.github/workflows: Avoid running CI on markdown-only pull requests #2500
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: timflannagan The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| should_skip: ${{ steps.skip_check.outputs.should_skip }} | ||
| steps: | ||
| - id: skip_check | ||
| uses: fkirc/[email protected] |
There was a problem hiding this comment.
There's alternative actions we can use but I wasn't a huge fan of their ignore filtering behaviors when playing around with them locally. Another viable alternative would be to perform this filtering ourselves through the REST API using the /pulls/<PR #>/files endpoint.
There was a problem hiding this comment.
There's likely a couple of more alternatives the more I think about:
- Run CI on every PR, regardless of content. This is the most costly option but most of the CI runs we like to skip are markdown-only PRs and most of the OLM documentation is housed in another repository.
- Dynamically determine required checks; this would require removing required status checks entirely and updating our tide configuration to accommodate that requirement
- Dynamically determine when to skip certain required checks (which is what this PR attempts to do)
- Use the rest API and parse through the list of files that were changed in the PR
- Use a custom action to perform this filtering as a job that runs before any CI-related jobs (e.g. a prerequisite job)
- Could also play around with a workflow_dispatch singleton that triggers CI-related jobs but we'd likely run into the same issue of filtering + existing required status checks blocking PRs
|
A concrete example of the current behavior between paths-ignore + branch protection policies conflicting: #2456. |
timflannagan
force-pushed
the
ci/dynamically-ignore-filter
branch
2 times, most recently
from
7a8b587 to
0c8a715
Compare
|
/wip |
timflannagan
added
the
do-not-merge/work-in-progress
openshift-ci
bot
added
the
needs-rebase
Signed-off-by: timflannagan <[email protected]>
Update the relevant set of workflows defined in the .github/workflows directory and avoid running the CI-related jobs when PRs only contain markdown-only changes. Previously, this functionality was achieved through the paths_ignore workflow syntax, but that keyword doesn't play well with repositories that have setup explicit required action context's through branch protection. This results in documentation-only PRs with the requisite labels present being gated as those skipped jobs are reported as unknown checks and automatic merging tooling cannot perform the merge. See [1] for more information on this behavior. [1] https://i.8713187.xyzmunity/t/path-filtering-on-required-pull-request-checks/18402/3 Signed-off-by: timflannagan <[email protected]>
timflannagan
force-pushed
the
ci/dynamically-ignore-filter
branch
from
0c8a715 to
6c74864
Compare
openshift-ci
bot
removed
the
needs-rebase
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
Description of the change:
Update the relevant set of workflows defined in the .github/workflows
directory and avoid running the CI-related jobs when PRs only contain
markdown-only changes.
Previously, this functionality was achieved through the paths_ignore
workflow syntax, but that keyword doesn't play well with repositories
that have setup explicit required action context's through branch
protection. This results in documentation-only PRs with the requisite
labels present being gated as those skipped jobs are reported as unknown
checks and automatic merging tooling cannot perform the merge.
See [1] for more information on this behavior.
[1] https://i.8713187.xyzmunity/t/path-filtering-on-required-pull-request-checks/18402/3
Motivation for the change:
Markdown-only PRs labeled with lgtm/approved cannot be successfully merged by tide due to the combination of how the paths-ignore keyword interacts with branch protection rules.
Reviewer Checklist
/doc