π§ͺ Introduce a unified gate/check GHA job #1204
Conversation
webknjaz
force-pushed
the
maintenance/gha-alls-green
branch
from
fc53604 to
f0e2c07
Compare
|
@dairiki so eventually, with this in, it should be possible for somebody with the right amount of access to set up a branch protection ruleset, making |
I don't have much familiarity with auto-merge or merge queues. They do sound potentially useful. For the past two years, the bulk of the work β both in terms of maintenance and new features β on Lektor has been done by two people: @yagebu, who among other things has done a great job keeping the JS frontend healthy, and myself. Anyhow, I'm hesitant to move forward with this. If a maintainer who does have access to project settings is interested in shepherding this, that would be a different case. |
|
@dairiki it is safe to merge as is. It is still a nice restructuring. W/o the repo settings updates, the workflow remains the same. However, adding jobs that depend on "everything important is green" is easier this way. All those other things I mentioned are possible improvements of the configuration on top, nothing more. |
But we only have one job that depends on "all green". If I understand correctly, this doesn't buy us much until we add more of those. Yes, I'm fine with the renaming. |
|
That's fair. Perhaps its current value is encoding what's considered required in PRs (on the summary workflow run page, in the job graph), as code. |
|
@dairiki on the point of more jobs, I could bring-in something provenance-related from my other workflows (like SLSA, GH-native attestations and regular Sigstore) if that's desired. Until somebody with access configures Trusted Publishing, the PyPI ones won't be available. |
This adds a GHA job that reliably determines if all the required dependencies have succeeded or not. It also allows to reduce the list of required branch protection CI statuses to just one β `check`. This reduces the maintenance burden by a lot and have been battle-tested across a small bunch of projects in its action form and in-house implementations of other people. I was curious about the spread of use. And I've just discovered that it is now in use in aiohttp (and other aio-libs projects), CherryPy, some of the Ansible repositories, all of the jaraco's projects (like `setuptools`, `importlib_metadata`), some PyCQA and pytest projects, a few AWS Labs projects (to my surprise), CPython and many others. Admitedly, I maintain some of these but it does address some of the real pain folks have: jaraco/skeleton#55 (comment). The story behind this is explained in more detail at https://github.com/marketplace/actions/alls-green#why.
webknjaz
force-pushed
the
maintenance/gha-alls-green
branch
from
f0e2c07 to
9265ac5
Compare
This adds a GHA job that reliably determines if all the required dependencies have succeeded or not.
It also allows to reduce the list of required branch protection CI statuses to just one β
check. This reduces the maintenance burden by a lot and have been battle-tested across a small bunch of projects in its action form and in-house implementations of other people.I was curious about the spread of use. And I've just discovered that it is now in use in aiohttp (and other aio-libs projects), CherryPy, some of the Ansible repositories, all of the jaraco's projects (like
setuptools,importlib_metadata), some PyCQA and pytest projects, a few AWS Labs projects (to my surprise), CPython and many others. Admitedly, I maintain some of these but it does address some of the real pain folks have:jaraco/skeleton#55 (comment).
The story behind this is explained in more detail at https://github.com/marketplace/actions/alls-green#why.