ldraney/pal-e-platform
1
0
Fork 0
Code Issues 91 Pull requests 5 Projects Releases Packages Wiki Activity Actions

Add cross-pillar review Woodpecker step #62

New issue
Closed
opened 2026-03-14 20:01:39 +00:00 by forgejo_admin · 0 comments
forgejo_admin commented 2026-03-14 20:01:39 +00:00
Contributor
Copy link

Lineage

plan-pal-e-agency → Phase 9 → 9h (Woodpecker trigger step)

Repo

forgejo_admin/pal-e-platform

User Story

As Betty Sue (main session coordinator)
I want cross-pillar trigger patterns to automatically create review issues when platform merges affect agency artifacts
So that SOPs and conventions stay in sync with infrastructure reality without manual vigilance

Context

Platform Phase 6.3/6.4 landed CI plan-on-PR and apply-on-merge. The cross-pillar trigger pattern (convention-cross-pillar-triggers) defines three maturity levels. Level 1 (manual convention check during /update-docs) is live. This issue implements Level 2: automated Woodpecker trigger.

When a merge to main changes files matching cross-pillar patterns, a new Woodpecker pipeline step should auto-create a Forgejo issue on this repo prompting an agency review.

The 9j cross-pillar review of sop-secrets-management proved the pattern's value — it found 6 real gaps. Automating the trigger ensures we never miss one.

File Targets

Files to modify:

  • .woodpecker.yaml — add a cross-pillar-review step that runs on push to main, after apply

Files NOT to touch:

  • terraform/ — no infrastructure changes
  • salt/ — no config changes

Implementation Spec

New step: cross-pillar-review

  • Image: alpine:3.19 (lightweight — only needs git, curl, jq)
  • When: event: push, branch: main
  • Depends on: apply (run after deploy completes)
  • Secrets: forgejo_token (from_secret) — NOTE: this secret currently has events: [pull_request] only. Must update to events: [push, pull_request] before this will work. Use mcp__woodpecker__update_repo_secret or document as a manual pre-step.

Logic:

  1. git diff HEAD~1 --name-only to get changed files
  2. Match against trigger patterns:
    • .woodpecker* → "CI pipeline behavior change"
    • terraform/modules/*/main.tf → "New/changed infra module"
    • salt/ → "Salt configuration change"
  3. If no patterns match → exit 0 (skip silently)
  4. If patterns match → create Forgejo issue via API:
    • Title: [Cross-Pillar Review] pal-e-platform — {commit subject}
    • Body: trigger patterns matched, changed files list, suggested SOPs to review, link to convention-cross-pillar-triggers
    • POST to https://forgejo.tail5b443a.ts.net/api/v1/repos/${CI_REPO}/issues

Edge cases:

  • Truncate changed files list if >50 lines (large merges)
  • This step's own addition will trigger on first run (.woodpecker.yaml changed) — that's fine, it's meta-appropriate
  • Step failure should NOT block the pipeline — use failure: ignore if Woodpecker supports it, otherwise || true on the curl

Acceptance Criteria

  • When a PR merging .woodpecker.yaml changes lands on main, a [Cross-Pillar Review] issue is auto-created
  • When a PR merging only terraform/k3s.tfvars lands on main, no issue is created (not a trigger pattern)
  • When a PR merging terraform/modules/harbor/main.tf lands, an issue IS created
  • Issue body contains: commit SHA, matched patterns, changed files, review checklist
  • Step failure does not block the apply step or pipeline

Test Expectations

  • Manual verification: merge a test PR touching .woodpecker.yaml and confirm issue appears
  • Verify forgejo_token secret has push events enabled before testing

Constraints

  • Match the existing step style in .woodpecker.yaml (environment block, command list)
  • Use curl + jq for Forgejo API calls (same pattern as the plan step's PR comment)
  • Do NOT install heavy dependencies — apk add --no-cache git curl jq only
  • The forgejo_token repo secret must be updated to allow push events — include a note in the PR description about this pre-requisite

Checklist

  • PR opened
  • forgejo_token secret events updated
  • No unrelated changes

Related

  • project-pal-e-agency — this is the process pillar's Level 2 cross-pillar automation
  • convention-cross-pillar-triggers — defines the pattern, file triggers, and maturity levels
  • sop-secrets-management — the 9j review that proved this pattern works
  • phase-pal-e-agency-9-ci-driven-operating-model — parent phase
### Lineage `plan-pal-e-agency` → Phase 9 → 9h (Woodpecker trigger step) ### Repo `forgejo_admin/pal-e-platform` ### User Story As Betty Sue (main session coordinator) I want cross-pillar trigger patterns to automatically create review issues when platform merges affect agency artifacts So that SOPs and conventions stay in sync with infrastructure reality without manual vigilance ### Context Platform Phase 6.3/6.4 landed CI plan-on-PR and apply-on-merge. The cross-pillar trigger pattern (`convention-cross-pillar-triggers`) defines three maturity levels. Level 1 (manual convention check during /update-docs) is live. This issue implements **Level 2: automated Woodpecker trigger**. When a merge to main changes files matching cross-pillar patterns, a new Woodpecker pipeline step should auto-create a Forgejo issue on this repo prompting an agency review. The 9j cross-pillar review of `sop-secrets-management` proved the pattern's value — it found 6 real gaps. Automating the trigger ensures we never miss one. ### File Targets Files to modify: - `.woodpecker.yaml` — add a `cross-pillar-review` step that runs on `push` to `main`, after `apply` Files NOT to touch: - `terraform/` — no infrastructure changes - `salt/` — no config changes ### Implementation Spec **New step: `cross-pillar-review`** - **Image:** `alpine:3.19` (lightweight — only needs git, curl, jq) - **When:** `event: push`, `branch: main` - **Depends on:** `apply` (run after deploy completes) - **Secrets:** `forgejo_token` (from_secret) — **NOTE:** this secret currently has `events: [pull_request]` only. Must update to `events: [push, pull_request]` before this will work. Use `mcp__woodpecker__update_repo_secret` or document as a manual pre-step. **Logic:** 1. `git diff HEAD~1 --name-only` to get changed files 2. Match against trigger patterns: - `.woodpecker*` → "CI pipeline behavior change" - `terraform/modules/*/main.tf` → "New/changed infra module" - `salt/` → "Salt configuration change" 3. If no patterns match → exit 0 (skip silently) 4. If patterns match → create Forgejo issue via API: - **Title:** `[Cross-Pillar Review] pal-e-platform — {commit subject}` - **Body:** trigger patterns matched, changed files list, suggested SOPs to review, link to `convention-cross-pillar-triggers` - **POST** to `https://forgejo.tail5b443a.ts.net/api/v1/repos/${CI_REPO}/issues` **Edge cases:** - Truncate changed files list if >50 lines (large merges) - This step's own addition will trigger on first run (`.woodpecker.yaml` changed) — that's fine, it's meta-appropriate - Step failure should NOT block the pipeline — use `failure: ignore` if Woodpecker supports it, otherwise `|| true` on the curl ### Acceptance Criteria - [ ] When a PR merging `.woodpecker.yaml` changes lands on main, a `[Cross-Pillar Review]` issue is auto-created - [ ] When a PR merging only `terraform/k3s.tfvars` lands on main, no issue is created (not a trigger pattern) - [ ] When a PR merging `terraform/modules/harbor/main.tf` lands, an issue IS created - [ ] Issue body contains: commit SHA, matched patterns, changed files, review checklist - [ ] Step failure does not block the apply step or pipeline ### Test Expectations - [ ] Manual verification: merge a test PR touching `.woodpecker.yaml` and confirm issue appears - [ ] Verify `forgejo_token` secret has push events enabled before testing ### Constraints - Match the existing step style in `.woodpecker.yaml` (environment block, command list) - Use `curl` + `jq` for Forgejo API calls (same pattern as the plan step's PR comment) - Do NOT install heavy dependencies — `apk add --no-cache git curl jq` only - The `forgejo_token` repo secret must be updated to allow `push` events — include a note in the PR description about this pre-requisite ### Checklist - [ ] PR opened - [ ] `forgejo_token` secret events updated - [ ] No unrelated changes ### Related - `project-pal-e-agency` — this is the process pillar's Level 2 cross-pillar automation - `convention-cross-pillar-triggers` — defines the pattern, file triggers, and maturity levels - `sop-secrets-management` — the 9j review that proved this pattern works - `phase-pal-e-agency-9-ci-driven-operating-model` — parent phase
forgejo_admin 2026-03-14 20:10:06 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix-gem-bin-path
netpol-westside-ror
fix-woodpecker-multi-pipeline
345-harbor-mobile-css
290-payment-pipeline-observability
spec-board-centric-renderer
284-fix-add-pal-e-docs-namespace-to-postgres
284-add-pal-e-docs-postgres-netpol
188-cross-repo-worktree-isolation-for-parall
111-fix-keycloak-probe
86-fix-rotate-woodpecker-api-token-in-salt
71-feat-deploy-pyrra-slo-manager-with-servi
64-hotfix-woodpecker-oauth-login-broken-for
18-fix-grafana-duplicate-default-datasource-v2
18-fix-grafana-duplicate-default-datasource
13-fix-cnpg-all-parameters
No results found.
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/pal-e-platform#62
No description provided.