From 08162d30224f1c8481e287ee3da6c82bceabee1d Mon Sep 17 00:00:00 2001
From: Josh Stone <cuviper@gmail.com>
Date: Tue, 6 Feb 2024 09:56:27 -0800
Subject: [PATCH] ci: Use a single action to collect final status

This is copied from how rust-lang/miri-test-libstd does it.
---
 .github/workflows/ci.yaml | 21 +++++++++++----------
 .github/workflows/pr.yaml | 21 +++++++++++----------
 2 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index c4aa954cb..fad2278cd 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -109,16 +109,17 @@ jobs:
           components: rustfmt
       - run: cargo fmt --all --check
 
-  ci-success:
-    name: Complete
+  # One job that "summarizes" the success state of this pipeline. This can then be added to branch
+  # protection, rather than having to add each job separately.
+  success:
+    name: Success
     runs-on: ubuntu-latest
     needs: [check, test, demo, i686, wasm, wasi, fmt]
+    # Github branch protection is exceedingly silly and treats "jobs skipped because a dependency
+    # failed" as success. So we have to do some contortions to ensure the job fails if any of its
+    # dependencies fails.
+    if: always() # make sure this is never "skipped"
     steps:
-      - run: exit 0
-  ci-failed:
-    name: Complete
-    runs-on: ubuntu-latest
-    needs: [check, test, demo, i686, wasm, wasi, fmt]
-    if: failure()
-    steps:
-      - run: exit 1
+      # Manually check the status of all dependencies. `if: failure()` does not work.
+      - name: check if any dependency failed
+        run: jq --exit-status 'all(.result == "success")' <<< '${{ toJson(needs) }}'
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
index 67e7941f6..88cddd8b7 100644
--- a/.github/workflows/pr.yaml
+++ b/.github/workflows/pr.yaml
@@ -37,16 +37,17 @@ jobs:
           components: rustfmt
       - run: cargo fmt --all --check
 
-  ci-success:
-    name: Complete
+  # One job that "summarizes" the success state of this pipeline. This can then be added to branch
+  # protection, rather than having to add each job separately.
+  success:
+    name: Success
     runs-on: ubuntu-latest
     needs: [check, test, fmt]
+    # Github branch protection is exceedingly silly and treats "jobs skipped because a dependency
+    # failed" as success. So we have to do some contortions to ensure the job fails if any of its
+    # dependencies fails.
+    if: always() # make sure this is never "skipped"
     steps:
-      - run: exit 0
-  ci-failed:
-    name: Complete
-    runs-on: ubuntu-latest
-    needs: [check, test, fmt]
-    if: failure()
-    steps:
-      - run: exit 1
+      # Manually check the status of all dependencies. `if: failure()` does not work.
+      - name: check if any dependency failed
+        run: jq --exit-status 'all(.result == "success")' <<< '${{ toJson(needs) }}'