diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 3565bde..7f4f83f 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -1,11 +1,14 @@ # Integration test workflow (act + gitea testcontainers). # Triggers: -# push:tags every release tag (existing) -# workflow_dispatch manual run against any ref (existing) -# merge_group runs as a merge-queue gate before merging to main +# push: branches main standalone run on trunk - populates the status badge. +# pull_request gate every PR before merge. +# merge_group runs as a merge-queue gate before merging to main. +# workflow_dispatch manual run against any ref (existing). # -# This workflow uses act + gitea testcontainers and is too slow + flaky to run -# per PR. Run locally (`go test -v ./e2e/...`) before pushing instead. +# This is a ~27min testcontainers run. The paths filter keeps it off docs-only +# changes (mirrors orchestrate.yaml), and the concurrency group cancels a +# superseded run on the same ref so a fast follow-up push does not stack two +# 27min runs. Run locally (`go test -v ./e2e/...`) before pushing too. # # NOTE: the `name:` below is referenced by fleet-e2e.yaml's workflow_run trigger # ("Integration (act + gitea)"). Keep the two in sync if this is ever renamed. @@ -13,8 +16,20 @@ name: Integration (act + gitea) on: push: - tags: - - 'v*' + branches: [main] + paths: + - 'cmd/**' + - 'e2e/**' + - 'go.mod' + - 'go.sum' + - 'internal/**' + pull_request: + paths: + - 'cmd/**' + - 'e2e/**' + - 'go.mod' + - 'go.sum' + - 'internal/**' merge_group: workflow_dispatch: inputs: @@ -31,6 +46,13 @@ on: required: false default: '1' +# A superseded run on the same ref is cancelled rather than left to burn a full +# ~27min testcontainers slot. Keyed on github.ref so each branch/PR/tag is its +# own lane; merge_group runs key on their own ref and never collide with main. +concurrency: + group: integration-${{ github.ref }} + cancel-in-progress: true + permissions: contents: read diff --git a/.github/workflows/fleet-e2e.yaml b/.github/workflows/fleet-e2e.yaml index ff73fe6..75aefbb 100644 --- a/.github/workflows/fleet-e2e.yaml +++ b/.github/workflows/fleet-e2e.yaml @@ -7,19 +7,25 @@ # token, own main, own manifest). It is the release-candidate fleet gate. # # Triggers: -# workflow_run of "Integration (act + gitea)" on completion - makes the E2E -# dependency NATIVE: Fleet only fans out once Integration is -# green for an rc tag. No runner held open polling for it. +# workflow_run of "Release" on completion - the fleet validates the PUBLISHED +# artifact. Release runs GoReleaser on every rc tag push, so a +# successful Release run means the binary the suites install is +# actually on the releases page. Fleet only fans out once that +# publish succeeded for an rc tag. No runner held open polling. # workflow_dispatch manual override (bypasses the rc-tag gate intentionally), # with an optional cascade_version input. # +# We key off "Release" rather than the `release:` event because promote-driven +# API releases do not reliably emit `release: published` (see release.yaml #86); +# the rc-tag push that drives GoReleaser is the dependable signal. +# # IMPORTANT: the workflow_run trigger references the source workflow by its -# `name:` ("Integration (act + gitea)"). Keep that name in sync with e2e.yaml. +# `name:` ("Release"). Keep that name in sync with release.yaml. name: Fleet E2E (live GitHub) on: workflow_run: - workflows: ["Integration (act + gitea)"] + workflows: ["Release"] types: [completed] workflow_dispatch: inputs: @@ -52,8 +58,8 @@ jobs: name: Resolve version under test runs-on: ubuntu-latest # Top-level guard: only fan out for a manual dispatch, or a green - # Integration run that was a push of an rc tag. This filters out - # merge_group / non-rc completions. + # Release run that was a push of an rc tag. This filters out + # non-rc tag publishes and any non-success completions. # # workflow_run.head_branch carries the short ref name of whatever triggered # the source run. For a tag push that is the tag's short name (e.g. diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index 4dfc036..d3033c6 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -1,12 +1,15 @@ # Tests & Lint - runs go test -race + coverage and golangci-lint. # # Triggers: -# workflow_call invoked by orchestrate.yaml on PRs (keep - do not remove). -# push: tags standalone run on every release/rc tag. -# workflow_dispatch manual standalone run against any ref. +# push: branches main standalone run on every push to trunk - this is what +# populates the ?branch=main status badge. +# pull_request gate every PR before merge. +# workflow_call invoked by orchestrate.yaml (keep - do not remove). +# workflow_dispatch manual standalone run against any ref. # -# The standalone triggers give this workflow runs of its own so its status -# badge renders; a workflow_call-only workflow has no standalone runs to badge. +# The push/pull_request triggers give this workflow runs of its own so its +# status badge renders; a workflow_call-only workflow has no standalone runs +# to badge. name: Tests & Lint on: @@ -22,8 +25,8 @@ on: description: 'Validation result (success/failure)' value: ${{ jobs.validate.outputs.result }} push: - tags: - - 'v*' + branches: [main] + pull_request: workflow_dispatch: permissions: