From 4f041de3c50e3db5739bb110944db037b92f641f Mon Sep 17 00:00:00 2001 From: Rene Cannao Date: Sat, 23 May 2026 15:46:06 +0000 Subject: [PATCH] ci(trigger): tolerate per-call HTTP 401 in cleanup step (fixes #5811) `CI-trigger`'s "Trigger workflow_run[completed]" step does opportunistic housekeeping by listing every skipped run in the repo and trying to delete each one. Some of those runs (typically from forked PRs, other branches, or older retention windows) are not deletable by the PR-scoped `GITHUB_TOKEN`, which surfaces as `HTTP 401: Bad credentials` on the individual `gh run delete` call. The original pipeline used `xargs -r -n1 gh run delete`, which propagates the first non-zero exit and fails the whole step. That in turn marks the `CI-trigger` job conclusion as `failure`, and every downstream test workflow that gates on `workflow_run.conclusion == 'success'` (legacy-g*, mysql84-*, mysql84-gr-*, set_parser_algorithm_3-g1, ...) is silently skipped. Net result: a non-critical housekeeping failure blocks the entire test matrix for the PR. It's been the recurring cause of "why is CI failing on my PR" today, biting PR #5803, PR #5809, and others. Switch from `xargs` to a `while read` loop so per-call failures are caught individually, logged for visibility, and don't abort the step. Cleanup scope is unchanged (still repo-wide, still capped at the most recent 100 skipped runs) -- only the error-handling behavior changes. --- .github/workflows/ci-trigger.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-trigger.yml b/.github/workflows/ci-trigger.yml index b8657c9b96..c883b87113 100644 --- a/.github/workflows/ci-trigger.yml +++ b/.github/workflows/ci-trigger.yml @@ -40,6 +40,18 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | echo "Cleanup skipped ..." - gh -R ${{ github.repository }} run list -s skipped -L 100 --json databaseId -q '.[].databaseId' | xargs -r -n1 gh -R ${{ github.repository }} run delete + # Housekeeping only: opportunistically delete skipped runs. Per-call + # failures (typically HTTP 401 "Bad credentials" on runs that the + # PR-scoped GITHUB_TOKEN does not have rights to delete -- e.g. runs + # from forked PRs or other branches) MUST NOT fail this step, + # because failing this step marks the CI-trigger job as 'failure', + # which prevents every downstream test workflow from firing (they + # gate on workflow_run.conclusion == 'success'). See issue #5811. + gh -R ${{ github.repository }} run list -s skipped -L 100 --json databaseId -q '.[].databaseId' \ + | while read -r id; do + if ! gh -R ${{ github.repository }} run delete "$id" 2>&1; then + echo " skip run $id (no rights / already gone)" + fi + done echo "Triggered workflow_run[completed]: '${{ github.ref_name }} ${{ github.workflow }} ${{ github.sha }}'"