Problem
After PR #757 (feat: bridge upstream v1.4.0 across history rewrite + 3 backports + adversarial test suite) was squash-merged to main, the Marker Guard CI job failed on the push-to-main run:
The check ran:
bun run script/upstream/analyze.ts --markers --base "${{ github.event.before }}" --strict
which compares the previous main SHA against the new HEAD. A bridge merge overlays hundreds of upstream files, so the diff legitimately shows huge swaths of upstream code as "new" — analyze.ts then flags every file in that diff that lacks an altimate_change block.
Why the existing guard didn't help
.github/workflows/ci.yml already has a non-strict path for upstream-merge PRs (head ref merge-upstream-* / upstream/merge-*). But once the PR is squash-merged, the push event has no head_ref / second-parent / branch-name signal — the merge lands as a single commit on main — so the workflow falls back to strict mode.
Fix
Detect bridge / upstream-merge commits in the pushed range by commit subject (grep -qiE '(bridge|merge) upstream') and downgrade strict → non-strict for those pushes. The PR-side review already gated marker integrity for that change, and the push-event run still surfaces warnings as job output.
Problem
After PR #757 (
feat: bridge upstream v1.4.0 across history rewrite + 3 backports + adversarial test suite) was squash-merged tomain, theMarker GuardCI job failed on the push-to-main run:Check for missing altimate_change markers⚠ Found 98 file(s) with unmarked custom code→--strict mode — failing CIThe check ran:
which compares the previous
mainSHA against the new HEAD. A bridge merge overlays hundreds of upstream files, so the diff legitimately shows huge swaths of upstream code as "new" —analyze.tsthen flags every file in that diff that lacks analtimate_changeblock.Why the existing guard didn't help
.github/workflows/ci.ymlalready has a non-strict path for upstream-merge PRs (head refmerge-upstream-*/upstream/merge-*). But once the PR is squash-merged, the push event has no head_ref / second-parent / branch-name signal — the merge lands as a single commit onmain— so the workflow falls back to strict mode.Fix
Detect bridge / upstream-merge commits in the pushed range by commit subject (
grep -qiE '(bridge|merge) upstream') and downgrade strict → non-strict for those pushes. The PR-side review already gated marker integrity for that change, and the push-event run still surfaces warnings as job output.