Skip to content

[fix](ci) Restrict trigger push branch for GitHub Workflow#65121

Open
apupier wants to merge 1 commit into
apache:masterfrom
apupier:configureTriggerPushForGitHubWorkflows
Open

[fix](ci) Restrict trigger push branch for GitHub Workflow#65121
apupier wants to merge 1 commit into
apache:masterfrom
apupier:configureTriggerPushForGitHubWorkflows

Conversation

@apupier

@apupier apupier commented Jul 1, 2026

Copy link
Copy Markdown

Feature branches rarely need their own CI runs: the code is already tested when a pull request is opened against a release branch. If the push trigger has no branch restriction and pull_request is also configured, every push to a branch with an open PR runs the workflow twice: once for the push and once for the PR synchronisation.

Always give the push trigger an explicit list of branches: this stops branches created from a release branch from inheriting its workflow runs.

see https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=430408443#GitHubActionsRecommendedPractices-Restrictthepushtriggertospecificbranches

What problem does this PR solve?

Issue Number: close #xxx

Related PR: #xxx

Problem Summary:

Release note

None

Check List (For Author)

  • Test

    • Regression test
    • Unit Test
    • Manual test (add detailed scripts or steps below)
    • No need to test or manual test. Explain why:
      • This is a refactor/code format and no logic has been changed.
      • Previous test can cover this change.
      • No code files have been changed.
      • Other reason
  • Behavior changed:

    • No.
    • Yes.
  • Does this need documentation?

    • No.
    • Yes.

Check List (For Reviewer who merge this PR)

  • Confirm the release note
  • Confirm test cases
  • Confirm document
  • Add branch pick label

Feature branches rarely need their own CI runs: the code is already
tested when a pull request is opened against a release branch. If the
push trigger has no branch restriction and pull_request is also
configured, every push to a branch with an open PR runs the workflow
twice: once for the push and once for the PR synchronisation.

Always give the push trigger an explicit list of branches: this stops
branches created from a release branch from inheriting its workflow
runs.

see https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=430408443#GitHubActionsRecommendedPractices-Restrictthepushtriggertospecificbranches

Signed-off-by: Aurélien Pupier <apupier@ibm.com>
@hello-stephen

Copy link
Copy Markdown
Contributor

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

  1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
  2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
  3. What features were added. Why was this function added?
  4. Which code was refactored and why was this part of the code refactored?
  5. Which functions were optimized and what is the difference before and after the optimization?

@apupier apupier changed the title Restrict trigger push branch for GitHub Workflow [fix] Restrict trigger push branch for GitHub Workflow Jul 1, 2026
@apupier apupier changed the title [fix] Restrict trigger push branch for GitHub Workflow [fix](ci) Restrict trigger push branch for GitHub Workflow Jul 1, 2026
@morningman

Copy link
Copy Markdown
Contributor

/review

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed the two workflow trigger changes. I found one blocking issue: branch-* still includes branch-named non-release/development heads, so duplicate push and pull_request_target runs remain possible in both workflows.

Critical checkpoint conclusions:

  • Goal: not fully met because the broad branch glob still leaves duplicate runs for branch-named upstream heads.
  • Scope: small and focused.
  • Concurrency, lifecycle, config, persistence, protocol, and data writes: not applicable; this is a workflow trigger-only change.
  • Parallel paths: both changed workflows have the same issue and both are commented inline.
  • Tests/validation: static review plus Ruby YAML parse of both workflow files; actionlint is unavailable in this runner.
  • User focus: no additional user-provided focus.

Subagent conclusions:

  • optimizer-rewrite: no candidates; convergence round C-1 returned NO_NEW_VALUABLE_FINDINGS.
  • tests-session-config: TSC-1 was accepted as M-1 and submitted as inline comments PF-1/PF-2; convergence round C-1 returned NO_NEW_VALUABLE_FINDINGS.

push:
branches:
- master
- branch-*

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

branch-* is still broad enough to include ordinary upstream development heads, so it leaves the duplicate push+PR workflow runs this PR is trying to avoid. Live branch metadata currently has unprotected matches such as branch-catalog-spi, branch-fs-spi, branch-hudi-mtmv, branch-refactor_property, and branch-4.1-fix-spill; pushing to any of those with an open PR would still trigger both the push run here and the pull_request_target run. Please restrict this to the actual long-lived release branches that should keep push CI, or add explicit exclusions for branch-named feature heads.

push:
branches:
- master
- branch-*

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue as in code-checks.yml: branch-* still matches branch-named upstream development heads such as branch-catalog-spi, branch-fs-spi, branch-hudi-mtmv, branch-refactor_property, and branch-4.1-fix-spill. Those pushes would continue to run this workflow in addition to the pull_request_target run for an open PR, so the push filter should be narrowed to the intended long-lived release branches or explicitly exclude branch-named feature heads.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

PR approved by at least one committer and no changes requested.

@github-actions github-actions Bot added the approved Indicates a PR has been approved by one committer. label Jul 3, 2026
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

PR approved by anyone and no changes requested.

@morningman

Copy link
Copy Markdown
Contributor

run buildall

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by one committer. reviewed

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants