From 7d932af93ae49a662aa04f540defa314666ecdeb Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Tue, 5 May 2026 13:58:32 +0200 Subject: [PATCH 1/6] Add check protection on merge-gate --- exasol/toolbox/templates/github/workflows/merge-gate.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/exasol/toolbox/templates/github/workflows/merge-gate.yml b/exasol/toolbox/templates/github/workflows/merge-gate.yml index 1b991327a4..585917c13d 100644 --- a/exasol/toolbox/templates/github/workflows/merge-gate.yml +++ b/exasol/toolbox/templates/github/workflows/merge-gate.yml @@ -58,7 +58,9 @@ jobs: needs: - run-fast-checks - run-slow-checks - # Each job requires a step, so we added this dummy step. + # To prevent accidentally merges, this step is required. For more details + # see: https://github.com/exasol/python-toolbox/issues/563 steps: - - name: Approve - run: echo "Merge Approved" + - name: Branch Protection - failure if any ancestor failed + if: ${{ contains(needs.*.result, 'failure') }} + run: exit 1 From 3b8be6399fe4cd706445786496b061d280185e8f Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Tue, 5 May 2026 14:04:49 +0200 Subject: [PATCH 2/6] Still want to get the sonar report unless it was skipped/cancelled --- exasol/toolbox/templates/github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/exasol/toolbox/templates/github/workflows/ci.yml b/exasol/toolbox/templates/github/workflows/ci.yml index f58bbfe3c2..8b93f291f8 100644 --- a/exasol/toolbox/templates/github/workflows/ci.yml +++ b/exasol/toolbox/templates/github/workflows/ci.yml @@ -26,6 +26,11 @@ jobs: name: Report needs: - merge-gate + # This condition ensures the job runs if merge-gate finished (success or failure) + if: | + always() && + needs.merge-gate.result != 'skipped' && + needs.merge-gate.result != 'cancelled' uses: ./.github/workflows/report.yml secrets: inherit permissions: From 3a43cb6770267df3ca36fa3743b99f205c559fc1 Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Tue, 5 May 2026 14:06:31 +0200 Subject: [PATCH 3/6] Update workflows (missed upgrade to 7.0.0) --- .github/workflows/build-and-publish.yml | 2 +- .github/workflows/check-release-tag.yml | 2 +- .github/workflows/checks.yml | 18 +++++++++--------- .github/workflows/ci.yml | 5 +++++ .github/workflows/gh-pages.yml | 2 +- .github/workflows/matrix-all.yml | 2 +- .github/workflows/matrix-exasol.yml | 2 +- .github/workflows/matrix-python.yml | 2 +- .github/workflows/merge-gate.yml | 8 +++++--- .github/workflows/report.yml | 2 +- .github/workflows/slow-checks.yml | 2 +- 11 files changed, 27 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 9ba56f8d6f..867d79c9b6 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/check-release-tag.yml b/.github/workflows/check-release-tag.yml index 5423c11a4f..f099fa94ee 100644 --- a/.github/workflows/check-release-tag.yml +++ b/.github/workflows/check-release-tag.yml @@ -17,7 +17,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index a258fef3ac..91277c4fab 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -16,7 +16,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: "3.10" poetry-version: "2.3.0" @@ -42,7 +42,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: "3.10" poetry-version: "2.3.0" @@ -67,7 +67,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -102,7 +102,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -128,7 +128,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -157,7 +157,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: "3.10" poetry-version: "2.3.0" @@ -179,7 +179,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: "3.10" poetry-version: "2.3.0" @@ -200,7 +200,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: "3.10" poetry-version: "2.3.0" @@ -227,7 +227,7 @@ jobs: fetch-depth: 0 - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 104045ade7..82c8388b19 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,6 +26,11 @@ jobs: name: Report needs: - merge-gate + # This condition ensures the job runs if merge-gate finished (success or failure) + if: | + always() && + needs.merge-gate.result != 'skipped' && + needs.merge-gate.result != 'cancelled' uses: ./.github/workflows/report.yml secrets: inherit permissions: diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 147d0453a8..73c74dc99f 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/matrix-all.yml b/.github/workflows/matrix-all.yml index 69a5aa4b4f..558f5ef672 100644 --- a/.github/workflows/matrix-all.yml +++ b/.github/workflows/matrix-all.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/matrix-exasol.yml b/.github/workflows/matrix-exasol.yml index 44b5cfd985..a64b88c3f6 100644 --- a/.github/workflows/matrix-exasol.yml +++ b/.github/workflows/matrix-exasol.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/matrix-python.yml b/.github/workflows/matrix-python.yml index 328799b6c9..e68fd4d1e7 100644 --- a/.github/workflows/matrix-python.yml +++ b/.github/workflows/matrix-python.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/merge-gate.yml b/.github/workflows/merge-gate.yml index 7219a4d83b..765dfe7660 100644 --- a/.github/workflows/merge-gate.yml +++ b/.github/workflows/merge-gate.yml @@ -67,7 +67,9 @@ jobs: - run-fast-checks - run-slow-checks - test-python-environment - # Each job requires a step, so we added this dummy step. + # To prevent accidentally merges, this step is required. For more details + # see: https://github.com/exasol/python-toolbox/issues/563 steps: - - name: Approve - run: echo "Merge Approved" + - name: Branch Protection - failure if any ancestor failed + if: ${{ contains(needs.*.result, 'failure') }} + run: exit 1 diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml index 8790ca1ab2..7612aeba7e 100644 --- a/.github/workflows/report.yml +++ b/.github/workflows/report.yml @@ -20,7 +20,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/slow-checks.yml b/.github/workflows/slow-checks.yml index 8f1b55e42e..46ed19863c 100644 --- a/.github/workflows/slow-checks.yml +++ b/.github/workflows/slow-checks.yml @@ -29,7 +29,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v6 + uses: exasol/python-toolbox/.github/actions/python-environment@v7 with: python-version: ${{ matrix.python-version }} poetry-version: "2.3.0" From 1f29a4525611e9c456552a8de4794f51420fc7ee Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Tue, 5 May 2026 14:07:38 +0200 Subject: [PATCH 4/6] Add changelog entry --- doc/changes/unreleased.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md index fb4737052b..58a72b160d 100644 --- a/doc/changes/unreleased.md +++ b/doc/changes/unreleased.md @@ -1,3 +1,7 @@ # Unreleased ## Summary + +## Bugfix + +* #563: Fixed merge-gate to prevent auto-merges from happening when integration tests failed From 324133c66b47119273d699f7f94322da253e5574 Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Tue, 5 May 2026 16:15:13 +0200 Subject: [PATCH 5/6] Fix to tested method as pointed out by reviewers --- exasol/toolbox/templates/github/workflows/merge-gate.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/exasol/toolbox/templates/github/workflows/merge-gate.yml b/exasol/toolbox/templates/github/workflows/merge-gate.yml index 585917c13d..92c3e6f43e 100644 --- a/exasol/toolbox/templates/github/workflows/merge-gate.yml +++ b/exasol/toolbox/templates/github/workflows/merge-gate.yml @@ -51,6 +51,7 @@ jobs: # This job ensures inputs have been executed successfully. allow-merge: name: Allow Merge + if: ${{ !cancelled() }} runs-on: "(( os_version ))" permissions: contents: read @@ -63,4 +64,8 @@ jobs: steps: - name: Branch Protection - failure if any ancestor failed if: ${{ contains(needs.*.result, 'failure') }} - run: exit 1 + run: | + echo '${{ toJSON(needs) }}' + exit 1 + - name: Branch Protection + run: true From c19b2779d0f7a4927c414dbf8d25f2983b0fcd49 Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Wed, 6 May 2026 08:36:44 +0200 Subject: [PATCH 6/6] Change merge condition --- .github/workflows/merge-gate.yml | 11 ++++++++--- .../toolbox/templates/github/workflows/merge-gate.yml | 8 ++++---- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/.github/workflows/merge-gate.yml b/.github/workflows/merge-gate.yml index 765dfe7660..24200ed937 100644 --- a/.github/workflows/merge-gate.yml +++ b/.github/workflows/merge-gate.yml @@ -59,6 +59,7 @@ jobs: # This job ensures inputs have been executed successfully. allow-merge: name: Allow Merge + if: ${{ !cancelled() }} runs-on: "ubuntu-24.04" permissions: contents: read @@ -70,6 +71,10 @@ jobs: # To prevent accidentally merges, this step is required. For more details # see: https://github.com/exasol/python-toolbox/issues/563 steps: - - name: Branch Protection - failure if any ancestor failed - if: ${{ contains(needs.*.result, 'failure') }} - run: exit 1 + - name: Branch Protection - failure if any ancestor failed or was cancelled + if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + run: | + echo '${{ toJSON(needs) }}' + exit 1 + - name: branch protection + run: echo "All required checks passed. Merge allowed." diff --git a/exasol/toolbox/templates/github/workflows/merge-gate.yml b/exasol/toolbox/templates/github/workflows/merge-gate.yml index 92c3e6f43e..c6f01ed9bc 100644 --- a/exasol/toolbox/templates/github/workflows/merge-gate.yml +++ b/exasol/toolbox/templates/github/workflows/merge-gate.yml @@ -62,10 +62,10 @@ jobs: # To prevent accidentally merges, this step is required. For more details # see: https://github.com/exasol/python-toolbox/issues/563 steps: - - name: Branch Protection - failure if any ancestor failed - if: ${{ contains(needs.*.result, 'failure') }} + - name: Branch Protection - failure if any ancestor failed or was cancelled + if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} run: | echo '${{ toJSON(needs) }}' exit 1 - - name: Branch Protection - run: true + - name: branch protection + run: echo "All required checks passed. Merge allowed."