From 6fbfe516c3d1ea92a8fdd6d86724b5b6e4a26ade Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Tue, 10 Feb 2026 11:03:05 +0100 Subject: [PATCH 01/16] Gate full CI suite behind approval job on PRs --- .circleci/config.yml | 310 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 308 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a57d911c8d..71e7c3ed20 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -102,6 +102,14 @@ aliases: ignore: /.*/ branches: only: main + exclude-main-and-release: &exclude-main-and-release + filters: + tags: + ignore: /.*/ + branches: + ignore: + - main + - /^release\/.*/ commands: slack-notify-on-fail: steps: @@ -1681,6 +1689,24 @@ jobs: name: Trigger RC App Pipeline command: bundle exec fastlane trigger_bump_sdk_in_rc_mobile_app + full-suite-gate: + docker: + - image: cimg/base:stable + resource_class: small + steps: + - run: + name: Full suite gate passed + command: echo "Tier 1 passed and full tests approved - unlocking Tier 2" + + all-tests-passed: + docker: + - image: cimg/base:stable + resource_class: small + steps: + - run: + name: All tests passed + command: echo "All tests passed" + workflows: generate-snapshot: @@ -1718,6 +1744,9 @@ workflows: - not: << pipeline.parameters.generate_snapshots >> - not: << pipeline.parameters.generate_revenuecatui_snapshots >> jobs: + # ============================================================= + # Tier 1: Auto-run on every push + # ============================================================= - lint - check-api-changes: context: @@ -1726,13 +1755,290 @@ workflows: name: validate-package-swift-5.8 xcode_version: "14.3.1" mac_os_executor_name: macos-executor - - run-test-ios-18 - run-test-ios-26 - pod-lib-lint - - run-revenuecat-ui-ios-18 - run-revenuecat-ui-ios-26 - emerge_purchases_ui_snapshot_tests - emerge_binary_size_analysis + - build-tv-watch-and-macos + - build-visionos + + # ============================================================= + # Hold gate: can be approved immediately, no need to wait for + # Tier 1. Only applies to PR branches (not main or release). + # ============================================================= + - approve-full-tests: + type: approval + <<: *exclude-main-and-release + + # ============================================================= + # Full suite gate: unlocks Tier 2 jobs. Requires BOTH the hold + # approval AND all Tier 1 jobs to pass. This allows maintainers + # to approve early while Tier 1 is still running. + # ============================================================= + - full-suite-gate: + requires: + - approve-full-tests + - lint + - check-api-changes + - validate-package-swift-5.8 + - run-test-ios-26 + - pod-lib-lint + - run-revenuecat-ui-ios-26 + - emerge_purchases_ui_snapshot_tests + - emerge_binary_size_analysis + - build-tv-watch-and-macos + - build-visionos + <<: *exclude-main-and-release + + # ============================================================= + # Tier 2: Gated behind full-suite-gate + # Only applies to PR branches (not main or release) + # ============================================================= + + # Backend Integration Tests + - backend-integration-tests-SK1: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - backend-integration-tests-SK2: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - backend-integration-tests-custom-entitlements: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - backend-integration-tests-other: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - backend-integration-tests-offline: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + + # Older iOS Version Tests + - run-test-ios-18: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - run-test-ios-14: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - run-test-ios-15: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - run-test-ios-16: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - run-test-ios-17: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + + # Platform Runtime Tests + - run-test-macos: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - run-test-tvos: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - run-test-watchos: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + + # RevenueCatUI Tests + - run-revenuecat-ui-ios-18: + requires: + - full-suite-gate + <<: *exclude-main-and-release + - spm-revenuecat-ui-ios-15: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - spm-revenuecat-ui-ios-16: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - run-revenuecat-ui-ios-17: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - spm-revenuecat-ui-watchos: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + + # Installation Tests + - installation-tests-cocoapods: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - installation-tests-swift-package-manager: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - installation-tests-custom-entitlement-computation-swift-package-manager: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - installation-tests-carthage: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - installation-tests-xcode-direct-integration: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - installation-tests-receipt-parser: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + + # SPM / Other Build Tests + - spm-release-build: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - spm-release-build-xcode-14: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - spm-release-build-xcode-15: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - api-tests: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - spm-receipt-parser: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - deploy-purchase-tester: + dry_run: true + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + - run-all-maestro-e2e-tests: + requires: + - full-suite-gate + context: + - e2e-tests + - slack-secrets + <<: *exclude-main-and-release + - docs-build: + requires: + - full-suite-gate + context: + - slack-secrets + <<: *exclude-main-and-release + + # ============================================================= + # Summary gate: blocks merge until all Tier 2 jobs pass + # Add "ci/circleci: all-tests-passed" as a required check in GitHub + # ============================================================= + - all-tests-passed: + requires: + - backend-integration-tests-SK1 + - backend-integration-tests-SK2 + - backend-integration-tests-custom-entitlements + - backend-integration-tests-other + - backend-integration-tests-offline + - run-test-ios-18 + - run-test-ios-14 + - run-test-ios-15 + - run-test-ios-16 + - run-test-ios-17 + - run-test-macos + - run-test-tvos + - run-test-watchos + - spm-revenuecat-ui-ios-15 + - spm-revenuecat-ui-ios-16 + - run-revenuecat-ui-ios-17 + - run-revenuecat-ui-ios-18 + - spm-revenuecat-ui-watchos + - installation-tests-cocoapods + - installation-tests-swift-package-manager + - installation-tests-custom-entitlement-computation-swift-package-manager + - installation-tests-carthage + - installation-tests-xcode-direct-integration + - installation-tests-receipt-parser + - spm-release-build + - spm-release-build-xcode-14 + - spm-release-build-xcode-15 + - api-tests + - spm-receipt-parser + - deploy-purchase-tester + - run-all-maestro-e2e-tests + - docs-build + <<: *exclude-main-and-release create-tag: when: From 21bbbeb5d6e0a07254185863b758ff09a63a31bb Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Tue, 10 Feb 2026 11:50:30 +0100 Subject: [PATCH 02/16] Gate release tagging behind all-tests-passed Move release-checks, hold, and tag-release-branch into the ci workflow (formerly all-tests) so the release hold requires both release-checks and all-tests-passed. Remove standalone create-tag workflow. --- .circleci/config.yml | 78 +++++++++++++++++++++++++++++++++----------- 1 file changed, 59 insertions(+), 19 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 71e7c3ed20..c29c86f73b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2040,24 +2040,6 @@ workflows: - docs-build <<: *exclude-main-and-release - create-tag: - when: - and: - - not: - equal: [scheduled_pipeline, << pipeline.trigger_source >>] - - matches: - pattern: "^release/.*$" - value: << pipeline.git.branch >> - jobs: - - release-checks - - hold: - type: approval - requires: - - release-checks - - tag-release-branch: - requires: - - hold - deploy-tag: when: not: @@ -2187,7 +2169,7 @@ workflows: # - Parameter Type: string # - Name: action # - Value: run-manual-tests - all-tests: + ci: when: and: - not: @@ -2307,3 +2289,61 @@ workflows: context: - slack-secrets + # ============================================================= + # Summary gate: all tests passed + # ============================================================= + - all-tests-passed: + requires: + - check-api-changes + - run-all-maestro-e2e-tests + - backend-integration-tests-SK1 + - backend-integration-tests-SK2 + - backend-integration-tests-custom-entitlements + - backend-integration-tests-other + - backend-integration-tests-offline + - build-tv-watch-and-macos + - build-visionos + - docs-build + - run-test-ios-14 + - run-test-ios-15 + - run-test-ios-16 + - run-test-ios-17 + - run-test-macos + - run-test-tvos + - run-test-watchos + - spm-receipt-parser + - spm-release-build + - spm-release-build-xcode-14 + - spm-release-build-xcode-15 + - spm-revenuecat-ui-ios-15 + - spm-revenuecat-ui-ios-16 + - run-revenuecat-ui-ios-17 + - spm-revenuecat-ui-watchos + - installation-tests-cocoapods + - installation-tests-swift-package-manager + - installation-tests-custom-entitlement-computation-swift-package-manager + - installation-tests-carthage + - installation-tests-xcode-direct-integration + - installation-tests-receipt-parser + - api-tests + - deploy-purchase-tester + - emerge_binary_size_analysis + + # ============================================================= + # Release tagging: only on release branches + # Requires both release-checks and all-tests-passed before + # the hold can be approved. + # ============================================================= + - release-checks: + <<: *release-branches + - hold: + type: approval + requires: + - release-checks + - all-tests-passed + <<: *release-branches + - tag-release-branch: + requires: + - hold + <<: *release-branches + From de40c4c6f0e6f8806cf40a850a777e735a2be76f Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Tue, 10 Feb 2026 12:00:38 +0100 Subject: [PATCH 03/16] Exclude build-test workflow from main and release branches The "ci" workflow already includes everything --- .circleci/config.yml | 50 +++++--------------------------------------- 1 file changed, 5 insertions(+), 45 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c29c86f73b..ed135b1436 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -102,14 +102,6 @@ aliases: ignore: /.*/ branches: only: main - exclude-main-and-release: &exclude-main-and-release - filters: - tags: - ignore: /.*/ - branches: - ignore: - - main - - /^release\/.*/ commands: slack-notify-on-fail: steps: @@ -1743,6 +1735,10 @@ workflows: equal: [bump, << pipeline.parameters.action >>] - not: << pipeline.parameters.generate_snapshots >> - not: << pipeline.parameters.generate_revenuecatui_snapshots >> + - not: + matches: + pattern: "^(main|release/.*)$" + value: << pipeline.git.branch >> jobs: # ============================================================= # Tier 1: Auto-run on every push @@ -1765,11 +1761,10 @@ workflows: # ============================================================= # Hold gate: can be approved immediately, no need to wait for - # Tier 1. Only applies to PR branches (not main or release). + # Tier 1. # ============================================================= - approve-full-tests: type: approval - <<: *exclude-main-and-release # ============================================================= # Full suite gate: unlocks Tier 2 jobs. Requires BOTH the hold @@ -1789,11 +1784,9 @@ workflows: - emerge_binary_size_analysis - build-tv-watch-and-macos - build-visionos - <<: *exclude-main-and-release # ============================================================= # Tier 2: Gated behind full-suite-gate - # Only applies to PR branches (not main or release) # ============================================================= # Backend Integration Tests @@ -1802,31 +1795,26 @@ workflows: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - backend-integration-tests-SK2: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - backend-integration-tests-custom-entitlements: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - backend-integration-tests-other: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - backend-integration-tests-offline: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release # Older iOS Version Tests - run-test-ios-18: @@ -1834,31 +1822,26 @@ workflows: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - run-test-ios-14: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - run-test-ios-15: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - run-test-ios-16: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - run-test-ios-17: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release # Platform Runtime Tests - run-test-macos: @@ -1866,49 +1849,41 @@ workflows: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - run-test-tvos: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - run-test-watchos: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release # RevenueCatUI Tests - run-revenuecat-ui-ios-18: requires: - full-suite-gate - <<: *exclude-main-and-release - spm-revenuecat-ui-ios-15: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - spm-revenuecat-ui-ios-16: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - run-revenuecat-ui-ios-17: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - spm-revenuecat-ui-watchos: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release # Installation Tests - installation-tests-cocoapods: @@ -1916,37 +1891,31 @@ workflows: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - installation-tests-swift-package-manager: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - installation-tests-custom-entitlement-computation-swift-package-manager: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - installation-tests-carthage: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - installation-tests-xcode-direct-integration: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - installation-tests-receipt-parser: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release # SPM / Other Build Tests - spm-release-build: @@ -1954,51 +1923,43 @@ workflows: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - spm-release-build-xcode-14: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - spm-release-build-xcode-15: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - api-tests: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - spm-receipt-parser: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - deploy-purchase-tester: dry_run: true requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release - run-all-maestro-e2e-tests: requires: - full-suite-gate context: - e2e-tests - slack-secrets - <<: *exclude-main-and-release - docs-build: requires: - full-suite-gate context: - slack-secrets - <<: *exclude-main-and-release # ============================================================= # Summary gate: blocks merge until all Tier 2 jobs pass @@ -2038,7 +1999,6 @@ workflows: - deploy-purchase-tester - run-all-maestro-e2e-tests - docs-build - <<: *exclude-main-and-release deploy-tag: when: From 1401ef4d5faf18f81eb368ca34499a752916ed22 Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Tue, 10 Feb 2026 12:19:08 +0100 Subject: [PATCH 04/16] Renamed "hold" job to "approve-release" --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index ed135b1436..789b7e1b75 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2296,7 +2296,7 @@ workflows: # ============================================================= - release-checks: <<: *release-branches - - hold: + - approve-release: type: approval requires: - release-checks @@ -2304,6 +2304,6 @@ workflows: <<: *release-branches - tag-release-branch: requires: - - hold + - approve-release <<: *release-branches From f6a32b23c46a416f2608ecfed344e5dc1997c9f0 Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Tue, 10 Feb 2026 12:42:10 +0100 Subject: [PATCH 05/16] Skip `build-test` when `run-manual-tests` or `run-from-github-comments` is triggered --- .circleci/config.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 789b7e1b75..6d63b8fe4d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1735,6 +1735,10 @@ workflows: equal: [bump, << pipeline.parameters.action >>] - not: << pipeline.parameters.generate_snapshots >> - not: << pipeline.parameters.generate_revenuecatui_snapshots >> + - not: + equal: [run-manual-tests, << pipeline.parameters.action >>] + - not: + equal: ["run-from-github-comments", << pipeline.parameters.GHA_Meta >>] - not: matches: pattern: "^(main|release/.*)$" From 894f27e9519793f9e89c16c1bb83e1d18dd0249c Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Tue, 10 Feb 2026 12:44:35 +0100 Subject: [PATCH 06/16] Revert "Skip `build-test` when `run-manual-tests` or `run-from-github-comments` is triggered" This reverts commit f6a32b23c46a416f2608ecfed344e5dc1997c9f0. --- .circleci/config.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6d63b8fe4d..789b7e1b75 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1735,10 +1735,6 @@ workflows: equal: [bump, << pipeline.parameters.action >>] - not: << pipeline.parameters.generate_snapshots >> - not: << pipeline.parameters.generate_revenuecatui_snapshots >> - - not: - equal: [run-manual-tests, << pipeline.parameters.action >>] - - not: - equal: ["run-from-github-comments", << pipeline.parameters.GHA_Meta >>] - not: matches: pattern: "^(main|release/.*)$" From 6939ea772eafcb902f93f38b27a51f26ef654639 Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Tue, 10 Feb 2026 14:09:18 +0100 Subject: [PATCH 07/16] rename `build-test` workflow to `run-all-tests` --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 789b7e1b75..a132b5f48e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1724,7 +1724,7 @@ workflows: - run-revenuecat-ui-ios-18 - run-revenuecat-ui-ios-26 - build-test: + run-all-tests: when: and: - not: From 28cde3ae035ddb16ed3789269dd53352bf713d9b Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Tue, 10 Feb 2026 14:12:55 +0100 Subject: [PATCH 08/16] Add missing jobs to `ci` workflow (for `main` and for release branches) --- .circleci/config.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index a132b5f48e..d81f5f2e84 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2248,6 +2248,17 @@ workflows: - emerge_binary_size_analysis: context: - slack-secrets + - lint + - validate-package-swift: + name: validate-package-swift-5.8 + xcode_version: "14.3.1" + mac_os_executor_name: macos-executor + - run-test-ios-26 + - run-test-ios-18 + - pod-lib-lint + - run-revenuecat-ui-ios-26 + - run-revenuecat-ui-ios-18 + - emerge_purchases_ui_snapshot_tests # ============================================================= # Summary gate: all tests passed @@ -2256,6 +2267,14 @@ workflows: requires: - check-api-changes - run-all-maestro-e2e-tests + - lint + - validate-package-swift-5.8 + - run-test-ios-26 + - run-test-ios-18 + - pod-lib-lint + - run-revenuecat-ui-ios-26 + - run-revenuecat-ui-ios-18 + - emerge_purchases_ui_snapshot_tests - backend-integration-tests-SK1 - backend-integration-tests-SK2 - backend-integration-tests-custom-entitlements From 6858b8560abd1671d11948c492f8e4bbce6ba3d1 Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Thu, 12 Feb 2026 09:08:20 +0100 Subject: [PATCH 09/16] PR comments --- .circleci/config.yml | 114 ++++++++++++++++--------------------------- 1 file changed, 42 insertions(+), 72 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index d81f5f2e84..89485c4883 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1681,16 +1681,7 @@ jobs: name: Trigger RC App Pipeline command: bundle exec fastlane trigger_bump_sdk_in_rc_mobile_app - full-suite-gate: - docker: - - image: cimg/base:stable - resource_class: small - steps: - - run: - name: Full suite gate passed - command: echo "Tier 1 passed and full tests approved - unlocking Tier 2" - - all-tests-passed: + all-tasks-finished: docker: - image: cimg/base:stable resource_class: small @@ -1741,7 +1732,7 @@ workflows: value: << pipeline.git.branch >> jobs: # ============================================================= - # Tier 1: Auto-run on every push + # Reduced Test Suite: Auto-run on every push # ============================================================= - lint - check-api-changes: @@ -1760,212 +1751,191 @@ workflows: - build-visionos # ============================================================= - # Hold gate: can be approved immediately, no need to wait for - # Tier 1. + # Hold gate for the Full Test Suite # ============================================================= - approve-full-tests: type: approval # ============================================================= - # Full suite gate: unlocks Tier 2 jobs. Requires BOTH the hold - # approval AND all Tier 1 jobs to pass. This allows maintainers - # to approve early while Tier 1 is still running. - # ============================================================= - - full-suite-gate: - requires: - - approve-full-tests - - lint - - check-api-changes - - validate-package-swift-5.8 - - run-test-ios-26 - - pod-lib-lint - - run-revenuecat-ui-ios-26 - - emerge_purchases_ui_snapshot_tests - - emerge_binary_size_analysis - - build-tv-watch-and-macos - - build-visionos - - # ============================================================= - # Tier 2: Gated behind full-suite-gate + # Full Test Suite: Gated behind approve-full-tests # ============================================================= # Backend Integration Tests - backend-integration-tests-SK1: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - backend-integration-tests-SK2: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - backend-integration-tests-custom-entitlements: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - backend-integration-tests-other: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - backend-integration-tests-offline: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets # Older iOS Version Tests - run-test-ios-18: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - run-test-ios-14: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - run-test-ios-15: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - run-test-ios-16: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - run-test-ios-17: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets # Platform Runtime Tests - run-test-macos: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - run-test-tvos: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - run-test-watchos: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets # RevenueCatUI Tests - run-revenuecat-ui-ios-18: requires: - - full-suite-gate + - approve-full-tests - spm-revenuecat-ui-ios-15: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - spm-revenuecat-ui-ios-16: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - run-revenuecat-ui-ios-17: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - spm-revenuecat-ui-watchos: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets # Installation Tests - installation-tests-cocoapods: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - installation-tests-swift-package-manager: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - installation-tests-custom-entitlement-computation-swift-package-manager: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - installation-tests-carthage: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - installation-tests-xcode-direct-integration: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - installation-tests-receipt-parser: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets # SPM / Other Build Tests - spm-release-build: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - spm-release-build-xcode-14: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - spm-release-build-xcode-15: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - api-tests: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - spm-receipt-parser: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - deploy-purchase-tester: dry_run: true requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets - run-all-maestro-e2e-tests: requires: - - full-suite-gate + - approve-full-tests context: - e2e-tests - slack-secrets - docs-build: requires: - - full-suite-gate + - approve-full-tests context: - slack-secrets # ============================================================= - # Summary gate: blocks merge until all Tier 2 jobs pass - # Add "ci/circleci: all-tests-passed" as a required check in GitHub + # Summary gate: blocks merge until all Full Test Suite jobs pass # ============================================================= - - all-tests-passed: + - all-tasks-finished: requires: - backend-integration-tests-SK1 - backend-integration-tests-SK2 @@ -2129,7 +2099,7 @@ workflows: # - Parameter Type: string # - Name: action # - Value: run-manual-tests - ci: + release-or-main: when: and: - not: @@ -2263,7 +2233,7 @@ workflows: # ============================================================= # Summary gate: all tests passed # ============================================================= - - all-tests-passed: + - all-tasks-finished: requires: - check-api-changes - run-all-maestro-e2e-tests @@ -2310,7 +2280,7 @@ workflows: # ============================================================= # Release tagging: only on release branches - # Requires both release-checks and all-tests-passed before + # Requires both release-checks and all-tasks-finished before # the hold can be approved. # ============================================================= - release-checks: @@ -2319,7 +2289,7 @@ workflows: type: approval requires: - release-checks - - all-tests-passed + - all-tasks-finished <<: *release-branches - tag-release-branch: requires: From e65a633592ac03d96c6aa8f628f27a332960451b Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Thu, 12 Feb 2026 09:25:07 +0100 Subject: [PATCH 10/16] Rename `all-tasks-finished` to `all-tasks-passed` --- .circleci/config.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 89485c4883..2c8a8de94f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1681,7 +1681,7 @@ jobs: name: Trigger RC App Pipeline command: bundle exec fastlane trigger_bump_sdk_in_rc_mobile_app - all-tasks-finished: + all-tasks-passed: docker: - image: cimg/base:stable resource_class: small @@ -1935,7 +1935,7 @@ workflows: # ============================================================= # Summary gate: blocks merge until all Full Test Suite jobs pass # ============================================================= - - all-tasks-finished: + - all-tasks-passed: requires: - backend-integration-tests-SK1 - backend-integration-tests-SK2 @@ -2233,7 +2233,7 @@ workflows: # ============================================================= # Summary gate: all tests passed # ============================================================= - - all-tasks-finished: + - all-tasks-passed: requires: - check-api-changes - run-all-maestro-e2e-tests @@ -2280,7 +2280,7 @@ workflows: # ============================================================= # Release tagging: only on release branches - # Requires both release-checks and all-tasks-finished before + # Requires both release-checks and all-tasks-passed before # the hold can be approved. # ============================================================= - release-checks: @@ -2289,7 +2289,7 @@ workflows: type: approval requires: - release-checks - - all-tasks-finished + - all-tasks-passed <<: *release-branches - tag-release-branch: requires: From fcb9287256bcb04111cb5b670f043dcb21209fbb Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Thu, 12 Feb 2026 09:31:26 +0100 Subject: [PATCH 11/16] Have release branches run `all-tasks-passed` only after `tag-release-branch` --- .circleci/config.yml | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2c8a8de94f..7a26ef5ccd 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2231,10 +2231,16 @@ workflows: - emerge_purchases_ui_snapshot_tests # ============================================================= - # Summary gate: all tests passed + # Release tagging: only on release branches + # Requires both release-checks and all other tasks to pass + # before the hold can be approved. # ============================================================= - - all-tasks-passed: + - release-checks: + <<: *release-branches + - approve-release: + type: approval requires: + - release-checks - check-api-changes - run-all-maestro-e2e-tests - lint @@ -2277,22 +2283,12 @@ workflows: - api-tests - deploy-purchase-tester - emerge_binary_size_analysis - - # ============================================================= - # Release tagging: only on release branches - # Requires both release-checks and all-tasks-passed before - # the hold can be approved. - # ============================================================= - - release-checks: - <<: *release-branches - - approve-release: - type: approval - requires: - - release-checks - - all-tasks-passed <<: *release-branches - tag-release-branch: requires: - approve-release <<: *release-branches + - all-tasks-passed: + requires: + - tag-release-branch From faee21dc406fbeb0f1fc36a0f2f93e6da46394d0 Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Thu, 12 Feb 2026 10:30:17 +0100 Subject: [PATCH 12/16] Revert "Have release branches run `all-tasks-passed` only after `tag-release-branch`" This reverts commit fcb9287256bcb04111cb5b670f043dcb21209fbb. --- .circleci/config.yml | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 7a26ef5ccd..2c8a8de94f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2231,16 +2231,10 @@ workflows: - emerge_purchases_ui_snapshot_tests # ============================================================= - # Release tagging: only on release branches - # Requires both release-checks and all other tasks to pass - # before the hold can be approved. + # Summary gate: all tests passed # ============================================================= - - release-checks: - <<: *release-branches - - approve-release: - type: approval + - all-tasks-passed: requires: - - release-checks - check-api-changes - run-all-maestro-e2e-tests - lint @@ -2283,12 +2277,22 @@ workflows: - api-tests - deploy-purchase-tester - emerge_binary_size_analysis + + # ============================================================= + # Release tagging: only on release branches + # Requires both release-checks and all-tasks-passed before + # the hold can be approved. + # ============================================================= + - release-checks: + <<: *release-branches + - approve-release: + type: approval + requires: + - release-checks + - all-tasks-passed <<: *release-branches - tag-release-branch: requires: - approve-release <<: *release-branches - - all-tasks-passed: - requires: - - tag-release-branch From 6e17223251dae1f1819eadcabf515a1208fa8984 Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Thu, 12 Feb 2026 16:30:46 +0100 Subject: [PATCH 13/16] Require Reduced Test Suite jobs in `all-tasks-passed` summary gate Co-authored-by: Cursor --- .circleci/config.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2c8a8de94f..5e9fc42d52 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1933,10 +1933,22 @@ workflows: - slack-secrets # ============================================================= - # Summary gate: blocks merge until all Full Test Suite jobs pass + # Summary gate: blocks merge until all jobs pass # ============================================================= - all-tasks-passed: requires: + # Reduced Test Suite + - lint + - check-api-changes + - validate-package-swift-5.8 + - run-test-ios-26 + - pod-lib-lint + - run-revenuecat-ui-ios-26 + - emerge_purchases_ui_snapshot_tests + - emerge_binary_size_analysis + - build-tv-watch-and-macos + - build-visionos + # Full Test Suite - backend-integration-tests-SK1 - backend-integration-tests-SK2 - backend-integration-tests-custom-entitlements From ddd67f31ce2b3072728d50648e0f805ac28713b4 Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Fri, 13 Feb 2026 11:19:57 +0100 Subject: [PATCH 14/16] Skip approve-full-tests hold for automatic bot PRs Add a `run-all-tests-auto` workflow that runs the full test suite without the manual approval gate for dependabot, RCGitBot version bumps (bump/*), and generated snapshot branches. Co-authored-by: Cursor --- .circleci/config.yml | 211 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 211 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5e9fc42d52..f3aa18178e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1730,6 +1730,11 @@ workflows: matches: pattern: "^(main|release/.*)$" value: << pipeline.git.branch >> + # Exclude automatic bot branches (they use run-all-tests-auto instead) + - not: + matches: + pattern: "^(dependabot/.*|bump/.*|generated_snapshots/.*)$" + value: << pipeline.git.branch >> jobs: # ============================================================= # Reduced Test Suite: Auto-run on every push @@ -1982,6 +1987,212 @@ workflows: - run-all-maestro-e2e-tests - docs-build + # ============================================================= + # Automatic bot PRs: same jobs as run-all-tests but without + # the approve-full-tests manual approval gate. + # Matches branches from dependabot, RCGitBot version bumps, + # and RCGitBot generated snapshot PRs. + # ============================================================= + run-all-tests-auto: + when: + and: + - not: + equal: [scheduled_pipeline, << pipeline.trigger_source >>] + - not: + equal: ["release-train", << pipeline.schedule.name >>] + - not: + equal: [bump, << pipeline.parameters.action >>] + - not: << pipeline.parameters.generate_snapshots >> + - not: << pipeline.parameters.generate_revenuecatui_snapshots >> + - not: + matches: + pattern: "^(main|release/.*)$" + value: << pipeline.git.branch >> + - matches: + pattern: "^(dependabot/.*|bump/.*|generated_snapshots/.*)$" + value: << pipeline.git.branch >> + jobs: + # ============================================================= + # Reduced Test Suite (same as run-all-tests) + # ============================================================= + - lint + - check-api-changes: + context: + - slack-secrets-ios + - validate-package-swift: + name: validate-package-swift-5.8 + xcode_version: "14.3.1" + mac_os_executor_name: macos-executor + - run-test-ios-26 + - pod-lib-lint + - run-revenuecat-ui-ios-26 + - emerge_purchases_ui_snapshot_tests + - emerge_binary_size_analysis + - build-tv-watch-and-macos + - build-visionos + + # ============================================================= + # Full Test Suite (runs automatically, no approval gate) + # ============================================================= + + # Backend Integration Tests + - backend-integration-tests-SK1: + context: + - slack-secrets + - backend-integration-tests-SK2: + context: + - slack-secrets + - backend-integration-tests-custom-entitlements: + context: + - slack-secrets + - backend-integration-tests-other: + context: + - slack-secrets + - backend-integration-tests-offline: + context: + - slack-secrets + + # Older iOS Version Tests + - run-test-ios-18: + context: + - slack-secrets + - run-test-ios-14: + context: + - slack-secrets + - run-test-ios-15: + context: + - slack-secrets + - run-test-ios-16: + context: + - slack-secrets + - run-test-ios-17: + context: + - slack-secrets + + # Platform Runtime Tests + - run-test-macos: + context: + - slack-secrets + - run-test-tvos: + context: + - slack-secrets + - run-test-watchos: + context: + - slack-secrets + + # RevenueCatUI Tests + - run-revenuecat-ui-ios-18 + - spm-revenuecat-ui-ios-15: + context: + - slack-secrets + - spm-revenuecat-ui-ios-16: + context: + - slack-secrets + - run-revenuecat-ui-ios-17: + context: + - slack-secrets + - spm-revenuecat-ui-watchos: + context: + - slack-secrets + + # Installation Tests + - installation-tests-cocoapods: + context: + - slack-secrets + - installation-tests-swift-package-manager: + context: + - slack-secrets + - installation-tests-custom-entitlement-computation-swift-package-manager: + context: + - slack-secrets + - installation-tests-carthage: + context: + - slack-secrets + - installation-tests-xcode-direct-integration: + context: + - slack-secrets + - installation-tests-receipt-parser: + context: + - slack-secrets + + # SPM / Other Build Tests + - spm-release-build: + context: + - slack-secrets + - spm-release-build-xcode-14: + context: + - slack-secrets + - spm-release-build-xcode-15: + context: + - slack-secrets + - api-tests: + context: + - slack-secrets + - spm-receipt-parser: + context: + - slack-secrets + - deploy-purchase-tester: + dry_run: true + context: + - slack-secrets + - run-all-maestro-e2e-tests: + context: + - e2e-tests + - slack-secrets + - docs-build: + context: + - slack-secrets + + # ============================================================= + # Summary gate: blocks merge until all jobs pass + # ============================================================= + - all-tasks-passed: + requires: + # Reduced Test Suite + - lint + - check-api-changes + - validate-package-swift-5.8 + - run-test-ios-26 + - pod-lib-lint + - run-revenuecat-ui-ios-26 + - emerge_purchases_ui_snapshot_tests + - emerge_binary_size_analysis + - build-tv-watch-and-macos + - build-visionos + # Full Test Suite + - backend-integration-tests-SK1 + - backend-integration-tests-SK2 + - backend-integration-tests-custom-entitlements + - backend-integration-tests-other + - backend-integration-tests-offline + - run-test-ios-18 + - run-test-ios-14 + - run-test-ios-15 + - run-test-ios-16 + - run-test-ios-17 + - run-test-macos + - run-test-tvos + - run-test-watchos + - spm-revenuecat-ui-ios-15 + - spm-revenuecat-ui-ios-16 + - run-revenuecat-ui-ios-17 + - run-revenuecat-ui-ios-18 + - spm-revenuecat-ui-watchos + - installation-tests-cocoapods + - installation-tests-swift-package-manager + - installation-tests-custom-entitlement-computation-swift-package-manager + - installation-tests-carthage + - installation-tests-xcode-direct-integration + - installation-tests-receipt-parser + - spm-release-build + - spm-release-build-xcode-14 + - spm-release-build-xcode-15 + - api-tests + - spm-receipt-parser + - deploy-purchase-tester + - run-all-maestro-e2e-tests + - docs-build + deploy-tag: when: not: From d75486a56c93ec1608f8428fa6f9b634c1aa6f4f Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Tue, 17 Feb 2026 13:38:54 +0100 Subject: [PATCH 15/16] Fix job references after merge from main - Replace `build-tv-watch-and-macos` + `build-visionos` with consolidated `build-tv-watch-mac-and-visionos` in both workflows - Replace individual installation test jobs with consolidated `installation-tests-all-but-carthage` in both workflows Co-authored-by: Cursor --- .circleci/config.yml | 43 ++++++------------------------------------- 1 file changed, 6 insertions(+), 37 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8198d7ca72..cac1f34ee5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1932,8 +1932,7 @@ workflows: - run-revenuecat-ui-ios-26 - emerge_purchases_ui_snapshot_tests - emerge_binary_size_analysis - - build-tv-watch-and-macos - - build-visionos + - build-tv-watch-mac-and-visionos # ============================================================= # Hold gate for the Full Test Suite @@ -2042,17 +2041,7 @@ workflows: - slack-secrets # Installation Tests - - installation-tests-cocoapods: - requires: - - approve-full-tests - context: - - slack-secrets - - installation-tests-swift-package-manager: - requires: - - approve-full-tests - context: - - slack-secrets - - installation-tests-custom-entitlement-computation-swift-package-manager: + - installation-tests-all-but-carthage: requires: - approve-full-tests context: @@ -2062,16 +2051,6 @@ workflows: - approve-full-tests context: - slack-secrets - - installation-tests-xcode-direct-integration: - requires: - - approve-full-tests - context: - - slack-secrets - - installation-tests-receipt-parser: - requires: - - approve-full-tests - context: - - slack-secrets # SPM / Other Build Tests - spm-release-build: @@ -2131,8 +2110,7 @@ workflows: - run-revenuecat-ui-ios-26 - emerge_purchases_ui_snapshot_tests - emerge_binary_size_analysis - - build-tv-watch-and-macos - - build-visionos + - build-tv-watch-mac-and-visionos # Full Test Suite - backend-integration-tests-SK1 - backend-integration-tests-SK2 @@ -2152,12 +2130,8 @@ workflows: - run-revenuecat-ui-ios-17 - run-revenuecat-ui-ios-18 - spm-revenuecat-ui-watchos - - installation-tests-cocoapods - - installation-tests-swift-package-manager - - installation-tests-custom-entitlement-computation-swift-package-manager + - installation-tests-all-but-carthage - installation-tests-carthage - - installation-tests-xcode-direct-integration - - installation-tests-receipt-parser - spm-release-build - spm-release-build-xcode-14 - spm-release-build-xcode-15 @@ -2446,8 +2420,7 @@ workflows: - backend-integration-tests-custom-entitlements - backend-integration-tests-other - backend-integration-tests-offline - - build-tv-watch-and-macos - - build-visionos + - build-tv-watch-mac-and-visionos - docs-build - run-test-ios-14 - run-test-ios-15 @@ -2464,12 +2437,8 @@ workflows: - spm-revenuecat-ui-ios-16 - run-revenuecat-ui-ios-17 - spm-revenuecat-ui-watchos - - installation-tests-cocoapods - - installation-tests-swift-package-manager - - installation-tests-custom-entitlement-computation-swift-package-manager + - installation-tests-all-but-carthage - installation-tests-carthage - - installation-tests-xcode-direct-integration - - installation-tests-receipt-parser - api-tests - deploy-purchase-tester - emerge_binary_size_analysis From 8cff0e02675fe37fb6527b09efc4cd3df7042912 Mon Sep 17 00:00:00 2001 From: Antonio Pallares Date: Wed, 25 Feb 2026 17:07:13 +0100 Subject: [PATCH 16/16] Add missing generate_swiftinterface exclusion to run-all-tests-auto workflow Co-authored-by: Cursor --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 09e72b9ad1..789d68f769 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2261,6 +2261,7 @@ workflows: equal: [bump, << pipeline.parameters.action >>] - not: << pipeline.parameters.generate_snapshots >> - not: << pipeline.parameters.generate_revenuecatui_snapshots >> + - not: << pipeline.parameters.generate_swiftinterface >> - not: matches: pattern: "^(main|release/.*)$"