Skip to content

Fix CodeQL gate lookup for busy queues#820

Merged
DeusData merged 1 commit into
DeusData:mainfrom
SS-42:fix/codeql-gate-head-sha
Jul 3, 2026
Merged

Fix CodeQL gate lookup for busy queues#820
DeusData merged 1 commit into
DeusData:mainfrom
SS-42:fix/codeql-gate-head-sha

Conversation

@SS-42

@SS-42 SS-42 commented Jul 3, 2026

Copy link
Copy Markdown

Summary

  • query CodeQL workflow runs with the REST API head_sha filter instead of scanning only the latest 5 runs
  • keep the existing wait loop and success/failure handling unchanged

Evidence

Several active PRs had security / codeql-gate time out with no run yet... while their CodeQL SAST run on the same head SHA had already completed successfully. In a busy Actions queue, the matching CodeQL run can fall out of the first 5 workflow runs before the gate sees it.

Verified the replacement query returns success completed for the affected head SHAs from #782, #784, and #812.

Verification

  • git diff --check
  • ruby -e 'require "yaml"; YAML.load_file(".github/workflows/_security.yml"); puts "yaml ok"'
  • gh api "repos/DeusData/codebase-memory-mcp/actions/workflows/codeql.yml/runs?head_sha=<sha>&per_page=1" --jq '.workflow_runs[] | "\(.conclusion) \(.status)"' for the affected SHA values

Signed-off-by: SS-42 <noreply@incogni.to>
@SS-42 SS-42 requested a review from DeusData as a code owner July 3, 2026 19:35
@DeusData DeusData merged commit 3ee05c1 into DeusData:main Jul 3, 2026
13 checks passed
@DeusData

DeusData commented Jul 3, 2026

Copy link
Copy Markdown
Owner

Thank you for the sharp diagnosis and the surgical fix — the newest-5-runs window falling behind on a busy queue was exactly what took down half of today's PR fleet (and retroactively explains earlier gate flakes we'd worked around with re-trigger commits). Server-side head_sha filtering is the right call, and the enforcement predicate stays untouched. Admin-merged ahead of the queued test matrix (workflow-only change, checks were only queue-blocked) to unblock the backlog. Much appreciated!

DeusData added a commit that referenced this pull request Jul 3, 2026
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
DeusData added a commit that referenced this pull request Jul 3, 2026
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
DeusData added a commit that referenced this pull request Jul 3, 2026
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
DeusData added a commit that referenced this pull request Jul 3, 2026
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
DeusData added a commit that referenced this pull request Jul 3, 2026
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
DeusData added a commit that referenced this pull request Jul 3, 2026
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
DeusData added a commit that referenced this pull request Jul 3, 2026
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
DeusData added a commit that referenced this pull request Jul 3, 2026
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
DeusData added a commit that referenced this pull request Jul 3, 2026
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
DeusData added a commit that referenced this pull request Jul 3, 2026
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
DeusData added a commit that referenced this pull request Jul 3, 2026
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
DeusData added a commit that referenced this pull request Jul 3, 2026
Signed-off-by: Martin Vogel <martin.vogel.tech@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants