apache · adamsaghy · May 31, 2026 · May 29, 2026
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
@@ -17,14 +17,13 @@ jobs:
         include:
           - db_type: mariadb
             compose_file: docker-compose.yml
-            check_worker_health: true
           - db_type: postgresql
             compose_file: docker-compose-postgresql.yml
-            check_worker_health: false
 
     env:
       DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
       IMAGE_NAME: fineract
+      DOCKER_LOG_DIR: ci-logs/docker-${{ matrix.db_type }}
 
     steps:
       - name: Set up JDK 21
@@ -68,3 +67,33 @@ jobs:
           curl -f -k --retry 5 --retry-all-errors --connect-timeout 30 --retry-delay 30 https://localhost:8443/fineract-provider/actuator/info -o actuator-info.json
           cat actuator-info.json
           jq -e '.git | type == "object"' actuator-info.json
+
+      - name: Collect Docker logs
+        if: always()
+        run: |
+          mkdir -p "$DOCKER_LOG_DIR"
+          docker ps -a > "$DOCKER_LOG_DIR/docker-ps.txt" 2>&1 || true
+          docker compose -f ${{ matrix.compose_file }} ps --all > "$DOCKER_LOG_DIR/docker-compose-ps.txt" 2>&1 || true
+          docker compose -f ${{ matrix.compose_file }} logs --no-color --timestamps > "$DOCKER_LOG_DIR/docker-compose.log" 2>&1 || true
+          docker stats --no-stream > "$DOCKER_LOG_DIR/docker-stats.txt" 2>&1 || true
+
+          docker compose -f ${{ matrix.compose_file }} ps -q | while read -r container_id; do
+            [ -n "$container_id" ] || continue
+            container_name="$(docker inspect --format '{{.Name}}' "$container_id" 2>/dev/null | sed 's#^/##; s#[^A-Za-z0-9_.-]#_#g')"
+            [ -n "$container_name" ] || container_name="$container_id"
+            docker logs --timestamps "$container_id" > "$DOCKER_LOG_DIR/${container_name}.log" 2>&1 || true
+            docker inspect "$container_id" > "$DOCKER_LOG_DIR/${container_name}.inspect.json" 2>&1 || true
+          done
+
+      - name: Upload Docker logs
+        if: always()
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: docker-logs-${{ matrix.db_type }}-attempt-${{ github.run_attempt }}
+          path: ci-logs/
+          if-no-files-found: ignore
+          retention-days: 5
+
+      - name: Clean up
+        if: always()
+        run: docker compose -f ${{ matrix.compose_file }} down -v
diff --git a/.github/workflows/build-e2e-tests.yml b/.github/workflows/build-e2e-tests.yml
@@ -22,6 +22,8 @@ jobs:
     env:
       DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
       IMAGE_NAME: fineract
+      COMPOSE_FILE: docker-compose-postgresql-test-activemq.yml
+      DOCKER_LOG_DIR: ci-logs/e2e-shard-${{ matrix.shard_index }}
       BASE_URL: https://localhost:8443
       TEST_USERNAME: mifos
       TEST_PASSWORD: password
@@ -65,7 +67,7 @@ jobs:
         run: ./gradlew --no-daemon --console=plain :fineract-provider:jibDockerBuild -Djib.to.image=$IMAGE_NAME -x test -x cucumber -x buildJavaSdk
 
       - name: Start the Fineract stack
-        run: docker compose -f docker-compose-postgresql-test-activemq.yml up -d
+        run: docker compose -f "$COMPOSE_FILE" up -d
 
       - name: Check the stack
         run: docker ps
@@ -153,40 +155,61 @@ jobs:
             exit 1
           fi
 
+      - name: Collect Docker logs
+        if: always()
+        run: |
+          mkdir -p "$DOCKER_LOG_DIR"
+          docker ps -a > "$DOCKER_LOG_DIR/docker-ps.txt" 2>&1 || true
+          docker compose -f "$COMPOSE_FILE" ps --all > "$DOCKER_LOG_DIR/docker-compose-ps.txt" 2>&1 || true
+          docker compose -f "$COMPOSE_FILE" logs --no-color --timestamps > "$DOCKER_LOG_DIR/docker-compose.log" 2>&1 || true
+          docker stats --no-stream > "$DOCKER_LOG_DIR/docker-stats.txt" 2>&1 || true
+
+          docker compose -f "$COMPOSE_FILE" ps -q | while read -r container_id; do
+            [ -n "$container_id" ] || continue
+            container_name="$(docker inspect --format '{{.Name}}' "$container_id" 2>/dev/null | sed 's#^/##; s#[^A-Za-z0-9_.-]#_#g')"
+            [ -n "$container_name" ] || container_name="$container_id"
+            docker logs --timestamps "$container_id" > "$DOCKER_LOG_DIR/${container_name}.log" 2>&1 || true
+            docker inspect "$container_id" > "$DOCKER_LOG_DIR/${container_name}.inspect.json" 2>&1 || true
+          done
+
       - name: Upload test results
         if: always()
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
-          name: allure-results-shard-${{ matrix.shard_index }}
+          name: allure-results-shard-${{ matrix.shard_index }}-attempt-${{ github.run_attempt }}
           path: |
             allure-results-shard-${{ matrix.shard_index }}
             allure-results-merged
             **/build/allure-results
             **/build/reports/tests/test
             **/build/test-results/test
+          if-no-files-found: ignore
           retention-days: 5
 
       - name: Upload Allure Report
         if: always()
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
-          name: allure-report-shard-${{ matrix.shard_index }}
+          name: allure-report-shard-${{ matrix.shard_index }}-attempt-${{ github.run_attempt }}
           path: allure-report-shard-${{ matrix.shard_index }}
+          if-no-files-found: ignore
           retention-days: 5
 
       - name: Upload logs
         if: always()
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
-          name: logs-shard-${{ matrix.shard_index }}
+          name: logs-shard-${{ matrix.shard_index }}-attempt-${{ github.run_attempt }}
           path: |
+            ci-logs/
             **/build/reports/tests/
             **/logs/
             **/out/
+          if-no-files-found: ignore
           retention-days: 5
 
       - name: Clean up
         if: always()
         run: |
-          docker compose -f docker-compose-postgresql-test-activemq.yml down -v
+          docker compose -f "$COMPOSE_FILE" down -v
           docker system prune -f
diff --git a/.github/workflows/full-build-ci.yml b/.github/workflows/full-build-ci.yml
@@ -4,7 +4,6 @@ on: [push, pull_request]
 
 permissions:
   contents: read
-  pull-requests: write
 
 jobs:
   build-core:

diff --git a/.github/workflows/mifos-fineract-client-publish.yml b/.github/workflows/mifos-fineract-client-publish.yml
diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml
@@ -14,8 +14,10 @@ jobs:
     timeout-minutes: 1
     steps:
       - name: Verify Title Format
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
         run: |
-          title="${{ github.event.pull_request.title }}"
+          title="$PR_TITLE"
           regex="^FINERACT-[0-9]+: "
 
           if [[ ! "$title" =~ $regex ]]; then

diff --git a/.github/workflows/smoke-messaging.yml b/.github/workflows/smoke-messaging.yml
@@ -23,6 +23,7 @@ jobs:
     env:
       DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
       IMAGE_NAME: fineract
+      DOCKER_LOG_DIR: ci-logs/smoke-${{ matrix.messaging }}
 
     steps:
       - name: Set up JDK 21
@@ -78,3 +79,33 @@ jobs:
 
       - name: Run Smoke Test with Remote COB
         run: ./gradlew --no-daemon --console=plain :integration-tests:cleanTest :integration-tests:test --tests "org.apache.fineract.integrationtests.investor.externalassetowner.InitiateExternalAssetOwnerTransferTest.saleActiveLoanToExternalAssetOwnerAndBuybackADayLater" -PcargoDisabled -x buildJavaSdk
+
+      - name: Collect Docker logs
+        if: always()
+        run: |
+          mkdir -p "$DOCKER_LOG_DIR"
+          docker ps -a > "$DOCKER_LOG_DIR/docker-ps.txt" 2>&1 || true
+          docker compose -f ${{ matrix.compose_file }} ps --all > "$DOCKER_LOG_DIR/docker-compose-ps.txt" 2>&1 || true
+          docker compose -f ${{ matrix.compose_file }} logs --no-color --timestamps > "$DOCKER_LOG_DIR/docker-compose.log" 2>&1 || true
+          docker stats --no-stream > "$DOCKER_LOG_DIR/docker-stats.txt" 2>&1 || true
+
+          docker compose -f ${{ matrix.compose_file }} ps -q | while read -r container_id; do
+            [ -n "$container_id" ] || continue
+            container_name="$(docker inspect --format '{{.Name}}' "$container_id" 2>/dev/null | sed 's#^/##; s#[^A-Za-z0-9_.-]#_#g')"
+            [ -n "$container_name" ] || container_name="$container_id"
+            docker logs --timestamps "$container_id" > "$DOCKER_LOG_DIR/${container_name}.log" 2>&1 || true
+            docker inspect "$container_id" > "$DOCKER_LOG_DIR/${container_name}.inspect.json" 2>&1 || true
+          done
+
+      - name: Upload Docker logs
+        if: always()
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: docker-logs-${{ matrix.messaging }}-attempt-${{ github.run_attempt }}
+          path: ci-logs/
+          if-no-files-found: ignore
+          retention-days: 5
+
+      - name: Clean up
+        if: always()
+        run: docker compose -f ${{ matrix.compose_file }} down -v
diff --git a/.github/workflows/verify-api-backward-compatibility.yml b/.github/workflows/verify-api-backward-compatibility.yml
@@ -5,7 +5,6 @@ on:
 
 permissions:
   contents: read
-  pull-requests: write
 
 jobs:
   api-compatibility-check:
@@ -35,14 +34,23 @@ jobs:
 
       - name: Merge PR into current base
         working-directory: current
+        env:
+          PR_HEAD_REPO: ${{ github.event.pull_request.head.repo.full_name }}
+          PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
         run: |
           git config user.name "github-actions"
           git config user.email "github-actions@github.com"
 
-          git fetch "https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git" \
-            "${{ github.event.pull_request.head.ref }}:refs/remotes/pr-head" --no-tags
+          case "$PR_HEAD_SHA" in
+            ""|*[!0-9a-fA-F]*)
+              echo "::error::Invalid pull request head SHA: $PR_HEAD_SHA"
+              exit 1
+              ;;
+          esac
+
+          git fetch "https://github.com/${PR_HEAD_REPO}.git" "$PR_HEAD_SHA" --no-tags
 
-          git merge --no-commit --no-ff refs/remotes/pr-head
+          git merge --no-commit --no-ff FETCH_HEAD
 
       - name: Set up JDK 21
         uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
@@ -190,32 +198,6 @@ jobs:
               f.write('\n\n> **Note:** This check is informational only and does not block the PR.\n')
           "
 
-      - name: Comment on PR
-        if: always()
-        continue-on-error: true
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        run: |
-          MARKER="<!-- swagger-brake-report -->"
-
-          COMMENT_ID=$(gh api "repos/${{ github.repository }}/issues/${PR_NUMBER}/comments" \
-            --jq ".[] | select(.body | contains(\"${MARKER}\")) | .id" | head -1)
-
-          if [ "${{ steps.breaking-check.outcome }}" == "failure" ] && [ -f "${GITHUB_WORKSPACE}/breaking-changes-report.md" ]; then
-            BODY="${MARKER}
-          $(cat ${GITHUB_WORKSPACE}/breaking-changes-report.md)"
-
-            if [ -n "$COMMENT_ID" ]; then
-              gh api "repos/${{ github.repository }}/issues/comments/${COMMENT_ID}" \
-                -X PATCH -f body="${BODY}"
-            else
-              gh pr comment "${PR_NUMBER}" --repo ${{ github.repository }} --body "${BODY}"
-            fi
-          elif [ -n "$COMMENT_ID" ]; then
-            gh api "repos/${{ github.repository }}/issues/comments/${COMMENT_ID}" -X DELETE
-          fi
-
       - name: Report no breaking changes
         if: steps.breaking-check.outcome == 'success'
         run: |

diff --git a/.github/workflows/verify-liquibase-ddl-safety.yml b/.github/workflows/verify-liquibase-ddl-safety.yml
@@ -5,7 +5,6 @@ on:
 
 permissions:
   contents: read
-  pull-requests: write
 
 jobs:
   ddl-safety-check:
@@ -80,35 +79,6 @@ jobs:
             echo "No dangerous DDL changes detected." >> $GITHUB_STEP_SUMMARY
           fi
 
-      - name: Comment on PR
-        if: always() && steps.changes.outputs.has_changes == 'true'
-        continue-on-error: true
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        run: |
-          MARKER="<!-- liquibase-ddl-safety-report -->"
-
-          # Find existing comment by marker
-          COMMENT_ID=$(gh api "repos/${{ github.repository }}/issues/${PR_NUMBER}/comments" \
-            --jq ".[] | select(.body | contains(\"${MARKER}\")) | .id" | head -1)
-
-          if [ "${{ steps.ddl-check.outcome }}" == "failure" ] && \
-             [ -f "${{ runner.temp }}/ddl-safety-report/report.md" ]; then
-            BODY="${MARKER}
-          $(cat ${{ runner.temp }}/ddl-safety-report/report.md)"
-
-            if [ -n "$COMMENT_ID" ]; then
-              gh api "repos/${{ github.repository }}/issues/comments/${COMMENT_ID}" \
-                -X PATCH -f body="${BODY}"
-            else
-              gh pr comment "${PR_NUMBER}" --repo ${{ github.repository }} --body "${BODY}"
-            fi
-          elif [ -n "$COMMENT_ID" ]; then
-            # No violations anymore, delete the old comment
-            gh api "repos/${{ github.repository }}/issues/comments/${COMMENT_ID}" -X DELETE
-          fi
-
       - name: Archive report
         if: always() && steps.changes.outputs.has_changes == 'true'
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1