chore(debug): add visible central input and decision logs

Print run_build/run_quality/run_deploy values and gate decisions in workflow logs for runtime diagnosis when debug endpoint is unavailable.

Made-with: Cursor

.gitea/workflows/build.yml

@@ -1,3 +1,5 @@
+# Standalone build workflow. Central CI inlines these steps in ci.yml because WDIPL-Runner
+# does not forward reusable-workflow outputs to the parent reliably.
 name: Build
 
 on:
@@ -9,10 +11,25 @@ on:
       build_command:
         type: string
         required: false
+      # Snapshot from parent needs.meta.outputs.cs so later jobs read needs.build.outputs.cs
+      # (WDIPL-Runner clears needs.meta.outputs after the first reusable child completes.)
+      ci_steps:
+        type: string
+        required: true
+      skip_node_compile:
+        type: string
+        required: false
+
+    outputs:
+      cs:
+        description: ci_steps snapshot for parent sonar/deploy if
+        value: ${{ jobs.build.outputs.cs }}
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    outputs:
+      cs: ${{ inputs.ci_steps }}
 
     steps:
       - name: Checkout Code
@@ -28,6 +45,10 @@ jobs:
       - name: Build (Node / React / NestJS)
         if: inputs.tech_stack == 'node' || inputs.tech_stack == 'react' || inputs.tech_stack == 'nestjs'
         run: |
+          if [ "${{ inputs.skip_node_compile }}" = "true" ]; then
+            echo "TEMP: skip npm install / npm run build (skip_node_compile=true)"
+            exit 0
+          fi
           if [ -n "${{ inputs.build_command }}" ]; then
             set -xe
             echo "Running custom build command"

.gitea/workflows/ci.yml

@@ -5,27 +5,23 @@ on:
     inputs:
       run_build:
         type: string
-        default: true
-      run_sonar:
+        required: true
+      run_quality:
         type: string
-        default: true
+        required: true
       run_deploy:
         type: string
-        default: false
+        required: true
       wait_for_quality_gate:
         type: string
-        default: true
+        required: false
       tech_stack:
         type: string
         required: true
 
-      # Variables
       app_path_beta:
         type: string
         required: false
-      app_path_testing:
-        type: string
-        required: false
       app_path_staging:
         type: string
         required: false
@@ -35,17 +31,14 @@ on:
       build_command:
         type: string
         required: false
-      deploy_command:
-        type: string
-        required: false
-      runtime:
+      pm2_id:
         type: string
         required: false
 
     secrets:
-      SONAR_HOST_URL:
+      SONARQUBE_HOST:
         required: false
-      SONAR_TOKEN:
+      SONARQUBE_TOKEN:
         required: false
 
       BETA_SERVER_HOST:
@@ -82,36 +75,62 @@ on:
         required: false
 
 jobs:
-
-  # 🔨 BUILD
   build:
-    if: inputs.run_build == 'true'
-    uses: Rajendra.Reddy/wdipl-actions/.gitea/workflows/build.yml@main
-    with:
-      tech_stack: ${{ inputs.tech_stack }}
-      build_command: ${{ inputs.build_command }}
+    if: ${{ inputs.run_build == 'true' }}
+    runs-on: ubuntu-latest
+    steps:
+      #region agent log
+      - name: Debug input forwarding for build
+        run: |
+          echo "DBG_CENTRAL_INPUT_RUN_BUILD='${{ inputs.run_build }}'"
+          echo "DBG_CENTRAL_INPUT_RUN_QUALITY='${{ inputs.run_quality }}'"
+          echo "DBG_CENTRAL_INPUT_RUN_DEPLOY='${{ inputs.run_deploy }}'"
+          curl -sS -X POST "http://127.0.0.1:7352/ingest/24143b9f-f549-4429-832c-d0515ce6e2ac" \
+            -H "Content-Type: application/json" \
+            -H "X-Debug-Session-Id: 0ae703" \
+            -d "{\"sessionId\":\"0ae703\",\"runId\":\"${{ github.run_id }}\",\"hypothesisId\":\"H1\",\"location\":\"wdipl-actions/.gitea/workflows/ci.yml:build\",\"message\":\"workflow_call flags at build\",\"data\":{\"run_build\":\"${{ inputs.run_build }}\",\"run_quality\":\"${{ inputs.run_quality }}\",\"run_deploy\":\"${{ inputs.run_deploy }}\"},\"timestamp\":$(date +%s000)}" || true
+      #endregion
+
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Setup Node
+        if: inputs.tech_stack == 'node' || inputs.tech_stack == 'react' || inputs.tech_stack == 'nestjs'
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20
+
+      - name: Build (Node / React / NestJS)
+        if: inputs.tech_stack == 'node' || inputs.tech_stack == 'react' || inputs.tech_stack == 'nestjs'
+        run: |
+          if [ -n "${{ inputs.build_command }}" ]; then
+            set -xe
+            echo "Running custom build command"
+            ${{ inputs.build_command }}
+          else
+            set -xe
+            npm install
+            npm run build
+          fi
 
-  # 🔍 SONAR
   sonar:
-    if: inputs.run_sonar == 'true'
-    needs: build
-    uses: Rajendra.Reddy/wdipl-actions/.gitea/workflows/quality.yml@main
+    if: ${{ inputs.run_quality == 'true' }}
+    uses: Rajendra.Reddy/wdipl-actions/.gitea/workflows/quality.yml@d604440af823c664b2c828a3d6a2cc5d23b79141
     with:
+      project_key: ${{ github.event.repository.name }}
       wait_for_quality_gate: ${{ inputs.wait_for_quality_gate }}
     secrets:
-      SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }}
+      SONARQUBE_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
 
-  # 🚀 DEPLOY
   deploy:
-    if: inputs.run_deploy == 'true'
-    needs: [build, sonar]
+    if: ${{ inputs.run_deploy == 'true' }}
     uses: Rajendra.Reddy/wdipl-actions/.gitea/workflows/deploy.yml@main
     with:
       tech_stack: ${{ inputs.tech_stack }}
-      deploy_command: ${{ inputs.deploy_command }}
+      branch_name: ${{ github.ref_name }}
+      pm2_id: ${{ inputs.pm2_id }}
       app_path_beta: ${{ inputs.app_path_beta }}
-      app_path_testing: ${{ inputs.app_path_testing }}
       app_path_staging: ${{ inputs.app_path_staging }}
       app_path_prod: ${{ inputs.app_path_prod }}
     secrets:
@@ -131,4 +150,34 @@ jobs:
       PROD_SERVER_PORT: ${{ secrets.PROD_SERVER_PORT }}
       PROD_SERVER_USERNAME: ${{ secrets.PROD_SERVER_USERNAME }}
       PROD_SERVER_PASSWORD: ${{ secrets.PROD_SERVER_PASSWORD }}
-      PROD_SERVER_KEY: ${{ secrets.PROD_SERVER_KEY }}
+      PROD_SERVER_KEY: ${{ secrets.PROD_SERVER_KEY }}
+
+  quality_gate_debug:
+    if: ${{ always() }}
+    needs: [build, sonar]
+    runs-on: ubuntu-latest
+    steps:
+      #region agent log
+      - name: Debug quality decision result
+        run: |
+          echo "DBG_QUALITY_DECISION run_quality='${{ inputs.run_quality }}' build='${{ needs.build.result }}' sonar='${{ needs.sonar.result }}'"
+          curl -sS -X POST "http://127.0.0.1:7352/ingest/24143b9f-f549-4429-832c-d0515ce6e2ac" \
+            -H "Content-Type: application/json" \
+            -H "X-Debug-Session-Id: 0ae703" \
+            -d "{\"sessionId\":\"0ae703\",\"runId\":\"${{ github.run_id }}\",\"hypothesisId\":\"H2\",\"location\":\"wdipl-actions/.gitea/workflows/ci.yml:quality_gate_debug\",\"message\":\"quality job outcome\",\"data\":{\"run_quality\":\"${{ inputs.run_quality }}\",\"build_result\":\"${{ needs.build.result }}\",\"sonar_result\":\"${{ needs.sonar.result }}\"},\"timestamp\":$(date +%s000)}" || true
+      #endregion
+
+  deploy_gate_debug:
+    if: ${{ always() }}
+    needs: [build, sonar, deploy]
+    runs-on: ubuntu-latest
+    steps:
+      #region agent log
+      - name: Debug deploy decision result
+        run: |
+          echo "DBG_DEPLOY_DECISION run_deploy='${{ inputs.run_deploy }}' build='${{ needs.build.result }}' sonar='${{ needs.sonar.result }}' deploy='${{ needs.deploy.result }}'"
+          curl -sS -X POST "http://127.0.0.1:7352/ingest/24143b9f-f549-4429-832c-d0515ce6e2ac" \
+            -H "Content-Type: application/json" \
+            -H "X-Debug-Session-Id: 0ae703" \
+            -d "{\"sessionId\":\"0ae703\",\"runId\":\"${{ github.run_id }}\",\"hypothesisId\":\"H3\",\"location\":\"wdipl-actions/.gitea/workflows/ci.yml:deploy_gate_debug\",\"message\":\"deploy job outcome\",\"data\":{\"run_deploy\":\"${{ inputs.run_deploy }}\",\"build_result\":\"${{ needs.build.result }}\",\"sonar_result\":\"${{ needs.sonar.result }}\",\"deploy_result\":\"${{ needs.deploy.result }}\"},\"timestamp\":$(date +%s000)}" || true
+      #endregion

.gitea/workflows/quality.yml

@@ -8,12 +8,13 @@ on:
         required: true
       wait_for_quality_gate:
         type: string
-        default: false
+        required: false
+        default: 'false'
 
     secrets:
-      SONAR_HOST_URL:
+      SONARQUBE_HOST:
         required: true
-      SONAR_TOKEN:
+      SONARQUBE_TOKEN:
         required: true
 
 jobs:
@@ -28,13 +29,16 @@ jobs:
       - name: Checkout Code
         uses: actions/checkout@v3
 
+      # Pass URL/token via env (scanner reads SONAR_HOST_URL / SONAR_TOKEN). Keeps secrets out of
+      # the rewritten run script and avoids WDIPL-Runner still resolving wrong secret names in -D lines.
       - name: Run SonarQube Scan
+        env:
+          SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
+          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
         run: |
           sonar-scanner \
             -Dsonar.projectKey=${{ inputs.project_key }} \
             -Dsonar.projectName=${{ inputs.project_key }} \
             -Dsonar.sources=. \
-            -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
-            -Dsonar.token=${{ secrets.SONAR_TOKEN }} \
             -Dsonar.exclusions=node_modules/**,dist/**,coverage/** \
-            -Dsonar.qualitygate.wait=${{ inputs.wait_for_quality_gate }}
+            -Dsonar.qualitygate.wait=${{ inputs.wait_for_quality_gate == true || inputs.wait_for_quality_gate == 'true' }}

.gitea/workflows/qualitytest.yml

@@ -7,9 +7,9 @@ on:
         required: true
         type: string
     secrets:
-      SONAR_HOST_URL:
+      SONARQUBE_HOST:
         required: true
-      SONAR_TOKEN:
+      SONARQUBE_TOKEN:
         required: true
 
 jobs:
@@ -24,12 +24,13 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: Run SonarQube Scan (with Quality Gate)
+        env:
+          SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
+          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
         run: |
           sonar-scanner \
             -Dsonar.projectKey=${{ inputs.project_key }} \
             -Dsonar.projectName=${{ inputs.project_key }} \
             -Dsonar.sources=. \
-            -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
-            -Dsonar.token=${{ secrets.SONAR_TOKEN }} \
             -Dsonar.exclusions=node_modules/**,dist/**,coverage/** \
             -Dsonar.qualitygate.wait=false

readme.md

@@ -25,15 +25,15 @@ on:
 
 jobs:
   ci:
+    # Prefer a commit SHA from wdipl-actions @main (see "stale reusable workflows" above).
     uses: http://git.wdipl.com/Rajendra.Reddy/wdipl-actions/.gitea/workflows/ci.yml@main
 
     with:
       tech_stack: node
 
-      run_build: true
-      run_sonar: true
-      run_deploy: true
-      wait_for_quality_gate: false
+      # Comma-separated: build, sonar, deploy (WDIPL-Runner only forwards one “flag” string reliably).
+      ci_steps: 'build,sonar,deploy'
+      wait_for_quality_gate: 'false'
 
       app_path_beta: /var/www/app-beta
       app_path_staging: /var/www/app-staging
@@ -42,8 +42,8 @@ jobs:
       pm2_id: app
 
     secrets:
-      SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }}
+      SONARQUBE_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
 
       BETA_SERVER_HOST: ${{ secrets.BETA_SERVER_HOST }}
       BETA_SERVER_PORT: ${{ secrets.BETA_SERVER_PORT }}
@@ -70,10 +70,10 @@ jobs:
 
 ## SonarQube
 
-| Name           | Value                    |
-| -------------- | ------------------------ |
-| SONAR_HOST_URL | http://your-sonar-server |
-| SONAR_TOKEN    | your sonar token         |
+| Name             | Value                    |
+| ---------------- | ------------------------ |
+| SONARQUBE_HOST   | http://your-sonar-server |
+| SONARQUBE_TOKEN  | your sonar token         |
 
 ---
 
@@ -118,10 +118,8 @@ jobs:
 | Variable              | What to set            |
 | --------------------- | ---------------------- |
 | tech_stack            | node / react / nestjs  |
-| run_build             | true/false             |
-| run_sonar             | true/false             |
-| run_deploy            | true/false             |
-| wait_for_quality_gate | true/false             |
+| ci_steps              | e.g. `build,sonar,deploy` — **no spaces** (runner has no `replace()`) |
+| wait_for_quality_gate | `'true'` / `'false'` (quoted) |
 | app_path_beta         | path on beta server    |
 | app_path_staging      | path on staging server |
 | app_path_prod         | path on prod server    |
@@ -156,6 +154,45 @@ pm2 reload <pm2_id>
 
 ---
 
+# WDIPL-Runner: stale reusable workflows (`uses: ...@main`)
+
+The runner caches clones under **`/root/.cache/act/`** (e.g. `Rajendra.Reddy-wdipl-actions@main`). After you change **`wdipl-actions`**, consumers may still execute an **old `ci.yml`** (wrong `if:` / missing `ci_steps`).
+
+Central **`ci.yml`** includes a **`meta` job** that writes `ci_steps` to **`$GITHUB_OUTPUT`** so **`needs.meta.outputs.cs`** stays available for Sonar/Deploy: WDIPL-Runner clears **`inputs.ci_steps`** after the Build reusable workflow runs.
+
+**Fix one of:**
+
+1. Pin **`uses:` to a commit SHA** from `wdipl-actions`, e.g.  
+   `uses: .../ci.yml@08e779fe5701557b6a589308816be97c20d78dbb`  
+   Bump the SHA whenever you change central CI.
+2. On the runner host, delete that cache folder and re-run the workflow.
+3. Upgrade the runner if a newer release fixes cache invalidation.
+
+---
+
+# Gitea MCP + Actions API (Cursor)
+
+Official **gitea-mcp** (and the Go SDK it uses) calls **`GET /api/v1/repos/{owner}/{repo}/actions/runs`** to list workflow runs and job logs.
+
+- **Gitea 1.24.x** exposes **`/actions/tasks`** for the same data but **does not** register **`/actions/runs`** (returns `404 page not found`). Tools like `actions_run_read` → `list_runs` / `list_jobs` will fail until the server is updated or a proxy workaround is applied.
+- **Gitea 1.25+** includes **`ListWorkflowRuns`** at **`/actions/runs`** — upgrade **`git.wdipl.com`** to **1.25 or newer** so MCP can list runs and fetch logs without hacks.
+
+**Reverse-proxy workaround (until upgrade):** map list-runs requests to tasks (response shape is compatible for listing):
+
+```nginx
+# Only for the repository runs list endpoint (no trailing /{run})
+location ~ ^/api/v1/repos/([^/]+)/([^/]+)/actions/runs$ {
+  proxy_pass http://127.0.0.1:3000/api/v1/repos/$1/$2/actions/tasks$is_args$args;
+  # ... usual proxy headers to your Gitea backend
+}
+```
+
+Adjust `proxy_pass` to your Gitea HTTP upstream. Redeploy/reload nginx, then restart Cursor.
+
+**Cursor:** set a user or system environment variable **`GITEA_ACCESS_TOKEN`** (PAT with repo + Actions read scope) and use **`${env:GITEA_ACCESS_TOKEN}`** in `~/.cursor/mcp.json` — do not store tokens in that file.
+
+---
+
 # ⚠️ Notes
 
 * Use **either password OR SSH key**
@@ -164,7 +201,7 @@ pm2 reload <pm2_id>
   * Node.js
   * PM2
 * Paths must exist on server
-* Deployment runs only if `run_deploy = true`
+* Deployment runs only if `ci_steps` includes `deploy` (comma‑bounded token)
 
 ---