Skip to content

Commit 35067e9

Browse files
gokulhostclaude
andcommitted
ci(root): add all-checks umbrella job for branch protection
Adds an `all-checks` job (if: always()) that aggregates every skippable job. It passes when each dependency result is `success` or `skipped`, and fails on `failure` or `cancelled` — so no broken job can sneak through. `changes` is explicitly listed in needs: if the path-filter job itself errors, its result is `failure` (not `skipped`), which the jq check rejects and blocks the merge. Branch protection should require `all-checks` instead of the individual job names so that CI-only PRs (tests intentionally skipped) can merge while still blocking PRs where tests actually fail. Ref: WCN-974 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent c37ee2f commit 35067e9

1 file changed

Lines changed: 24 additions & 0 deletions

File tree

.github/workflows/ci.yml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -413,3 +413,27 @@ jobs:
413413
git diff -- . ':!yarn.lock'
414414
exit 1
415415
fi
416+
417+
# Umbrella job that branch protection should require instead of individual jobs.
418+
# Passes when every dependency either succeeded or was intentionally skipped,
419+
# so CI-only PRs (where tests are skipped by path filters) can still merge.
420+
# `changes` is included in needs so a failure there (not a skip) is caught and
421+
# blocks the merge — preventing test jobs from being falsely skipped.
422+
all-checks:
423+
runs-on: ubuntu-latest
424+
if: always()
425+
needs:
426+
- changes
427+
- unit-test
428+
- browser-test
429+
- docker-build
430+
- dockerfile-check
431+
- verify-vendor-integrity
432+
- verify-npm-packages
433+
- code-quality
434+
steps:
435+
- name: All checks passed or skipped
436+
run: |
437+
results='${{ toJSON(needs) }}'
438+
echo "$results"
439+
echo "$results" | jq -e '[.[].result] | all(. == "success" or . == "skipped")'

0 commit comments

Comments
 (0)