[TT-16977] fix: prevent dep-guard from skipping downstream jobs on push

[buger]

Summary

• Add !cancelled() + result checks to all downstream jobs that depend on goreleaser (test-controller-api, api-tests, test-controller-distros, upgrade-deb, upgrade-rpm, sbom) to prevent GitHub Actions transitive skip propagation when dep-guard is skipped on push/tag events
• Add dep-guard to aggregator-ci-test needs for complete status aggregation

Test plan

• Push to branch triggers all downstream jobs
• PR still runs dep-guard and blocks on failure

🤖 Generated with Claude Code

[probelabs]

This PR fixes a bug in the release.yml GitHub Actions workflow that caused downstream jobs to be skipped during push events. The dep-guard job is designed to run only on pull requests, and its "skipped" status on push events was transitively causing dependent jobs to also be skipped. This change introduces explicit if conditions to ensure jobs run as long as their direct dependencies succeed, resolving the issue.

Files Changed Analysis

• .github/workflows/release.yml: This is the only file modified. The changes involve adding if conditions to six jobs (test-controller-api, api-tests, test-controller-distros, upgrade-deb, upgrade-rpm, sbom) and updating the dependencies for the aggregator-ci-test job.

Architecture & Impact Assessment

What this PR accomplishes:
This PR ensures the reliability of the CI pipeline by preventing essential jobs (like tests, package upgrades, and SBOM generation) from being skipped on push and tag events. It decouples the execution logic of these jobs from the status of the unrelated dep-guard job.

Key technical changes introduced:

• Explicit if conditions have been added to downstream jobs. These conditions use !cancelled() && needs.<dependency>.result == 'success' to override GitHub Actions' default behavior of skipping a job if any of its dependencies were skipped.
• The aggregator-ci-test job's dependencies (needs) have been updated to include dep-guard, ensuring its status is correctly included in the final aggregated CI status for pull requests.

Affected system components:
The changes are confined to the CI/CD pipeline defined in .github/workflows/release.yml. No application code is affected.

Workflow Dependencies:

graph TD
    subgraph "Release Workflow"
        direction LR
        start((Start)) --> dep-guard
        start --> goreleaser
        
        goreleaser --> test-controller-api
        goreleaser --> test-controller-distros
        goreleaser --> sbom

        test-controller-api --> api-tests
        goreleaser --> api-tests

        test-controller-distros --> upgrade-deb
        test-controller-distros --> upgrade-rpm

        subgraph "Final Aggregation (PR only)"
          api-tests --> aggregator-ci-test
          goreleaser --> aggregator-ci-test
          dep-guard --> aggregator-ci-test
        end
    end

    style dep-guard fill:#f9f,stroke:#333,stroke-width:2px
    style aggregator-ci-test fill:#f9f,stroke:#333,stroke-width:2px

Loading

Scope Discovery & Context Expansion

• The issue is rooted in GitHub Actions' default dependency management, where a "skipped" status propagates through the job chain. This PR implements a standard pattern to prevent this transitive skipping.
• The change to the aggregator-ci-test job is a logical enhancement that makes the final PR status check more comprehensive by explicitly waiting for the dep-guard result.
• The broader impact is improved consistency and correctness of the release pipeline, ensuring that all required checks and builds are executed on every relevant trigger.

Metadata

• Review Effort: 2 / 5
• Primary Label: bug

---

Powered by Visor from Probelabs

Last updated: 2026-04-17T12:01:33.080Z | Triggered by: pr_opened | Commit: fdff340

💡 TIP: You can chat with Visor using /visor ask <your question>

[probelabs]

✅ Security Check Passed

No security issues found – changes LGTM.

✅ Performance Check Passed

No performance issues found – changes LGTM.

✅ Security Check Passed

No security issues found – changes LGTM.

\n\n \n\n

✅ Performance Check Passed

No performance issues found – changes LGTM.

\n\n

✅ Quality Check Passed

No quality issues found – changes LGTM.

---

Powered by Visor from Probelabs

Last updated: 2026-04-17T12:01:21.984Z | Triggered by: pr_opened | Commit: fdff340

💡 TIP: You can chat with Visor using /visor ask <your question>

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

🚨 Jira Linter Failed

Commit: fdff340
Failed at: 2026-04-17 16:49:44 UTC

The Jira linter failed to validate your PR. Please check the error details below:

🔍 Click to view error details

failed to get Jira issue: failed to fetch Jira issue TT-16977: Issue does not exist or you do not have permission to see it.: request failed. Please analyze the request body for more details. Status code: 404

Next Steps

• Ensure your branch name contains a valid Jira ticket ID (e.g., ABC-123)
• Verify your PR title matches the branch's Jira ticket ID
• Check that the Jira ticket exists and is accessible

---

This comment will be automatically deleted once the linter passes.