Add and validate a dependent job for branch protection #234
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GitHub branch protection rules requiring CI checks currently only support listing individual checks as required. This adds an `all-pass` job that depends on all other jobs, to simplify this. `all-pass` can thus be made a required check, in lieu of numerous others, which it takes care to ensure are treated as effectively required. This also adds an `all-pass-meta` job that checks that the `all-pass` job really depends on all intended other jobs, which currently is all other jobs in the workflow. It is intentional at this time that neither CodeQL (configured via the "default" setup) nor the Markdown links check shall be blocking. The `all-pass` job is based on the `tests-pass` job in `gitoxide`, introduced in GitoxideLabs/gitoxide#1551 by Jiahao XU (https://github.com/NobodyXu), moderately edited since, and further moderately edited in the form it appars here. In view of... - (de minimis) the small size of the code, other than the list of jobs it depends on, which is not duplicated since the jobs here differ including in their names, *and* - how widespread that specific technique appears to be, based in part on searching GitHub and examining results with the exact string `"contains(needs.*.result, 'cancelled')"`, *and* - (scènes à faire) the limited number of reasonable feasible ways the technique can be expressed ...it seems to me that that continued resemblance of fragments of the code here to the code there does not raise copyright or related problems, in the `all-pass` job. Separately, the `all-pass-meta` job is is a direct copy of the `check-blocking` job in `gitoxide`, introduced among other changes in GitoxideLabs/gitoxide#1668. The `all-pass-meta` job is a near-complete copy of `check-blocking`, with only minimal changes, and even keeps the comments naerly unchanged. Although `check-blocking` is less important than `tests-pass`, it is also significantly longer and more complex. But unlike `tests-pass`, I contributed the `check-blocking` job in `gitoxide` (without copying from a previous work to do so; and licensing it nonexclusively, with no transfer or assignment of copyright). So that specific code is fine for me to reuse here. More broadly, I intend that anyone be allowed to reuse the code of the `all-pass-meta` job (as it appears here), anywhere, with no restrictions. See the 0BSD license file that accompanies this (algorithms-python) project. Note that the code of `check-blocking` in `gitoxide` may receive modifications authored by others, may be renamed, and some other job may be renamed to it, or it might be removed and some other job with that name may arise later, etc. Such code may still only be used under the terms that it is offered; these more permissive terms do *not* apply to such code, especially if it is written by others.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
This resolves a CodeQL check and is also just a good idea. See GitoxideLabs/prodash#36.
EliahKagan
added a commit
to EliahKagan/subaudit
that referenced
this pull request
Jun 2, 2025
- Remove `fail-fast: false` to allow failing checks to cancel others. This is to avoid unnecessary usage and wait times. It may be necessary to undo this temporarily again in the future when investigating failures, for failures that happen due to external changes rather than to a `subaudit` code change. - Add a "collector" job that depends on all the jobs generated by the `tox` matrix job definition, so the individual jobs don't have to be added as required checks for branch protection. Instead, the name "All tox checks pass" has been added. This is based indirectly on the `test-pass` job in `gitoxide`, which was introduced in GitoxideLabs/gitoxide#1551 by https://github.com/NobodyXu. It is more specifically based on my adaptation of that in `algorithms-python` introduced in EliahKagan/algorithms-python#234. This is a common pattern, so it does not necessarily resemble the code in `gitoxide` more than it does that pattern elsewhere, and it is simpler than the version in `algorithms-python`. See: EliahKagan/algorithms-python@60d2d4e
EliahKagan
added a commit
to EliahKagan/version
that referenced
this pull request
Jun 15, 2025
This commit's changes are directly analogous to those in: EliahKagan/subaudit@353cd50 - Remove `fail-fast: false` to let failing checks cancel others. - Add a "collector" job that depends on all the jobs generated by the `tox` matrix job definition, so the individual jobs don't have to be added as required checks for branch protection. Instead, the name "All tox checks pass" has been added. This is based indirectly on the `test-pass` job in `gitoxide`, which was introduced in GitoxideLabs/gitoxide#1551 by https://github.com/NobodyXu. It is more specifically based on my adaptation of that in `algorithms-python` introduced in EliahKagan/algorithms-python#234. This is a common pattern, so it does not necessarily resemble the code in `gitoxide` more than it does that pattern elsewhere, and it is simpler than the version in `algorithms-python`. See: EliahKagan/algorithms-python@60d2d4e
EliahKagan
added a commit
to EliahKagan/version
that referenced
this pull request
Jun 15, 2025
This commit's changes are directly analogous to those in: EliahKagan/subaudit@353cd50 - Remove `fail-fast: false` to let failing checks cancel others. - Add a "collector" job that depends on all the jobs generated by the `tox` matrix job definition, so the individual jobs don't have to be added as required checks for branch protection. Instead, the name "All tox checks pass" has been added. This is based indirectly on the `test-pass` job in `gitoxide`, which was introduced in GitoxideLabs/gitoxide#1551 by https://github.com/NobodyXu. It is more specifically based on my adaptation of that in `algorithms-python` introduced in EliahKagan/algorithms-python#234. This is a common pattern, so it does not necessarily resemble the code in `gitoxide` more than it does that pattern elsewhere, and it is simpler than the version in `algorithms-python`. See: EliahKagan/algorithms-python@60d2d4e
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
GitHub branch protection rules requiring CI checks currently only support listing individual checks as required.
This adds an
all-passjob that depends on all other jobs, to simplify this.all-passcan thus be made a required check, in lieu of numerous others, which it takes care to ensure are treated as effectively required.This also adds an
all-pass-metajob that checks that theall-passjob really depends on all intended other jobs, which currently is all other jobs in the workflow. It is intentional at this time that neither CodeQL (configured via the "default" setup) nor the Markdown links check shall be blocking.The
all-passjob is based on thetests-passjob ingitoxide, introduced in GitoxideLabs/gitoxide#1551 by Jiahao XU (https://github.com/NobodyXu), moderately edited since, and further moderately edited in the form it appars here.In view of...
(de minimis) the small size of the code, other than the list of jobs it depends on, which is not duplicated since the jobs here differ including in their names, and
how widespread that specific technique appears to be, based in part on searching GitHub and examining results with the exact string
"contains(needs.*.result, 'cancelled')", and(scènes à faire) the limited number of reasonable feasible ways the technique can be expressed
...it seems to me that that continued resemblance of fragments of the code here to the code there does not raise copyright or related problems, in the
all-passjob.Separately, the
all-pass-metajob is is a direct copy of thecheck-blockingjob ingitoxide, introduced among other changes in GitoxideLabs/gitoxide#1668. Theall-pass-metajob is a near-complete copy ofcheck-blocking, with only minimal changes, and even keeps the comments naerly unchanged. Althoughcheck-blockingis less important thantests-pass, it is also significantly longer and more complex.But unlike
tests-pass, I contributed thecheck-blockingjob ingitoxide(without copying from a previous work to do so; and licensing it nonexclusively, with no transfer or assignment of copyright). So that specific code is fine for me to reuse here.More broadly, I intend that anyone be allowed to reuse the code of the
all-pass-metajob (as it appears here), anywhere, with no restrictions. See the 0BSD license file that accompanies this (algorithms-python) project.Note that the code of
check-blockingingitoxidemay receive modifications authored by others, may be renamed, and some other job may be renamed to it, or it might be removed and some other job with that name may arise later, etc. Such code may still only be used under the terms that it is offered; these more permissive terms do not apply to such code, especially if it is written by others.