Workflow adjustments (#2301)

### What kind of change does this PR introduce?

* Sets an output condition to prevent subsequent steps from running
(without marking the workflow as `cancelled`/`failed`).
* Addresses a concurrency issue that occurs when a `pull_request_review`
event cancels a `pull_request` triggered build.
* Completely removes `ubuntu-slim` (not compatible with
`step-security/harden-runner`).

### Does this PR introduce a breaking change?

Pull request reviews will no longer cancel workflows that have been
trigger via `pull_request` events (`synchronize`). This should make
things a bit easier.

### Other information:

Given that this workflow performs a checkout and creates tokens using
secrets, we should not be allowing `pull_request_target` as an allowed
trigger.

Author: Zeitsperre

.github/workflows/add-to-project.yml

@@ -11,7 +11,7 @@ permissions:
 jobs:
   add-to-project:
     name: Add Issue to xclim Project
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
     permissions:
       repository-projects: write
     steps:

.github/workflows/auto-accept-ci-changes.yml

@@ -42,20 +42,23 @@ jobs:
           github-token: ${{ steps.token_generator.outputs.token }}
 
       - name: Stop workflow if not minor update or patch update
+        id: skip-condition
         if: >
           steps.dependabot-metadata.outputs.update-type != 'version-update:semver-minor' &&
           steps.dependabot-metadata.outputs.update-type != 'version-update:semver-patch'
         run: |
           echo "Not a minor or patch update; skipping auto-approval."
-          exit 0
+          echo "skip=true" >> $GITHUB_OUTPUT
 
       - name: Checkout Repository
+        if: ${{ steps.skip-condition.outputs.skip != 'true' }}
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           token: ${{ steps.token_generator.outputs.token }}
           persist-credentials: false
 
       - name: Approve Pull Request if not already approved
+        if: ${{ steps.skip-condition.outputs.skip != 'true' }}
         run: |
           if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ];
           then gh pr review --approve "$PR_URL"
@@ -66,6 +69,7 @@ jobs:
           PR_URL: ${{github.event.pull_request.html_url}}
 
       - name: Enable auto-merge
+        if: ${{ steps.skip-condition.outputs.skip != 'true' }}
         run: |
           gh pr merge --auto --merge "$PR_URL"
         env:

.github/workflows/main.yml

@@ -22,8 +22,8 @@ env:
   XCLIM_TESTDATA_BRANCH: v2025.4.29
 
 concurrency:
-  # For a given workflow, if we push to the same branch, cancel all previous builds on that branch except on main.
-  group: "${{ github.workflow }}-${{ github.ref }}"
+  # For a given workflow, if we push to the same branch, from the same event family, cancel all previous builds on that branch except on main.
+  group: "${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}"
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 permissions:

.github/workflows/publish-mastodon.yml

@@ -11,7 +11,7 @@ permissions:
 jobs:
   toot:
     name: Generate Mastodon Toot
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
     environment: production
     steps:
       - name: Harden Runner

.github/workflows/testdata-version.yml

@@ -15,7 +15,7 @@ permissions:
 jobs:
   use-latest-tag:
     name: Check Latest xclim-testdata Tag
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
     if: |
      (github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name)
     permissions:

.github/workflows/workflow-warning.yml

@@ -18,7 +18,7 @@ permissions:
 jobs:
   comment-concerning-workflow-changes:
     name: Comment Concerning Workflow Changes
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
     if: |
       (github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name)
     permissions:

CHANGELOG.rst

@@ -27,6 +27,8 @@ Internal changes
     * The configuration in `tox.toml` now uses the new TOML conventions.
     * `--strict-config` and `--strict-markers` have been replaced with the new `--strict` mode. For more information, refer to the `pytest documentation <https://docs.pytest.org/en/stable/reference/reference.html#confval-strict>`_.
 * Added a GitHub Workflow for automatically approving Dependabot Pull Requests that are either `patch` or `minor` updates. Dependabot is now configured to run on a monthly basis (previously weekly). (:pull:`2292`).
+* Dependabot `auto-approved` pull requests are now also set to `auto-merge`. (:pull:`2300`).
+* Build-cancelling based on concurrency rules for the `main.yml` GitHub Workflow is now divided according to the `github.event_name` (`pull_request`, `pull_request_review`). (:pull:`2301`).
 
 v0.59.1 (2025-10-31)
 --------------------