Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport of [NET-11150] ci: fix conditional skip and add safeguard into release/1.3.x #640

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 0 additions & 49 deletions .github/scripts/check_skip_ci.sh

This file was deleted.

14 changes: 11 additions & 3 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -1,15 +1,23 @@
name: build

# We now default to running this workflow on every push to every branch.
# We now default to running this workflow on every pull_request push
# in addition to protected branch push.
#
# This provides fast feedback when build issues occur, so they can be
# fixed prior to being merged to the main branch.
# fixed prior to being merged.
#
# If you want to opt out of this, and only run the build on certain branches
# please refer to the documentation on branch filtering here:
#
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore
#
on: [workflow_dispatch, push]
on:
push:
branches:
- main
- release/**
pull_request:
workflow_dispatch:

env:
PKG_NAME: "consul-dataplane"
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/consul-dataplane-checks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ name: consul-dataplane-checks
on:
push:
branches:
- main
- 'release/*.*.x'
- main
- release/**
pull_request:

jobs:
Expand Down
54 changes: 48 additions & 6 deletions .github/workflows/reusable-conditional-skip.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,55 @@ jobs:
runs-on: ubuntu-latest
name: Check whether to skip build and tests
outputs:
skip-ci: ${{ steps.check-changed-files.outputs.skip-ci }}
env:
SKIP_CHECK_BRANCH: ${{ github.head_ref || github.ref_name }}
skip-ci: ${{ steps.maybe-skip-ci.outputs.skip-ci }}
steps:
# We only allow use of conditional skip in two scenarios:
# 1. PRs
# 2. Pushes (merges) to protected branches (`main`, `release/**`)
#
# The second scenario is the only place we can be sure that checking just the
# latest change on the branch is sufficient. In PRs, we need to check _all_ commits.
# The ability to do this is ultimately determined by the triggers of the calling
# workflow, since `base_ref` (the target branch of a PR) is only available in
# `pull_request` events, not `push`.
- name: Error if conditional check is not allowed
if: ${{ !github.base_ref && !github.ref_protected }}
run: |
echo "Conditional skip requires a PR event with 'base_ref' or 'push' to a protected branch."
echo "github.base_ref: ${{ github.base_ref }}"
echo "github.ref_protected: ${{ github.ref_protected }}"
echo "github.ref_name: ${{ github.ref_name }}"
echo "Check the triggers of the calling workflow to ensure that these requirements are met."
exit 1
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- name: Check changed files
id: check-changed-files
run: ./.github/scripts/check_skip_ci.sh
- name: Check for skippable file changes
id: changed-files
uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v45.0.1
with:
# This is a multi-line YAML string with one match pattern per line.
# Do not use quotes around values, as it's not supported.
# See https://github.com/tj-actions/changed-files/blob/main/README.md#inputs-%EF%B8%8F
# for usage, options, and more details on match syntax.
files: |
.github/workflows/reusable-conditional-skip.yml
**.md
_doc/**
.changelog/**
- name: Print changed files
env:
SKIPPABLE_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
NON_SKIPPABLE_FILES: ${{ steps.changed-files.outputs.other_changed_files }}
run: |
echo "Skippable changed files:"
for file in ${SKIPPABLE_CHANGED_FILES}; do echo " $file"; done
echo
echo "Non-skippable files:"
for file in ${NON_SKIPPABLE_FILES}; do echo " $file"; done
- name: Skip tests and build if only skippable files changed
id: maybe-skip-ci
if: ${{ steps.changed-files.outputs.only_changed == 'true' }}
run: |
echo "Skipping tests and build because only skippable files changed"
echo "skip-ci=true" >> $GITHUB_OUTPUT
4 changes: 4 additions & 0 deletions .github/workflows/security-scan.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# This job runs a non-blocking informational security scan on the repository.
# For release-blocking security scans, see .release/security-scan.hcl.
name: Security Scan

on:
Expand All @@ -9,6 +11,8 @@ on:
branches:
- main
- release/**
# paths-ignore only works for non-required checks.
# Jobs that are required for merge must use reusable-conditional-skip.yml.
paths-ignore:
- '_doc/**'
- '.changelog/**'
Expand Down
Loading