Skip to content

fix(ci): correct docs-only detection in merge gate#1381

Merged
mchmarny merged 1 commit into
mainfrom
fix/merge-gate-docs-only-detection
Jun 16, 2026
Merged

fix(ci): correct docs-only detection in merge gate#1381
mchmarny merged 1 commit into
mainfrom
fix/merge-gate-docs-only-detection

Conversation

@mchmarny

Copy link
Copy Markdown
Member

Summary

Fix the check-paths job in merge-gate.yaml so docs-only PRs actually skip Go qualification. The docs-only filter was permanently false, so every PR (including pure-docs ones like #1379) ran the full gate.

Motivation / Context

check-paths used dorny/paths-filter with predicate-quantifier: 'every' over [**.md, docs/**, LICENSE], intending "every changed file is docs". But every means a single file must match every pattern in the filter — no path can match **.md AND docs/** AND LICENSE simultaneously, so the only output was always false, the compute step always set code=true, and tests / analyze / malware-scan ran on every PR.

This has been latent since the merge gate was introduced (#651); docs-only skipping never worked. Observed on #1379 (single docs/contributor/component.md edit) which ran Test, Lint, CLI E2E, E2E, Security Scan, CodeQL, and ClamAV.

Fixes: N/A
Related: #1379

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • Build/CI/tooling

Component(s) Affected

  • Other: CI (.github/workflows/merge-gate.yaml)

Implementation Notes

Switched to the documented exclusion idiom: code=true iff at least one changed file is not docs/markdown/LICENSE.

code:
  - '**'
  - '\!**.md'
  - '\!docs/**'
  - '\!LICENSE'

With predicate-quantifier: 'every', a file matches code only when it matches ** AND none of the docs patterns; the filter is true if any changed file is code. Dorny sets picomatch dot: true (verified at the pinned SHA), so ** still matches dotfile code like .golangci.yaml / .settings.yaml — no fail-open on hidden config. The manual inversion step is removed; outputs.code already maps to steps.code.outputs.code.

Testing

actionlint .github/workflows/merge-gate.yaml   # clean

Behavior validated by reasoning against dorny semantics (README + picomatch dot:true at the pinned commit). The fix is exercised end-to-end by this PR itself: as a non-docs change it should set code=true and run the full gate; a follow-up docs-only PR should now show tests-skip / analyze-skip / malware-scan-skip.

Risk Assessment

  • Low — Isolated CI logic change, easy to revert. Worst case mirrors today's behavior (over-running checks); the dotfile check guards the only fail-open direction.

Rollout notes: N/A

Checklist

  • Linter passes (actionlint clean)
  • I did not skip/disable tests to make CI green
  • Changes follow existing patterns in the codebase
  • Commits are cryptographically signed (git commit -S)

The check-paths job used dorny/paths-filter with predicate-quantifier
'every' over [**.md, docs/**, LICENSE], intending "every changed file is
docs". But 'every' requires a single file to match all patterns at once,
which no path can — so the filter was always false and `code` was always
true, running full qualification (Test, Lint, CLI E2E, E2E, Security
Scan), CodeQL, and ClamAV on every PR including docs-only ones.

Switch to the exclusion idiom: code=true iff any changed file is NOT
docs/markdown/LICENSE. Dorny sets picomatch dot:true, so '**' still
matches dotfile code (.golangci.yaml, .settings.yaml). Removes the manual
inversion step; the outputs mapping already points at steps.code.
@mchmarny mchmarny requested a review from a team as a code owner June 16, 2026 11:48
@mchmarny mchmarny added the theme/ci-dx CI pipelines, developer experience, and build tooling label Jun 16, 2026
@mchmarny mchmarny self-assigned this Jun 16, 2026
@coderabbitai

coderabbitai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 6b2275a3-ff14-4ff3-a7ca-73781a0e4b19

📥 Commits

Reviewing files that changed from the base of the PR and between 0c2ebbe and f365d6e.

📒 Files selected for processing (1)
  • .github/workflows/merge-gate.yaml

📝 Walkthrough

Walkthrough

The check-paths job in .github/workflows/merge-gate.yaml is refactored to simplify how the code output flag is computed. Previously, a docs filter detected documentation-only changes, and a separate shell step computed code as the logical negation of docs. Both are removed and replaced by a single dorny/paths-filter step that sets code=true directly using negated glob patterns (!**.md, !docs/**, !LICENSE). All downstream jobs (tests, analyze, malware-scan, actionlint, verify-licenses, verify-renovate, and their -skip counterparts) continue to consume needs.check-paths.outputs.code unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: fixing docs-only detection in the merge gate CI workflow.
Description check ✅ Passed The description is directly related to the changeset, providing clear explanation of the bug, root cause, fix, and testing methodology.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/merge-gate-docs-only-detection

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

Copy link
Copy Markdown
Contributor

Coverage Report ✅

Metric Value
Coverage 77.1%
Threshold 75%
Status Pass
Coverage Badge
![Coverage](https://img.shields.io/badge/coverage-77.1%25-green)

No Go source files changed in this PR.

@mchmarny mchmarny enabled auto-merge (squash) June 16, 2026 12:21
@mchmarny mchmarny merged commit 24edd51 into main Jun 16, 2026
33 of 34 checks passed
@mchmarny mchmarny deleted the fix/merge-gate-docs-only-detection branch June 16, 2026 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/ci size/S theme/ci-dx CI pipelines, developer experience, and build tooling

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants