workflows/check: run "checks" in one workflow

This introduces "check" as another category of jobs suitable for the "Require status checks to pass" feature. Checks as a category would include everything that is done before even looking at the code: Right branch? Commit messages? Cherry-picked correctly? (commit messages are not checked, yet) (cherry picked from commit f11b58a7a0)
2026-01-11 18:32:23 +08:00 · 2025-05-30 18:21:16 +02:00
parent 6a03633b81
commit e6c1c77513
2 changed files with 26 additions and 40 deletions
--- a/.github/workflows/check-cherry-picks.yml
+++ b/.github/workflows/check-cherry-picks.yml
@@ -1,29 +1,45 @@
-name: "Check cherry-picks"
+name: Check

 on:
  pull_request:
    paths:
-      - .github/workflows/check-cherry-picks.yml
+      - .github/workflows/check.yml
  pull_request_target:
-    branches:
-      - 'release-**'
-      - 'staging-**'
-      - '!staging-next'

 concurrency:
  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

-permissions:
-  pull-requests: write
+permissions: {}

 defaults:
  run:
    shell: bash

 jobs:
-  check:
-    name: cherry-pick-check
+  no-channel-base:
+    name: no channel base
+    if: |
+      startsWith(github.base_ref, 'nixos-') ||
+      startsWith(github.base_ref, 'nixpkgs-')
+    runs-on: ubuntu-24.04-arm
+    steps:
+      - run: |
+          cat <<EOF
+          The nixos-* and nixpkgs-* branches are pushed to by the channel
+          release script and should not be merged into directly.
+
+          Please target the equivalent release-* branch or master instead.
+          EOF
+          exit 1
+
+  cherry-pick:
+    if: |
+      github.event_name == 'pull_request' ||
+      startsWith(github.base_ref, 'release-') ||
+      (startsWith(github.base_ref, 'staging-') && github.base_ref != 'staging-next')
+    permissions:
+      pull-requests: write
    runs-on: ubuntu-24.04-arm
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
--- a/.github/workflows/no-channel.yml
+++ b/.github/workflows/no-channel.yml
@@ -1,30 +0,0 @@
-name: "No channel PR"
-
-on:
-  pull_request:
-    paths:
-      - .github/workflows/no-channel.yml
-  pull_request_target:
-
-permissions: {}
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  fail:
-    if: |
-      startsWith(github.event.pull_request.base.ref, 'nixos-') ||
-      startsWith(github.event.pull_request.base.ref, 'nixpkgs-')
-    name: "This PR is targeting a channel branch"
-    runs-on: ubuntu-24.04-arm
-    steps:
-      - run: |
-          cat <<EOF
-          The nixos-* and nixpkgs-* branches are pushed to by the channel
-          release script and should not be merged into directly.
-
-          Please target the equivalent release-* branch or master instead.
-          EOF
-          exit 1