Browse code
gha: Add conditional skip for jobs with 'ci/validate-only' label
This change adds conditional logic to skip build and test jobs when a
pull request is labeled with 'ci/validate-only'.
The `govulncheck` job in the CI workflow is intentionally excluded from
this conditional logic, ensuring security vulnerability checks always
run regardless of the label.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Paweł Gronowski authored on 2025/08/14 20:30:57Showing 7 changed files
- .github/workflows/arm64.yml
- .github/workflows/bin-image.yml
- .github/workflows/buildkit.yml
- .github/workflows/ci.yml
- .github/workflows/test.yml
- .github/workflows/windows-2022.yml
- .github/workflows/windows-2025.yml
| ... | ... |
@@ -37,6 +37,7 @@ jobs: |
| 37 | 37 |
build: |
| 38 | 38 |
runs-on: ubuntu-24.04-arm |
| 39 | 39 |
timeout-minutes: 20 # guardrails timeout for the whole job |
| 40 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 40 | 41 |
needs: |
| 41 | 42 |
- validate-dco |
| 42 | 43 |
strategy: |
| ... | ... |
@@ -70,6 +71,7 @@ jobs: |
| 70 | 70 |
build-dev: |
| 71 | 71 |
runs-on: ubuntu-24.04-arm |
| 72 | 72 |
timeout-minutes: 120 # guardrails timeout for the whole job |
| 73 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 73 | 74 |
needs: |
| 74 | 75 |
- validate-dco |
| 75 | 76 |
steps: |
| ... | ... |
@@ -93,6 +95,7 @@ jobs: |
| 93 | 93 |
test-unit: |
| 94 | 94 |
runs-on: ubuntu-24.04-arm |
| 95 | 95 |
timeout-minutes: 120 # guardrails timeout for the whole job |
| 96 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 96 | 97 |
needs: |
| 97 | 98 |
- build-dev |
| 98 | 99 |
steps: |
| ... | ... |
@@ -150,7 +153,7 @@ jobs: |
| 150 | 150 |
runs-on: ubuntu-24.04 |
| 151 | 151 |
timeout-minutes: 10 |
| 152 | 152 |
continue-on-error: ${{ github.event_name != 'pull_request' }}
|
| 153 |
- if: always() |
|
| 153 |
+ if: always() && (github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only')) |
|
| 154 | 154 |
needs: |
| 155 | 155 |
- test-unit |
| 156 | 156 |
steps: |
| ... | ... |
@@ -179,6 +182,7 @@ jobs: |
| 179 | 179 |
runs-on: ubuntu-24.04-arm |
| 180 | 180 |
timeout-minutes: 120 # guardrails timeout for the whole job |
| 181 | 181 |
continue-on-error: ${{ github.event_name != 'pull_request' }}
|
| 182 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 182 | 183 |
needs: |
| 183 | 184 |
- build-dev |
| 184 | 185 |
steps: |
| ... | ... |
@@ -249,7 +253,7 @@ jobs: |
| 249 | 249 |
runs-on: ubuntu-24.04 |
| 250 | 250 |
timeout-minutes: 10 |
| 251 | 251 |
continue-on-error: ${{ github.event_name != 'pull_request' }}
|
| 252 |
- if: always() |
|
| 252 |
+ if: always() && (github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only')) |
|
| 253 | 253 |
needs: |
| 254 | 254 |
- test-integration |
| 255 | 255 |
steps: |
| ... | ... |
@@ -42,6 +42,7 @@ jobs: |
| 42 | 42 |
prepare: |
| 43 | 43 |
runs-on: ubuntu-24.04 |
| 44 | 44 |
timeout-minutes: 20 # guardrails timeout for the whole job |
| 45 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 45 | 46 |
outputs: |
| 46 | 47 |
platforms: ${{ steps.platforms.outputs.matrix }}
|
| 47 | 48 |
steps: |
| ... | ... |
@@ -96,10 +97,10 @@ jobs: |
| 96 | 96 |
build: |
| 97 | 97 |
runs-on: ubuntu-24.04 |
| 98 | 98 |
timeout-minutes: 20 # guardrails timeout for the whole job |
| 99 |
+ if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') && (github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only')) }}
|
|
| 99 | 100 |
needs: |
| 100 | 101 |
- validate-dco |
| 101 | 102 |
- prepare |
| 102 |
- if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') |
|
| 103 | 103 |
strategy: |
| 104 | 104 |
fail-fast: false |
| 105 | 105 |
matrix: |
| ... | ... |
@@ -172,9 +173,9 @@ jobs: |
| 172 | 172 |
merge: |
| 173 | 173 |
runs-on: ubuntu-24.04 |
| 174 | 174 |
timeout-minutes: 40 # guardrails timeout for the whole job |
| 175 |
+ if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') && github.event_name != 'pull_request' && github.repository == 'moby/moby' }}
|
|
| 175 | 176 |
needs: |
| 176 | 177 |
- build |
| 177 |
- if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') && github.event_name != 'pull_request' && github.repository == 'moby/moby' |
|
| 178 | 178 |
steps: |
| 179 | 179 |
- |
| 180 | 180 |
name: Download meta bake definition |
| ... | ... |
@@ -35,6 +35,7 @@ jobs: |
| 35 | 35 |
build-linux: |
| 36 | 36 |
runs-on: ubuntu-24.04 |
| 37 | 37 |
timeout-minutes: 120 # guardrails timeout for the whole job |
| 38 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 38 | 39 |
needs: |
| 39 | 40 |
- validate-dco |
| 40 | 41 |
steps: |
| ... | ... |
@@ -62,6 +63,7 @@ jobs: |
| 62 | 62 |
test-linux: |
| 63 | 63 |
runs-on: ubuntu-24.04 |
| 64 | 64 |
timeout-minutes: 120 # guardrails timeout for the whole job |
| 65 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 65 | 66 |
needs: |
| 66 | 67 |
- build-linux |
| 67 | 68 |
env: |
| ... | ... |
@@ -166,6 +168,7 @@ jobs: |
| 166 | 166 |
build-windows: |
| 167 | 167 |
runs-on: windows-2022 |
| 168 | 168 |
timeout-minutes: 120 |
| 169 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 169 | 170 |
needs: |
| 170 | 171 |
- validate-dco |
| 171 | 172 |
env: |
| ... | ... |
@@ -265,6 +268,7 @@ jobs: |
| 265 | 265 |
test-windows: |
| 266 | 266 |
runs-on: windows-2022 |
| 267 | 267 |
timeout-minutes: 120 # guardrails timeout for the whole job |
| 268 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 268 | 269 |
needs: |
| 269 | 270 |
- build-windows |
| 270 | 271 |
env: |
| ... | ... |
@@ -67,6 +67,7 @@ jobs: |
| 67 | 67 |
prepare-cross: |
| 68 | 68 |
runs-on: ubuntu-24.04 |
| 69 | 69 |
timeout-minutes: 20 # guardrails timeout for the whole job |
| 70 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 70 | 71 |
needs: |
| 71 | 72 |
- validate-dco |
| 72 | 73 |
outputs: |
| ... | ... |
@@ -89,6 +90,7 @@ jobs: |
| 89 | 89 |
cross: |
| 90 | 90 |
runs-on: ubuntu-24.04 |
| 91 | 91 |
timeout-minutes: 20 # guardrails timeout for the whole job |
| 92 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 92 | 93 |
needs: |
| 93 | 94 |
- validate-dco |
| 94 | 95 |
- prepare-cross |
| ... | ... |
@@ -128,6 +130,7 @@ jobs: |
| 128 | 128 |
govulncheck: |
| 129 | 129 |
runs-on: ubuntu-24.04 |
| 130 | 130 |
timeout-minutes: 120 # guardrails timeout for the whole job |
| 131 |
+ # Always run security checks, even with 'ci/validate-only' label |
|
| 131 | 132 |
permissions: |
| 132 | 133 |
# required to write sarif report |
| 133 | 134 |
security-events: write |
| ... | ... |
@@ -157,6 +160,7 @@ jobs: |
| 157 | 157 |
|
| 158 | 158 |
build-dind: |
| 159 | 159 |
runs-on: ubuntu-24.04 |
| 160 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 160 | 161 |
needs: |
| 161 | 162 |
- validate-dco |
| 162 | 163 |
steps: |
| ... | ... |
@@ -69,6 +69,7 @@ jobs: |
| 69 | 69 |
*.output=type=cacheonly |
| 70 | 70 |
|
| 71 | 71 |
test: |
| 72 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 72 | 73 |
needs: |
| 73 | 74 |
- build-dev |
| 74 | 75 |
- validate-dco |
| ... | ... |
@@ -84,6 +85,7 @@ jobs: |
| 84 | 84 |
storage: ${{ matrix.storage }}
|
| 85 | 85 |
|
| 86 | 86 |
test-unit: |
| 87 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 87 | 88 |
needs: |
| 88 | 89 |
- build-dev |
| 89 | 90 |
- validate-dco |
| ... | ... |
@@ -153,6 +155,7 @@ jobs: |
| 153 | 153 |
smoke-prepare: |
| 154 | 154 |
runs-on: ubuntu-24.04 |
| 155 | 155 |
timeout-minutes: 10 # guardrails timeout for the whole job |
| 156 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 156 | 157 |
needs: |
| 157 | 158 |
- validate-dco |
| 158 | 159 |
outputs: |
| ... | ... |
@@ -175,6 +178,7 @@ jobs: |
| 175 | 175 |
smoke: |
| 176 | 176 |
runs-on: ubuntu-24.04 |
| 177 | 177 |
timeout-minutes: 20 # guardrails timeout for the whole job |
| 178 |
+ if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
|
|
| 178 | 179 |
needs: |
| 179 | 180 |
- smoke-prepare |
| 180 | 181 |
strategy: |