Fix skip of push operations which are still failing in mirrors (#16468)

* Fix bash operator precedence in repo ownership check The condition had || operators outside proper test block grouping, which could cause the check to fail with a shell error. Wrap the OR conditions in parentheses with explicit [[ ]] tests. Assisted-by: Claude Haiku 4.5 <noreply@anthropic.com> * Replace reusable workflow with direct if conditions for repo ownership check The reusable workflow with job dependencies had a timing/evaluation issue where jobs would still execute even when should_run=false. Using direct if conditions with github context variables (repository, ref_name) is more reliable and ensures jobs are properly skipped on fork pushes. Assisted-by: Claude Haiku 4.5 <noreply@anthropic.com> * Remove unused repo-owns-branch reusable workflow No longer needed after replacing with direct if conditions. Assisted-by: Claude Haiku 4.5 <noreply@anthropic.com>
2026-06-11 09:56:20 -02:30 · 2026-06-01 13:25:27 -04:00
parent f22df56e44
commit 80f8ee1dec
4 changed files with 12 additions and 70 deletions
--- a/.github/workflows/_repo-owns-branch.yml
+++ b/.github/workflows/_repo-owns-branch.yml
@@ -1,55 +0,0 @@
---
-name: Repo Owns Branch
-
-# Reusable workflow that determines whether the current repository
-# owns the current branch for push operations.
-#
-# Ownership rules:
-#   - ansible/awx owns: devel, feature_*
-#   - ansible/tower owns: stable-*, release_*
-#   - workflow_dispatch is always allowed
-#
-# All other repo/branch combinations are skipped.
-
-on:
-  workflow_call:
-    outputs:
-      should_run:
-        description: Whether this repo owns the current branch
-        value: ${{ jobs.check.outputs.should_run }}
-
-jobs:
-  check:
-    runs-on: ubuntu-latest
-    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
-    steps:
-      - name: Check branch ownership
-        id: check
-        run: |
-          REPO="${{ github.repository }}"
-          BRANCH="${{ github.ref_name }}"
-          EVENT="${{ github.event_name }}"
-
-          if [[ "$EVENT" == "workflow_dispatch" ]]; then
-            echo "should_run=true" >> $GITHUB_OUTPUT
-            echo "Manual trigger — allowed"
-            exit 0
-          fi
-
-          # ansible/awx owns devel and feature_* branches
-          if [[ "$REPO" == "ansible/awx" ]] && [[ "$BRANCH" == "devel" || "$BRANCH" == feature_* ]]; then
-            echo "should_run=true" >> $GITHUB_OUTPUT
-            echo "Repository '$REPO' owns branch '$BRANCH'"
-            exit 0
-          fi
-
-          # ansible/tower owns stable-* and release_* branches
-          if [[ "$REPO" == "ansible/tower" ]] && [[ "$BRANCH" == stable-* || "$BRANCH" == release_* ]]; then
-            echo "should_run=true" >> $GITHUB_OUTPUT
-            echo "Repository '$REPO' owns branch '$BRANCH'"
-            exit 0
-          fi
-
-          echo "should_run=false" >> $GITHUB_OUTPUT
-          echo "Repository '$REPO' does not own branch '$BRANCH' — skipping"
--- a/.github/workflows/devel_images.yml
+++ b/.github/workflows/devel_images.yml
@@ -12,12 +12,11 @@ on:
      - feature_*
      - stable-*
 jobs:
-  check-ownership:
-    uses: ./.github/workflows/_repo-owns-branch.yml
-
  push-development-images:
-    needs: check-ownership
-    if: needs.check-ownership.outputs.should_run == 'true'
+    if: |
+      github.event_name == 'workflow_dispatch' ||
+      (github.repository == 'ansible/awx' && (github.ref_name == 'devel' || startsWith(github.ref_name, 'feature_'))) ||
+      (github.repository == 'ansible/tower' && (startsWith(github.ref_name, 'stable-') || startsWith(github.ref_name, 'release_')))
    runs-on: ubuntu-latest
    timeout-minutes: 120
    permissions:
--- a/.github/workflows/spec-sync-on-merge.yml
+++ b/.github/workflows/spec-sync-on-merge.yml
@@ -20,12 +20,11 @@ on:
      - 'stable-2.[1-9][0-9]'
  workflow_dispatch: # Allow manual triggering for testing
 jobs:
-  check-ownership:
-    uses: ./.github/workflows/_repo-owns-branch.yml
-
  sync-openapi-spec:
-    needs: check-ownership
-    if: needs.check-ownership.outputs.should_run == 'true'
+    if: |
+      github.event_name == 'workflow_dispatch' ||
+      (github.repository == 'ansible/awx' && (github.ref_name == 'devel' || startsWith(github.ref_name, 'feature_'))) ||
+      (github.repository == 'ansible/tower' && (startsWith(github.ref_name, 'stable-') || startsWith(github.ref_name, 'release_')))
    name: Sync OpenAPI spec to central repo
    runs-on: ubuntu-latest
    permissions:
--- a/.github/workflows/upload_schema.yml
+++ b/.github/workflows/upload_schema.yml
@@ -13,12 +13,11 @@ on:
      - feature_**
      - stable-**
 jobs:
-  check-ownership:
-    uses: ./.github/workflows/_repo-owns-branch.yml
-
  push:
-    needs: check-ownership
-    if: needs.check-ownership.outputs.should_run == 'true'
+    if: |
+      github.event_name == 'workflow_dispatch' ||
+      (github.repository == 'ansible/awx' && (github.ref_name == 'devel' || startsWith(github.ref_name, 'feature_'))) ||
+      (github.repository == 'ansible/tower' && (startsWith(github.ref_name, 'stable-') || startsWith(github.ref_name, 'release_')))
    runs-on: ubuntu-latest
    timeout-minutes: 60
    permissions: