
  • Out of scope: U-Connect source, PR #1905 contents, Authentik settings, smoke credentials, and runtime infrastructure manifests.

Root cause

pr-merge.sh always built the Gitea merge command with --login ${GITEA_LOGIN:-mosaicstack}. In a git.uscllc.com/USC/uconnect repo with no explicit GITEA_LOGIN, this selected the mosaicstack tea login even though the remote host requires the usc login. While validating pr-metadata.sh, I also found that load_credentials preserves existing env vars; an ambient GITEA_TOKEN for a different account could override host-specific credential loading unless the lookup clears Gitea env vars inside the credential-loader subshell.

Plan

  1. Add regression coverage for host → tea login selection.
  2. Add shared get_gitea_login(host) helper in detect-platform.sh.
  3. Update pr-merge.sh to derive the tea login from the current remote host.
  4. Document the host mapping in framework TOOLS.md.
  5. Validate with safe fake-tea merge command captures; do not perform a real merge.

Evidence log

  • Reproduced old behavior safely from /src/uconnect with fake tea: PR #1905 command used --login mosaicstack for repo USC/uconnect.
  • RED test: bash packages/mosaic/framework/tools/git/tests/gitea-login-selection.test.sh failed because get_gitea_login did not exist.
  • RED test extension: same test failed with expected 'usc-token', got 'ambient-wrong-token', proving ambient GITEA_TOKEN could override host-specific USC credentials.
  • GREEN test: bash packages/mosaic/framework/tools/git/tests/gitea-login-selection.test.sh passed after adding host mapping and clearing Gitea env vars in the credential-loader subshell.
  • Syntax check: bash -n packages/mosaic/framework/tools/git/detect-platform.sh packages/mosaic/framework/tools/git/pr-merge.sh packages/mosaic/framework/tools/git/tests/gitea-login-selection.test.sh passed.
  • Metadata validation from /src/uconnect using the fixed wrapper source and MOSAIC_CREDENTIALS_FILE=/src/jarvis-brain/credentials.json:
    • PR #1905: number=1905 state=open base=main head=edith/t_39ce717c-authentik-smoke-gate mergeable=True.
    • PR #1869: number=1869 state=closed base=main head=fix/t_6f492e4a-cert-renewal-malformed-crt mergeable=True.
  • Safe fake-tea merge validation from /src/uconnect using the fixed wrapper source and MOSAIC_CREDENTIALS_FILE=/src/jarvis-brain/credentials.json:
    • PR #1905 command captured pr merge 1905 --style squash --repo USC/uconnect --login usc and exited through fake tea with code 42; no merge was attempted.
    • PR #1869 command captured pr merge 1869 --style squash --repo USC/uconnect --login usc and exited through fake tea with code 42; no merge was attempted.
  • ci-queue-wait.sh --purpose merge -B main -t 5 -i 1 from /src/uconnect resolved platform=gitea, branch main, SHA 49f0bce75c242eee19472ed367295658da9e56fc, state unknown, exit 0.
  • Final shell regression: bash packages/mosaic/framework/tools/git/tests/gitea-login-selection.test.sh passed, including pr-merge.sh fake-tea argv capture for USC login selection and a negative metacharacter login override test.
  • Final syntax check: bash -n packages/mosaic/framework/tools/git/detect-platform.sh packages/mosaic/framework/tools/git/pr-merge.sh packages/mosaic/framework/tools/git/pr-metadata.sh packages/mosaic/framework/tools/git/tests/gitea-login-selection.test.sh passed.
  • Independent review initially found the changed pr-merge.sh path still used string-built eval; remediated by switching GitHub/Gitea merge execution to argv arrays, validating numeric PR numbers, and rejecting unsupported characters in explicit GITEA_LOGIN overrides.
  • Workspace gates: pnpm typecheck, pnpm lint, and pnpm format:check passed after dependency install.

Current blocker/risk

ci-queue-wait.sh still reports state=unknown for U-Connect main because the Gitea commit status payload does not classify into success/failure/pending/no-status. This task fixed the wrong tea login selection path; it did not alter CI status semantics.

Full pnpm test remains blocked by unrelated gateway database setup in this Kanban workspace: gateway tests fail with PostgresError: relation "messages" does not exist (42P01) even after starting Postgres/Valkey with Docker Compose. Jaeger also fails to start because host port 16686 is already allocated. The targeted wrapper regression and repo type/lint/format gates pass.

Reference in New Issue View Git Blame Copy Permalink