|
| 1 | +name: Dependency Gate |
| 2 | + |
| 3 | +# Single source of truth for "may dependent (expensive) workflows run on this |
| 4 | +# commit yet?". Adopted by workflows whose jobs would otherwise run, and fail, on |
| 5 | +# a dependency PR before the lock-dependency bot has regenerated the lockfiles. |
| 6 | +# |
| 7 | +# A dependency PR triggers CI twice: once on the contributor's commit (gemfiles |
| 8 | +# changed, lockfiles still stale) and again on the bot's lock commit. This gate |
| 9 | +# lets expensive jobs skip the first, stale run and only run once the lockfiles |
| 10 | +# are consistent. It cannot reduce the two runs to one — the bot commit always |
| 11 | +# re-triggers CI — but it keeps the first run cheap. |
| 12 | + |
| 13 | +on: # yamllint disable-line rule:truthy |
| 14 | + workflow_call: |
| 15 | + outputs: |
| 16 | + proceed: |
| 17 | + description: >- |
| 18 | + 'true' when dependent jobs may run: either no dependency files changed, |
| 19 | + or every lockfile is consistent with its gemfile. 'false' when a |
| 20 | + dependency changed but at least one lockfile is still stale (the |
| 21 | + lock-dependency bot has not regenerated and committed it yet). |
| 22 | + value: ${{ jobs.changes.outputs.dependencies != 'true' || jobs.gate.outputs.proceed == 'true' }} |
| 23 | + |
| 24 | +# Default permissions for all jobs |
| 25 | +permissions: {} |
| 26 | + |
| 27 | +jobs: |
| 28 | + changes: |
| 29 | + name: detect dependency changes |
| 30 | + runs-on: ubuntu-24.04 |
| 31 | + outputs: |
| 32 | + dependencies: ${{ steps.changes.outputs.dependencies }} |
| 33 | + steps: |
| 34 | + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 |
| 35 | + with: |
| 36 | + persist-credentials: false |
| 37 | + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 |
| 38 | + id: changes |
| 39 | + with: |
| 40 | + filters: .github/dependency_filters.yml |
| 41 | + |
| 42 | + gate: |
| 43 | + name: probe lockfile consistency |
| 44 | + needs: changes |
| 45 | + if: ${{ needs.changes.outputs.dependencies == 'true' }} |
| 46 | + runs-on: ubuntu-24.04 |
| 47 | + container: |
| 48 | + image: ghcr.io/datadog/images-rb/engines/ruby:4.0-gnu-gcc |
| 49 | + outputs: |
| 50 | + proceed: ${{ steps.decide.outputs.proceed }} |
| 51 | + steps: |
| 52 | + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 |
| 53 | + with: |
| 54 | + persist-credentials: false |
| 55 | + - name: Decide whether dependent jobs may proceed |
| 56 | + id: decide |
| 57 | + run: bash .github/scripts/deps_gate.sh |
0 commit comments