Unified CI workflow for smarter PR gating #12
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| # Aggregator workflow that fans out to every PR-gating workflow as a single, | |
| # always-running check. Configure branch protection to require only the "CI" | |
| # status; downstream workflows will run automatically. This avoids the | |
| # previous footgun where path-filtered workflows skipped entire PRs (so all | |
| # checks showed "passing" without ever executing — see #147). | |
| # | |
| # Each child workflow is conditionally invoked based on the paths a PR | |
| # touched, mirroring the path filters that used to live in each child. | |
| # Children that get skipped via `if:` count as "skipped" in the CI rollup | |
| # (not "failed"), so the parent "CI" status reaches SUCCESS and branch | |
| # protection is satisfied. Push-to-main and manual dispatch always run | |
| # everything regardless of changed paths. | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| types: [opened, reopened, synchronize, ready_for_review] | |
| branches: ["main"] | |
| push: | |
| branches: ["main"] | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| permissions: | |
| contents: read | |
| actions: read | |
| packages: read | |
| jobs: | |
| # Compute once which path groups changed; every other job references these | |
| # outputs. dorny/paths-filter handles PR base diff, push base diff, and | |
| # empty results on non-diff events (workflow_dispatch); the `if:` guards | |
| # below explicitly opt non-PR events back into running everything. | |
| changes: | |
| name: Detect changes | |
| runs-on: ubuntu-latest | |
| outputs: | |
| builds: ${{ steps.filter.outputs.builds }} | |
| tests: ${{ steps.filter.outputs.tests }} | |
| docs: ${{ steps.filter.outputs.docs }} | |
| docker_images: ${{ steps.filter.outputs.docker_images }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 | |
| id: filter | |
| with: | |
| filters: | | |
| builds: | |
| - src/** | |
| - include/** | |
| - benchmarks/** | |
| - cpp-example-collection/** | |
| - client-sdk-rust/** | |
| - cmake/** | |
| - docker/** | |
| - scripts/clang-format.sh | |
| - scripts/clang-tidy.sh | |
| - CMakeLists.txt | |
| - CMakePresets.json | |
| - build.sh | |
| - build.cmd | |
| - build.h.in | |
| - .build-info.json.in | |
| - vcpkg.json | |
| - .clang-format | |
| - .clang-tidy | |
| - .github/workflows/ci.yml | |
| - .github/workflows/builds.yml | |
| tests: | |
| - src/** | |
| - include/** | |
| - client-sdk-rust/** | |
| - cmake/** | |
| - .token_helpers/** | |
| - CMakeLists.txt | |
| - CMakePresets.json | |
| - build.sh | |
| - build.cmd | |
| - build.h.in | |
| - .build-info.json.in | |
| - vcpkg.json | |
| - .github/workflows/ci.yml | |
| - .github/workflows/tests.yml | |
| docs: | |
| - README.md | |
| - include/** | |
| - docs/** | |
| - scripts/generate-docs.sh | |
| - .github/workflows/ci.yml | |
| - .github/workflows/generate-docs.yml | |
| - .github/workflows/publish-docs.yml | |
| docker_images: | |
| - src/** | |
| - include/** | |
| - client-sdk-rust/** | |
| - cmake/** | |
| - data/** | |
| - docker/Dockerfile.base | |
| - docker/Dockerfile.sdk | |
| - CMakeLists.txt | |
| - CMakePresets.json | |
| - build.sh | |
| - build.cmd | |
| - build.h.in | |
| - .build-info.json.in | |
| - .github/workflows/ci.yml | |
| - .github/workflows/docker-images.yml | |
| - .github/workflows/docker-validate.yml | |
| builds: | |
| name: Builds | |
| needs: changes | |
| if: ${{ needs.changes.outputs.builds == 'true' || github.event_name != 'pull_request' }} | |
| uses: ./.github/workflows/builds.yml | |
| secrets: inherit | |
| tests: | |
| name: Tests | |
| needs: changes | |
| if: ${{ needs.changes.outputs.tests == 'true' || github.event_name != 'pull_request' }} | |
| uses: ./.github/workflows/tests.yml | |
| secrets: inherit | |
| # license-check and pin-check are cheap (seconds) and broad enough that they | |
| # should run on every PR. | |
| license-check: | |
| name: License Check | |
| uses: ./.github/workflows/license_check.yml | |
| pin-check: | |
| name: Pin Check | |
| uses: ./.github/workflows/pin_check.yml | |
| generate-docs: | |
| name: Generate Docs | |
| needs: changes | |
| if: ${{ needs.changes.outputs.docs == 'true' || github.event_name != 'pull_request' }} | |
| uses: ./.github/workflows/generate-docs.yml | |
| docker-images: | |
| name: Docker Images | |
| needs: changes | |
| if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.docker_images == 'true' }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| uses: ./.github/workflows/docker-images.yml | |
| secrets: inherit | |
| docker-validate: | |
| name: Docker Validate | |
| needs: docker-images | |
| if: ${{ needs.docker-images.result == 'success' }} | |
| permissions: | |
| contents: read | |
| packages: read | |
| uses: ./.github/workflows/docker-validate.yml | |
| secrets: inherit |