Skip to content

ci: avoid duplicate workflow runs across PR and merge #630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lakhansamani merged 1 commit into from
Jun 15, 2026
+35 −14
Merged

ci: avoid duplicate workflow runs across PR and merge #630

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 28 additions & 12 deletions .github/workflows/buf.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
---
name: Buf

# Proto schema CI for the `proto/` module (buf.build/authorizerdev/authorizer):
# lint + breaking-change detection on PRs, publish to the BSR on push to main.
# Proto schema CI for the `proto/` module (buf.build/authorizerdev/authorizer).
# Responsibilities are split by event so nothing runs twice across a PR and its
# merge commit:
# - pull_request -> validate (lint + breaking-change check)
# - push to main -> publish (buf push)
on:
pull_request:
paths:
Expand All @@ -17,33 +20,46 @@ on:
permissions:
contents: read

# Cancel superseded runs on the same ref (e.g. rapid pushes to a PR).
concurrency:
group: buf-${{ github.ref }}
cancel-in-progress: true

jobs:
buf:
name: Lint, breaking & push
validate:
name: Lint & breaking
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false

- uses: bufbuild/buf-setup-action@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Lint
run: buf lint proto

# Compare the proposed schema against the published module so a PR that
# would break wire/source compatibility fails before it lands.
# Compare against the published module so a PR that would break
# wire/source compatibility fails before it lands.
- name: Breaking-change check
run: buf breaking proto --against buf.build/authorizerdev/authorizer
env:
BUF_TOKEN: ${{ secrets.BUF_TOKEN }}

# Publish only from main. buf de-dupes identical schemas, so commits that
# don't touch protos are no-ops.
publish:
name: Push to BSR
if: github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: bufbuild/buf-setup-action@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
# buf de-dupes identical schemas, so commits that don't touch protos
# are no-ops.
- name: Push to BSR
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
run: buf push proto
env:
BUF_TOKEN: ${{ secrets.BUF_TOKEN }}
9 changes: 7 additions & 2 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,20 @@
name: CI

on:
# Validate on PRs and on releases. Changes only reach main via PRs (which
# already ran this), so a post-merge `push: main` run would just duplicate it.
pull_request:
push:
branches: [main]
release:
types: [created]

permissions:
contents: read

# Cancel superseded runs on the same ref (e.g. rapid pushes to a PR).
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true

jobs:
test:
name: Go tests (SQLite)
Expand Down
Loading