Pass all required checks that weren't triggered in the PR (#1748)

Fixes #1747 Fixes #1746
2026-01-27 10:18:54 +00:00 · 2023-07-07 15:04:42 -07:00
parent f5c1b5a78e
commit 35eeb9904c
10 changed files with 122 additions and 98 deletions
--- a/.github/workflows/elixir.yml
+++ b/.github/workflows/elixir.yml
@@ -14,7 +14,7 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  unit-test:
+  elixir_unit-test:
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -78,7 +78,7 @@ jobs:
          name: Elixir Unit Test Report
          path: elixir/_build/test/lib/*/test-junit-report.xml
          reporter: java-junit
-  type-check:
+  elixir_type-check:
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -130,7 +130,7 @@ jobs:
        run: mix dialyzer --plt
      - name: Run Dialyzer
        run: mix dialyzer --format dialyxir
-  static-analysis:
+  elixir_static-analysis:
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -175,7 +175,7 @@ jobs:
        run: mix format --check-formatted
      - name: Run Credo
        run: mix credo --strict
-  migrations-and-seed-test:
+  elixir_migrations-and-seed-test:
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -269,7 +269,7 @@ jobs:
          path: elixir/apps/domain/priv/repo/structure.sql
      - name: Run Seed
        run: mix ecto.seed
-  acceptance-test:
+  elixir_acceptance-test:
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -394,7 +394,7 @@ jobs:
          name: Elixir Acceptance Test Report
          path: elixir/_build/test/lib/*/test-junit-report.xml
          reporter: java-junit
-  # draft-release:
+  # elixir/draft-release:
  #   runs-on: ubuntu-latest
  #   outputs:
  #     tag_name: ${{ steps.release_drafter.outputs.tag_name }}
@@ -403,7 +403,7 @@ jobs:
  #       id: release_drafter
  #       env:
  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  web-container-build:
+  elixir_web-container-build:
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -412,8 +412,8 @@ jobs:
      contents: read
      id-token: "write"
    needs:
-      - unit-test
-      - acceptance-test
+      - elixir_unit-test
+      - elixir_acceptance-test
    env:
      APPLICATION_NAME: web
      REGISTRY: us-east1-docker.pkg.dev
@@ -463,7 +463,7 @@ jobs:
          file: elixir/Dockerfile
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.GCLOUD_PROJECT }}/firezone/${{ env.APPLICATION_NAME }}:${{ env.TAG }} , ${{ env.REGISTRY }}/${{ env.GCLOUD_PROJECT }}/firezone/${{ env.APPLICATION_NAME }}:${{ github.sha }}
-  api-container-build:
+  elixir_api-container-build:
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -472,8 +472,8 @@ jobs:
      contents: read
      id-token: "write"
    needs:
-      - unit-test
-      - acceptance-test
+      - elixir_unit-test
+      - elixir_acceptance-test
    env:
      APPLICATION_NAME: api
      REGISTRY: us-east1-docker.pkg.dev
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@@ -3,9 +3,10 @@ on:
  merge_group:
    types: [checks_requested]
  pull_request:
+  workflow_dispatch:

 jobs:
-  test-basic-flow:
+  integration-test_basic-flow:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
--- a/.github/workflows/kotlin.yml
+++ b/.github/workflows/kotlin.yml
@@ -3,10 +3,12 @@ on:
  pull_request:
    paths:
      - "kotlin/**"
+      - "rust/connlib/**"
      - ".github/workflows/kotlin.yml"
  merge_group:
    types: [checks_requested]
  workflow_call:
+  workflow_dispatch:

 # Cancel old workflow runs if new code is pushed
 concurrency:
@@ -14,7 +16,7 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  draft-release:
+  kotlin_draft-release:
    runs-on: ubuntu-latest
    outputs:
      tag_name: ${{ steps.release_drafter.outputs.tag_name }}
@@ -28,13 +30,13 @@ jobs:

  # TODO: Add a basic CI for the Android client
  # See rust.yml how we build, package and release connlib as an example
-  build:
+  kotlin_build:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./kotlin
    needs:
-      - draft-release
+      - kotlin_draft-release
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-java@v3
--- a/.github/workflows/pass-nontriggered-checks.yml
+++ b/.github/workflows/pass-nontriggered-checks.yml
@@ -0,0 +1,86 @@
+# This workflow is a workaround to the problem described here:
+# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/troubleshooting-required-status-checks#example
+#
+# Using Path filtering to trigger workflows leads to unmergable PRs if a "required status check" is
+# not triggered in the workflow run. Here we overload all job names selected by "required status checks"
+# and simply return true so the PR can be merged.
+name: Pass Non-triggered Checks
+on:
+  pull_request:
+    paths-ignore:
+      - "elixir/**"
+      - "kotlin/**"
+      - "rust/**"
+      - "swift/**"
+      - "terraform/**"
+  workflow_dispatch:
+
+jobs:
+  elixir_acceptance-test:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  elixir_api-container-build:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  elixir_migrations-and-seed-test:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  elixir_static-analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  elixir_web-container-build:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  elixir_type-check:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  elixir_unit-test:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  kotlin_draft-release:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  kotlin_build:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  swift_draft-release:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  swift_build:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  rust_cross-compile-relay:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  rust_build-android:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  rust_build-apple:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  rust_draft-release:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  rust_test:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
+  terraform_plan-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No build required"'
--- a/.github/workflows/pr_labeler.yml
+++ b/.github/workflows/pr_labeler.yml
@@ -1,19 +0,0 @@
-name: PR Labeler
-on:
-  pull_request:
-    types: [opened]
-
-permissions:
-  contents: read
-
-jobs:
-  pr-labeler:
-    permissions:
-      contents: read # for TimonVS/pr-labeler-action to read config file
-      pull-requests: write # for TimonVS/pr-labeler-action to add labels in PR
-    runs-on: ubuntu-latest
-    steps:
-      - uses: TimonVS/pr-labeler-action@v4
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          configuration-path: .github/pr-labeler.yml # optional, .github/pr-labeler.yml is the default value
--- a/.github/workflows/publish_connlib.yml
+++ b/.github/workflows/publish_connlib.yml
@@ -1,46 +0,0 @@
-name: Publish packages to GitHub Packages
-on:
-  release:
-    types: [published]
-jobs:
-  # Noop: XCFramework is attached to release already in build workflow
-  # publish-apple:
-  publish-android:
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./rust
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-java@v3
-        with:
-          java-version: '17'
-          distribution: 'adopt'
-      - uses: Swatinem/rust-cache@v2
-        with:
-          workspaces: ./rust
-      - name: Setup toolchain
-        run: rustup show
-      - name: Validate Gradle wrapper
-        uses: gradle/wrapper-validation-action@v1
-      - name: Sanity check tag equals AAR version
-        run: |
-          pkg_version=$(awk -F ' = ' '$1 ~ /version/ { gsub(/[\"]/, "", $2); printf("%s",$2); exit; }' connlib/android/lib/build.gradle.kts)
-          if [[ "${{ github.ref_name }}" = "$pkg_version" ]]; then
-            echo "Github ref name ${{ github.ref_name }} equals parsed package version $pkg_version. Continuing..."
-          else
-            echo "Github ref name ${{ github.ref_name }} differs from parsed package version $pkg_version! Aborting..."
-            exit 1
-          fi
-      - name: Publish package
-        uses: gradle/gradle-build-action@v2
-        with:
-          build-root-directory: android
-          arguments: publish
-        env:
-          GITHUB_ACTOR: ${{ secrets.GITHUB_ACTOR }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -7,6 +7,7 @@ on:
      - "rust/**"
      - ".github/workflows/rust.yml"
  workflow_call:
+  workflow_dispatch:

 # Cancel old workflow runs if new code is pushed
 concurrency:
@@ -18,7 +19,7 @@ defaults:
    working-directory: ./rust

 jobs:
-  draft-release:
+  rust_draft-release:
    runs-on: ubuntu-latest
    outputs:
      tag_name: ${{ steps.release_drafter.outputs.tag_name }}
@@ -30,7 +31,7 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

-  test:
+  rust_test:
    strategy:
      fail-fast: false
      matrix:
@@ -81,9 +82,9 @@ jobs:
      - run: cargo clippy --all-targets --all-features -- -D warnings
      - run: cargo test --all-features

-  build-android:
+  rust_build-android:
    needs:
-      - draft-release
+      - rust_draft-release
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -115,9 +116,9 @@ jobs:
          path: |
            ./rust/connlib-${{ needs.draft-release.outputs.tag_name }}.aar

-  build-apple:
+  rust_build-apple:
    needs:
-      - draft-release
+      - rust_draft-release
    runs-on: macos-latest
    permissions:
      contents: read
@@ -156,8 +157,7 @@ jobs:
            ./Connlib-${{ needs.draft-release.outputs.tag_name }}.xcframework.zip
            ./Connlib-${{ needs.draft-release.outputs.tag_name }}.xcframework.zip.checksum.txt

-  cross-relay: # cross is separate from test because cross-compiling yields different artifacts and we cannot reuse the cache.
-    name: Cross compile relay
+  rust_cross-compile-relay: # cross is separate from test because cross-compiling yields different artifacts and we cannot reuse the cache.
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -1,15 +1,13 @@
-name: Codespell
+name: Static Analysis
 on:
  merge_group:
    types: [checks_requested]
  pull_request:
+  workflow_dispatch:

 jobs:
-  static-analysis:
+  static-analysis_linter:
    runs-on: ubuntu-latest
-    env:
-      MIX_ENV: dev
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-python@v2
--- a/.github/workflows/swift.yml
+++ b/.github/workflows/swift.yml
@@ -8,6 +8,7 @@ on:
  merge_group:
    types: [checks_requested]
  workflow_call:
+  workflow_dispatch:

 # Cancel old workflow runs if new code is pushed
 concurrency:
@@ -15,7 +16,7 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  draft-release:
+  swift_draft-release:
    runs-on: ubuntu-latest
    outputs:
      tag_name: ${{ steps.release_drafter.outputs.tag_name }}
@@ -27,7 +28,7 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

-  build:
+  swift_build:
    runs-on: macos-latest
    permissions:
      contents: read
@@ -35,7 +36,7 @@ jobs:
      run:
        working-directory: ./swift
    needs:
-      - draft-release
+      - swift_draft-release
    steps:
      - uses: actions/checkout@v3
      - run: rustup show
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -7,6 +7,7 @@ on:
      - "terraform/**"
      - ".github/workflows/terraform.yml"
  workflow_call:
+  workflow_dispatch:

 # Cancel old workflow runs if new code is pushed
 concurrency:
@@ -14,7 +15,7 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  plan_deploy:
+  terraform_plan-deploy:
    runs-on: ubuntu-latest
    permissions:
      contents: read