CI: Validation jobs fail on push events due to PR-specific condition checks

[jolestar]

Problem Description

The validation jobs in check_build_test.yml use github.event.pull_request.changed_files.*.filename for conditional execution, which only works for pull request events. These jobs fail or are skipped when pushing directly to the main branch.

Affected Jobs

• validate_dockerfile_debug
• validate_dockerfile
• validate_homebrew
• shellcheck

Current Code

validate_dockerfile_debug:
  name: Validate Debug Dockerfile
  runs-on: ubuntu-latest
  needs: check_changes
  if: ${{ contains(github.event.pull_request.changed_files.*.filename, 'docker/DockerfileDebug') }}
  timeout-minutes: 30
  steps:
    - name: Checkout code
      uses: actions/checkout@v4
    - name: Validate Debug Docker files
      run: docker build -f docker/DockerfileDebug -t rooch-test-debug .

Issue

When triggered by push event (not pull_request), github.event.pull_request is undefined, causing these jobs to fail with:

Error: Cannot read property 'changed_files' of undefined

Proposed Solutions

Option 1: Use dorny/paths-filter (Recommended)

Use the same dorny/paths-filter@v3 action that's already used in the check_changes job:

check_changes:
  # ... existing filters ...
  filters: |
    core: ...
    sdk_web: ...
    scripts: ...
    # Add new filters
    dockerfile_debug:
      - 'docker/DockerfileDebug'
    dockerfile:
      - 'docker/Dockerfile'
    homebrew:
      - 'Formula/**'

Then update validation jobs:

validate_dockerfile_debug:
  name: Validate Debug Dockerfile
  runs-on: ubuntu-latest
  needs: check_changes
  if: ${{ needs.check_changes.outputs.dockerfile_debug == 'true' }}
  timeout-minutes: 30
  steps:
    - name: Checkout code
      uses: actions/checkout@v4
    - name: Validate Debug Docker files
      run: docker build -f docker/DockerfileDebug -t rooch-test-debug .

Option 2: Split to Separate Workflow File

Create a new workflow file .github/workflows/validation.yml:

name: Validation Checks

on:
  pull_request:
    branches: ['main']
  push:
    branches: ['main']

jobs:
  check_validation_changes:
    name: Check Validation Changes
    runs-on: ubuntu-latest
    outputs:
      dockerfile_debug: ${{ steps.changes.outputs.dockerfile_debug }}
      dockerfile: ${{ steps.changes.outputs.dockerfile }}
      homebrew: ${{ steps.changes.outputs.homebrew }}
      shell_scripts: ${{ steps.changes.outputs.shell_scripts }}
    timeout-minutes: 5
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Filter Changed Files
        uses: dorny/paths-filter@v3
        id: changes
        with:
          filters: |
            dockerfile_debug:
              - 'docker/DockerfileDebug'
            dockerfile:
              - 'docker/Dockerfile'
            homebrew:
              - 'Formula/**'
            shell_scripts:
              - 'scripts/**'

  validate_dockerfile_debug:
    name: Validate Debug Dockerfile
    runs-on: ubuntu-latest
    needs: check_validation_changes
    if: ${{ needs.check_validation_changes.outputs.dockerfile_debug == 'true' }}
    timeout-minutes: 30
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Validate Debug Docker files
        run: docker build -f docker/DockerfileDebug -t rooch-test-debug .

  validate_dockerfile:
    name: Validate Dockerfile
    runs-on: ubuntu-latest
    needs: check_validation_changes
    if: ${{ needs.check_validation_changes.outputs.dockerfile == 'true' }}
    timeout-minutes: 30
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Validate Docker files
        run: docker build -f docker/Dockerfile -t rooch-test .

  validate_homebrew:
    name: Validate Homebrew Formula
    runs-on: ubuntu-latest
    needs: check_validation_changes
    if: ${{ needs.check_validation_changes.outputs.homebrew == 'true' }}
    timeout-minutes: 15
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Validate Homebrew formula
        run: |
          brew audit --strict --online Formula/rooch.rb

  shellcheck:
    name: ShellCheck
    runs-on: ubuntu-latest
    needs: check_validation_changes
    if: ${{ needs.check_validation_changes.outputs.shell_scripts == 'true' }}
    timeout-minutes: 15
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Run ShellCheck
        uses: Azbagheri/shell-linter@v0.8.0
        with:
          path: 'scripts/*.sh'
          severity: 'error'

Benefits of Separate Workflow

1. Separation of Concerns: Main workflow focuses on build/test, validation workflow focuses on file format validation
2. Independent Execution: Validation jobs can run independently without blocking main CI
3. Easier Maintenance: Clear distinction between testing and validation logic
4. Faster Feedback: Validation jobs can complete independently
5. Better Organization: Related validation checks grouped together

Recommendation

Use Option 2 (separate workflow) because:

1. Better organizational structure
2. Validation checks are conceptually different from build/test
3. Allows independent execution and maintenance
4. Prevents bloating the already complex check_build_test.yml file
5. Makes it easier to add more validation checks in the future

Related Issues

• Evaluate migrating CI from self-hosted runners to GitHub-hosted (Large) runners #3915: Migrate CI from self-hosted to GitHub-hosted runners
• PR ci: migrate CI workflows from self-hosted to GitHub-hosted runners #3917: CI workflow improvements