Skip to content

chore(ci): make Verify E2E Passed a required check#264

Merged
FSM1 merged 6 commits into
mainfrom
chore/release-gate-required-check
Mar 4, 2026
Merged

chore(ci): make Verify E2E Passed a required check#264
FSM1 merged 6 commits into
mainfrom
chore/release-gate-required-check

Conversation

@FSM1

@FSM1 FSM1 commented Mar 4, 2026

Copy link
Copy Markdown
Owner

Summary

  • The verify-e2e job in release-gate.yml now runs on all PRs to main, not just release-please PRs
  • On non-release PRs it passes instantly ("Not a release PR")
  • On release PRs it performs the full Web + Desktop E2E verification as before
  • Verify E2E Passed has been added as a required status check on main branch protection

This ensures release-please PRs cannot be merged without passing E2E tests, while feature PRs are unaffected.

Test plan

  • Verify this PR's own Verify E2E Passed check passes (non-release PR path)
  • Next release-please PR will exercise the real E2E gate path

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Release workflow now computes and exposes an explicit "is_release" flag to distinguish release vs non-release PRs.
    • CI steps (checkout, change detection, wait-for-e2e, verification, summary) are gated to run only for release PRs or when relevant changes exist.
    • Added explicit fail/skip handling so release PR checks surface incomplete change-detection and non-release PRs skip gracefully.
    • Reduced unnecessary work for non-release PRs by skipping early.

The verify-e2e job now runs on all PRs to main (not just
release-please PRs). On non-release PRs it passes instantly;
on release PRs it performs the full E2E verification.

This allows it to be added as a required status check without
blocking feature PRs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Entire-Checkpoint: a6408bad87ba
@coderabbitai

coderabbitai Bot commented Mar 4, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@FSM1 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 16 minutes and 59 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5d5c4ff5-2f3d-40a7-8ba3-7dbc6ce61f3c

📥 Commits

Reviewing files that changed from the base of the PR and between 1cb73d1 and f53e663.

📒 Files selected for processing (1)
  • .github/workflows/release-gate.yml

Walkthrough

Adds a release-PR detection step that sets is_release and then conditions checkout, change-detection, web E2E, desktop change detection, desktop E2E, skip steps, and summary to run only when is_release (desktop E2E also requires detected desktop changes).

Changes

Cohort / File(s) Summary
Release Gate Workflow
​.github/workflows/release-gate.yml
Adds a "Check if release PR" step that outputs is_release; gates checkout, detect-changes, desktop-change detection, Web E2E, Desktop E2E, Skip steps, and Summary on is_release; adjusts Verify E2E flow to handle release vs non-release PRs and ensures desktop E2E runs only when desktop changes were detected.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Actor as GitHub Actions
participant Check as "Check if release PR\n(sets is_release)"
participant Checkout as "Checkout & detect-changes"
participant WebE2E as "Web E2E job"
participant DesktopDetect as "Desktop change detector"
participant DesktopE2E as "Desktop E2E job"

Actor->>Check: workflow triggered
Check-->>Actor: outputs is_release
alt is_release = true
    Actor->>Checkout: run checkout & detect-changes
    Checkout-->>Actor: outputs change sets
    Actor->>WebE2E: run Web E2E (gated)
    Actor->>DesktopDetect: run desktop-change detection
    alt desktop_changes = true
        DesktopDetect-->>Actor: desktop_changes = true
        Actor->>DesktopE2E: run Desktop E2E
    else desktop_changes = false
        DesktopDetect-->>Actor: desktop_changes = false
    end
else is_release = false
    Check-->>Actor: skip release-only steps
    Actor->>Actor: run Skip steps (non-release PR)
end

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title describes making 'Verify E2E Passed' a required check, but the changes primarily refactor release-gate.yml to handle both release and non-release PRs consistently. While the title is partially related to the changeset (it reflects one consequence of the changes), the main objective is broader: restructuring E2E verification gating logic to run on all PRs with different paths for release vs. non-release PRs.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch chore/release-gate-required-check

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov

codecov Bot commented Mar 4, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 47.92%. Comparing base (ef90514) to head (f53e663).
⚠️ Report is 13 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #264      +/-   ##
==========================================
+ Coverage   46.31%   47.92%   +1.61%     
==========================================
  Files         106      109       +3     
  Lines        8266     8321      +55     
  Branches      591      639      +48     
==========================================
+ Hits         3828     3988     +160     
+ Misses       4271     4163     -108     
- Partials      167      170       +3     
Flag Coverage Δ
api 85.08% <ø> (+1.21%) ⬆️
crypto 85.08% <ø> (+1.21%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the “Release Gate” GitHub Actions workflow so the Verify E2E Passed job is intended to run on all PRs to main, becoming a viable required status check while still only performing full E2E gating for release-please PRs.

Changes:

  • Make verify-e2e run for all PRs (with a fast “not applicable” path for non-release PRs).
  • Gate Web/Desktop E2E verification steps so they only execute on release-please--* PRs.
  • Gate the desktop verification/skip/summary steps behind the release-please PR condition.

You can also share your feedback on Copilot code review. Take the survey.

Comment thread .github/workflows/release-gate.yml Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release-gate.yml:
- Around line 75-76: Remove the job-level "if: '!cancelled()'" from the
verify-e2e job (currently declared with needs: detect-changes) and add an
explicit step (e.g., named "ensure-detect-changes-success") at the start of the
verify-e2e job that checks needs.detect-changes.result and fails the job for
release PRs when that result is not "success"; implement the check using
needs.detect-changes.result != 'success' combined with your release-PR detection
logic (for example, checking github.event.pull_request.head.ref startsWith
'release/' or presence of a "release" label) and exit non‑zero so verify-e2e
cannot be skipped silently.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 723aa7dd-f720-4705-8222-d4064db56602

📥 Commits

Reviewing files that changed from the base of the PR and between c0af622 and 2db67e6.

📒 Files selected for processing (1)
  • .github/workflows/release-gate.yml

Comment thread .github/workflows/release-gate.yml Outdated
Make detect-changes run on all PRs (short-circuits for non-release
PRs) so verify-e2e's needs dependency is always satisfied. This
prevents the required check from being skipped and silently passing
branch protection.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Entire-Checkpoint: c08fdccd40bd

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (1)
.github/workflows/release-gate.yml (1)

85-93: ⚠️ Potential issue | 🔴 Critical

Verify E2E Passed can still be skipped if detect-changes is skipped/failed.

Because this job has needs: detect-changes and no always() override, upstream non-success can skip this required check. A skipped required check can satisfy protection, which weakens the gate.

🧩 Suggested fix
   verify-e2e:
     name: Verify E2E Passed
     needs: detect-changes
+    if: ${{ always() && !cancelled() }}
     runs-on: ubuntu-latest
     timeout-minutes: 40
     steps:
+      - name: Ensure detect-changes succeeded (release PR)
+        if: needs.detect-changes.outputs.is_release == 'true' && needs.detect-changes.result != 'success'
+        run: |
+          echo "::error::detect-changes must succeed before E2E verification."
+          exit 1
+
       - name: Skip (not a release PR)
         if: needs.detect-changes.outputs.is_release != 'true'
         run: echo "Not a release PR — E2E gate not applicable"
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release-gate.yml around lines 85 - 93, The verify-e2e job
can be skipped when its dependency detect-changes is skipped/failed; change the
job-level condition so it always runs regardless of detect-changes result and
let the existing step-level check handle skipping based on outputs.
Specifically, update the verify-e2e job (named "verify-e2e") to include an
always-run condition (e.g., add if: ${{ always() }}) at the job level while
keeping the step that checks needs.detect-changes.outputs.is_release to decide
whether to actually run E2E, ensuring the job cannot be bypassed by a
skipped/failed detect-changes.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/release-gate.yml:
- Around line 85-93: The verify-e2e job can be skipped when its dependency
detect-changes is skipped/failed; change the job-level condition so it always
runs regardless of detect-changes result and let the existing step-level check
handle skipping based on outputs. Specifically, update the verify-e2e job (named
"verify-e2e") to include an always-run condition (e.g., add if: ${{ always() }})
at the job level while keeping the step that checks
needs.detect-changes.outputs.is_release to decide whether to actually run E2E,
ensuring the job cannot be bypassed by a skipped/failed detect-changes.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b7ddf01f-3c03-44f3-924c-ae3bd3ff985c

📥 Commits

Reviewing files that changed from the base of the PR and between 2db67e6 and a68178b.

📒 Files selected for processing (1)
  • .github/workflows/release-gate.yml

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.


You can also share your feedback on Copilot code review. Take the survey.

Comment thread .github/workflows/release-gate.yml Outdated
Comment thread .github/workflows/release-gate.yml
- Set explicit default outputs (desktop=false, prev_tag=) for
  non-release PRs so downstream outputs are always defined
- Add if: !cancelled() to verify-e2e so it runs even if
  detect-changes fails unexpectedly
- Add explicit failure step for release PRs when detect-changes
  didn't succeed

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Entire-Checkpoint: b63abff3adfd
@FSM1

FSM1 commented Mar 4, 2026

Copy link
Copy Markdown
Owner Author

Re: CodeRabbit duplicate comment about verify-e2e being skippable if detect-changes fails —

Fixed in 3c9ecc6:

  1. Added if: "\!cancelled()" to verify-e2e so it runs even if detect-changes fails unexpectedly
  2. Added an explicit failure step: on release PRs, if detect-changes.result \!= success, the job fails immediately instead of silently passing

This ensures the required check cannot be bypassed by an upstream failure.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.


You can also share your feedback on Copilot code review. Take the survey.

Comment thread .github/workflows/release-gate.yml
Explicit always() ensures the job runs even when detect-changes is
skipped/failed, removing ambiguity about !cancelled() alone.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Entire-Checkpoint: 61cdbe0daf6d

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.


You can also share your feedback on Copilot code review. Take the survey.

Comment thread .github/workflows/release-gate.yml
Detect release PRs via startsWith(github.head_ref) instead of
needs.detect-changes.outputs.is_release. This fails closed if
detect-changes crashes before producing outputs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Entire-Checkpoint: 85ab87bf85f5

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release-gate.yml:
- Around line 19-21: Do not interpolate `${{ github.head_ref }}` directly in the
run script; instead add an env entry (e.g., HEAD_REF: ${{ github.head_ref }}) to
the step and reference that env var in the bash if-test (use `"$HEAD_REF"` and
`[[ "$HEAD_REF" == release-please--* ]]` to avoid word-splitting and globbing),
then write to the GITHUB_OUTPUT as before; update the step that contains the run
block to read the branch from the env variable rather than direct interpolation.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9e12d50e-d981-42c9-9d54-1bad9c2a7a8b

📥 Commits

Reviewing files that changed from the base of the PR and between a68178b and 1cb73d1.

📒 Files selected for processing (1)
  • .github/workflows/release-gate.yml

Comment thread .github/workflows/release-gate.yml
github.head_ref is user-controlled (PR branch name). Pass it through
an environment variable instead of interpolating directly in the
run script.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Entire-Checkpoint: bf29201a8eff

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.


You can also share your feedback on Copilot code review. Take the survey.

@FSM1 FSM1 merged commit da20e91 into main Mar 4, 2026
23 checks passed
@FSM1 FSM1 deleted the chore/release-gate-required-check branch March 4, 2026 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants