ci: use dorny/paths-filter to fulfil Required checks without paths/paths-ignore triggers

[Copilot]

Workflows using paths:/paths-ignore: on the pull_request: trigger never create a check run when no matching files change, breaking "Required checks" in branch protection — PRs touching only docs or CI files get stuck forever.

What's new?

Converts affected workflows to use dorny/paths-filter@v3 for path-based gating, moving the logic into job-level if: conditions instead of trigger filters:

• Remove paths:/paths-ignore: from on: pull_request: triggers (and drop non-default types: from snap.yml and tics.yml)
• .github/filters.yaml: centralises all path-filter definitions into named sections — documentation (doc/** + workflow file), code (src/** + include/**), snap (snap/** + workflow file), spread (spread** + workflow file), symbols (include/**.h + workflow file), tics (workflow file only), and tools (tools/**); each workflow's own file is included so changes to it always trigger its CI
• snap.yml: dorny/paths-filter runs as the first step in the existing arches job using the shared filters file (no checkout needed — the action fetches the file via the GitHub API); should-run is set when code or snap files change; downstream jobs (mir-libs, snap) are gated on arches.outputs.should-run; the snap job's if: uses an inline event_name/repository check to restrict secret-requiring steps to same-repo PRs
• spread.yml: same approach in the existing GetMatrix job; should-run is set when code, spread, or tools files change; BuildAndTest is gated on GetMatrix.outputs.should-run
• symbols-check.yml: a lightweight check-paths job uses the shared filters file; should-run is set when symbols files change
• automatic-doc-checks.yml: a lightweight check-paths job uses the shared filters file; should-run is set when documentation files change
• tics.yml: a lightweight check-paths job uses the shared filters file; should-run is set when code or tics files change for pull_request events; non-PR events (push, merge_group, workflow_dispatch) always run; the TICS job retains its existing repo-ownership guard
• close-snap.yml: left unchanged — it is not a required check

dorny/paths-filter runs unconditionally for all event types (push, merge_group, pull_request), so path-based gating applies consistently regardless of how the workflow is triggered. No actions/checkout is required in the filter-only jobs since dorny/paths-filter@v3 fetches the filters file directly from the GitHub API.

How to test

Open a PR that changes only docs or CI files (e.g. a doc/ change) and confirm the affected workflows now appear as skipped (not absent) checks.

Open a PR that changes only .github/workflows/snap.yml or .github/workflows/spread.yml and confirm those workflows still run despite not being covered by the code filter.

Open a PR that changes only src/ or include/ files and confirm snap, spread, symbols-check, and tics all trigger as expected.

Open a PR that changes only doc/ or unrelated CI files and confirm tics appears as a skipped check rather than absent.

Checklist

• Tests added and pass
• Adequate documentation added
• (optional) Added Screenshots or videos

[Saviq]

@copilot in snap.yml, use arches, and in spread.yml, use GetMatrix to perform the gating, no need for yet another job.

[Saviq]

@copilot and leave close-snap be, it's not a required check.

[Saviq]

@copilot use the dorny/paths-filter action to perform the check

[Copilot]

@copilot in snap.yml, use arches, and in spread.yml, use GetMatrix to perform the gating, no need for yet another job.

Done in f232207. dorny/paths-filter now runs as the first step in arches (snap.yml) and GetMatrix (spread.yml), with the should-run output gating the downstream jobs — no separate job needed.

@copilot and leave close-snap be, it's not a required check.

Reverted in f232207.

@copilot use the dorny/paths-filter action to perform the check

Switched to dorny/paths-filter@v3 in f232207. It's used in arches/GetMatrix (snap/spread) and in the check-paths jobs (symbols-check/automatic-doc-checks).

[Saviq]

@copilot don't gate on pull-request events, this should be active for any event.

[Copilot]

@copilot don't gate on pull-request events, this should be active for any event.

Fixed in bcc73b5. Removed if: github.event_name == 'pull_request' from all filter steps and simplified the should-run output to just ${{ steps.filter.outputs.relevant }} — the filter now runs unconditionally for any event.

[Saviq]

@copilot revert the last commit, and refactor the filters into a .github/filters.yaml file, splitting the filters into the following sections, including the relevant workflow files:

• documentation
• code
• snap
• spread
• symbols
• tools

Then, change the should-run outputs accordingly:

• automatic-doc-checks: if documentation changed
• spread: if code, spread, tools or current workflow changed
• snap: if code or snap changed
• symbols-check: if headers changed

[Copilot]

@copilot revert the last commit, and refactor the filters into a .github/filters.yaml file, splitting the filters into the following sections, including the relevant workflow files:

• documentation...

Done in 954bbbb. The last commit has been reverted and replaced with a .github/filters.yaml containing documentation, code, snap, spread, symbols, and tools sections (each including its relevant workflow file). Each workflow now references the shared file via filters: .github/filters.yaml and gates on the appropriate combination:

• automatic-doc-checks: documentation
• spread: code || spread || tools
• snap: code || snap
• symbols-check: symbols

[Saviq]

@copilot the tics workflow also needs the same treatment, and run on code, or the workflow, change.

[Copilot]

@copilot the tics workflow also needs the same treatment, and run on code, or the workflow, change.

Done in 8aafd82. Added a tics section to .github/filters.yaml (containing just .github/workflows/tics.yml), removed paths-ignore/types from the pull_request: trigger, and added a lightweight check-paths job. The TICS job is now gated on needs.check-paths.outputs.should-run == 'true', where should-run is true for all non-pull_request events (push/merge_group/workflow_dispatch run unconditionally) and for PRs only when code or tics files change.

[Copilot]

Pull request overview

This PR updates several required CI workflows to avoid GitHub branch protection deadlocks caused by paths: / paths-ignore: on pull_request triggers (which can prevent check runs from being created). It centralizes path gating in .github/filters.yaml and moves path-based logic into job-level if: conditions using dorny/paths-filter@v3.

Changes:

• Remove paths / paths-ignore (and some non-default pull_request.types) from workflow triggers so checks are always created.
• Add .github/filters.yaml and use dorny/paths-filter@v3 to compute a should-run output used to gate expensive jobs.
• Introduce lightweight “check-paths” / “filter-first” steps or jobs across workflows.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
.github/workflows/tics.yml	Adds a check-paths job and gates TICS execution via needs.check-paths.outputs.should-run.
.github/workflows/symbols-check.yml	Adds a check-paths job and gates CheckSymbols via needs.check-paths.outputs.should-run.
.github/workflows/spread.yml	Runs paths-filter early in GetMatrix and gates BuildAndTest based on filter outputs.
.github/workflows/snap.yml	Runs paths-filter early in arches and gates mir-libs (and transitively snap) based on filter outputs.
.github/workflows/automatic-doc-checks.yml	Adds a check-paths job and gates the reusable documentation-checks workflow call.
.github/filters.yaml	Introduces centralized, named filters used by the updated workflows.

[Copilot]

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

[Saviq]

We could cut down the unnecessary runs even further with debian/**, rpm/** skipping the relevant Spread jobs, TBD.

[github-actions]

TICS Quality Gate

✔️ Passed

No changed files applicable for TICS analysis quality gating.

TICS / TICS / Run TICS analysis