Skip to content

ci: skip heavy CI for non-impacting changes#194

Closed
marandaneto wants to merge 1 commit into
mainfrom
ci/skip-heavy-ci-non-impacting-changes
Closed

ci: skip heavy CI for non-impacting changes#194
marandaneto wants to merge 1 commit into
mainfrom
ci/skip-heavy-ci-non-impacting-changes

Conversation

@marandaneto

@marandaneto marandaneto commented Jul 1, 2026

Copy link
Copy Markdown
Member

Summary

  • replace the markdown-only PHP CI detector with a generic safe-file classifier that fails closed and checks both filename and previous_filename
  • remove repo/source/test/package-specific classifier lists so any non-safe PR change runs the full PHP CI jobs
  • remove SDK compliance path allowlists and gate the reusable compliance check with the same generic safe-file classifier
  • keep required PHP job IDs/checks present for safe PRs and keep the SDK compliance check name while avoiding path-filtered missing checks

Generic safe set

Heavy CI is skipped only for pull_request events where every reported filename and previous_filename is one of:

  • any *.md file anywhere
  • docs/*
  • .github/ISSUE_TEMPLATE/* or .github/PULL_REQUEST_TEMPLATE/*
  • .github/pull_request_template.md
  • .github/CODEOWNERS or CODEOWNERS
  • .github/dependabot.yml
  • selected repository-management workflows in .github/workflows (release, publish, stale, lint-pr, call-flags-project-board, changeset-hygiene, dependabot-changeset, validate-versioning, new-pr, generated-files-notice, posthog-upgrade, posthog-watcher-*) with .yml or .yaml

Everything else, including source/test changes, package or lock files, build config, current CI workflows, unknown files, pushes, API failures, and empty file lists, runs full CI.

Validation

  • ruby -e 'require "yaml"; ARGV.each { |f| YAML.load_file(f); puts "YAML OK #{f}" }' .github/workflows/php.yml .github/workflows/sdk-compliance.yml
  • git diff --check
  • extracted both classifier scripts from the workflow YAML, substituted GitHub expressions, and ran bash -n
  • local classifier sample assertions covered safe docs/metadata/workflows, package files, lockfiles, source files, current CI workflow files, previous_filename on renames, unknown files, API failure, empty file lists, push events, and SDK compliance safe docs

Notes

  • CodeQL was left unchanged to avoid changing security scan behavior.
  • The SDK compliance reusable workflow is gated at the job level because reusable workflow jobs cannot mix uses: with an in-job no-op step; the check name remains PostHog SDK compliance tests.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

posthog-php Compliance Report

Date: 2026-07-01 13:16:36 UTC
Duration: 95069ms

✅ All Tests Passed!

45/45 tests passed


Capture Tests

29/29 tests passed

View Details
Test Status Duration
Format Validation.Event Has Required Fields 13ms
Format Validation.Event Has Uuid 5ms
Format Validation.Event Has Lib Properties 6ms
Format Validation.Distinct Id Is String 5ms
Format Validation.Token Is Present 6ms
Format Validation.Custom Properties Preserved 6ms
Format Validation.Event Has Timestamp 5ms
Retry Behavior.Retries On 503 5316ms
Retry Behavior.Does Not Retry On 400 2009ms
Retry Behavior.Does Not Retry On 401 2009ms
Retry Behavior.Respects Retry After Header 8015ms
Retry Behavior.Implements Backoff 15729ms
Retry Behavior.Retries On 500 5115ms
Retry Behavior.Retries On 502 5114ms
Retry Behavior.Retries On 504 5115ms
Retry Behavior.Max Retries Respected 16530ms
Deduplication.Generates Unique Uuids 11ms
Deduplication.Preserves Uuid On Retry 5113ms
Deduplication.Preserves Uuid And Timestamp On Retry 10323ms
Deduplication.Preserves Uuid And Timestamp On Batch Retry 5117ms
Deduplication.No Duplicate Events In Batch 11ms
Deduplication.Different Events Have Different Uuids 6ms
Compression.Sends Gzip When Enabled 6ms
Batch Format.Uses Proper Batch Structure 6ms
Batch Format.Flush With No Events Sends Nothing 3ms
Batch Format.Multiple Events Batched Together 10ms
Error Handling.Does Not Retry On 403 2007ms
Error Handling.Does Not Retry On 413 2009ms
Error Handling.Retries On 408 5115ms

Feature_Flags Tests

16/16 tests passed

View Details
Test Status Duration
Request Payload.Request With Person Properties Device Id 6ms
Request Payload.Flags Request Uses V2 Query Param 5ms
Request Payload.Flags Request Hits Flags Path Not Decide 4ms
Request Payload.Flags Request Omits Authorization Header 5ms
Request Payload.Token In Flags Body Matches Init 4ms
Request Payload.Groups Round Trip 5ms
Request Payload.Groups Default To Empty Object 5ms
Request Payload.Person Properties Distinct Id Auto Populated When Caller Omits It 4ms
Request Payload.Disable Geoip False Propagates As Geoip Disable False 4ms
Request Payload.Disable Geoip Omitted Defaults To False 5ms
Request Payload.Flag Keys To Evaluate Contains Only Requested Key 4ms
Request Lifecycle.No Flags Request On Init Alone 2ms
Request Lifecycle.No Flags Request On Normal Capture 6ms
Request Lifecycle.Two Flag Calls Produce Two Remote Requests 7ms
Request Lifecycle.Mock Response Value Is Returned To Caller 5ms
Side Effect Events.Get Feature Flag Captures Feature Flag Called Event 7ms

@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown

Reviews (1): Last reviewed commit: "ci: skip heavy CI for non-impacting chan..." | Re-trigger Greptile

Comment thread .github/workflows/php.yml Outdated
Comment on lines +69 to +75
if [[ "${{ github.event_name }}" != "pull_request" ]]; then
write_outputs
summarize "Non-pull-request event; running heavy CI."
exit 0
fi

if ! changed_files=$(gh api --paginate "repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files" --jq '.[].filename'); then

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 GitHub context expressions expanded inside shell script

Lines 69 and 75 embed ${{ github.event_name }}, ${{ github.repository }}, and ${{ github.event.pull_request.number }} directly in the run: script body. GitHub Actions string-substitutes these before the shell sees the script, which can introduce script injection if the values ever contain shell metacharacters. $GITHUB_EVENT_NAME and $GITHUB_REPOSITORY are already set by the runner as environment variables; github.event.pull_request.number can be passed via the env: block. Prefer those over inline expressions inside shell code.

Comment thread .github/workflows/php.yml
Comment on lines +57 to +67
summarize() {
{
echo "### CI changed-file classification"
echo ""
echo "skip_heavy: \`${skip_heavy}\`"
echo "run_public_api: \`${run_public_api}\`"
echo "run_coverage: \`${run_coverage}\`"
echo ""
echo "$1"
} >> "$GITHUB_STEP_SUMMARY"
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Step-summary header duplicated between summarize() and the main success block

The four echo lines that write the heading and three output values (skip_heavy, run_public_api, run_coverage) appear verbatim inside summarize() (lines 58–65) and again in the main success block (lines 151–155). Per the team's OnceAndOnlyOnce rule, the shared header should be extracted — e.g. a print_header() helper called by both paths, or the main block extended to call summarize with the detailed body as its argument.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Comment thread .github/workflows/php.yml Outdated

is_non_impacting_file() {
case "$1" in
*.md|docs/*|.changeset/*.md|.github/ISSUE_TEMPLATE/*|.github/pull_request_template.md|.github/workflows/release.yml|.github/workflows/stale.yaml|.github/workflows/lint-pr.yml|.github/workflows/call-flags-project-board.yml|package.json|pnpm-lock.yaml|pnpm-workspace.yaml|.npmrc)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 package.json, pnpm-lock.yaml, pnpm-workspace.yaml, and .npmrc are JavaScript/npm files that don't belong in a PHP-only SDK repo. Listing them here is dead code today, but if any were ever added for tooling purposes, CI would silently treat them as non-impacting and skip all PHP checks. Consider removing them to avoid that silent-skip risk.

Suggested change
*.md|docs/*|.changeset/*.md|.github/ISSUE_TEMPLATE/*|.github/pull_request_template.md|.github/workflows/release.yml|.github/workflows/stale.yaml|.github/workflows/lint-pr.yml|.github/workflows/call-flags-project-board.yml|package.json|pnpm-lock.yaml|pnpm-workspace.yaml|.npmrc)
*.md|docs/*|.changeset/*.md|.github/ISSUE_TEMPLATE/*|.github/pull_request_template.md|.github/workflows/release.yml|.github/workflows/stale.yaml|.github/workflows/lint-pr.yml|.github/workflows/call-flags-project-board.yml)

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

@marandaneto marandaneto force-pushed the ci/skip-heavy-ci-non-impacting-changes branch from f24d926 to b20ab97 Compare July 1, 2026 13:14
@marandaneto

Copy link
Copy Markdown
Member Author

Closing this for now — I'll investigate other options. We don't want hardcoded paths this way.

@marandaneto marandaneto closed this Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant