Add non-interrupting active fork mode #11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: blocking-ci | |
| # This is the single entrypoint for checks that block a PR merge. It also runs | |
| # after pushes to main so the same check family stays grouped in the Actions UI. | |
| on: | |
| pull_request: {} | |
| push: | |
| branches: [main] | |
| jobs: | |
| # Keep reusable workflow calls alphabetized. The `required` job below is the | |
| # version-controlled list that the main-branch ruleset should require. | |
| bazel: | |
| name: Bazel | |
| uses: ./.github/workflows/bazel.yml | |
| secrets: inherit | |
| blob-size-policy: | |
| name: Blob size policy | |
| uses: ./.github/workflows/blob-size-policy.yml | |
| secrets: inherit | |
| cargo-deny: | |
| name: cargo-deny | |
| uses: ./.github/workflows/cargo-deny.yml | |
| secrets: inherit | |
| codespell: | |
| name: Codespell | |
| uses: ./.github/workflows/codespell.yml | |
| secrets: inherit | |
| repo-checks: | |
| name: repo-checks | |
| uses: ./.github/workflows/repo-checks.yml | |
| secrets: inherit | |
| rust-ci: | |
| name: rust-ci | |
| uses: ./.github/workflows/rust-ci.yml | |
| secrets: inherit | |
| sdk: | |
| name: sdk | |
| uses: ./.github/workflows/sdk.yml | |
| secrets: inherit | |
| required: | |
| name: CI required | |
| # Without `always()`, GitHub skips this job after a failed dependency and a | |
| # required check can appear successful instead of reporting the failure. | |
| if: ${{ always() }} | |
| needs: | |
| - bazel | |
| - blob-size-policy | |
| - cargo-deny | |
| - codespell | |
| - repo-checks | |
| - rust-ci | |
| - sdk | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| # Keep the helper on the same revision as the caller and child workflows. | |
| # CI workflow uploads are restricted, so this repository does not need a | |
| # separate trusted-base checkout for the terminal policy step. Using the | |
| # PR head also lets the introducing PR exercise a newly added helper. | |
| # | |
| # During the initial rollout, PR branches created before | |
| # check_ci_results.py exists must rebase onto main before this gate can | |
| # run. | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} | |
| persist-credentials: false | |
| - name: Require successful dependencies | |
| env: | |
| NEEDS: ${{ toJSON(needs) }} | |
| run: python3 .github/scripts/check_ci_results.py |