Merge branch 'master' into local-aware-ibm

Author: danieljvickers

.github/workflows/coverage-refresh.yml

@@ -22,8 +22,13 @@ jobs:
       group:  phoenix
       labels: gt
     steps:
+      # persist-credentials: false stops actions/checkout from configuring the
+      # default GITHUB_TOKEN as an http.extraheader, which otherwise OVERRIDES the
+      # token embedded in the push URL below — making the push authenticate as
+      # github-actions[bot] (which cannot bypass the require-PR rule) instead of
+      # the CACHE_PUSH_TOKEN identity.
       - uses: actions/checkout@v4
-        with: { clean: false }
+        with: { clean: false, persist-credentials: false }
       - name: Build + collect coverage map (SLURM)
         run: bash .github/scripts/submit-slurm-job.sh .github/workflows/common/coverage-refresh.sh cpu none phoenix
       - name: Commit refreshed map
@@ -34,10 +39,15 @@ jobs:
             git config user.name  "mfc-bot"
             git config user.email "mfc-bot@users.noreply.github.com"
             git add tests/coverage_map.json.gz
-            git commit -m "test: refresh coverage map [skip ci]"
-            # Push to protected master via CACHE_PUSH_TOKEN (a PAT/App token with
-            # contents:write + branch-protection bypass), mirroring deploy-tap.yml's
-            # x-access-token push. The default GITHUB_TOKEN is rejected by protection.
+            # --no-verify: this bot commit stages only the binary coverage map; it
+            # must not run the repo pre-commit hook (./mfc.sh precheck/spelling),
+            # which is for source changes and aborts the commit on the runner.
+            git commit --no-verify -m "test: refresh coverage map [skip ci]"
+            # Push to master with CACHE_PUSH_TOKEN, a classic PAT from an org-owner
+            # account. GitHub Apps cannot bypass the require-PR ruleset rule for
+            # direct pushes, but a PAT authenticates as the user (OrganizationAdmin),
+            # which IS an honored bypass actor. persist-credentials:false above
+            # ensures this token is actually used for the push.
             git push "https://x-access-token:${CACHE_PUSH_TOKEN}@github.com/MFlowCode/MFC.git" HEAD:master
           else
             echo "Coverage map unchanged."

tests/coverage_map.json.gz

@@ -230,7 +230,18 @@ def test():
     if ARG("build_coverage_map"):
         from .coverage_build import build_coverage_map
 
-        all_cases = [b.to_case() for b in cases]
+        # Convergence tests are order-of-accuracy checks driven by convergence.py,
+        # which fills in grid resolution and patch geometry per refinement level at
+        # runtime. Their base params are skeletons (m=n=p=0, no geometry) that cannot
+        # run standalone, so the direct-invocation collector cannot map them. Exclude
+        # them: absent from the map, select_tests conservatively always-runs them
+        # (rung 5), which is the desired behavior for convergence checks anyway.
+        convergence = [b for b in cases if getattr(b, "kind", "golden") == "convergence"]
+        coverage_cases = [b for b in cases if getattr(b, "kind", "golden") != "convergence"]
+        if convergence:
+            cons.print(f"[yellow]Excluding {len(convergence)} convergence tests from the coverage map (always-run by design).[/yellow]")
+
+        all_cases = [b.to_case() for b in coverage_cases]
         unique = set()
         for case, code in itertools.product(all_cases, [PRE_PROCESS, SIMULATION, POST_PROCESS]):
             slug = code.get_slug(case.to_input_file())