From 3825ac1a71e8ba6d2badfa1d61b84a5c8d5d4684 Mon Sep 17 00:00:00 2001 From: Adam Sachs Date: Mon, 16 Mar 2026 16:47:24 -0400 Subject: [PATCH 1/3] initial commit for merge queue updates --- .github/workflows/backend_checks.yml | 15 ++++++++++----- .github/workflows/chromatic.yml | 2 -- .github/workflows/cli_checks.yml | 2 -- .github/workflows/cypress_admin-ui.yml | 2 -- .github/workflows/cypress_fides-js.yml | 2 -- .github/workflows/cypress_privacy-center.yml | 2 -- .github/workflows/frontend_checks.yml | 2 -- .github/workflows/static_checks.yml | 2 -- 8 files changed, 10 insertions(+), 19 deletions(-) diff --git a/.github/workflows/backend_checks.yml b/.github/workflows/backend_checks.yml index 3299c6e2eb4..d1b018b9488 100644 --- a/.github/workflows/backend_checks.yml +++ b/.github/workflows/backend_checks.yml @@ -9,6 +9,11 @@ on: - "main" - "release-**" +# Merge queue strategy: only run container startup + migration checks on +# merge_group events as a lightweight sanity check. The full test suite +# runs on pull_request and push to main/release branches. This keeps the +# queue fast while still catching migration head conflicts. + concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} @@ -60,7 +65,7 @@ jobs: Collect-Tests: needs: Check-Backend-Changes - if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' + if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && github.event_name != 'merge_group' runs-on: ubuntu-latest steps: - name: Checkout @@ -274,7 +279,7 @@ jobs: Misc-Tests: needs: [Check-Backend-Changes, Check-Container-Startup] - if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' + if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && github.event_name != 'merge_group' strategy: matrix: test_selection: @@ -343,7 +348,7 @@ jobs: ################ Safe-Tests: needs: [Check-Backend-Changes, Check-Container-Startup] - if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' + if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && github.event_name != 'merge_group' strategy: fail-fast: false matrix: @@ -426,7 +431,7 @@ jobs: Pytest-Redis-Cluster: needs: [Check-Backend-Changes, Check-Container-Startup] - if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' + if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && github.event_name != 'merge_group' runs-on: ubuntu-latest timeout-minutes: 30 steps: @@ -490,7 +495,7 @@ jobs: Pytest-Ctl-External: needs: [Check-Backend-Changes, Check-Container-Startup] - if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && (contains(github.event.pull_request.labels.*.name, 'run unsafe ci checks') || github.event_name == 'push' || github.event_name == 'merge_group') + if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && (contains(github.event.pull_request.labels.*.name, 'run unsafe ci checks') || github.event_name == 'push') strategy: max-parallel: 1 # This prevents collisions in shared external resources runs-on: ubuntu-latest diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index 656aae6fe26..eba5c806085 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -2,8 +2,6 @@ name: "Chromatic" on: pull_request: - merge_group: - types: [checks_requested] push: branches: - "main" diff --git a/.github/workflows/cli_checks.yml b/.github/workflows/cli_checks.yml index 636a854a7b1..0eab68957fc 100644 --- a/.github/workflows/cli_checks.yml +++ b/.github/workflows/cli_checks.yml @@ -6,8 +6,6 @@ name: CLI Command Checks on: pull_request: - merge_group: - types: [checks_requested] push: branches: - "main" diff --git a/.github/workflows/cypress_admin-ui.yml b/.github/workflows/cypress_admin-ui.yml index cd64366dc3a..5241e664f5c 100644 --- a/.github/workflows/cypress_admin-ui.yml +++ b/.github/workflows/cypress_admin-ui.yml @@ -2,8 +2,6 @@ name: Admin UI Cypress Tests on: pull_request: - merge_group: - types: [checks_requested] push: branches: - "main" diff --git a/.github/workflows/cypress_fides-js.yml b/.github/workflows/cypress_fides-js.yml index bad74f8505a..5f69738c90a 100644 --- a/.github/workflows/cypress_fides-js.yml +++ b/.github/workflows/cypress_fides-js.yml @@ -2,8 +2,6 @@ name: FidesJS Banner/Modal Cypress Tests on: pull_request: - merge_group: - types: [checks_requested] push: branches: - "main" diff --git a/.github/workflows/cypress_privacy-center.yml b/.github/workflows/cypress_privacy-center.yml index 44662ad8492..1494f604ea7 100644 --- a/.github/workflows/cypress_privacy-center.yml +++ b/.github/workflows/cypress_privacy-center.yml @@ -2,8 +2,6 @@ name: Privacy Center Cypress Tests on: pull_request: - merge_group: - types: [checks_requested] push: branches: - "main" diff --git a/.github/workflows/frontend_checks.yml b/.github/workflows/frontend_checks.yml index ea50803c546..c78ad6b34c8 100644 --- a/.github/workflows/frontend_checks.yml +++ b/.github/workflows/frontend_checks.yml @@ -2,8 +2,6 @@ name: Frontend Code Checks on: pull_request: - merge_group: - types: [checks_requested] push: branches: - "main" diff --git a/.github/workflows/static_checks.yml b/.github/workflows/static_checks.yml index d3124181f9b..a98f985e6ef 100644 --- a/.github/workflows/static_checks.yml +++ b/.github/workflows/static_checks.yml @@ -2,8 +2,6 @@ name: Backend Static Code Checks on: pull_request: - merge_group: - types: [ checks_requested ] push: branches: - "main" From 5e7f9e40835b02e6e10d4fcd57da47c4e1a10c14 Mon Sep 17 00:00:00 2001 From: Adam Sachs Date: Tue, 17 Mar 2026 09:43:11 -0400 Subject: [PATCH 2/3] Add frontend checks to merge queue Re-add merge_group trigger to frontend_checks.yml so that typecheck, lint, format, and unit tests run in the merge queue (~5-6 min). Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/frontend_checks.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/frontend_checks.yml b/.github/workflows/frontend_checks.yml index c78ad6b34c8..ea50803c546 100644 --- a/.github/workflows/frontend_checks.yml +++ b/.github/workflows/frontend_checks.yml @@ -2,6 +2,8 @@ name: Frontend Code Checks on: pull_request: + merge_group: + types: [checks_requested] push: branches: - "main" From e09c356ca84bfedeaecbab6fb231c4d33b61b451 Mon Sep 17 00:00:00 2001 From: Adam Sachs Date: Tue, 17 Mar 2026 11:50:13 -0400 Subject: [PATCH 3/3] Re-add merge_group triggers but skip work for non-essential workflows Keep merge_group triggers on all workflows so their summary jobs still report a status (required by branch protection), but skip the actual work on merge_group events since those checks already passed on the PR. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/chromatic.yml | 5 ++++- .github/workflows/cli_checks.yml | 5 ++++- .github/workflows/cypress_admin-ui.yml | 5 ++++- .github/workflows/cypress_fides-js.yml | 5 ++++- .github/workflows/cypress_privacy-center.yml | 5 ++++- .github/workflows/static_checks.yml | 5 ++++- 6 files changed, 24 insertions(+), 6 deletions(-) diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index eba5c806085..26136462e5c 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -2,6 +2,8 @@ name: "Chromatic" on: pull_request: + merge_group: + types: [checks_requested] push: branches: - "main" @@ -41,7 +43,8 @@ jobs: chromatic: name: Run Chromatic needs: check-fidesui-changes - if: needs.check-fidesui-changes.outputs.has_fidesui_changes == 'true' + # Skip on merge_group — these checks already passed on the PR + if: needs.check-fidesui-changes.outputs.has_fidesui_changes == 'true' && github.event_name != 'merge_group' runs-on: ubuntu-latest steps: - name: Checkout code diff --git a/.github/workflows/cli_checks.yml b/.github/workflows/cli_checks.yml index 0eab68957fc..cb1fedb5a6d 100644 --- a/.github/workflows/cli_checks.yml +++ b/.github/workflows/cli_checks.yml @@ -6,6 +6,8 @@ name: CLI Command Checks on: pull_request: + merge_group: + types: [checks_requested] push: branches: - "main" @@ -45,7 +47,8 @@ jobs: # Basic smoke test of a local install of the fides Python CLI Fides-Install: needs: Check-CLI-Changes - if: needs.Check-CLI-Changes.outputs.has_cli_changes == 'true' + # Skip on merge_group — these checks already passed on the PR + if: needs.Check-CLI-Changes.outputs.has_cli_changes == 'true' && github.event_name != 'merge_group' runs-on: ubuntu-latest timeout-minutes: 20 steps: diff --git a/.github/workflows/cypress_admin-ui.yml b/.github/workflows/cypress_admin-ui.yml index 5241e664f5c..556200f6f31 100644 --- a/.github/workflows/cypress_admin-ui.yml +++ b/.github/workflows/cypress_admin-ui.yml @@ -2,6 +2,8 @@ name: Admin UI Cypress Tests on: pull_request: + merge_group: + types: [checks_requested] push: branches: - "main" @@ -39,7 +41,8 @@ jobs: prepare-matrix: needs: Check-Admin-UI-Changes - if: needs.Check-Admin-UI-Changes.outputs.has_admin_ui_changes == 'true' + # Skip on merge_group — these checks already passed on the PR + if: needs.Check-Admin-UI-Changes.outputs.has_admin_ui_changes == 'true' && github.event_name != 'merge_group' runs-on: ubuntu-latest outputs: spec_groups: ${{ steps.set-matrix.outputs.spec_groups }} diff --git a/.github/workflows/cypress_fides-js.yml b/.github/workflows/cypress_fides-js.yml index 5f69738c90a..703c8af915f 100644 --- a/.github/workflows/cypress_fides-js.yml +++ b/.github/workflows/cypress_fides-js.yml @@ -2,6 +2,8 @@ name: FidesJS Banner/Modal Cypress Tests on: pull_request: + merge_group: + types: [checks_requested] push: branches: - "main" @@ -40,7 +42,8 @@ jobs: Privacy-Center-Cypress: needs: Check-FidesJS-Changes - if: needs.Check-FidesJS-Changes.outputs.has_fidesjs_changes == 'true' + # Skip on merge_group — these checks already passed on the PR + if: needs.Check-FidesJS-Changes.outputs.has_fidesjs_changes == 'true' && github.event_name != 'merge_group' runs-on: ubuntu-latest defaults: run: diff --git a/.github/workflows/cypress_privacy-center.yml b/.github/workflows/cypress_privacy-center.yml index 1494f604ea7..5c6212f1a61 100644 --- a/.github/workflows/cypress_privacy-center.yml +++ b/.github/workflows/cypress_privacy-center.yml @@ -2,6 +2,8 @@ name: Privacy Center Cypress Tests on: pull_request: + merge_group: + types: [checks_requested] push: branches: - "main" @@ -40,7 +42,8 @@ jobs: Privacy-Center-Cypress: needs: Check-Privacy-Center-Changes - if: needs.Check-Privacy-Center-Changes.outputs.has_privacy_center_changes == 'true' + # Skip on merge_group — these checks already passed on the PR + if: needs.Check-Privacy-Center-Changes.outputs.has_privacy_center_changes == 'true' && github.event_name != 'merge_group' runs-on: ubuntu-latest defaults: run: diff --git a/.github/workflows/static_checks.yml b/.github/workflows/static_checks.yml index a98f985e6ef..16cd512ea69 100644 --- a/.github/workflows/static_checks.yml +++ b/.github/workflows/static_checks.yml @@ -2,6 +2,8 @@ name: Backend Static Code Checks on: pull_request: + merge_group: + types: [checks_requested] push: branches: - "main" @@ -49,7 +51,8 @@ jobs: ################### Static-Checks: needs: Check-Backend-Changes - if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' + # Skip on merge_group — these checks already passed on the PR + if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' && github.event_name != 'merge_group' strategy: # We want to run all static checks even if some fail, so we set fail-fast to false fail-fast: false