ci: init pr.yml and merge-queue.yml workflows
#3628
Conversation
MattSturgeon
force-pushed
the
ci/require-gha
branch
from
fe2f8f8 to
6be9b74
Compare
|
Rebased and added This does mean that It may be possible to use something like https://github.com/dorny/paths-filter in a EDIT: ran successfully here: https://github.com/nix-community/nixvim/actions/runs/17108993910/job/48525322498?pr=3628 |
MattSturgeon
force-pushed
the
ci/require-gha
branch
from
6be9b74 to
f0b0954
Compare
MattSturgeon
requested review from
wolfgangwalther and
a team
and removed request for
wolfgangwalther
I did add |
Good to know 👍🏻 I'll still hold off for now. One of the main arguments for not linting when specific paths are the only ones modified was that we update |
This means we don't need to rely on `--accept-flake-config`, which could be problematic if we switch from `pull_request` -> `pull_request_target`
These workflows will serve as top-level entry points for running GHA jobs against PRs and merge groups in the merge queue. Currently, the only required job is `lint`, which runs treefmt.
MattSturgeon
force-pushed
the
ci/require-gha
branch
from
f0b0954 to
2eab9f2
Compare
|
I've just pushed a refactor based on NixOS/nixpkgs#435929, with a few tweaks to wording and formatting. This now uses @wolfgangwalther's new proposal of manually posting the required status check when the jobs are successful. This should prove simpler than of skipping it when successful and manually failing otherwise. Being able to manually post status checks requires It also makes it more difficult to test changes to the workflow itself, since PRs will use the base branch's workflow instead of the PR's. That means we won't see it running on this PR, unless we also trigger it via |
There was a problem hiding this comment.
Optionally, we could combine pr.yml and merge-queue.yml into a single workflow.
We'd need to do things like ${{ github.event.pull_request.head.sha || github.event.merge_group.head_sha }} and it'd be more difficult to specify different checks for PRs vs the Queue.
But it would remove a lot of duplication.
Thoughts?
There was a problem hiding this comment.
I think it makes a lot of sense to re-use the same file when you can. It looks like this should be easily possible here.
You could even change the run-name so you don't get "PR" for both.
| await github.rest.repos.createCommitStatus({ | ||
| ...repo, | ||
| sha: payload.pull_request.head.sha, | ||
| target_url: `${serverUrl}/${repo.owner}/${repo.repo}/actions/runs/${runId}`, |
There was a problem hiding this comment.
Did you leave out the ?pr= suffix out here on purpose? This is a bit annoying when clicking the link, because the "back" link from the summary page won't go to the PR, but to the actions tab.
There was a problem hiding this comment.
Good catch. I copied this from your merge-group.yml without spotting that pr.yml had a different URL.
There was a problem hiding this comment.
I think it makes a lot of sense to re-use the same file when you can. It looks like this should be easily possible here.
You could even change the run-name so you don't get "PR" for both.
| on: | ||
| pull_request_target: |
There was a problem hiding this comment.
One downside of going with the pull_request_target event: Changes to the workflow file now won't be tested in the respective PR anymore. Now you need to start looking into whether to add the pull_request trigger as well.
Overall, it might be simpler to use the non-javascript-status approach here with the old "skipped vs failed job" approach.
There was a problem hiding this comment.
One downside of going with the
pull_request_targetevent: Changes to the workflow file now won't be tested in the respective PR anymore. Now you need to start looking into whether to add thepull_requesttrigger as well.
Yeah, this is frustrating. Maybe I should consider adding a "testing" on: pull_request trigger to this PR so that it's done.
Overall, it might be simpler to use the non-javascript-status approach here with the old "skipped vs failed job" approach.
I'm of two minds here:
- On the one hand
pull_requestis much simpler. - On the other hand, if we want to do anything that needs secrets or write permissions then we'll eventually need to switch.
If so, we may as well do it now and get access to the better "required check" implementation.
I like the idea of the better impl because we can choose a saner name for the required check from the start. It's also less confusing for contributors if we have a green check, rather than a grey one.
|
I noticed in #3657 that we have configured the repo to require manual approval before running 
Switching to |
These workflows will serve as top-level entry points for running GHA jobs against PRs and merge groups in the merge queue.
This allows us to have a meta-job "no PR failures" that "needs" all merge requirements. This makes it easier to maintain the "required status checks" ruleset.
Additionally, by having separate workflows for
pull_requestandmerge_group, we can have different "needs" for each.This is related to #3611, which is adding the first GHA-based check that will need to be "required".
This is based on @wolfgangwalther's excellent work in nixpkgs: merge-group.yml and pr.yml
The PR workflow ran Successfully here: https://github.com/nix-community/nixvim/actions/runs/17108993910/job/48525322498?pr=3628
We won't see the Merge Queue workflow run until this PR enters the queue.
@GaetanLepage you will need to add
PR checks successfulto the required status checks list in our ruleset. EDIT: the actual status check name may change throughout this PR.