ci: add CI Gate so non-Rust PRs aren't blocked by skipped required checks#349
Merged
Conversation
Branch protection requires the Rust matrix checks (Test, Install CLI, Build CLI default features, Desktop App Installer) as contexts. Those jobs are gated by `needs.changes.outputs.rust == 'true'`, so on a docs/site/MCP-only PR the path filter skips them, and GitHub treats a required-but-skipped check as unmet, leaving the PR permanently BLOCKED. The maintainer can admin-merge; an outside contributor cannot merge at all. Add a single CI Gate job that depends on every previously-required job, runs with `if: always()`, and fails only if one of them actually failed or was cancelled. A skipped result (the filter doing its job) passes the gate. Once branch protection points at CI Gate as the sole required context, Rust PRs still gate on green matrix jobs, while non-Rust PRs stop being blocked by checks that correctly never ran. Follow-up (one-time, maintainer): set the branch protection required status checks for main to just CI Gate.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Branch protection on
mainrequires these as status-check contexts:Test (macos-latest),Test (ubuntu-latest),Test (windows-latest),Install CLI (ubuntu-latest),Install CLI (windows-latest),Build CLI (ubuntu-latest, default features),Desktop App Installer (windows-latest), plusDetect changed paths,MCP Server,Agents Skill Sync,Site Release Link Consistency.The Rust jobs are gated by
if: needs.changes.outputs.rust == 'true'to save CI on doc-only changes. On a docs/site/MCP-only PR the path filter skips them, and GitHub treats a required-but-skipped check as unmet, so the PR is permanentlyBLOCKED. The maintainer can admin-merge (as happened for the docs PR #348); an outside contributor cannot merge a docs PR at all.Fix
Add one
CI Gatejob that:needsevery job whose check was individually required,if: always()(so it runs even when upstream jobs skip),failureorcancelled(viacontains(needs.*.result, ...)),successorskipped.Net behavior: a Rust PR still gates on green matrix jobs (a real failure makes
CI Gatefail); a non-Rust PR is no longer blocked by jobs the path filter correctly skipped.This PR touches
.github/workflows/ci.yml, which is in therustpath filter, so the full matrix runs here and this PR merges through normal protection.One-time follow-up (maintainer, after merge)
Point branch protection's required status checks for
mainatCI Gatealone (drop the individual matrix contexts). Until then nothing regresses: the existing required checks still apply, and this PR only adds the gate. Suggested:(Verify the exact payload against the current protection settings first.)