-
Notifications
You must be signed in to change notification settings - Fork 323
fix: push_repo_memory should not run when agent job is skipped or failed #24363
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -734,16 +734,21 @@ func (c *Compiler) buildPushRepoMemoryJob(data *WorkflowData, threatDetectionEna | |
| steps = append(steps, c.generateRestoreActionsSetupStep()) | ||
| } | ||
|
|
||
| // Set job condition based on threat detection | ||
| // If threat detection is enabled, only run if detection passed | ||
| // Otherwise, always run (even if agent job failed) | ||
| jobCondition := "always()" | ||
| jobNeeds := []string{"agent"} | ||
| // Job condition: only run if the agent job succeeded (do not push repo memory when agent | ||
| // failed or was skipped). Using always() so the job still runs even when upstream jobs | ||
| // are skipped (e.g. detection is skipped when agent produces no outputs). | ||
| agentSucceeded := BuildEquals( | ||
| BuildPropertyAccess(fmt.Sprintf("needs.%s.result", constants.AgentJobName)), | ||
| BuildStringLiteral("success"), | ||
| ) | ||
| jobNeeds := []string{string(constants.AgentJobName)} | ||
| var jobCondition string | ||
| if threatDetectionEnabled { | ||
| // When threat detection is enabled, run only if detection succeeded (no threats found) | ||
| // or was skipped (agent produced no outputs or patch — nothing to detect against). | ||
| jobCondition = RenderCondition(BuildAnd(BuildFunctionCall("always"), buildDetectionPassedCondition())) | ||
| // When threat detection is enabled, also require detection passed (succeeded or skipped). | ||
| jobCondition = RenderCondition(BuildAnd(BuildAnd(BuildFunctionCall("always"), buildDetectionPassedCondition()), agentSucceeded)) | ||
| jobNeeds = append(jobNeeds, string(constants.DetectionJobName)) | ||
| } else { | ||
| jobCondition = RenderCondition(BuildAnd(BuildFunctionCall("always"), agentSucceeded)) | ||
| } | ||
|
Comment on lines
+740
to
752
|
||
|
|
||
| // Build outputs map for validation failures from all memory steps | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The function-level doc comment for buildPushRepoMemoryJob earlier in this file still states the job runs even if the agent job fails, but the updated jobCondition now requires needs.agent.result == 'success'. Please update that doc comment to match the new behavior so future readers aren’t misled.