sqlmesh icon indicating copy to clipboard operation
sqlmesh copied to clipboard
verified publisher icon TobikoData

Feature Request: Allow creating a ruleset to require the Prod Environment Sync job to succeed before merging to main is allowed

Open Ben-Epstein opened this issue 1 year ago • 2 comments

I'm trying to use the synchronized CI/CD workflow but i'm running into 1 specific issue.

I'd like to enforce that the Prod Environment Synced check is passing before merge. I have done that in a toy example here, but the issue is that requiring that to pass before merging actually causes it to fail, because it tries to merge the PR after the prod sync happens, but because it didnt send out a passing signal yet, github blocks it.

I don't want people accidentally merging PRs before the deploy step occurs - that defeats the purpose of the synchronized workflow's benefits.

The feature request is to modify the Prod Environment Sync job such that we can create a ruleset around it that would force its success before merging.

Thank you!

Ben-Epstein avatar Nov 24 '24 21:11 Ben-Epstein

Hey @eakmanrq, perhaps you can help here? Should we mark this as feature/improvement?

georgesittas avatar Nov 27 '24 13:11 georgesittas

👍 I have a similar request - I want to enforce branch protection of some kind conditional on the synchronised CI/CD workflow jobs.

I asked the #sqlmesh-ask-ai channel in Slack and the kapa.ai pointed me to this GitHub Issue, see here: https://tobiko-data.slack.com/archives/C07HJH22U9Z/p1742283926630019.

The default SQLMesh CI/CD github actions workflow here (https://sqlmesh.readthedocs.io/en/stable/integrations/github/#example-synchronized-full-workflow) does not appear to be compatible with branch protection rules that enforce status checks to pass.

This is because the "Await Required Approvers" check is a Neutral check and the ""Prod Environment Sync" can be skipped prior to the approval step. Both a Neutral and a Skipped check do not halt a "Require status checks to pass" branch protection rule. I can't simply apply an always() command as documented here (https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/collaborat[…]-code-quality-features/troubleshooting-required-status-checks) because the sqlmesh_cicd run-all command doesn't let me configure the workflow steps in any way.

This means that there's no convenient way to actually enforce awaiting a required approval or a /deploy command, because at any given time a user can simply merge the branch.

Do you have any solutions for this github actions workflow configuration?

tanghyd avatar Mar 18 '25 07:03 tanghyd