Check the version increment only for PRs into default branches#686
Merged
Conversation
A version increment is required only from a branch which aims to merge into a default (`master`/`main`) or a release-line (e.g. `2.x-jdk8-master`) branch. Auxiliary branches do not deal with the versions in the release cycle, so pull requests targeting them must not be version-guarded. - `IncrementGuard` now enables the `checkVersionIncrement` task only for `pull_request` events whose base branch name ends with `master` or `main`, instead of `push` events to any feature branch. This also stops the `build` task (and hence the JUnit test report) from failing on pushes when the version is not yet bumped. - The `Version Guard` workflow is triggered by `pull_request` events filtered by the base branches above, instead of `push` to any branch. - The `License Reports` workflow is filtered the same way: the report files embed the project version, so only version-bumping branches refresh them. https://claude.ai/code/session_01Et5WtRbSBtjL6ZiXynsDfr
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6011f232de
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adjusts the version-increment enforcement to run only for pull requests targeting default/release-line branches (those ending in master/main), preventing auxiliary-branch PRs and plain pushes from failing CI due to version-guard logic.
Changes:
- Update
IncrementGuardto enablecheckVersionIncrementonly forpull_requestevents with a base branch ending inmaster/main, usingGITHUB_BASE_REF. - Change the “Version Guard” and “License Reports” workflows to trigger only on
pull_requestevents targeting**master/**main. - Add unit tests covering the new
IncrementGuarddecision logic.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| buildSrc/src/test/kotlin/io/spine/gradle/publish/IncrementGuardTest.kt | Adds coverage for the new “check only PRs into default/release-line branches” decision function. |
| buildSrc/src/main/kotlin/io/spine/gradle/publish/IncrementGuard.kt | Switches the guard decision from push/ref parsing to a pure PR+base-branch check using GITHUB_BASE_REF. |
| .github-workflows/increment-guard.yml | Moves Version Guard to pull_request and filters to default/release-line target branches only. |
| .github-workflows/ensure-reports-updated.yml | Applies the same pull_request base-branch filtering to the license report update check. |
| .agents/tasks/version-guard-aux-base-branches.md | Records the rationale/plan for the change so it’s traceable for future maintenance. |
A workflow skipped because of the `branches` filter leaves its check in the `Pending` state. In a repository where `Version Guard` or `License Reports` is configured as a required status check beyond the default branch, this would block PRs into auxiliary branches instead of waiving them. A job skipped via an `if` condition reports the `skipped` conclusion, which satisfies required status checks, and does not occupy a runner. So the workflows now trigger on all `pull_request` events, and the base branch is checked by the job-level `if` mirroring the `IncrementGuard` logic. https://claude.ai/code/session_01Et5WtRbSBtjL6ZiXynsDfr
armiol
approved these changes
Jun 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The
Version Guardworkflow — and, by cascade,JUnit Test Report (push)— failed for PRs whose base branch is not the default one (master). The guard triggered onpushto any branch and enabledcheckVersionIncrementfor any branch not ending withmaster/main, with no awareness of where the branch intends to merge. SincecheckVersionIncrementis wired intocheck, theUbuntu CIbuild failed before tests produced reports, taking the JUnit report check down with it (require_tests: true).A version increment is the responsibility of a branch which aims to merge into a default (or otherwise protected) branch. Auxiliary branches do not deal with the versions in the release cycle.
Changes
IncrementGuardnow enables thecheckVersionIncrementtask only forpull_requestevents whose base branch name ends withmasterormain(coversmaster,main, and release-line branches such as2.x-jdk8-master). Thepush-event logic and theGITHUB_REFparsing are gone; the decision is a pure function covered by the newIncrementGuardTest.Version Guardworkflow triggers onpull_requestinstead ofpushto all branches. The base branch is checked by a job-levelifmirroring theIncrementGuardlogic: for a PR into an auxiliary branch the job reportsskipped, which satisfies required status checks (a workflow skipped via thebranchesfilter would leave a required check in thePendingstate, blocking the PR) and occupies no runner.License Reportsworkflow gets the same job-level gate: the dependency report files embed the project version, so they are refreshed by the version-bumping branches. PRs into auxiliary branches no longer require touching them. (ensure-reports-updated.shitself needs no change — it already works offGITHUB_BASE_REF.)Behavioral notes
opened/synchronize) rather than on pushes, so a branch without an open PR is never version-checked. Coverage for master-bound work is unchanged: every push to a PR'd branch triggerssynchronize.Ubuntu CI/JUnit Test Reportover a stale version. Instead, for PRs intomaster-like bases, the enabled task participates incheckonWindows CI(apull_requestbuild) alongside the dedicatedVersion Guardrun — the same signal, moved from push-side to PR-side.Verification
./gradlew -p buildSrc test— passes, including the newIncrementGuardTest../gradlew detekt— passes.pull_requesttriggers and job conditions.Consumer repositories receive the fix via the usual
./config/pullcycle.https://claude.ai/code/session_01Et5WtRbSBtjL6ZiXynsDfr