From daa45872ebfb0358ab6601e37f4f3f158be22695 Mon Sep 17 00:00:00 2001 From: Akash Sinha Date: Tue, 16 Jun 2026 20:01:53 +0530 Subject: [PATCH 1/2] ci: skip heavy suites on version-bump PRs via paths-ignore (PER-9560) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replaces the job-level skip + version-only gate from #2284 with a much simpler path filter. Version-bump PRs change only lerna.json + packages/*/package.json and have no code to test, so test.yml and windows.yml now skip those PRs entirely via on.pull_request.paths-ignore — the workflows don't run, so no Build/Test/Regression checks appear on the PR at all. These checks aren't required, so skipped PRs aren't left pending. Any PR touching source (or yarn.lock) still runs the full suite; lint, typecheck, Semgrep and CodeQL are untouched and keep running. Removes the `changes` job, the version_only / github-actions[bot] gate, and the permissions block added in #2284. Verified end-to-end on a fork: a version-only PR triggered only Lint/Typecheck (Test + Windows did not run); a source PR ran the full suite. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/test.yml | 50 +++++++---------------------------- .github/workflows/windows.yml | 45 +++++-------------------------- 2 files changed, 17 insertions(+), 78 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e64b638a9..abfffb66c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,47 +2,19 @@ name: Test on: push: branches: [master] + # Version-bump PRs change only lerna.json + packages/*/package.json and have no + # code to test, so the heavy suite is skipped entirely — the workflow doesn't run, + # so no Build/Test/Regression checks appear. Any PR touching source (or yarn.lock) + # still runs the full suite. These checks aren't required, so skipped PRs aren't + # left pending. (PER-9560) pull_request: + paths-ignore: + - 'lerna.json' + - 'packages/*/package.json' workflow_dispatch: - -permissions: - contents: read - pull-requests: read - jobs: - changes: - name: Detect version-only changes - runs-on: ubuntu-latest - outputs: - version_only: ${{ steps.filter.outputs.version_only }} - steps: - - name: Check the PR changes only version files - id: filter - if: github.event_name == 'pull_request' - env: - GH_TOKEN: ${{ github.token }} - PR: ${{ github.event.pull_request.number }} - REPO: ${{ github.repository }} - run: | - if ! files=$(gh api "repos/$REPO/pulls/$PR/files" --paginate --jq '.[].filename'); then - echo "Could not list PR files — running full CI to be safe." - echo "version_only=false" >> "$GITHUB_OUTPUT" - exit 0 - fi - printf 'Changed files:\n%s\n' "$files" - # version_only=true only if EVERY changed file is lerna.json or a top-level - # packages//package.json (exactly what version-bump.yml commits). - others=$(printf '%s\n' "$files" | grep -vE '^(lerna\.json|packages/[^/]+/package\.json)$' || true) - if [ -n "$files" ] && [ -z "$others" ]; then - echo "version_only=true" >> "$GITHUB_OUTPUT" - else - echo "version_only=false" >> "$GITHUB_OUTPUT" - fi - build: name: Build - needs: [changes] - if: ${{ !(startsWith(github.head_ref, 'release/') && github.event.pull_request.user.login == 'github-actions[bot]' && needs.changes.outputs.version_only == 'true') }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 @@ -71,8 +43,7 @@ jobs: test: name: Test ${{ matrix.package }} - needs: [build, changes] - if: ${{ !(startsWith(github.head_ref, 'release/') && github.event.pull_request.user.login == 'github-actions[bot]' && needs.changes.outputs.version_only == 'true') }} + needs: [build] strategy: matrix: os: [ubuntu-latest] @@ -174,8 +145,7 @@ jobs: regression: name: Regression - needs: [build, changes] - if: ${{ !(startsWith(github.head_ref, 'release/') && github.event.pull_request.user.login == 'github-actions[bot]' && needs.changes.outputs.version_only == 'true') }} + needs: [build] runs-on: ubuntu-latest timeout-minutes: 15 steps: diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 026ed0e30..8e9f4a4d1 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -2,47 +2,17 @@ name: Windows on: push: branches: [master] + # See test.yml — skip the heavy Windows suite on version-only PRs (lerna.json + + # packages/*/package.json). The workflow doesn't run, so no checks appear; any PR + # touching source (or yarn.lock) still runs the full suite. (PER-9560) pull_request: + paths-ignore: + - 'lerna.json' + - 'packages/*/package.json' workflow_dispatch: - -permissions: - contents: read - pull-requests: read - jobs: - changes: - name: Detect version-only changes - runs-on: ubuntu-latest - outputs: - version_only: ${{ steps.filter.outputs.version_only }} - steps: - - name: Check the PR changes only version files - id: filter - if: github.event_name == 'pull_request' - env: - GH_TOKEN: ${{ github.token }} - PR: ${{ github.event.pull_request.number }} - REPO: ${{ github.repository }} - run: | - if ! files=$(gh api "repos/$REPO/pulls/$PR/files" --paginate --jq '.[].filename'); then - echo "Could not list PR files — running full CI to be safe." - echo "version_only=false" >> "$GITHUB_OUTPUT" - exit 0 - fi - printf 'Changed files:\n%s\n' "$files" - # version_only=true only if EVERY changed file is lerna.json or a top-level - # packages//package.json (exactly what version-bump.yml commits). - others=$(printf '%s\n' "$files" | grep -vE '^(lerna\.json|packages/[^/]+/package\.json)$' || true) - if [ -n "$files" ] && [ -z "$others" ]; then - echo "version_only=true" >> "$GITHUB_OUTPUT" - else - echo "version_only=false" >> "$GITHUB_OUTPUT" - fi - build: name: Build - needs: [changes] - if: ${{ !(startsWith(github.head_ref, 'release/') && github.event.pull_request.user.login == 'github-actions[bot]' && needs.changes.outputs.version_only == 'true') }} runs-on: windows-latest steps: - uses: actions/checkout@v5 @@ -71,8 +41,7 @@ jobs: test: name: Test ${{ matrix.package }} - needs: [build, changes] - if: ${{ !(startsWith(github.head_ref, 'release/') && github.event.pull_request.user.login == 'github-actions[bot]' && needs.changes.outputs.version_only == 'true') }} + needs: [build] strategy: fail-fast: false matrix: From 3292fdb9c527c9d4036adf74ba93983fdce20bd7 Mon Sep 17 00:00:00 2001 From: Akash Sinha Date: Tue, 16 Jun 2026 20:06:03 +0530 Subject: [PATCH 2/2] ci: drop explanatory comments from the paths-ignore block (PER-9560) --- .github/workflows/test.yml | 5 ----- .github/workflows/windows.yml | 3 --- 2 files changed, 8 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index abfffb66c..d9a2bd136 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,11 +2,6 @@ name: Test on: push: branches: [master] - # Version-bump PRs change only lerna.json + packages/*/package.json and have no - # code to test, so the heavy suite is skipped entirely — the workflow doesn't run, - # so no Build/Test/Regression checks appear. Any PR touching source (or yarn.lock) - # still runs the full suite. These checks aren't required, so skipped PRs aren't - # left pending. (PER-9560) pull_request: paths-ignore: - 'lerna.json' diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 8e9f4a4d1..6a914b75d 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -2,9 +2,6 @@ name: Windows on: push: branches: [master] - # See test.yml — skip the heavy Windows suite on version-only PRs (lerna.json + - # packages/*/package.json). The workflow doesn't run, so no checks appear; any PR - # touching source (or yarn.lock) still runs the full suite. (PER-9560) pull_request: paths-ignore: - 'lerna.json'