ci: extract mobile CI status gate (#29619)

Qbandev · web-flow · commit 4b756de7f350 · 2026-05-05T09:21:49.000Z
## **Description** This PR extracts the final Mobile CI status gate into a composite action while preserving the existing `Check all jobs pass` status check name. Why: - The final gate decides whether the workflow should pass after standard CI, E2E build/test jobs, fork-only skips, and merge queue skips complete. - Keeping that logic in a dedicated action makes the workflow easier to maintain and keeps the pass/fail decision consistent. What changed: - Added `.github/actions/ci-status-gate`. - Updated `.github/workflows/ci.yml` so `Check all jobs pass` calls the composite action. - Removed the intermediate `All jobs pass` job. - Preserved current handling for failed jobs, cancelled jobs, skipped E2E jobs, fork PR skips, merge queue skips, and E2E readiness blocking. - Added a step summary table that explains each job result evaluated by the gate. ## **Changelog** CHANGELOG entry: null ## **Related issues** No public issue: CI maintenance refactor. ## **Manual testing steps** Validated the workflow files locally: ```bash actionlint -color -config-file .github/actionlint.yaml .github/workflows/ci.yml ruby -e 'require "yaml"; YAML.load_file(".github/workflows/ci.yml"); YAML.load_file(".github/actions/ci-status-gate/action.yml")' git diff --check ``` Validated extracted gate behavior in the public test fork: https://github.com/consensys-test/metamask-mobile-test - Non-ignorable app-code PR with `pr-not-ready-for-e2e`: `Check all jobs pass` failed as expected because `block_merge_for_e2e_readiness=true`. - PR: consensys-test#3 - Gate: https://github.com/consensys-test/metamask-mobile-test/actions/runs/25321128954/job/74237306086 - Locale-only PR without readiness blocking: E2E build/test jobs skipped, and the final gate accepted those skips. - PR: consensys-test#2 - Gate: https://github.com/consensys-test/metamask-mobile-test/actions/runs/25318425027/job/74223723784 - Locale-only PR with `pr-not-ready-for-e2e`: E2E jobs stayed skipped and `Check all jobs pass` passed. - PR: consensys-test#2 - Gate: https://github.com/consensys-test/metamask-mobile-test/actions/runs/25321510460/job/74234336146 - Standard CI failure: `Check all jobs pass` failed when a required standard CI job failed. - PR: consensys-test#4 - Gate: https://github.com/consensys-test/metamask-mobile-test/actions/runs/25321403908/job/74233562352 - E2E job failure: `Check all jobs pass` failed when an E2E smoke job failed. - PR: consensys-test#6 - E2E job: https://github.com/consensys-test/metamask-mobile-test/actions/runs/25328925239/job/74257209475 - Gate: https://github.com/consensys-test/metamask-mobile-test/actions/runs/25328925239/job/74259419260 - Build job failure: `Check all jobs pass` failed when an E2E build job failed. - PR: consensys-test#5 - Build job: https://github.com/consensys-test/metamask-mobile-test/actions/runs/25331281786/job/74265395383 - Gate: https://github.com/consensys-test/metamask-mobile-test/actions/runs/25331281786/job/74267776538 ## **Screenshots/Recordings** ### **Before** N/A ### **After** N/A ## **Pre-merge author checklist** - [x] I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards. - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using JSDoc format if applicable - [x] I've applied the right labels on the PR if applicable. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR where applicable. - [ ] I confirm that this PR addresses the described change and includes the necessary testing evidence.
diff --git a/.github/actions/ci-status-gate/action.yml b/.github/actions/ci-status-gate/action.yml
@@ -0,0 +1,158 @@
+name: CI Status Gate
+description: Evaluate required CI job results and fail on unexpected skips or failed jobs.
+
+inputs:
+  needs-json:
+    description: JSON representation of the calling job's needs context.
+    required: true
+  requirement-context-json:
+    description: JSON representation of get-requirements outputs.
+    required: true
+  e2e-job-regex:
+    description: Regex matching E2E build/test jobs whose skipped result is allowed. Failed or cancelled E2E jobs still fail.
+    required: false
+    default: '^e2e-'
+  event-name:
+    description: GitHub event name for the current workflow run.
+    required: true
+  is-fork:
+    description: Whether the current pull request originates from a fork. When true, skipped jobs are treated as allowed skips.
+    required: false
+    default: 'false'
+
+runs:
+  using: composite
+  steps:
+    - name: Evaluate CI status
+      shell: bash
+      env:
+        NEEDS_JSON: ${{ inputs.needs-json }}
+        REQUIREMENT_CONTEXT_JSON: ${{ inputs.requirement-context-json }}
+        E2E_JOB_REGEX: ${{ inputs.e2e-job-regex }}
+        EVENT_NAME: ${{ inputs.event-name }}
+        IS_FORK: ${{ inputs.is-fork }}
+      run: |
+        set -euo pipefail
+
+        get_requirement() {
+          local key="$1"
+          jq -nr --arg key "$key" 'env.REQUIREMENT_CONTEXT_JSON | fromjson | .[$key] // "false"'
+        }
+
+        sanitize_markdown_cell() {
+          local value="$1"
+          value="${value//$'\n'/ }"
+          value="${value//|/\\|}"
+          printf '%s' "$value"
+        }
+
+        add_summary_row() {
+          local job_name result decision reason
+          job_name="$(sanitize_markdown_cell "$1")"
+          result="$(sanitize_markdown_cell "$2")"
+          decision="$(sanitize_markdown_cell "$3")"
+          reason="$(sanitize_markdown_cell "$4")"
+
+          printf '| `%s` | `%s` | %s | %s |\n' \
+            "$job_name" "$result" "$decision" "$reason" >> "$summary_file"
+        }
+
+        mark_failure() {
+          local message="$1"
+          failed="true"
+          echo "::error::$message"
+        }
+
+        validate_json_type() {
+          local variable_name="$1"
+          local expected_type="$2"
+
+          if ! jq -en --arg variable_name "$variable_name" --arg expected_type "$expected_type" \
+            '(env[$variable_name] | fromjson | type) == $expected_type' >/dev/null 2>&1; then
+            echo "::error::$variable_name is not a valid JSON $expected_type"
+            exit 1
+          fi
+        }
+
+        require_requirement_key() {
+          local key="$1"
+
+          if ! jq -en --arg key "$key" \
+            'env.REQUIREMENT_CONTEXT_JSON | fromjson | .[$key] != null' >/dev/null 2>&1; then
+            echo "::error::REQUIREMENT_CONTEXT_JSON is missing or null for required key: $key"
+            exit 1
+          fi
+        }
+
+        validate_json_type NEEDS_JSON object
+        validate_json_type REQUIREMENT_CONTEXT_JSON object
+
+        for required_key in skip_everything block_merge_for_e2e_readiness; do
+          require_requirement_key "$required_key"
+        done
+
+        skip_everything="$(get_requirement skip_everything)"
+        block_merge_for_e2e_readiness="$(get_requirement block_merge_for_e2e_readiness)"
+
+        if [[ "$block_merge_for_e2e_readiness" == "true" ]]; then
+          echo "::error::The 'pr-not-ready-for-e2e' label is still applied. Remove it to trigger E2E tests before merging."
+          exit 1
+        fi
+
+        if [[ "$skip_everything" == "true" ]]; then
+          echo "skip_everything=true; treating all jobs as passed"
+          exit 0
+        fi
+
+        failed="false"
+        summary_file="$(mktemp)"
+        trap 'if [[ -n "${GITHUB_STEP_SUMMARY:-}" && -f "$summary_file" ]]; then cat "$summary_file" >> "$GITHUB_STEP_SUMMARY"; fi; rm -f "$summary_file"' EXIT
+        job_count=0
+
+        {
+          echo "### CI Status Gate"
+          echo
+          echo "| Job | Result | Decision | Reason |"
+          echo "| --- | --- | --- | --- |"
+        } >> "$summary_file"
+
+        while IFS=$'\t' read -r job_name result; do
+          job_count=$((job_count + 1))
+
+          case "$result" in
+            success)
+              add_summary_row "$job_name" "$result" "pass" "job succeeded"
+              ;;
+            failure|cancelled)
+              mark_failure "$job_name finished with result: $result"
+              add_summary_row "$job_name" "$result" "fail" "job did not complete successfully"
+              ;;
+            skipped)
+              if [[ "$job_name" =~ $E2E_JOB_REGEX ]]; then
+                add_summary_row "$job_name" "$result" "pass" "skipped E2E jobs are allowed"
+              elif [[ "$EVENT_NAME" == "merge_group" ]]; then
+                add_summary_row "$job_name" "$result" "pass" "merge queue skip is allowed"
+              elif [[ "$IS_FORK" == "true" ]]; then
+                add_summary_row "$job_name" "$result" "pass" "fork-only skip is allowed"
+              else
+                mark_failure "$job_name was skipped unexpectedly"
+                add_summary_row "$job_name" "$result" "fail" "skip was not expected"
+              fi
+              ;;
+            *)
+              mark_failure "$job_name has unknown result: $result"
+              add_summary_row "$job_name" "$result" "fail" "job result is unknown"
+              ;;
+          esac
+        done < <(jq -nr 'env.NEEDS_JSON | fromjson | to_entries[] | [.key, (.value.result // "")] | @tsv')
+
+        if [[ "$job_count" -eq 0 ]]; then
+          echo "::error::NEEDS_JSON does not contain any jobs"
+          exit 1
+        fi
+
+        if [[ "$failed" == "true" ]]; then
+          exit 1
+        fi
+
+        echo "All required jobs passed"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -937,113 +937,41 @@ jobs:
             fi
           fi
 
-  all-jobs-pass:
-    name: All jobs pass
-    runs-on: ubuntu-latest
-    if: ${{ !cancelled() }}
-    needs:
-      [
-        check-diff,
-        dedupe,
-        scripts,
-        unit-tests,
-        component-view-tests,
-        check-workflows,
-        js-bundle-size-check,
-        sonar-cloud-quality-gate-status,
-      ]
-    outputs:
-      ALL_JOBS_PASSED: ${{ steps.jobs-passed-status.outputs.ALL_JOBS_PASSED }}
-    steps:
-      - name: Set jobs passed status
-        id: jobs-passed-status
-        env:
-          NEEDS_CONTEXT: ${{ toJSON(needs) }}
-          EVENT_NAME: ${{ github.event_name }}
-          IS_FORK: ${{ github.event.pull_request.head.repo.fork }}
-        run: |
-          # Check results of all required jobs dynamically
-          # On merge_group events, "skipped" is acceptable (some jobs intentionally skip)
-          # On fork PRs, "skipped" is acceptable (secret-dependent jobs are intentionally skipped)
-          # On other events (push to main), all jobs must succeed
-
-          FAILED="false"
-
-          while read -r job_name result; do
-            if [[ "$result" == "failure" ]] || [[ "$result" == "cancelled" ]]; then
-              echo "::error::Job '$job_name' failed with result: $result"
-              FAILED="true"
-            elif [[ "$result" == "skipped" ]]; then
-              if [[ "$EVENT_NAME" == "merge_group" ]] || [[ "$IS_FORK" == "true" ]]; then
-                echo "Job '$job_name' was skipped (OK for merge_group events and fork PRs)"
-              else
-                echo "::error::Job '$job_name' was unexpectedly skipped on $EVENT_NAME event"
-                FAILED="true"
-              fi
-            else
-              echo "Job '$job_name' passed"
-            fi
-          done < <(echo "$NEEDS_CONTEXT" | jq -r 'to_entries[] | "\(.key) \(.value.result)"')
-
-          if [[ "$FAILED" == "true" ]]; then
-            echo "Some required jobs failed"
-            exit 1
-          fi
-
-          echo "ALL_JOBS_PASSED=true" >> "$GITHUB_OUTPUT"
-
   check-all-jobs-pass:
     name: Check all jobs pass
-    if: ${{ !cancelled() }}
+    # Run the aggregate gate even when optional dependencies are skipped.
+    # The composite action decides which skipped jobs are acceptable.
+    if: ${{ always() && !cancelled() }}
     runs-on: ubuntu-latest
     needs:
       - get_requirements
-      - all-jobs-pass
+      - check-diff
+      - dedupe
+      - scripts
+      - unit-tests
+      - component-view-tests
+      - check-workflows
+      - js-bundle-size-check
+      - sonar-cloud-quality-gate-status
       - build-android-apks
       - build-ios-apps
       - e2e-smoke-tests-android
       - e2e-smoke-tests-ios
-    env:
-      SKIPPED: ${{ needs.get_requirements.outputs.skip_everything == 'true' }}
     steps:
-      - name: Block merge while pr-not-ready-for-e2e label is applied
-        if: ${{ needs.get_requirements.outputs.block_merge_for_e2e_readiness == 'true' }}
-        run: |
-          echo "::error::The 'pr-not-ready-for-e2e' label is still applied. Remove it to trigger E2E tests before merging."
-          exit 1
-      - run: |
-          # If the merge queue was skipped, consider all jobs as passed
-          if [[ "$SKIPPED" == "true" ]]; then
-            echo "Merge queue skipped, considering all jobs as passed"
-            exit 0
-          fi
-
-          # Check if all non-E2E jobs passed
-          if [[ "${{ needs.all-jobs-pass.outputs.ALL_JOBS_PASSED }}" != "true" ]]; then
-            echo "Non-E2E jobs failed"
-            exit 1
-          fi
-
-          # Check E2E build + smoke results only if E2E should have run.
-          # 'skipped' is acceptable — covers merge_group, fork PRs, ignorable-only changes,
-          # platform-only PRs, and AI selection returning zero tags.
-          # 'failure'/'cancelled' on any of build or smoke must block merge.
-          if [[ "${{ needs.get_requirements.outputs.skip_e2e }}" != "true" ]]; then
-            for entry in \
-              "build-android-apks:${{ needs.build-android-apks.result }}" \
-              "e2e-smoke-tests-android:${{ needs.e2e-smoke-tests-android.result }}" \
-              "build-ios-apps:${{ needs.build-ios-apps.result }}" \
-              "e2e-smoke-tests-ios:${{ needs.e2e-smoke-tests-ios.result }}"; do
-              name="${entry%%:*}"
-              result="${entry#*:}"
-              if [[ "$result" == "failure" ]] || [[ "$result" == "cancelled" ]]; then
-                echo "::error::Required E2E job '$name' did not succeed (result: $result)"
-                exit 1
-              fi
-            done
-          fi
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 1
+          sparse-checkout: |
+            .github/actions/ci-status-gate
 
-          echo "All required jobs passed"
+      - name: Evaluate CI status
+        uses: ./.github/actions/ci-status-gate
+        with:
+          needs-json: ${{ toJSON(needs) }}
+          requirement-context-json: ${{ toJSON(needs.get_requirements.outputs) }}
+          e2e-job-regex: '^(build-android-apks|build-ios-apps|e2e-smoke-tests-android|e2e-smoke-tests-ios)$'
+          event-name: ${{ github.event_name }}
+          is-fork: ${{ github.event.pull_request.head.repo.fork == true }}
 
   log-merge-group-failure:
     name: Log merge group failure
