task(CI): make ketryx report job run only on main #392
Conversation
na66im
requested a review
from helmut-hoffer-von-ankershoffen
as a code owner
na66im
requested review from
Copilot and
muhabalwan-aginx
and removed request for
helmut-hoffer-von-ankershoffen
There was a problem hiding this comment.
Pull request overview
This PR restricts the Ketryx report job to run only on the main branch by adding a ref check to the job's conditional statement.
Changes:
- Add
github.ref == 'refs/heads/main'condition to theketryx_report_and_checkjob
Comments suppressed due to low confidence (1)
.github/workflows/ci-cd.yml:142
- The condition includes checks for
github.event.pull_request.labels.*.name(lines 141-142), but the job is now restricted to run only whengithub.ref == 'refs/heads/main'(line 136). Since the main branch context is not a pull request, these label checks will never be meaningful andgithub.event.pull_requestwill be null/undefined. This creates dead code in the condition and could potentially cause unexpected behavior. Consider removing the pull request label checks since this job only runs on the main branch, not on pull requests.
github.ref == 'refs/heads/main' &&
github.actor != 'dependabot[bot]' &&
(!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci')) &&
(!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) &&
!(github.ref_type == 'branch' && startsWith(needs.get-commit-message.outputs.commit_message, 'Bump version:')) &&
(!contains(github.event.pull_request.labels.*.name, 'skip:ci')) &&
(!contains(github.event.pull_request.labels.*.name, 'build:native:only'))
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
| ketryx_report_and_check: | ||
| needs: [get-commit-message, lint, audit, test, codeql] | ||
| if: | | ||
| github.ref == 'refs/heads/main' && |
There was a problem hiding this comment.
Bug: The new condition on ketryx_report_and_check will cause it to be skipped on tag pushes, which in turn will skip the package_publish and docker_publish jobs.
Severity: CRITICAL
Suggested Fix
The condition for the ketryx_report_and_check job should be updated to also run on tag pushes. A possible fix is to change the condition to github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') to allow the job to run for both main branch pushes and version tag pushes.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: .github/workflows/ci-cd.yml#L136
Potential issue: The `ketryx_report_and_check` job's new condition `github.ref ==
'refs/heads/main'` restricts it to run only on pushes to the `main` branch. However, the
`package_publish` and `docker_publish` jobs, which are triggered by version tags (e.g.,
`v1.2.3`), depend on `ketryx_report_and_check`. When a version tag is pushed,
`ketryx_report_and_check` will be skipped because the ref does not match `main`. Since
the dependent publish jobs do not use an `always()` condition, they will also be
skipped, silently breaking the release process and preventing new packages and Docker
images from being published.
Did we get this right? 👍 / 👎 to inform future reviews.
Codecov Report✅ All modified and coverable lines are covered by tests. ❌ Your project status has failed because the head coverage (62.01%) is below the target coverage (70.00%). You can increase the head coverage or adjust the target coverage.
|
|
No description provided.