[VDO-6059] Create separate CI files per branch, where needed#430
Merged
bjohnsto merged 2 commits intodm-vdo:mainfrom Feb 26, 2026
Merged
[VDO-6059] Create separate CI files per branch, where needed#430bjohnsto merged 2 commits intodm-vdo:mainfrom
bjohnsto merged 2 commits intodm-vdo:mainfrom
Conversation
Our CI uses pull_request_target because it allows for fork PRs to access repo secrets, which we need. However, using pull_request_target also comes with restrictions. One of those restrictions is that any actions run on the PR will be run in the main branch's context. Even if you have a PR targeting a different branch, it will still use the main branch's context; meaning it will use the CI from the main branch, not the CI file located on the branch. The plan is to have different ci files with separate branch filters. This will allow different actions to be run within the main branch's context. First step is to rename the current CI file. Signed-off-by: Bruce Johnston <bjohnsto@redhat.com>
github-actions
bot
added
untested
private build running
public build running
private build done
public build done
private testing running
public testing running
private testing done
public testing done
and removed
untested
private build running
public build running
private testing running
public testing running
labels
lorelei-sakai
requested changes
Feb 26, 2026
Member
lorelei-sakai
left a comment
lorelei-sakai
left a comment
There was a problem hiding this comment.
One tiny tweak about covering all 8.3.* release branches. Is that possible?
Otherwise this looks like it makes a lot of sense, the rest of it is good.
Create a new ci file specifically for our 8.3 branches that only runs when any of the 8.3 branches are targeted. Update the ci-main.yml file to only run when the main branch is targeted. Signed-off-by: Bruce Johnston <bjohnsto@redhat.com>
bjohnsto
force-pushed
the
bjohnston_ci_file_per_branch
branch
from
a902644 to
66ff4df
Compare
github-actions
bot
added
private build done
private testing running
public build done
public testing running
and removed
public build running
labels
github-actions
bot
added
private testing done
and removed
private testing running
labels
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Our CI uses pull_request_target because it allows for fork PRs to access repo secrets, which we need. However, using pull_request_target also comes with restrictions. One of those restrictions is that any actions run on the PR will be run in the main branch's context. Even if you have a PR targeting a different branch, it will still use the main branch's context; meaning it will use the CI from the main branch, not the CI file located on the branch. The plan is to have different ci files with separate branch filters. This will allow different actions to be run within the main branch's context.
Once this work is done, a separate PR updating the test code in the 8.3 branch to have tests run on rhel10 machines will need to be created to complete this task.
Additional work was done in our lab and Github itself to get this all to work. We added an additional runner machine that now runs rhel; vdo-lab-github-runner-03. We also added two new RHEL10 runner test machines; jfarm-002 and jfarm-003.
We added two new tags to our runner machine configuration; fedora for the current F42 runners and rhel for the current RHEL10 runner. I made them generic for the time being, since I know we tend to update fedora releases as we get new ones and having a fedora42 tag running fedora 43 didn't make much sense. We can always change this later.
These changes allows us to specify to the common CI code which private runner machines to run on. The default tag in the common CI code is fedora.