fix(ci): correct docs-only detection in merge gate#1381
Conversation
The check-paths job used dorny/paths-filter with predicate-quantifier 'every' over [**.md, docs/**, LICENSE], intending "every changed file is docs". But 'every' requires a single file to match all patterns at once, which no path can — so the filter was always false and `code` was always true, running full qualification (Test, Lint, CLI E2E, E2E, Security Scan), CodeQL, and ClamAV on every PR including docs-only ones. Switch to the exclusion idiom: code=true iff any changed file is NOT docs/markdown/LICENSE. Dorny sets picomatch dot:true, so '**' still matches dotfile code (.golangci.yaml, .settings.yaml). Removes the manual inversion step; the outputs mapping already points at steps.code.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Enterprise Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe Estimated code review effort🎯 2 (Simple) | ⏱️ ~5 minutes 🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Coverage Report ✅
Coverage BadgeNo Go source files changed in this PR. |
Summary
Fix the
check-pathsjob inmerge-gate.yamlso docs-only PRs actually skip Go qualification. The docs-only filter was permanently false, so every PR (including pure-docs ones like #1379) ran the full gate.Motivation / Context
check-pathsuseddorny/paths-filterwithpredicate-quantifier: 'every'over[**.md, docs/**, LICENSE], intending "every changed file is docs". Buteverymeans a single file must match every pattern in the filter — no path can match**.mdANDdocs/**ANDLICENSEsimultaneously, so theonlyoutput was alwaysfalse, the compute step always setcode=true, andtests/analyze/malware-scanran on every PR.This has been latent since the merge gate was introduced (#651); docs-only skipping never worked. Observed on #1379 (single
docs/contributor/component.mdedit) which ran Test, Lint, CLI E2E, E2E, Security Scan, CodeQL, and ClamAV.Fixes: N/A
Related: #1379
Type of Change
Component(s) Affected
.github/workflows/merge-gate.yaml)Implementation Notes
Switched to the documented exclusion idiom:
code=trueiff at least one changed file is not docs/markdown/LICENSE.With
predicate-quantifier: 'every', a file matchescodeonly when it matches**AND none of the docs patterns; the filter is true if any changed file is code. Dorny sets picomatchdot: true(verified at the pinned SHA), so**still matches dotfile code like.golangci.yaml/.settings.yaml— no fail-open on hidden config. The manual inversion step is removed;outputs.codealready maps tosteps.code.outputs.code.Testing
actionlint .github/workflows/merge-gate.yaml # cleanBehavior validated by reasoning against dorny semantics (README + picomatch
dot:trueat the pinned commit). The fix is exercised end-to-end by this PR itself: as a non-docs change it should setcode=trueand run the full gate; a follow-up docs-only PR should now showtests-skip/analyze-skip/malware-scan-skip.Risk Assessment
Rollout notes: N/A
Checklist
git commit -S)