ci: narrow paths, extract validate-pr, remove continue-on-error

KRRT7 · KRRT7 · commit d97f372f43c4 · 2026-04-09T12:00:17.000-05:00
- Remove codeflash-java-runtime/ from unit_tests change detection
- Narrow e2e flag from codeflash/ to explicit Python subdirs (excludes java/, javascript/)
- Narrow tests/ in e2e_java/e2e_js to specific test scripts
- Extract duplicated Validate PR step into composite action
- Use fetch-depth: 1 for unit-tests and type-check (no git history needed)
- Remove continue-on-error: true from unit-tests (was masking real failures)
- Change git add -A to git add -u in prek auto-fix (won't stage untracked files)
diff --git a/.github/actions/validate-pr/action.yml b/.github/actions/validate-pr/action.yml
@@ -0,0 +1,35 @@
+name: Validate PR
+description: Ensure only authorized users can modify workflow files in PRs
+inputs:
+  base_sha:
+    description: Base commit SHA of the pull request
+    required: true
+  head_sha:
+    description: Head commit SHA of the pull request
+    required: true
+  author:
+    description: Login of the PR author
+    required: true
+  pr_state:
+    description: State of the pull request (open/closed)
+    required: true
+runs:
+  using: composite
+  steps:
+    - name: Check workflow file changes
+      shell: bash
+      run: |
+        if git diff --name-only "${{ inputs.base_sha }}" "${{ inputs.head_sha }}" | grep -q "^.github/workflows/"; then
+          echo "Workflow changes detected."
+          AUTHOR="${{ inputs.author }}"
+          if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then
+            echo "Authorized user ($AUTHOR). Proceeding."
+          elif [[ "${{ inputs.pr_state }}" == "open" ]]; then
+            echo "PR is open. Protection rules in place. Proceeding."
+          else
+            echo "Unauthorized user ($AUTHOR). Exiting."
+            exit 1
+          fi
+        else
+          echo "No workflow file changes. Proceeding."
+        fi
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -61,31 +61,39 @@ jobs:
             fi
           }
 
-          # Unit tests: code + test infra + java + packages + build config
+          # Unit tests: code + test infra + packages + build config
           check_paths unit_tests \
-            'codeflash/' 'codeflash-benchmark/' 'codeflash-java-runtime/' \
+            'codeflash/' 'codeflash-benchmark/' \
             'tests/' 'packages/' 'pyproject.toml' 'uv.lock'
 
           # Type checking: code + build config + mypy config
           check_paths type_check \
             'codeflash/' 'pyproject.toml' 'uv.lock' 'mypy_allowlist.txt'
 
-          # E2E tests: code + tests + build config
+          # E2E tests: Python pipeline + tests + build config (excludes java/ and javascript/)
           check_paths e2e \
-            'codeflash/' 'tests/' 'pyproject.toml' 'uv.lock'
+            'codeflash/*.py' \
+            'codeflash/api/' 'codeflash/benchmarking/' 'codeflash/cli_cmds/' \
+            'codeflash/code_utils/' 'codeflash/discovery/' 'codeflash/github/' \
+            'codeflash/languages/python/' 'codeflash/languages/*.py' \
+            'codeflash/lsp/' 'codeflash/models/' 'codeflash/optimization/' \
+            'codeflash/picklepatch/' 'codeflash/result/' 'codeflash/setup/' \
+            'codeflash/telemetry/' 'codeflash/tracing/' 'codeflash/verification/' \
+            'tests/' 'pyproject.toml' 'uv.lock'
 
           # JS E2E tests: JS language support + shared pipeline + packages
           check_paths e2e_js \
             'codeflash/languages/javascript/' 'codeflash/languages/base.py' \
             'codeflash/languages/registry.py' 'codeflash/optimization/' \
-            'codeflash/verification/' 'packages/' 'tests/'
+            'codeflash/verification/' 'packages/' \
+            'tests/scripts/end_to_end_test_js*'
 
           # Java E2E tests: Java language support + shared pipeline + runtime
           check_paths e2e_java \
             'codeflash/languages/java/' 'codeflash/languages/base.py' \
             'codeflash/languages/registry.py' 'codeflash/optimization/' \
             'codeflash/verification/' 'codeflash-java-runtime/' \
-            'code_to_optimize/java/' 'tests/'
+            'code_to_optimize/java/' 'tests/scripts/end_to_end_test_java*'
         env:
           MERGE_BASE: ${{ steps.merge_base.outputs.sha }}
 
@@ -113,14 +121,13 @@ jobs:
             python-version: "3.14"
           - os: windows-latest
             python-version: "3.13"
-    continue-on-error: true
     runs-on: ${{ matrix.os }}
     env:
       PYTHONIOENCODING: utf-8
     steps:
       - uses: actions/checkout@v4
         with:
-          fetch-depth: 0
+          fetch-depth: 1
           token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install uv
@@ -148,7 +155,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          fetch-depth: 0
+          fetch-depth: 1
           token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install uv
@@ -191,7 +198,7 @@ jobs:
           git diff --quiet && exit 0
           git config user.name "github-actions[bot]"
           git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git add -A
+          git add -u
           git commit -m "style: auto-format with ruff"
           git push
 
@@ -260,21 +267,12 @@ jobs:
 
       - name: Validate PR
         if: github.event_name == 'pull_request'
-        run: |
-          if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}" | grep -q "^.github/workflows/"; then
-            echo "Workflow changes detected."
-            AUTHOR="${{ github.event.pull_request.user.login }}"
-            if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then
-              echo "Authorized user ($AUTHOR). Proceeding."
-            elif [[ "${{ github.event.pull_request.state }}" == "open" ]]; then
-              echo "PR is open. Protection rules in place. Proceeding."
-            else
-              echo "Unauthorized user ($AUTHOR). Exiting."
-              exit 1
-            fi
-          else
-            echo "No workflow file changes. Proceeding."
-          fi
+        uses: ./.github/actions/validate-pr
+        with:
+          base_sha: ${{ github.event.pull_request.base.sha }}
+          head_sha: ${{ github.event.pull_request.head.sha }}
+          author: ${{ github.event.pull_request.user.login }}
+          pr_state: ${{ github.event.pull_request.state }}
 
       - name: Install uv
         uses: astral-sh/setup-uv@v8.0.0
@@ -357,21 +355,12 @@ jobs:
 
       - name: Validate PR
         if: github.event_name == 'pull_request'
-        run: |
-          if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}" | grep -q "^.github/workflows/"; then
-            echo "Workflow changes detected."
-            AUTHOR="${{ github.event.pull_request.user.login }}"
-            if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then
-              echo "Authorized user ($AUTHOR). Proceeding."
-            elif [[ "${{ github.event.pull_request.state }}" == "open" ]]; then
-              echo "PR is open. Protection rules in place. Proceeding."
-            else
-              echo "Unauthorized user ($AUTHOR). Exiting."
-              exit 1
-            fi
-          else
-            echo "No workflow file changes. Proceeding."
-          fi
+        uses: ./.github/actions/validate-pr
+        with:
+          base_sha: ${{ github.event.pull_request.base.sha }}
+          head_sha: ${{ github.event.pull_request.head.sha }}
+          author: ${{ github.event.pull_request.user.login }}
+          pr_state: ${{ github.event.pull_request.state }}
 
       - name: Set up Node.js
         uses: actions/setup-node@v4
@@ -441,21 +430,12 @@ jobs:
 
       - name: Validate PR
         if: github.event_name == 'pull_request'
-        run: |
-          if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}" | grep -q "^.github/workflows/"; then
-            echo "Workflow changes detected."
-            AUTHOR="${{ github.event.pull_request.user.login }}"
-            if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then
-              echo "Authorized user ($AUTHOR). Proceeding."
-            elif [[ "${{ github.event.pull_request.state }}" == "open" ]]; then
-              echo "PR is open. Protection rules in place. Proceeding."
-            else
-              echo "Unauthorized user ($AUTHOR). Exiting."
-              exit 1
-            fi
-          else
-            echo "No workflow file changes. Proceeding."
-          fi
+        uses: ./.github/actions/validate-pr
+        with:
+          base_sha: ${{ github.event.pull_request.base.sha }}
+          head_sha: ${{ github.event.pull_request.head.sha }}
+          author: ${{ github.event.pull_request.user.login }}
+          pr_state: ${{ github.event.pull_request.state }}
 
       - name: Set up JDK 11
         uses: actions/setup-java@v4
