Conversation
Adds ci-gate.yml which aggregates all required CI checks into a single required status check (CI Gate / ci-gate), fixing several problems with the current per-workflow branch protection setup: - Adding/removing required checks is now a code change, not an admin settings change - Path filtering and merge_group support are handled in one place - No more stub workflows needed to keep check names alive Each existing workflow gains workflow_call: so ci-gate.yml can call them directly. Their pull_request: triggers are removed to avoid double runs on PRs — the gate owns PR coverage. Push, schedule, and workflow_dispatch triggers are preserved for standalone use. Other fixes included: - test-hive.yml: fix concurrency group and Docker login conditions to not rely on github.event_name == 'pull_request' - test-kurtosis-assertoor.yml: same fix for Docker login condition - check-large-files.yml: upgrade checkout action v4 -> v6, add workflow_dispatch trigger - test-bench.yml, test-integration-caplin.yml: add workflow_dispatch trigger per README guidelines - test-all-erigon.yml: remove daily schedule (redundant with push runs)
anacrolix
requested review from
AskAlexSharov,
Giulio2002 and
mriccobene
as code owners
AskAlexSharov
approved these changes
Mar 16, 2026
Contributor
Author
|
Just trying to iron out why a few jobs won't run, I think it's a naming clash. |
When called via workflow_call, github.workflow resolves to the caller's
name ("CI Gate") rather than the called workflow's own name. This caused
multiple ci-gate jobs to share the same concurrency group and cancel each
other with cancel-in-progress: true.
Add github.job to all affected concurrency group formulas so each job
gets a unique slot even when github.workflow is the same.
Affected: lint, test-bench, qa-rpc-gnosis, qa-rpc-remote,
test-all-erigon, reproducible-build.
Add workflow-level concurrency group keyed on PR number so that pushing a new commit to a PR cancels the in-progress ci-gate run and all its called sub-workflows. merge_group and workflow_dispatch runs use run_id to stay independent.
….job github.job resolves to empty string in reusable workflow (workflow_call) context, same as github.workflow resolves to the caller name. Using it as a differentiator produced groups like "CI Gate--macos-15-..." (double dash) that still collided between test-all-erigon and reproducible-build. Replace github.job with hardcoded workflow-specific literals so each reusable workflow gets a genuinely unique concurrency group.
Remove job-level concurrency blocks from all sub-workflows called via workflow_call. ci-gate's workflow-level concurrency already cancels the entire previous run on new PR push, making job-level groups redundant. In workflow_call context, github.workflow and github.job resolve to the caller's values (or empty), causing collisions that cancel sibling jobs within the same run. Add push trigger for main and release branches so ci-gate runs on direct pushes while the merge queue is not yet active. Switch PR concurrency group key from PR number to head branch name so the group is stable across force-pushes that change the PR number's run context. Update .github/README.md to document the rule.
Contributor
Author
|
Ok, should be good. Add If upon adding to main, something breaks, or something unwanted runs, modify the ci-gate workflow to fix. A small tweak to ci-gate workflow is then only step required to tune for merge queues, to come after. |
Contributor
Author
|
@copilot fix the artifact upload for qa RPC by making it distinct from the other qa RPC workflow. Pls no mistakes |
Contributor
|
@anacrolix I've opened a new pull request, #19959, to work on those changes. Once the pull request is ready, I'll request review from you. |
Both `qa-rpc-integration-tests-gnosis.yml` and `qa-rpc-integration-tests-remote.yml` uploaded artifacts under the same name `test-results`. When `ci-gate.yml` calls both as reusable workflows in the same run, the uploads collide. - `qa-rpc-integration-tests-gnosis.yml`: `test-results` → `test-results-gnosis` - `qa-rpc-integration-tests-remote.yml`: `test-results` → `test-results-remote-mainnet` <!-- START COPILOT CODING AGENT TIPS --> --- 💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more [Copilot coding agent tips](https://gh.io/copilot-coding-agent-tips) in the docs. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: anacrolix <988750+anacrolix@users.noreply.github.com>
Contributor
Author
|
All green |
VBulikov
approved these changes
Mar 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #19909.
Summary
Switches CI from individual per-workflow required checks to a single
CI Gate / ci-gateaggregator. This is required for clean handling of merge queues and PRs simultaneously — without a gate, there's no single check to require onmerge_groupevents, and managing required checks means touching GitHub settings rather than code.The gate currently requires exactly the same jobs that were previously required, so this is a one-to-one transition:
Lint / lintAll tests / tests-mac-linux (ubuntu-24.04, macos-15, windows-2025)All tests (with -race) / ...Test Hive / test-hive (...)Consensus spec / ...Check large files / checkBenchmarks / benchmarksKurtosis Assertoor GitHub Action / assertoor_{regular,pectra}_testManifest Check / ManifestCheckReproducible build / reproducible-build (...)QA - RPC Integration Tests (Gnosis) / gnosis-rpc-integ-testsQA - RPC Integration Tests Remote / mainnet-rpc-integ-tests-remoteEach called workflow gains
workflow_call:and loses itspull_request:trigger — the gate owns PR and merge-queue coverage. Standalonepush,schedule, andworkflow_dispatchtriggers are preserved.Running different jobs on PR vs merge queue
Because the gate triggers on both
pull_requestandmerge_group, it's now straightforward to run a lighter suite on PRs and the full suite only when merging:The aggregator ignores skipped jobs, so jobs conditional on event type don't block the gate in the other context. This is a follow-up opportunity — for now all jobs run on both.
How to merge
main, remove all individual required checks and addCI Gate / ci-gateOther changes
ci.yml,test-win-downloader.yml,check.ymlevent_name-dependent conditions intest-hive.ymlandtest-kurtosis-assertoor.ymlcheck-large-files.ymlcheckout v4→v6workflow_dispatchtotest-bench.ymlandtest-integration-caplin.ymltest-all-erigon.ymlworkflow_callvs inline guidance in.github/README.md