From 4ca68afdcdb9c9ad148e034bdbe352a5824de3da Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:09:30 -0800 Subject: [PATCH 01/26] adding gate workflow --- .github/workflows/ci.yml | 14 ++++++++---- .github/workflows/gate.yml | 47 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/gate.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2a07d7b..16ba1cb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,11 +2,13 @@ name: CI on: - push: - branches: [ "main" ] - pull_request_target: - branches: [ "main" ] - workflow_dispatch: # manual run + workflow_run: + workflows: ["Gate"] + # push: + # branches: [ "main", "dev/robgruen/workflow_updates" ] + # pull_request_target: + # branches: [ "main" ] + # workflow_dispatch: # manual run concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} @@ -35,6 +37,8 @@ jobs: runs-on: ${{ matrix.os }} name: ${{ matrix.os }} ${{ matrix.task }} (py ${{ matrix.python-version }}) + # Only run this job if the Gate workflow succeeded + if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: # The following two steps (permissions checks) ensure that only users with write access can run this workflow on a PR (except the merge queue bot) diff --git a/.github/workflows/gate.yml b/.github/workflows/gate.yml new file mode 100644 index 0000000..ded3803 --- /dev/null +++ b/.github/workflows/gate.yml @@ -0,0 +1,47 @@ +# .github/workflows/ci.yml +name: Gate + +on: + push: + branches: [ "main", "dev/robgruen/workflow_updates" ] + pull_request_target: + branches: [ "main" ] + workflow_dispatch: # manual run + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +permissions: + pull-requests: read + contents: read + id-token: write + +jobs: + gate: + name: Gate + runs-on: ubuntu-latest + steps: + + # The following two steps (permissions checks) ensure that only users with write access can run this workflow on a PR (except the merge queue bot) + # PRs from forks we check the permissions of the user that triggered the workflow (github.triggering_actor) + # This means that if a user without write access opens a PR from a fork, they cannot run this workflow + # Users with write access can still run this workflow on a PR from a fork + # For PRs from the same repo, we allow the workflow to run as normal + - name: Get User Permission + if: ${{ github.event_name == 'pull_request_target' || github.triggering_actor != 'github-merge-queue[bot]' }} + id: checkAccess + uses: actions-cool/check-user-permission@v2 + with: + require: write + username: ${{ github.triggering_actor }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Check User Permission + if: ${{ (github.event_name == 'pull_request_target' || github.triggering_actor != 'github-merge-queue[bot]') && steps.checkAccess.outputs.require-result == 'false' }} + run: | + echo "${{ github.triggering_actor }} does not have permissions on this repo." + echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}" + echo "Job originally triggered by ${{ github.actor }}" + exit 1 + From 6dafe923a6e7cef6a2cc0c484b0b09d78bf093c3 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:10:40 -0800 Subject: [PATCH 02/26] changed name casing --- .github/workflows/ci.yml | 2 +- .github/workflows/gate.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 16ba1cb..ca619a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,7 +3,7 @@ name: CI on: workflow_run: - workflows: ["Gate"] + workflows: ["gate"] # push: # branches: [ "main", "dev/robgruen/workflow_updates" ] # pull_request_target: diff --git a/.github/workflows/gate.yml b/.github/workflows/gate.yml index ded3803..ac9396d 100644 --- a/.github/workflows/gate.yml +++ b/.github/workflows/gate.yml @@ -1,5 +1,5 @@ # .github/workflows/ci.yml -name: Gate +name: gate on: push: From 3aca1271da3782f0efe9b65fc556aea987c700ff Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:11:55 -0800 Subject: [PATCH 03/26] added workflow run trigger --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ca619a0..fbf2099 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,6 +4,8 @@ name: CI on: workflow_run: workflows: ["gate"] + types: + - completed # push: # branches: [ "main", "dev/robgruen/workflow_updates" ] # pull_request_target: From 860b45667c090658d08cc13eba37122fe9c941a5 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:14:37 -0800 Subject: [PATCH 04/26] added branch filter --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fbf2099..426678b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,6 +6,7 @@ on: workflows: ["gate"] types: - completed + branches: [ "**" ] # push: # branches: [ "main", "dev/robgruen/workflow_updates" ] # pull_request_target: From 61e68fbcf81b134c8010931690822830e9bab26b Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:20:02 -0800 Subject: [PATCH 05/26] added action read perm --- .github/workflows/ci.yml | 3 ++- .github/workflows/gate.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 426678b..36e7491 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,7 +20,8 @@ concurrency: permissions: pull-requests: read contents: read - id-token: write + id-token: write + actions: read jobs: ci: diff --git a/.github/workflows/gate.yml b/.github/workflows/gate.yml index ac9396d..5602ed4 100644 --- a/.github/workflows/gate.yml +++ b/.github/workflows/gate.yml @@ -1,4 +1,4 @@ -# .github/workflows/ci.yml +# .github/workflows/gate.yml name: gate on: From 4f798714a7993b7819f794f0ee3be9fa2984dd84 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:22:08 -0800 Subject: [PATCH 06/26] removed branch filter --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 36e7491..928f77b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,7 +6,6 @@ on: workflows: ["gate"] types: - completed - branches: [ "**" ] # push: # branches: [ "main", "dev/robgruen/workflow_updates" ] # pull_request_target: From 5ab35b05c0d4762fd5630dd3fe6372293a92b1fe Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:24:09 -0800 Subject: [PATCH 07/26] updated type --- .github/workflows/ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 928f77b..aec1597 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,8 +4,7 @@ name: CI on: workflow_run: workflows: ["gate"] - types: - - completed + types: [completed] # push: # branches: [ "main", "dev/robgruen/workflow_updates" ] # pull_request_target: From f18fcc05b3e5e765ff9691146bfe693fbdbc0d64 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:24:57 -0800 Subject: [PATCH 08/26] added branch filter for testing --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index aec1597..1cfb701 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,6 +5,7 @@ on: workflow_run: workflows: ["gate"] types: [completed] + branches: [ "dev/robgruen/workflow_updates" ] # push: # branches: [ "main", "dev/robgruen/workflow_updates" ] # pull_request_target: From 7c7cb4c8d5626a45541c62b8344bb63172c994f6 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:26:06 -0800 Subject: [PATCH 09/26] added manual trigger --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1cfb701..348a40f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,7 @@ on: # branches: [ "main", "dev/robgruen/workflow_updates" ] # pull_request_target: # branches: [ "main" ] - # workflow_dispatch: # manual run + workflow_dispatch: # manual run concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} From 5e6495d3b14a87a3e6936a8d6c3099ea96ce30fd Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:27:35 -0800 Subject: [PATCH 10/26] [temporarily] removed concurrency check --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 348a40f..cd627e2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,9 +12,9 @@ on: # branches: [ "main" ] workflow_dispatch: # manual run -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true +#concurrency: +# group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} +# cancel-in-progress: true permissions: pull-requests: read From ea09498180804600d645391741765a1f0b6b554f Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:30:31 -0800 Subject: [PATCH 11/26] adding failure case for diagnosis --- .github/workflows/ci.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cd627e2..d1bdaa1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,6 +23,15 @@ permissions: actions: read jobs: + + fail: + runs-on: ubuntu-latest + name: Skip Job on Gate Failure + if: ${{ github.event.workflow_run.conclusion == 'failure' }} + steps: + - name: Skip Job + run: echo "Job skipped" + ci: environment: name: build-pipeline From 36eafe2fc7d14ce86f8a70d60977c74ea2768dae Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:31:50 -0800 Subject: [PATCH 12/26] added negative check --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d1bdaa1..1de771a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,7 +27,7 @@ jobs: fail: runs-on: ubuntu-latest name: Skip Job on Gate Failure - if: ${{ github.event.workflow_run.conclusion == 'failure' }} + if: ${{ github.event.workflow_run.conclusion != 'success' }} steps: - name: Skip Job run: echo "Job skipped" From 08c3c9709a0ac7de444f954b74a37de3739ee0f0 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:34:03 -0800 Subject: [PATCH 13/26] allow workflow trigger --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1de771a..3268d9b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,8 +49,8 @@ jobs: runs-on: ${{ matrix.os }} name: ${{ matrix.os }} ${{ matrix.task }} (py ${{ matrix.python-version }}) - # Only run this job if the Gate workflow succeeded - if: ${{ github.event.workflow_run.conclusion == 'success' }} + # Only run this job if the Gate workflow succeeded or if manually triggered + if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} steps: # The following two steps (permissions checks) ensure that only users with write access can run this workflow on a PR (except the merge queue bot) From a835499a23d1805b6c926aff3925b8b4152d9a66 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:38:01 -0800 Subject: [PATCH 14/26] updted failure condition --- .github/workflows/ci.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3268d9b..181f332 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,7 +5,7 @@ on: workflow_run: workflows: ["gate"] types: [completed] - branches: [ "dev/robgruen/workflow_updates" ] + branches: [ "main", "dev/robgruen/workflow_updates" ] # push: # branches: [ "main", "dev/robgruen/workflow_updates" ] # pull_request_target: @@ -27,10 +27,13 @@ jobs: fail: runs-on: ubuntu-latest name: Skip Job on Gate Failure - if: ${{ github.event.workflow_run.conclusion != 'success' }} + # indicate failure if the gate workflow did not succeed and this is not a manual run + if: ${{ github.event_name != 'workflow_dispatch' && github.event.workflow_run.conclusion != 'success' }} steps: - name: Skip Job - run: echo "Job skipped" + run: | + echo "Job skipped" + exit 1 ci: environment: From ee9cf20cc3691b66b55e115d6313a3cc1bbb01e3 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:38:37 -0800 Subject: [PATCH 15/26] fixed casing --- .github/workflows/gate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gate.yml b/.github/workflows/gate.yml index 5602ed4..c82837d 100644 --- a/.github/workflows/gate.yml +++ b/.github/workflows/gate.yml @@ -19,7 +19,7 @@ permissions: jobs: gate: - name: Gate + name: gate runs-on: ubuntu-latest steps: From da379a7363d952bdbe1a934ca8e25d22a8f28900 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:42:23 -0800 Subject: [PATCH 16/26] removed branch filter --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 181f332..632d39e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,7 +5,6 @@ on: workflow_run: workflows: ["gate"] types: [completed] - branches: [ "main", "dev/robgruen/workflow_updates" ] # push: # branches: [ "main", "dev/robgruen/workflow_updates" ] # pull_request_target: From 5177fd9b1abff8c7d49f38a63a97288c3a83b851 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:44:21 -0800 Subject: [PATCH 17/26] testing different triggering method --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 632d39e..f1e75c2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,7 +4,7 @@ name: CI on: workflow_run: workflows: ["gate"] - types: [completed] + types: [requested, completed] # push: # branches: [ "main", "dev/robgruen/workflow_updates" ] # pull_request_target: From 211d588687ca8e524e737937f40f8113b9d28aa7 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:48:09 -0800 Subject: [PATCH 18/26] removed quotes for gate workflow name --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f1e75c2..fc80e7b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,7 +3,7 @@ name: CI on: workflow_run: - workflows: ["gate"] + workflows: [gate] types: [requested, completed] # push: # branches: [ "main", "dev/robgruen/workflow_updates" ] From b920bcee689eeff66c21edac7b909faa306a3181 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:52:47 -0800 Subject: [PATCH 19/26] removed dev branch --- .github/workflows/ci.yml | 2 +- .github/workflows/gate.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fc80e7b..f1e75c2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,7 +3,7 @@ name: CI on: workflow_run: - workflows: [gate] + workflows: ["gate"] types: [requested, completed] # push: # branches: [ "main", "dev/robgruen/workflow_updates" ] diff --git a/.github/workflows/gate.yml b/.github/workflows/gate.yml index c82837d..abeab29 100644 --- a/.github/workflows/gate.yml +++ b/.github/workflows/gate.yml @@ -3,7 +3,7 @@ name: gate on: push: - branches: [ "main", "dev/robgruen/workflow_updates" ] + branches: [ "main" ] pull_request_target: branches: [ "main" ] workflow_dispatch: # manual run From 0501922910e1374974af885ab197ed41174186c7 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:53:47 -0800 Subject: [PATCH 20/26] added concurrency back --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f1e75c2..34b17e7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,9 +11,9 @@ on: # branches: [ "main" ] workflow_dispatch: # manual run -#concurrency: -# group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} -# cancel-in-progress: true +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true permissions: pull-requests: read From 285a7f65aaabe2705379c208ce5b31298b69b527 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 12:56:42 -0800 Subject: [PATCH 21/26] removed failure mode for cleanliness --- .github/workflows/ci.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 34b17e7..49217a3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,17 +23,6 @@ permissions: jobs: - fail: - runs-on: ubuntu-latest - name: Skip Job on Gate Failure - # indicate failure if the gate workflow did not succeed and this is not a manual run - if: ${{ github.event_name != 'workflow_dispatch' && github.event.workflow_run.conclusion != 'success' }} - steps: - - name: Skip Job - run: | - echo "Job skipped" - exit 1 - ci: environment: name: build-pipeline From 4ce121df14a08227026182acc6294c03b3555ef9 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 13:01:08 -0800 Subject: [PATCH 22/26] removed push branch trigger for main --- .github/workflows/gate.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/gate.yml b/.github/workflows/gate.yml index abeab29..359e1af 100644 --- a/.github/workflows/gate.yml +++ b/.github/workflows/gate.yml @@ -2,8 +2,6 @@ name: gate on: - push: - branches: [ "main" ] pull_request_target: branches: [ "main" ] workflow_dispatch: # manual run From d533dcc560d1b415c87dd25f3aace13463b19e7f Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 15:28:04 -0800 Subject: [PATCH 23/26] Better workflow with early exit --- .github/workflows/ci.yml | 51 +++++++++++++++++++------------------- .github/workflows/gate.yml | 45 --------------------------------- 2 files changed, 25 insertions(+), 71 deletions(-) delete mode 100644 .github/workflows/gate.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 49217a3..d1b9687 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,13 +2,10 @@ name: CI on: - workflow_run: - workflows: ["gate"] - types: [requested, completed] - # push: - # branches: [ "main", "dev/robgruen/workflow_updates" ] - # pull_request_target: - # branches: [ "main" ] + push: + branches: [ "main", "dev/robgruen/workflow_updates" ] + pull_request_target: + branches: [ "main" ] workflow_dispatch: # manual run concurrency: @@ -23,25 +20,8 @@ permissions: jobs: - ci: - environment: - name: build-pipeline - strategy: - fail-fast: false - matrix: - os: [ubuntu-latest, windows-latest] - python-version: ['3.12', '3.13', '3.14'] - task: [check, test, format] - exclude: - - os: windows-latest - python-version: '3.13' - - os: windows-latest - python-version: '3.14' - runs-on: ${{ matrix.os }} - name: ${{ matrix.os }} ${{ matrix.task }} (py ${{ matrix.python-version }}) - - # Only run this job if the Gate workflow succeeded or if manually triggered - if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} + permissions-check: + runs-on: ubuntu-latest steps: # The following two steps (permissions checks) ensure that only users with write access can run this workflow on a PR (except the merge queue bot) @@ -66,6 +46,25 @@ jobs: echo "Job originally triggered by ${{ github.actor }}" exit 1 + ci: + needs: permissions-check + environment: + name: build-pipeline + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, windows-latest] + python-version: ['3.12', '3.13', '3.14'] + task: [check, test, format] + exclude: + - os: windows-latest + python-version: '3.13' + - os: windows-latest + python-version: '3.14' + runs-on: ${{ matrix.os }} + name: ${{ matrix.os }} ${{ matrix.task }} (py ${{ matrix.python-version }}) + + steps: - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha || github.ref }} diff --git a/.github/workflows/gate.yml b/.github/workflows/gate.yml deleted file mode 100644 index 359e1af..0000000 --- a/.github/workflows/gate.yml +++ /dev/null @@ -1,45 +0,0 @@ -# .github/workflows/gate.yml -name: gate - -on: - pull_request_target: - branches: [ "main" ] - workflow_dispatch: # manual run - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -permissions: - pull-requests: read - contents: read - id-token: write - -jobs: - gate: - name: gate - runs-on: ubuntu-latest - steps: - - # The following two steps (permissions checks) ensure that only users with write access can run this workflow on a PR (except the merge queue bot) - # PRs from forks we check the permissions of the user that triggered the workflow (github.triggering_actor) - # This means that if a user without write access opens a PR from a fork, they cannot run this workflow - # Users with write access can still run this workflow on a PR from a fork - # For PRs from the same repo, we allow the workflow to run as normal - - name: Get User Permission - if: ${{ github.event_name == 'pull_request_target' || github.triggering_actor != 'github-merge-queue[bot]' }} - id: checkAccess - uses: actions-cool/check-user-permission@v2 - with: - require: write - username: ${{ github.triggering_actor }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Check User Permission - if: ${{ (github.event_name == 'pull_request_target' || github.triggering_actor != 'github-merge-queue[bot]') && steps.checkAccess.outputs.require-result == 'false' }} - run: | - echo "${{ github.triggering_actor }} does not have permissions on this repo." - echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}" - echo "Job originally triggered by ${{ github.actor }}" - exit 1 - From 543be452fc9cb95de1a26a24ba579b035bf45954 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 15:29:25 -0800 Subject: [PATCH 24/26] updated branch name --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d1b9687..792102c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,7 +3,7 @@ name: CI on: push: - branches: [ "main", "dev/robgruen/workflow_updates" ] + branches: [ "main", "dev/robgruen/workflow_updates2" ] pull_request_target: branches: [ "main" ] workflow_dispatch: # manual run From 64bf4d14f4d7986085e6fa3cd361868f08117748 Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 15:32:30 -0800 Subject: [PATCH 25/26] removed gate --- .github/workflows/gate.yml | 45 -------------------------------------- 1 file changed, 45 deletions(-) delete mode 100644 .github/workflows/gate.yml diff --git a/.github/workflows/gate.yml b/.github/workflows/gate.yml deleted file mode 100644 index 359e1af..0000000 --- a/.github/workflows/gate.yml +++ /dev/null @@ -1,45 +0,0 @@ -# .github/workflows/gate.yml -name: gate - -on: - pull_request_target: - branches: [ "main" ] - workflow_dispatch: # manual run - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -permissions: - pull-requests: read - contents: read - id-token: write - -jobs: - gate: - name: gate - runs-on: ubuntu-latest - steps: - - # The following two steps (permissions checks) ensure that only users with write access can run this workflow on a PR (except the merge queue bot) - # PRs from forks we check the permissions of the user that triggered the workflow (github.triggering_actor) - # This means that if a user without write access opens a PR from a fork, they cannot run this workflow - # Users with write access can still run this workflow on a PR from a fork - # For PRs from the same repo, we allow the workflow to run as normal - - name: Get User Permission - if: ${{ github.event_name == 'pull_request_target' || github.triggering_actor != 'github-merge-queue[bot]' }} - id: checkAccess - uses: actions-cool/check-user-permission@v2 - with: - require: write - username: ${{ github.triggering_actor }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Check User Permission - if: ${{ (github.event_name == 'pull_request_target' || github.triggering_actor != 'github-merge-queue[bot]') && steps.checkAccess.outputs.require-result == 'false' }} - run: | - echo "${{ github.triggering_actor }} does not have permissions on this repo." - echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}" - echo "Job originally triggered by ${{ github.actor }}" - exit 1 - From a9b47b49ae72d61bb7daa576b5853ac65586a8dd Mon Sep 17 00:00:00 2001 From: Robert Gruen Date: Wed, 31 Dec 2025 15:35:17 -0800 Subject: [PATCH 26/26] removed branch trigger --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 836436b..9448f25 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,7 +3,7 @@ name: CI on: push: - branches: [ "main", "dev/robgruen/workflow_updates2" ] + branches: [ "main" ] pull_request_target: branches: [ "main" ] workflow_dispatch: # manual run