From c21daefe4f2be35aa495991e3d125ad4c0c60d19 Mon Sep 17 00:00:00 2001
From: Glenn <gedwards@squareup.com>
Date: Tue, 29 Jul 2025 08:45:03 -0400
Subject: [PATCH 1/4] skip app-related CI jobs for doc/blog PRs

---
 .github/workflows/ci.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d05e462e3cd2..20c87b588f40 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,9 +5,13 @@ on:
   pull_request:
     branches:
       - main
+    paths-ignore:
+      - "documentation/**"
   merge_group:
     branches:
       - main
+    paths-ignore:
+      - "documentation/**"
   workflow_dispatch:
 
 name: CI

From fff45ba8bf41c3d1e25f09c4c582d55a05dff9d8 Mon Sep 17 00:00:00 2001
From: angiejones <jones.angie@gmail.com>
Date: Tue, 29 Jul 2025 20:07:51 -0500
Subject: [PATCH 2/4] Make CI optimization more granular

Instead of skipping the entire CI workflow for documentation-only changes,
this makes the optimization more granular by:

- Adding a 'changes' job to detect which files have changed
- Only skipping expensive jobs (rust-format, rust-build-and-test, desktop-lint, bundle-desktop-unsigned) for docs-only PRs
- Keeping the workflow running so other important checks (DCO, security scans, etc.) continue to work
- Using dorny/paths-filter for reliable file change detection

This approach saves significant CI resources for documentation PRs while
maintaining all necessary checks for code changes.
---
 .github/workflows/ci.yml | 37 ++++++++++++++++++++++++++++++++-----
 1 file changed, 32 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 20c87b588f40..00aae01807bb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,21 +5,40 @@ on:
   pull_request:
     branches:
       - main
-    paths-ignore:
-      - "documentation/**"
   merge_group:
     branches:
       - main
-    paths-ignore:
-      - "documentation/**"
   workflow_dispatch:
 
 name: CI
 
 jobs:
+  # Detect what files have changed to conditionally run jobs
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      docs-only: ${{ steps.filter.outputs.docs-only }}
+      code: ${{ steps.filter.outputs.code }}
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
+      
+      - name: Check for file changes
+        uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            docs-only:
+              - 'documentation/**'
+            code:
+              - '!documentation/**'
+
   rust-format:
     name: Check Rust Code Format
     runs-on: ubuntu-latest
+    needs: changes
+    # Skip Rust formatting for documentation-only changes
+    if: needs.changes.outputs.code == 'true' || github.event_name != 'pull_request'
     steps:
       - name: Checkout Code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
@@ -30,6 +49,9 @@ jobs:
   rust-build-and-test:
     name: Build and Test Rust Project
     runs-on: goose
+    needs: changes
+    # Skip expensive Rust build and test for documentation-only changes
+    if: needs.changes.outputs.code == 'true' || github.event_name != 'pull_request'
     steps:
       # Add disk space cleanup before linting
       - name: Check disk space before build
@@ -148,6 +170,9 @@ jobs:
   desktop-lint:
     name: Lint Electron Desktop App
     runs-on: macos-latest
+    needs: changes
+    # Skip desktop linting for documentation-only changes since it only checks TypeScript/React code
+    if: needs.changes.outputs.code == 'true' || github.event_name != 'pull_request'
     steps:
       - name: Checkout Code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
@@ -164,6 +189,8 @@ jobs:
   # Faster Desktop App build for PRs only
   bundle-desktop-unsigned:
     uses: ./.github/workflows/bundle-desktop.yml
-    if: github.event_name == 'pull_request' || github.event_name == 'merge_group'
+    needs: changes
+    # Skip desktop bundle for documentation-only changes to save resources
+    if: (github.event_name == 'pull_request' || github.event_name == 'merge_group') && (needs.changes.outputs.code == 'true' || github.event_name != 'pull_request')
     with:
       signing: false

From b05bbe4ed56f5d0f552bc27899f299b9e1a3dce2 Mon Sep 17 00:00:00 2001
From: angiejones <jones.angie@gmail.com>
Date: Tue, 29 Jul 2025 20:11:57 -0500
Subject: [PATCH 3/4] Remove explanatory comments from CI workflow

Clean up the workflow by removing the explanatory comments
for the conditional job logic.
---
 .github/workflows/ci.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 00aae01807bb..f2023d1a78ce 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,7 +13,6 @@ on:
 name: CI
 
 jobs:
-  # Detect what files have changed to conditionally run jobs
   changes:
     runs-on: ubuntu-latest
     outputs:
@@ -37,7 +36,6 @@ jobs:
     name: Check Rust Code Format
     runs-on: ubuntu-latest
     needs: changes
-    # Skip Rust formatting for documentation-only changes
     if: needs.changes.outputs.code == 'true' || github.event_name != 'pull_request'
     steps:
       - name: Checkout Code
@@ -50,7 +48,6 @@ jobs:
     name: Build and Test Rust Project
     runs-on: goose
     needs: changes
-    # Skip expensive Rust build and test for documentation-only changes
     if: needs.changes.outputs.code == 'true' || github.event_name != 'pull_request'
     steps:
       # Add disk space cleanup before linting
@@ -171,7 +168,6 @@ jobs:
     name: Lint Electron Desktop App
     runs-on: macos-latest
     needs: changes
-    # Skip desktop linting for documentation-only changes since it only checks TypeScript/React code
     if: needs.changes.outputs.code == 'true' || github.event_name != 'pull_request'
     steps:
       - name: Checkout Code
@@ -190,7 +186,6 @@ jobs:
   bundle-desktop-unsigned:
     uses: ./.github/workflows/bundle-desktop.yml
     needs: changes
-    # Skip desktop bundle for documentation-only changes to save resources
     if: (github.event_name == 'pull_request' || github.event_name == 'merge_group') && (needs.changes.outputs.code == 'true' || github.event_name != 'pull_request')
     with:
       signing: false

From d6d66ac6cd391d8e6b881edb160b17e20647d027 Mon Sep 17 00:00:00 2001
From: angiejones <jones.angie@gmail.com>
Date: Tue, 29 Jul 2025 20:14:21 -0500
Subject: [PATCH 4/4] Pin dorny/paths-filter to commit SHA for security

Pin dorny/paths-filter@v3 to commit SHA de90cc6fb38fc0963ad72b210f1f284cd68cea36
to address the security alert about third-party actions not being pinned.
---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f2023d1a78ce..41bedc989765 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
       
       - name: Check for file changes
-        uses: dorny/paths-filter@v3
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # pin@v3
         id: filter
         with:
           filters: |