Skip to content

Commit e397441

Browse files
authored
Fix the workflows so it's always building on main and release (#10)
Signed-off-by: Erick Bourgeois <erick@jeb.ca>
1 parent dcc8fc4 commit e397441

2 files changed

Lines changed: 14 additions & 380 deletions

File tree

.github/workflows/build.yaml

Lines changed: 14 additions & 61 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,13 @@ on:
77
pull_request:
88
branches:
99
- main
10+
paths:
11+
- 'src/**'
12+
- 'Cargo.toml'
13+
- 'Cargo.lock'
14+
- 'Dockerfile*'
15+
- '.github/workflows/build.yaml'
16+
- '.github/actions/**'
1017
push:
1118
branches:
1219
- main
@@ -36,39 +43,11 @@ env:
3643
jobs:
3744

3845
# ─────────────────────────────────────────────────────────────────────────────
39-
# PR only: determine which files changed so expensive jobs can be skipped on
40-
# docs-only pull requests.
41-
# ─────────────────────────────────────────────────────────────────────────────
42-
changes:
43-
name: 🔍 Detect Changed Files
44-
if: github.event_name == 'pull_request'
45-
runs-on: ubuntu-latest
46-
outputs:
47-
code: ${{ steps.filter.outputs.code }}
48-
steps:
49-
- name: Checkout code
50-
uses: actions/checkout@v4
51-
52-
- name: Check for changes
53-
id: filter
54-
uses: dorny/paths-filter@v3
55-
with:
56-
filters: |
57-
code:
58-
- 'src/**'
59-
- 'Cargo.toml'
60-
- 'Cargo.lock'
61-
62-
# ─────────────────────────────────────────────────────────────────────────────
63-
# License headers — on PR only runs when source files changed.
46+
# License headers — always runs (PRs are pre-filtered by path at the trigger).
6447
# ─────────────────────────────────────────────────────────────────────────────
6548
license-check:
6649
name: ⚖️ Verify SPDX License Headers
6750
runs-on: ubuntu-latest
68-
needs: [changes]
69-
if: |
70-
always() &&
71-
(github.event_name != 'pull_request' || needs.changes.outputs.code == 'true')
7251
steps:
7352
- name: Checkout code
7453
uses: actions/checkout@v4
@@ -85,8 +64,6 @@ jobs:
8564
verify-commits:
8665
name: 🔐 Verify Signed Commits
8766
runs-on: ubuntu-latest
88-
needs: [changes]
89-
if: always()
9067
steps:
9168
- name: Checkout code
9269
uses: actions/checkout@v4
@@ -156,19 +133,13 @@ jobs:
156133
run: cargo clippy --all-targets --all-features -- -D warnings
157134

158135
# ─────────────────────────────────────────────────────────────────────────────
159-
# Extract version — all events; acts as the quality gate that downstream jobs
160-
# wait on. workflow-type is derived from the GitHub event name.
136+
# Extract version — all events; downstream build jobs depend on this.
137+
# format/clippy are independent PR quality checks and do not gate the build.
161138
# ─────────────────────────────────────────────────────────────────────────────
162139
extract-version:
163140
name: 🏷️ Extract Version Information
164141
runs-on: ubuntu-latest
165-
needs: [license-check, verify-commits, format]
166-
# Run once all checks that apply to this event have passed or been skipped.
167-
if: |
168-
always() &&
169-
needs.verify-commits.result == 'success' &&
170-
(needs.license-check.result == 'success' || needs.license-check.result == 'skipped') &&
171-
(needs.format.result == 'success' || needs.format.result == 'skipped')
142+
needs: [license-check, verify-commits]
172143
outputs:
173144
version: ${{ steps.version-chainguard.outputs.version }}
174145
tag_name: ${{ steps.version-chainguard.outputs.tag-name }}
@@ -209,7 +180,6 @@ jobs:
209180
name: 🦀 Build - ${{ matrix.platform.name }}
210181
runs-on: ${{ matrix.platform.runner }}
211182
needs: [extract-version]
212-
if: needs.extract-version.result == 'success'
213183
strategy:
214184
fail-fast: false
215185
matrix:
@@ -272,11 +242,10 @@ jobs:
272242
target/release/*.cdx.json
273243
274244
# ─────────────────────────────────────────────────────────────────────────────
275-
# PR only: run tests against the pre-built binary.
245+
# Tests — all events; running unconditionally lets docker depend on it simply.
276246
# ─────────────────────────────────────────────────────────────────────────────
277247
test:
278248
name: 🧪 Test
279-
if: github.event_name == 'pull_request'
280249
runs-on: ubuntu-latest
281250
needs: [build]
282251
steps:
@@ -310,12 +279,6 @@ jobs:
310279
name: 🐳 Build and Push Docker Image - ${{ matrix.variant.name }}
311280
runs-on: ubuntu-latest
312281
needs: [build, extract-version, test]
313-
# Allow test to be skipped (push / release) but require build to succeed.
314-
if: |
315-
always() &&
316-
needs.build.result == 'success' &&
317-
needs.extract-version.result == 'success' &&
318-
(needs.test.result == 'success' || needs.test.result == 'skipped')
319282
permissions:
320283
contents: read
321284
packages: write
@@ -462,7 +425,6 @@ jobs:
462425
name: 🔏 Attest Docker Image - ${{ matrix.variant.name }}
463426
runs-on: ubuntu-latest
464427
needs: [docker, extract-version]
465-
if: needs.docker.result == 'success'
466428
permissions:
467429
id-token: write
468430
attestations: write
@@ -499,11 +461,7 @@ jobs:
499461
security:
500462
name: 🛡️ Security Vulnerability Scan
501463
runs-on: ubuntu-latest
502-
needs: [changes, license-check, verify-commits]
503-
if: |
504-
always() &&
505-
needs.verify-commits.result == 'success' &&
506-
(github.event_name != 'pull_request' || needs.changes.outputs.code == 'true')
464+
needs: [verify-commits]
507465
steps:
508466
- name: Checkout code
509467
uses: actions/checkout@v4
@@ -529,17 +487,12 @@ jobs:
529487
run: make gitleaks
530488

531489
# ─────────────────────────────────────────────────────────────────────────────
532-
# Container security scan — push and release only (not PRs).
490+
# Container security scan — all events.
533491
# ─────────────────────────────────────────────────────────────────────────────
534492
trivy:
535493
name: 🔭 Container Security Scan - ${{ matrix.variant.name }}
536494
runs-on: ubuntu-latest
537495
needs: [docker, extract-version]
538-
if: |
539-
always() &&
540-
github.event_name != 'pull_request' &&
541-
needs.docker.result == 'success' &&
542-
needs.extract-version.result == 'success'
543496
strategy:
544497
fail-fast: false
545498
matrix:

0 commit comments

Comments
 (0)