docs: update changelog for push dedup guard

ci(push-validation): skip branch pushes with open PR
2026-03-21 22:36:23 +00:00 · 2026-03-21 22:36:23 +00:00
2 changed files with 37 additions and 0 deletions
--- a/.gitea/workflows/push-validation.yml
+++ b/.gitea/workflows/push-validation.yml
@@ -12,7 +12,43 @@ concurrency:
  cancel-in-progress: true

 jobs:
+  check-open-pr:
+    runs-on: ubuntu-latest
+    container: docker.io/catthehacker/ubuntu:act-latest
+    outputs:
+      should_run: ${{ steps.detect.outputs.should_run }}
+    steps:
+      - name: Detect open PR for branch
+        id: detect
+        env:
+          REPOSITORY: ${{ github.repository }}
+          OWNER: ${{ github.repository_owner }}
+          BRANCH: ${{ github.ref_name }}
+          SERVER_URL: ${{ github.server_url }}
+          TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -euo pipefail
+
+          api_url="${SERVER_URL}/api/v1/repos/${REPOSITORY}/pulls?state=open&head=${OWNER}:${BRANCH}"
+          auth_args=()
+          if [[ -n "${TOKEN:-}" ]]; then
+            auth_args=(-H "Authorization: token ${TOKEN}")
+          fi
+
+          response="$(curl -fsSL "${auth_args[@]}" -H 'accept: application/json' "$api_url" || echo '[]')"
+          open_prs="$(printf '%s' "$response" | grep -o '"number":[0-9]\+' | wc -l | tr -d ' ')"
+
+          if [[ "$open_prs" -gt 0 ]]; then
+            echo "should_run=false" >> "$GITHUB_OUTPUT"
+            echo "Open PR detected for ${OWNER}:${BRANCH}; skipping push validation." >> "$GITHUB_STEP_SUMMARY"
+          else
+            echo "should_run=true" >> "$GITHUB_OUTPUT"
+            echo "No open PR detected for ${OWNER}:${BRANCH}; running push validation." >> "$GITHUB_STEP_SUMMARY"
+          fi
+
  validate:
+    needs: check-open-pr
+    if: ${{ needs.check-open-pr.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
    container: docker.io/catthehacker/ubuntu:act-latest
    defaults:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -33,6 +33,7 @@ A `### Breaking` section is used in addition to Keep a Changelog's standard sect
 - PR validation now keys coverage badge upload off the coverage step outcome and performs changelog gate validation in a native workflow step; decorate-pr changelog gating is disabled to bypass the broken internal extractor action.
 - Push validation now triggers on all branches, not only `main`.
 - Push and PR validation workflows now share a `concurrency` group keyed on the branch name (`github.ref_name` / `github.head_ref`) with `cancel-in-progress: true`; when a push to a PR branch fires both workflows, the second run cancels the first so only one validation executes per commit.
+- Push validation now performs an open-PR branch check via the Gitea API and skips the heavy validation job when the branch already has an open PR, preventing duplicate full pipeline runs.
 - README badge link target updated to `actions/runs/latest?workflow=...` format per workflow standards.
 - CI security scanning now uses GitHub Marketplace actions (`securego/gosec` and `golang/govulncheck-action`) instead of manual tool installation, improving reliability and caching.
 - CI setup compatibility fix: gosec scanner now references the correct public action source (`securego/gosec`), resolving action clone failures in Gitea runners.
Author	SHA1	Message	Date
Micheal Wilkinson	1f93a3d532	docs: update changelog for push dedup guard Some checks failed Push Validation / check-open-pr (push) Failing after 2s Details Push Validation / validate (push) Has been skipped Details Pull Request Validation / validate (pull_request) Failing after 1m44s Details	2026-03-21 22:36:23 +00:00
Micheal Wilkinson	3104feb738	ci(push-validation): skip branch pushes with open PR	2026-03-21 22:36:23 +00:00