Integration, E2E, and security jobs were being skipped on PR builds because
they required push_image == 'true'. Since the build succeeded and images were
available, these jobs should run regardless of push policy.
Changed conditions to depend on build success and image availability rather
than registry push status. This allows comprehensive testing on all builds
while still optimizing resource usage where needed.
- Remove `if: always()` from integration-gate, coverage-gate, codecov-gate, pipeline-gate
- Gates now naturally skip when their upstream dependencies are skipped (fork PR behavior)
- Prevents confusing "complete" status when nothing actually ran
- Fork PRs will show "skipped" in UI instead of obscuring behavior behind gate success
- Aligns with GitHub Actions standard job dependency semantics
- Fixed github.head_ref actionlint error by passing via environment variable
instead of direct shell interpolation in ci-pipeline.yml
- Aligned E2E coverage artifact handling to shard artifacts and updated
Codecov upload to use glob pattern for multi-shard merge
- Added workflow_run trigger to security-pr.yml for docker-build integration
while retaining workflow_dispatch for manual runs
- Added workflow_run trigger to supply-chain-pr.yml for docker-build integration
while retaining workflow_dispatch for manual runs
- All individual workflows now support both automatic (workflow_run) and manual
(workflow_dispatch) triggering, maintaining design intent
- Audited remaining workflows; no additional blockers found
- All actionlint and pre-commit validations now passing
- Full pipeline trigger chain now functional
- Updated environment variable assignments in multiple workflow files to use double quotes for consistency and to prevent potential issues with variable expansion.
- Refactored echo commands to group multiple lines into a single block for improved readability in the following workflows:
- release-goreleaser.yml
- renovate_prune.yml
- security-pr.yml
- security-weekly-rebuild.yml
- supply-chain-pr.yml
- supply-chain-verify.yml
- update-geolite2.yml
- waf-integration.yml
- weekly-nightly-promotion.yml
The golangci-lint-action v9.2.0 dropped support for golangci-lint v1.x
and requires v2.x versions. The error "golangci-lint v1 is not supported
by golangci-lint-action >= v7" indicates we need to upgrade, not downgrade.
Updated both ci-pipeline.yml and quality-checks.yml from v1.64.5 to v2.8.0
to align with the current golangci-lint major version.
Fixes: #666 (golangci-lint version compatibility error)
The golangci-lint-action v9.2.0 requires version strings in "vX.Y.Z" format.
Previous attempt to remove the "v" prefix caused validation error:
"invalid version string '1.64.5', expected format v1.2 or v1.2.3"
Updated both ci-pipeline.yml and quality-checks.yml to use "v1.64.5"
instead of "1.64.5" to match the action's expected format.
Fixes: #666 (PR CI validation failure)
- CI now focuses only on Dockerfile validation and security scanning
- Go code linting is handled locally via pre-commit hooks and DoD checklist
- Prevents CI failures from missing golangci-lint configuration
- Aligns CI responsibilities with local development workflow
- Make lint steps fail the pipeline so issues block merges
- Skip Node cache setup when the frontend lockfile is missing
- Cancel older CI runs for the same ref to reduce queue delays
- Updated quality-checks.yml to support manual dispatch with frontend checks.
- Modified rate-limit-integration.yml to remove workflow_run triggers and adjust conditions for execution.
- Removed pull request triggers from repo-health.yml, retaining only scheduled and manual dispatch.
- Adjusted security-pr.yml and supply-chain-pr.yml to eliminate workflow_run dependencies and refine execution conditions.
- Cleaned up supply-chain-verify.yml by removing workflow_run triggers and ensuring proper execution conditions.
- Updated waf-integration.yml to remove workflow_run triggers, allowing manual dispatch only.
- Revised current_spec.md to reflect the consolidation of CI workflows into a single pipeline, detailing objectives, research findings, and implementation plans.
