Skip to content

CI pipeline reliability: netapi key-leak, event tagger, and docs dedup fixes (#69728, #69730, #69724)#69733

Merged
dwoz merged 6 commits into
saltstack:3006.xfrom
ggiesen:fix-ci-pipeline-omnibus
Jul 9, 2026
Merged

CI pipeline reliability: netapi key-leak, event tagger, and docs dedup fixes (#69728, #69730, #69724)#69733
dwoz merged 6 commits into
saltstack:3006.xfrom
ggiesen:fix-ci-pipeline-omnibus

Conversation

@ggiesen

@ggiesen ggiesen commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

What does this PR do?

Bundles the CI pipeline reliability fixes that are individually open as #69725, #69729 and #69731. They are combined here because none can demonstrate a green 3006.x PR run on its own: the Rocky/Ubuntu integration jobs only go green when the test-isolation and event-handling fixes are present together, so a single branch carrying all of them is the only way to show the pipeline actually recovers.

Contents (each is a clean, separately-reviewable commit):

What issues does this PR fix or reference?

Fixes #69724
Fixes #69728
Fixes #69730
Fixes #69738

Diagnosis

The Rocky Linux 9 and Ubuntu 24.04 integration failures on 3006.x PRs are one root cause with several faces. The leaked minion keys (#69728) make netapi * targeting match dead minions, and while the master waits on those minions the event stream backs up, so unrelated commands (jinja.load_map, state.orchestrate, netapi POSTs) time out at 50 s. The event tagger crash (#69730) adds error-log noise that trips the test_state_test assertions. With both fixed, the integration jobs recover; the event fix is already visibly effective (the crash signature drops to zero on #69731's own run). The docs fixes (#69724) address a separate, orthogonal part of the pipeline (the release/docs build cascade).

Merge requirements satisfied?

  • Tests written/updated
  • Changelog

The event fix carries direct + inverse unit tests (list-return skips quietly, dict-return still fires both sub events); the isolation fix is exercised by the same integration jobs this PR stabilizes; the docs changes were validated against the pinned docs toolchain (make man/make html clean under -W -j auto, anchors preserved, routes registered once).

If maintainers prefer to land these granularly, #69725 / #69729 / #69731 remain open and this PR can be closed in their favor.

Commits signed with GPG?

No

@ggiesen ggiesen requested a review from a team as a code owner July 7, 2026 00:45
@dwoz dwoz added the test:full Run the full test suite label Jul 7, 2026
The rest_cherrypy, rest_tornado and rest_wsgi doc pages document
overlapping HTTP routes, so each shared route registered multiple
httpdomain index entries. sphinxcontrib-httpdomain only detects the
duplicates in merge_domaindata, which runs when sphinx -j parallel
reader chunks are merged, so the -W builds in tools docs (Prepare
Release, Documentation) fail intermittently depending on where the
chunk boundary lands:

    WARNING: duplicate HTTP post method definition / in
    doc/ref/netapi/all/salt.netapi.rest_tornado.rst, other instance
    is in doc/ref/netapi/all/salt.netapi.rest_wsgi.rst

When it hits, the release patch artifact is never produced and every
downstream build job in the run fails with 'Artifact not found'.

Mark the tornado and wsgi copies of the shared routes with :noindex:
so each route is registered exactly once, by the canonical
rest_cherrypy reference. noindex'd directives never enter the domain
data, so the merge collision is impossible under any chunking. Page
content is unchanged and no :http: cross-references exist that could
be affected. This also makes the HTTP routing index deterministic; it
previously pointed at whichever page the readers processed last.

Fixes saltstack#69724
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment