apache
diff --git a/‎.asf.yaml‎
Lines changed: 23 additions & 0 deletions b/‎.asf.yaml‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎.github/workflows/audit.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/audit.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/breaking_changes_detector.yml‎
Lines changed: 9 additions & 7 deletions b/‎.github/workflows/breaking_changes_detector.yml‎
Lines changed: 9 additions & 7 deletions
diff --git a/‎.github/workflows/breaking_changes_detector_comment.yml‎
Lines changed: 28 additions & 0 deletions b/‎.github/workflows/breaking_changes_detector_comment.yml‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎.github/workflows/codeql.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/codeql.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/dev.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/dev.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/extended.yml‎
Lines changed: 0 additions & 28 deletions b/‎.github/workflows/extended.yml‎
Lines changed: 0 additions & 28 deletions
diff --git a/‎.github/workflows/rust.yml‎
Lines changed: 11 additions & 10 deletions b/‎.github/workflows/rust.yml‎
Lines changed: 11 additions & 10 deletions
@@ -60,6 +60,29 @@ github:
           - "Spell Check with Typos"
           - "Circular Dependency Check"
           - "Detect Unused Dependencies"
+          - "linux build test"
+          - "cargo check datafusion-common features"
+          - "cargo check datafusion-substrait features"
+          - "cargo check datafusion-proto features"
+          - "cargo check datafusion features"
+          - "cargo check datafusion-functions features"
+          - "cargo test (amd64)"
+          - "cargo test datafusion-cli (amd64)"
+          - "cargo examples (amd64)"
+          - "cargo test doc (amd64)"
+          - "cargo doc"
+          - "build and run with wasm-pack"
+          - "verify benchmark results (amd64)"
+          - "Run sqllogictest with Postgres runner"
+          - "Run sqllogictest in Substrait round-trip mode"
+          - "cargo test (macos-aarch64)"
+          - "Verify Vendored Code"
+          - "Check cargo fmt"
+          - "clippy"
+          - "check Cargo.toml formatting"
+          - "check configs.md and ***_functions.md is up-to-date"
+          - "check example README is up-to-date"
+          - "Verify MSRV (Min Supported Rust Version)"
     # needs to be updated as part of the release process
     # .asf.yaml doesn't support wildcard branch protection rules, only exact branch names
     # https://github.com/apache/infrastructure-asfyaml?tab=readme-ov-file#branch-protection
 
@@ -45,7 +45,7 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
       - name: Install cargo-audit
-        uses: taiki-e/install-action@481c34c1cf3a84c68b5e46f4eccfc82af798415a  # v2.75.23
+        uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f  # v2.77.0
         with:
           tool: cargo-audit
       - name: Run audit check
 
@@ -59,21 +59,22 @@ jobs:
         with:
           fetch-depth: 0
 
-      # For fork PRs, `origin` points to the fork, not the upstream repo.
-      # Explicitly fetch the base branch from the upstream repo so we have
-      # a valid baseline ref for both diff and semver-checks.
+      # `origin` may point at a fork (when a contributor runs this locally) or
+      # at a stale ref. Fetch the base branch from the PR's upstream repo into
+      # a dedicated `apache/<base>` ref so the baseline is unambiguous and the
+      # same ref name works locally (`git remote add apache ...`) and in CI.
       - name: Fetch base branch
         env:
           BASE_REF: ${{ github.base_ref }}
           REPO: ${{ github.repository }}
-        run: git fetch "https://github.com/${REPO}.git" "${BASE_REF}:refs/remotes/origin/${BASE_REF}"
+        run: git fetch "https://github.com/${REPO}.git" "${BASE_REF}:refs/remotes/apache/${BASE_REF}"
 
       - name: Determine changed crates
         id: changed_crates
         env:
           BASE_REF: ${{ github.base_ref }}
         run: |
-          PACKAGES=$(ci/scripts/changed_crates.sh changed-crates "origin/${BASE_REF}")
+          PACKAGES=$(ci/scripts/changed_crates.sh changed-crates "apache/${BASE_REF}")
           echo "packages=$PACKAGES" >> "$GITHUB_OUTPUT"
           echo "Changed crates: $PACKAGES"
 
@@ -88,7 +89,7 @@ jobs:
 
       - name: Install cargo-semver-checks
         if: steps.changed_crates.outputs.packages != ''
-        uses: taiki-e/install-action@94cb46f8d6e437890146ffbd78a778b78e623fb2  # v2.74.0
+        uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f  # v2.77.0
         with:
           tool: cargo-semver-checks
 
@@ -102,7 +103,8 @@ jobs:
           set +e
           # `tee` lets cargo's output stream live into the Actions log
           # while we also keep a copy for the PR comment.
-          ci/scripts/changed_crates.sh semver-check "origin/${BASE_REF}" $PACKAGES \
+          # Using `apache` remote here to point to the repository the pull request is against
+          ci/scripts/changed_crates.sh semver-check "apache/${BASE_REF}" $PACKAGES \
             2>&1 | tee /tmp/semver-output.txt
           EXIT_CODE=${PIPESTATUS[0]}
           # Pass the result through an output instead of failing the job:
 
@@ -50,6 +50,13 @@ on:
 permissions:
   contents: read
 
+# A dedicated label, separate from the existing `api change` label.
+# `api change` may be applied manually for behavioral changes that aren't
+# strictly API changes, so we can't safely auto-remove it when this check
+# passes. This auto-managed label is fully owned by the workflow.
+env:
+  BREAKING_CHANGE_LABEL: "auto detected api change"
+
 jobs:
   comment-on-pr:
     name: Comment on pull request
@@ -130,3 +137,24 @@ jobs:
           number: ${{ steps.read.outputs.pr_number }}
           body-include: '<!-- semver-check-comment -->'
           delete: true
+
+      - name: Add "auto detected api change" label
+        if: steps.read.outputs.result != 'success'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO: ${{ github.repository }}
+          PR_NUMBER: ${{ steps.read.outputs.pr_number }}
+        run: |
+          gh pr edit "$PR_NUMBER" --repo "$REPO" \
+            --add-label "$BREAKING_CHANGE_LABEL"
+
+      - name: Remove "auto detected api change" label
+        if: steps.read.outputs.result == 'success'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO: ${{ github.repository }}
+          PR_NUMBER: ${{ steps.read.outputs.pr_number }}
+        run: |
+          # No-op when the label isn't currently applied.
+          gh pr edit "$PR_NUMBER" --repo "$REPO" \
+            --remove-label "$BREAKING_CHANGE_LABEL" || true
@@ -45,11 +45,11 @@ jobs:
         persist-credentials: false
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+      uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4
       with:
         languages: actions
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+      uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4
       with:
         category: "/language:actions"
@@ -64,7 +64,7 @@ jobs:
           source ci/scripts/utils/tool_versions.sh
           echo "LYCHEE_VERSION=${LYCHEE_VERSION}" >> "$GITHUB_ENV"
       - name: Install lychee
-        uses: taiki-e/install-action@481c34c1cf3a84c68b5e46f4eccfc82af798415a  # v2.75.23
+        uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f  # v2.77.0
         with:
           tool: lychee@${{ env.LYCHEE_VERSION }}
       - name: Run markdown link check
 
@@ -57,37 +57,9 @@ permissions:
   checks: write
 
 jobs:
-
-  # Check crate compiles and base cargo check passes
-  linux-build-lib:
-    name: linux build test
-    runs-on: ${{ github.repository_owner == 'apache' && format('runs-on={0},family=m8a+m7a+c8a,cpu=8,image=ubuntu24-full-x64,extras=s3-cache,disk=large,tag=datafusion', github.run_id) || 'ubuntu-latest' }}
-    # note: do not use amd/rust container to preserve disk space
-    steps:
-      - uses: runs-on/action@742bf56072eb4845a0f94b3394673e4903c90ff0  # v2.1.0
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
-        with:
-          ref: ${{ github.event.inputs.pr_head_sha }} # will be empty if triggered by push
-          submodules: true
-          fetch-depth: 1
-      - name: Install Rust
-        run: |
-          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-          source $HOME/.cargo/env
-          rustup toolchain install
-      - name: Install Protobuf Compiler
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y protobuf-compiler
-      - name: Prepare cargo build
-        run: |
-          cargo check --profile ci --all-targets
-          cargo clean
-
   # Run extended tests (with feature 'extended_tests')
   linux-test-extended:
     name: cargo test 'extended_tests' (amd64)
-    needs: [linux-build-lib]
     runs-on: ${{ github.repository_owner == 'apache' && format('runs-on={0},family=m8a+m7a+c8a,cpu=32,image=ubuntu24-full-x64,extras=s3-cache,disk=large,tag=datafusion', github.run_id) || 'ubuntu-latest' }}
     # note: do not use amd/rust container to preserve disk space
     steps:
 
@@ -33,14 +33,11 @@ on:
       - ".github/ISSUE_TEMPLATE/**"
       - ".github/pull_request_template.md"
   pull_request:
-    paths-ignore:
-      - "docs/**"
-      - "**.md"
-      - ".github/ISSUE_TEMPLATE/**"
-      - ".github/pull_request_template.md"
   # manual trigger
   # https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow
   workflow_dispatch:
+  merge_group:
+
 
 permissions:
   contents: read
@@ -301,7 +298,6 @@ jobs:
             --profile ci \
             --exclude datafusion-examples \
             --exclude ffi_example_table_provider \
-            --exclude datafusion-benchmarks \
             --exclude datafusion-cli \
             --workspace \
             --lib \
@@ -433,7 +429,7 @@ jobs:
           sudo apt-get update -qq
           sudo apt-get install -y -qq clang
       - name: Setup wasm-pack
-        uses: taiki-e/install-action@481c34c1cf3a84c68b5e46f4eccfc82af798415a  # v2.75.23
+        uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f  # v2.77.0
         with:
           tool: wasm-pack
       - name: Run tests with headless mode
@@ -560,6 +556,11 @@ jobs:
   #          export PATH=$PATH:$HOME/d/protoc/bin
   #          cargo test --lib --tests --bins --features avro,json,backtrace
 
+  # macOS scope is narrowed to `datafusion-ffi`: the only bug class amd64
+  # cannot reproduce is FFI cdylib loading (`.dylib` vs `.so` resolution in
+  # datafusion/ffi/src/tests/utils.rs). All other macos-only failures
+  # historically came from datafusion-benchmarks (now covered on amd64) or
+  # flaky sqllogictest metrics.
   macos-aarch64:
     name: cargo test (macos-aarch64)
     runs-on: macos-15
@@ -570,9 +571,9 @@ jobs:
           fetch-depth: 1
       - name: Setup Rust toolchain
         uses: ./.github/actions/setup-macos-aarch64-builder
-      - name: Run tests (excluding doctests)
+      - name: Run datafusion-ffi tests
         shell: bash
-        run: cargo test --profile ci --exclude datafusion-cli --workspace --lib --tests --bins --features avro,json,backtrace,integration-tests,substrait
+        run: cargo test --profile ci -p datafusion-ffi --lib --tests --features integration-tests
 
   vendor:
     name: Verify Vendored Code
@@ -773,7 +774,7 @@ jobs:
       - name: Setup Rust toolchain
         uses: ./.github/actions/setup-builder
       - name: Install cargo-msrv
-        uses: taiki-e/install-action@481c34c1cf3a84c68b5e46f4eccfc82af798415a  # v2.75.23
+        uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f  # v2.77.0
         with:
           tool: cargo-msrv