Skip to content

ci(root): add path filters to skip irrelevant jobs per PR #9041

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gokulhost wants to merge 2 commits into
base: master
Choose a base branch
from
+65 −0
Open

ci(root): add path filters to skip irrelevant jobs per PR #9041

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c37ee2f
ci(root): add path filters to skip irrelevant jobs per PR
gokulhost Jun 16, 2026
35067e9
ci(root): add all-checks umbrella job for branch protection
gokulhost Jun 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 65 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,41 @@ env:
SOCKET_SECURITY_MODE: monitor # Options: monitor (non-blocking) or block (fails on vulnerabilities)

jobs:
# Detect which file groups changed so downstream jobs can skip when irrelevant.
# Only runs on pull_request — on push/workflow_dispatch it is skipped, which causes
# downstream jobs (via `needs.changes.result == 'skipped'`) to run unconditionally.
changes:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
outputs:
source: ${{ steps.filter.outputs.source }}
docker: ${{ steps.filter.outputs.docker }}
vendor: ${{ steps.filter.outputs.vendor }}
steps:
- uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
id: filter
with:
filters: |
source:
- 'modules/**'
- 'package.json'
- 'yarn.lock'
- 'tsconfig*.json'
- 'lerna.json'
docker:
- 'Dockerfile'
- '.dockerignore'
- 'modules/**'
- 'package.json'
- 'yarn.lock'
- 'lerna.json'
vendor:
- 'modules/argon2/**'

unit-test:
runs-on: ubuntu-latest
needs: [changes]
if: always() && (needs.changes.result == 'skipped' || needs.changes.outputs.source == 'true')

strategy:
fail-fast: false
Expand Down Expand Up @@ -146,6 +179,8 @@ jobs:

browser-test:
runs-on: ubuntu-22.04
needs: [changes]
if: always() && (needs.changes.result == 'skipped' || needs.changes.outputs.source == 'true')

steps:
- uses: socketdev/action@v1
Expand Down Expand Up @@ -242,6 +277,8 @@ jobs:

docker-build:
runs-on: ubuntu-latest
needs: [changes]
if: always() && (needs.changes.result == 'skipped' || needs.changes.outputs.docker == 'true')
Comment thread
gokulhost marked this conversation as resolved.

steps:
- uses: actions/checkout@v6
Expand Down Expand Up @@ -314,6 +351,8 @@ jobs:

verify-vendor-integrity:
runs-on: ubuntu-latest
needs: [changes]
if: always() && (needs.changes.result == 'skipped' || needs.changes.outputs.vendor == 'true')

steps:
- uses: actions/checkout@v6
Expand All @@ -336,6 +375,8 @@ jobs:

dockerfile-check:
runs-on: ubuntu-latest
needs: [changes]
if: always() && (needs.changes.result == 'skipped' || needs.changes.outputs.docker == 'true')

steps:
- uses: socketdev/action@v1
Expand Down Expand Up @@ -372,3 +413,27 @@ jobs:
git diff -- . ':!yarn.lock'
exit 1
fi

# Umbrella job that branch protection should require instead of individual jobs.
# Passes when every dependency either succeeded or was intentionally skipped,
# so CI-only PRs (where tests are skipped by path filters) can still merge.
# `changes` is included in needs so a failure there (not a skip) is caught and
# blocks the merge — preventing test jobs from being falsely skipped.
all-checks:
runs-on: ubuntu-latest
if: always()
needs:
- changes
- unit-test
- browser-test
- docker-build
- dockerfile-check
- verify-vendor-integrity
- verify-npm-packages
- code-quality
steps:
- name: All checks passed or skipped
run: |
results='${{ toJSON(needs) }}'
echo "$results"
echo "$results" | jq -e '[.[].result] | all(. == "success" or . == "skipped")'