Skip to content

fix: make release dep check job always run on PRs #8750

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
stpierre merged 1 commit into from
Dec 9, 2025
Merged

fix: make release dep check job always run on PRs #8750

stpierre merged 1 commit into from
Dec 9, 2025

Conversation

@stpierre
Copy link
Contributor

@stpierre stpierre commented Dec 3, 2025

What changed?

Always run the release dependency check job on all PRs. When the PR is not against a release branch, it gracefully degrades to a no-op.

Why?

This will let us make the status required, so that it can actually block releases that fail the job.

How did you test it?

  • built
  • run locally and tested manually
  • covered by existing tests
  • added new unit test(s)
  • added new functional test(s)

@CLAassistant
Copy link

CLAassistant commented Dec 3, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@semgrep-managed-scans
Copy link

semgrep-managed-scans bot commented Dec 3, 2025

Semgrep found 1 missing-explicit-permissions finding:

  • .github/workflows/check-release-dependencies.yml

No explicit GITHUB_TOKEN permissions found at the workflow or job level. Add a permissions: block at the workflow root (applies to all jobs) or per job with least privilege (e.g., contents: read and only specific writes like pull-requests: write if needed).

@stpierre
fix: make release dep check job always run on PRs
9360607 
When the PR is not against a release branch, it gracefully degrades to a no-op.

This will let us make the status required, so that it can actually block releases that fail the job.
@stpierre stpierre marked this pull request as ready for review December 3, 2025 21:47
@stpierre stpierre requested review from a team as code owners December 3, 2025 21:47
tdyas
tdyas reviewed Dec 3, 2025
View reviewed changes
.github/workflows/check-release-dependencies.yml
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@v6
if: >-
Copy link

@tdyas tdyas Dec 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the job still work as you intend if the if keys at the step level are moved to a single if key directly under check-dependencies? https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idif

Copy link
Contributor Author

@stpierre stpierre Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would not; in that case, no job would run, and the status would be skipped. Github Actions requires a success status; skipped counts as failed. We need a job to run, it just doesn't have to actually do anything 🙄

@stpierre stpierre merged commit 8296ff4 into temporalio:main Dec 9, 2025
58 checks passed
stpierre added a commit that referenced this pull request Dec 9, 2025
@stpierre
Revert "fix: make release dep check job always run on PRs (#8750)"
848e2f1 
This reverts commit 8296ff4.
@stpierre stpierre mentioned this pull request Dec 9, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tdyas tdyas tdyas left review comments

@bergundy bergundy bergundy approved these changes

@lilydoar lilydoar lilydoar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@stpierre @CLAassistant @bergundy @tdyas @lilydoar