ci: explicit-trigger heavy workflows (auto on PR open, manual after)#3234
Closed
borisbat wants to merge 2 commits into
Closed
ci: explicit-trigger heavy workflows (auto on PR open, manual after)#3234borisbat wants to merge 2 commits into
borisbat wants to merge 2 commits into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Updates CI triggering to reduce runner spend by making the heavy workflows run automatically only on PR open/reopen/ready-for-review (and still on push: master), with manual workflow_dispatch re-runs for subsequent commits; accompanying contributor docs are updated to reflect the explicit-trigger iteration loop.
Changes:
- Adjust
build,extended_checks, andwasm_buildworkflows to usepull_request: types: [opened, reopened, ready_for_review](dropping the implicitsynchronizebehavior). - Document the explicit-trigger model and the “dispatch heavy CI on final SHA” discipline across contributor skills and
CLAUDE.md. - Update the PR “what runs” table to reflect the new triggering model and include
msvc.yml.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| skills/preflight.md | Updates PR CI trigger table and adds explicit-trigger explanation. |
| skills/pr_review_iteration.md | Adds explicit-trigger CI guidance to the iteration loop. |
| skills/make_pr.md | Adds a new step to manually dispatch heavy CI on the final commit. |
| CLAUDE.md | Documents the explicit-trigger CI policy in the main contributor guide. |
| .github/workflows/build.yml | Limits PR auto-runs to PR open/reopen/ready + keeps dispatch. |
| .github/workflows/extended_checks.yml | Limits PR auto-runs to PR open/reopen/ready + keeps dispatch. |
| .github/workflows/wasm_build.yml | Limits PR auto-runs to PR open/reopen/ready + keeps dispatch. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
borisbat
force-pushed
the
bbatkin/ci-explicit-trigger
branch
from
f64adc0 to
ef0caba
Compare
The heavy CI workflows (build, extended_checks, wasm_build) now auto-run only on PR open/reopen/ready, NOT on every subsequent push (dropped the implicit `synchronize` trigger). Re-run them on the final commit via workflow_dispatch (Actions "Run workflow" button, or `gh workflow run <wf> --ref <branch>`). Why: cost control. Copilot review is a ruleset check (not a runner job), so it re-runs free on every push — iterate there for free, then fire the matrix once when converged instead of on every intermediate push. Green is per-SHA, so a passing run vouches only for the commit it ran on; dispatch on the final commit before merge. master is not hard-gated on these checks (maintainer discipline). doc/codeql stay paths-gated; msvc is already dispatch-only; the post-merge push:[master] run still validates master after each merge. A `/ci` PR-comment dispatcher is a planned follow-up (needs a CI_DISPATCH_TOKEN PAT — the default GITHUB_TOKEN can't fire workflow_dispatch). Docs: CLAUDE.md (GitHub Operations → "CI runs on EXPLICIT trigger"), skills/make_pr.md (step 7 + quick-ref row), skills/pr_review_iteration.md, skills/preflight.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
borisbat
force-pushed
the
bbatkin/ci-explicit-trigger
branch
from
ef0caba to
c40df1d
Compare
Collaborator
Author
|
Closing: the free-runner switch (#3233) already solved the cost problem (public-repo standard runners are free/unlimited), so explicit-trigger has no upside. Worse, workflow_dispatch runs are not PR-associated, so the PR badge shows green regardless of the real dispatch state = no honest merge gate. Reverting to the simple model already on master: auto-run on every push (gated + free). Remaining trim (mingw/clangcl to nightly) lands as a separate PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
The heavy CI workflows —
build,extended_checks,wasm_build— now auto-run only when a PR opens (pull_request: types: [opened, reopened, ready_for_review]), not on every subsequent push (dropped the implicitsynchronize). Re-run them on demand:gh workflow run build.yml --ref <branch>(alsoextended_checks.yml,wasm_build.yml).doc/codeqlstaypaths-gated;msvcis alreadyworkflow_dispatch-only; the post-mergepush: [master]run still validates master after each merge.Why
Cost control. Copilot review is a ruleset check, not a runner job — it re-runs free on every push. So the iteration loop becomes: push → free Copilot read → fix → repeat (zero runner minutes), then deliberately fire the matrix once on the final commit instead of on every intermediate push. During the recent spending-limit incident, a single PR's Copilot rounds would otherwise have burned ~5 full matrices; this makes it 1.
Green is per-SHA, so a passing run vouches only for the commit it ran on — push a new commit and the heavy checks are absent on the new HEAD until you re-dispatch. That gives "green only on the latest commit" for free (no required-status-checks needed). master is not hard-gated on these checks (maintainer discipline) — the discipline is: dispatch on your final commit, merge only on its green.
Follow-up (not in this PR)
A
/ciPR-comment dispatcher (ChatOps) would be more ergonomic than the Actions button, but the defaultGITHUB_TOKENcan't fireworkflow_dispatch(GitHub recursion-prevention), so it needs a storedCI_DISPATCH_TOKENPAT (scope: actions:write). Deferred until that secret exists.Docs
CLAUDE.md→ GitHub Operations → new "CI runs on EXPLICIT trigger" sectionskills/make_pr.md→ new step 7 ("trigger the heavy CI on your final commit before merge") + quick-ref rowskills/pr_review_iteration.md→ explicit-trigger callout + corrected "CI re-runs on push" (now Copilot-only)skills/preflight.md→ "What runs on a PR" table updatedSelf-validating
This PR's own CI exercises the new triggers — the matrix should auto-run once now (on
opened); after that, pushes won't re-trigger it and I'll dispatch manually. If you see the build matrix run here, the change works.🤖 Generated with Claude Code