GitHub Community
How do I prevent automerge from merging PRs when required checks are skipped due to needs: dependencies failing? #28864
Replies: 2 comments 3 replies
-
|
The way I dealt with this (which is convoluted, it would be nice if GH had a more official solution):
At this point, there will be one failure per failed OR skipped (or any other than success) status job in the However, unless you want to also keep your github required jobs up to date in the UI, you'll need one more job, which has the required_checks job as a Example config: name: CI
on:
push:
branches:
- main
jobs:
job_one:
strategy:
matrix:
index: ["0", "1", "2"]
name: Test ${{ matrix.index }}
runs-on: ubuntu-latest
steps:
- name: Do Stuff
run: echo "example"
job_two:
name: Job Two
runs-on: ubuntu-latest
steps:
- name: More Stuff
run: echo "more"
required_checks:
if: ${{ always() }}
name: Verify Required Checks
needs: [job_one, job_two]
strategy:
matrix:
required: [job_one, job_two]
runs-on: ubuntu-latest
steps:
- name: Fail unless ${{matrix.required}} pass
if: ${{ needs[matrix.required].result != 'success' }}
run: exit 1
all_passed:
if: ${{ always() }}
needs: [required_checks]
name: All Checks Passed.
runs-on: ubuntu-latest
steps:
- name: Fail unless required checks pass
if: ${{ needs.required_checks.result != 'success' }}
run: exit 1
- run: 'echo "✅ All required jobs have passed!"'
|
Beta Was this translation helpful? Give feedback.
-
|
Still in February of 2024 skipped checks do not block auto-merge!!! |
Beta Was this translation helpful? Give feedback.
-
|
I found a way to do this without an extra matrix job. name: CI
on:
push:
branches:
- main
jobs:
job_one:
strategy:
matrix:
index: ["0", "1", "2"]
name: Test ${{ matrix.index }}
runs-on: ubuntu-latest
steps:
- name: Do Stuff
run: echo "example"
job_two:
name: Job Two
runs-on: ubuntu-latest
steps:
- name: More Stuff
run: echo "more"
all_passed:
if: ${{ always() }}
needs: [job_one, job_two]
runs-on: ubuntu-latest
steps:
- name: Fail unless required checks pass
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') }}
run: exit 1
- run: 'echo "✅ All required jobs have passed!"'
|
Beta Was this translation helpful? Give feedback.
-
|
In what universe are skipped steps considered passing?! Thank you for this. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
In JasonGross/coq-tools#130, automerge merged my PR into master despite the fact that check-all-docker and check-all are required to succeed by branch protection and did not succeed on this branch. If I'm requiring a check to succeed, then all of its transitive dependencies should also be required to succeed. It should not be possible to bypass branch protection by failing one of the transitive dependencies of a job that is required to succeed.
Beta Was this translation helpful? Give feedback.
All reactions