CI: aggregator job as single required check; drop trigger-level paths filter#214
Draft
glwagner wants to merge 2 commits into
Draft
CI: aggregator job as single required check; drop trigger-level paths filter#214glwagner wants to merge 2 commits into
glwagner wants to merge 2 commits into
Conversation
Background ---------- Both `CI` and `Documentation` had trigger-level `paths:` filters. When a PR touched no in-path files, the entire workflow was skipped — which, for GitHub branch protection, is *not* the same as passing. Required checks that never report stay pending forever, the PR shows "all checks passed" in the conversation view, but the merge button is disabled for non-admins. PR #209 hit this. Fix --- - Drop trigger-level `paths:` from both workflows so the workflow always starts and the aggregator always reports a status. - Add a `changes` job using `dorny/paths-filter@v3` that exposes a boolean output for the same path set the trigger filter used to gate. - Gate each previously-conditional job with `if: github.event_name \!= 'pull_request' || needs.changes.outputs.<x> == 'true'`, so out-of-path PRs skip the heavy jobs (preserving prior behavior) but the workflow itself still runs. - Add a `test-summary` aggregator (and `docs-summary` in docs.yml) that runs with `if: always()` and passes iff every needed job is `success` or `skipped`. Real failures still block; legitimate skips don't. Branch protection follow-up (UI, not code) ------------------------------------------ In repo Settings → Rules → Rulesets (or legacy Branch protection rules for `main`), the required-status-checks list needs to be updated to match this restructure: - Remove the per-job names (e.g. `(CPU) - Julia 1.12.5`, `(GPU)`, `Data Downloading - …`, `Reactant extension - …`, `Build documentation`, `deploy-docs`, plus the old `CI` aggregator). - Add only: - `test-summary` - `docs-summary` Leaving any of the old job names in the required list would reproduce the bug regardless of these workflow changes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Member
|
Cool, so in theory the CI does not run here if we don't change the src but there is also no "pending" final check? |
simone-silvestri
approved these changes
May 6, 2026
Member
Author
|
@giordano does this make sense or is there a better way? |
giordano
reviewed
May 6, 2026
Member
giordano
left a comment
giordano
left a comment
There was a problem hiding this comment.
@giordano does this make sense or is there a better way?
Yeah, I've seen this approach before, I just find it annoying that GitHub marks as pending jobs which are skipped, and I wish they fixed that instead of forcing everybody to work around it.
Comment on lines
-328
to
+366
| - run: echo "All CI jobs passed successfully." | ||
| - name: Check that all needed jobs passed or were skipped | ||
| run: | | ||
| echo '${{ toJSON(needs) }}' | ||
| jq -e 'to_entries | all(.value.result == "success" or .value.result == "skipped")' <<< '${{ toJSON(needs) }}' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Restructure
CIandDocumentationso a single aggregator job (test-summary/docs-summary) is the only required status check, and the workflow always runs (so the aggregator always reports).Why
Both workflows had trigger-level
paths:filters. When a PR touched no in-path files, the whole workflow was skipped. GitHub branch protection treats "never reported" as "still pending" — not as "passed" — so the merge button stayed disabled for non-admins even though the conversation view said "all checks passed". PR #209 hit this; only an admin force-merge got it through.A required status check that never reports is not the same as one that passed. Skipped/not-triggered jobs do not satisfy the requirement.
How
paths:from both workflows so the workflow always starts.changesjob usingdorny/paths-filter@v3that exposes a boolean output for the same path set the trigger filter used to gate.if: github.event_name != 'pull_request' || needs.changes.outputs.<x> == 'true', so out-of-path PRs skip the heavy jobs (preserving prior behavior) but the workflow itself still runs.if: always()aggregator (test-summaryinci.yml,docs-summaryindocs.yml) that passes iff every needed job issuccessorskipped. Real failures still block the merge; legitimate skips don't.The matrix in
cpu_testsreportsskippedonly if the entire matrix was skipped — that's the desired behavior, no special handling needed.This part has to be done in the GitHub UI — the workflow change alone is not enough. In Settings → Rules → Rulesets (or legacy Branch protection rules for
main):Remove these from "Require status checks to pass":
(CPU) - Julia 1.12.5(GPU)Data Downloading - …(each matrix variant)Reactant extension - …Build documentationdeploy-docsCIaggregator (if listed)Add only:
test-summarydocs-summaryLeaving any of the old job names in the required-checks list will reproduce the bug regardless of these workflow changes — that's the load-bearing step.
Out of scope
🤖 Generated with Claude Code