chore(ci): run PR checks as parallel just jobs #227

jwilger · 2026-05-16T16:31:57-07:00

jwilger commented

2026-05-16 16:31:57 -07:00

Closes #218.

Summary

Replaced the monolithic flake-check PR gate with separate fmt, clippy, test, deny, and build Forgejo jobs.
Kept Nix as CI tool provisioning while each deterministic job runs the corresponding just recipe.
Gated semantic review on all deterministic jobs and disabled persisted checkout credentials for PR-controlled just jobs.
Updated the Quickstart CI example and added a CI workflow contract test.

Verification

rtk cargo test -p ar-gateway --test ci_workflow_contract pr_ci_exposes_separate_just_based_deterministic_jobs -- --exact
rtk cargo fmt --all -- --check
nix develop --command just fmt
nix develop --command git push -u origin chore/218-just-ci-jobs (pre-push full-verification hook completed before push)

Notes

Local just was not directly available on PATH; commands requiring just were run through nix develop.

Closes #218. ## Summary - Replaced the monolithic `flake-check` PR gate with separate `fmt`, `clippy`, `test`, `deny`, and `build` Forgejo jobs. - Kept Nix as CI tool provisioning while each deterministic job runs the corresponding `just` recipe. - Gated semantic review on all deterministic jobs and disabled persisted checkout credentials for PR-controlled just jobs. - Updated the Quickstart CI example and added a CI workflow contract test. ## Verification - `rtk cargo test -p ar-gateway --test ci_workflow_contract pr_ci_exposes_separate_just_based_deterministic_jobs -- --exact` - `rtk cargo fmt --all -- --check` - `nix develop --command just fmt` - `nix develop --command git push -u origin chore/218-just-ci-jobs` (pre-push full-verification hook completed before push) ## Notes - Local `just` was not directly available on PATH; commands requiring `just` were run through `nix develop`.

jwilger added 1 commit

2026-05-16 16:31:57 -07:00

chore(ci): split PR checks into just jobs

CI / Format check (pull_request) Successful in 6s

Details

CI / Clippy (pull_request) Successful in 43s

Details

CI / Dependency policy (pull_request) Successful in 12s

Details

CI / Test (pull_request) Successful in 1m0s

Details

CI / Build (pull_request) Successful in 39s

Details

CI / Build PR artifacts (no token) (pull_request) Successful in 2s

Details

CI / Request auto_review semantic review (pull_request) Successful in 1s

Details

CI / Publish PR artifact packages (pull_request) Successful in 2s

Details

auto_review auto_review: 1 warning

740a35238b

auto-review approved these changes

2026-05-16 16:33:48 -07:00

auto-review left a comment

The PR refactors the CI workflow by splitting the monolithic flake-check job into separate fmt, clippy, test, deny, and build jobs, each running a corresponding just command. This change aims to improve parallelism and clarity in the CI process. The update appears safe to merge, but ensure all necessary checks are covered in the new setup.

Walkthrough

.forgejo/workflows/ci.yml:
- Removed the flake-check job and replaced it with separate jobs for fmt, clippy, test, deny, and build.
- Each job runs a specific just command and disables persisted credentials for security.
- The semantic-review job now depends on all these new jobs instead of the single flake-check job.
crates/ar-gateway/tests/ci_workflow_contract.rs:
- Added a new test to ensure the CI workflow exposes separate jobs for each just command and checks for the absence of the flake-check job.
docs/QUICKSTART.md:
- Updated the CI example to reflect the new job structure, replacing flake-check with the new jobs and updating dependencies accordingly.

The PR refactors the CI workflow by splitting the monolithic `flake-check` job into separate `fmt`, `clippy`, `test`, `deny`, and `build` jobs, each running a corresponding `just` command. This change aims to improve parallelism and clarity in the CI process. The update appears safe to merge, but ensure all necessary checks are covered in the new setup. ## Walkthrough - **.forgejo/workflows/ci.yml**: - Removed the `flake-check` job and replaced it with separate jobs for `fmt`, `clippy`, `test`, `deny`, and `build`. - Each job runs a specific `just` command and disables persisted credentials for security. - The `semantic-review` job now depends on all these new jobs instead of the single `flake-check` job. - **crates/ar-gateway/tests/ci_workflow_contract.rs**: - Added a new test to ensure the CI workflow exposes separate jobs for each `just` command and checks for the absence of the `flake-check` job. - **docs/QUICKSTART.md**: - Updated the CI example to reflect the new job structure, replacing `flake-check` with the new jobs and updating dependencies accordingly.

.forgejo/workflows/ci.yml

					
				@ -8,21 +8,23 @@ permissions:

				  contents: read

🟡 Warning: Lines 8–23: The flake-check job has been removed, but the fmt job does not include a check for nix flake check. Ensure that the necessary checks are covered in the new jobs or explicitly state why they are no longer needed.

🟡 **Warning:** **Lines 8–23:** The `flake-check` job has been removed, but the `fmt` job does not include a check for `nix flake check`. Ensure that the necessary checks are covered in the new jobs or explicitly state why they are no longer needed.

jwilger marked this conversation as resolved

jwilger merged commit c7a098531a into main

2026-05-16 17:16:01 -07:00

jwilger deleted branch chore/218-just-ci-jobs

2026-05-16 17:16:01 -07:00

jwilger referenced this pull request from a commit

2026-05-16 17:16:01 -07:00

chore(ci): run PR checks as parallel just jobs (#227)

Sign in to join this conversation.

No reviewers