chore(.github/workflowsw): move main CI checks to merge queue runs

.github/workflows/all-green.yml

@@ -3,10 +3,6 @@ name: Check Pull Request CI Status
 on:
   workflow_dispatch: # allow to trigger the workflow on main, to add it in suggestion on branch protection rules
   pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
 
 permissions:
   checks: read

.github/workflows/appsec.yml

@@ -16,13 +16,15 @@ on:
       - 'appsec/**'
       - 'contrib/**/appsec.go'
       - '**/go.mod'
-  merge_group:
   push:
-    branches: release-v*
+    branches:
+      - release-v*
     tags-ignore:
       - 'contrib/**'
       - 'instrumentation/**'
-
+      - 'internal/**'
+      - 'orchestrion/**'
+      - 'scripts/**'
 env:
   DD_APPSEC_WAF_TIMEOUT: 1m
   GOEXPERIMENT: synctest # TODO: remove once go1.25 is the minimum supported version

.github/workflows/codeql-analysis.yml

@@ -8,15 +8,9 @@ on:
         required: true
         type: string
   push:
-    branches: [ main, master ]
-    tags-ignore:
-      - 'contrib/**'
-      - 'instrumentation/**'
+    branches:
+      - mq-working-branch-**
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main ]
-  merge_group:
-
 jobs:
   analyze:
     name: Analyze

.github/workflows/ecosystems-label-pr.yml

@@ -1,12 +1,12 @@
 name: Label APM Ecosystems Pull Requests
 on:
   pull_request:
-    paths:
-      - "contrib/**"
     types:
       - opened
       - reopened
       - edited
+    paths:
+      - "contrib/**"
 permissions:
   contents: read
   pull-requests: write

.github/workflows/generate.yml

@@ -3,12 +3,9 @@ name: Generate
 on:
   push:
     branches:
-      - main
       - release-*
+      - mq-working-branch-**
   pull_request:
-    branches:
-      - main
-      - release-*
   workflow_call:
     inputs:
       go-version:

.github/workflows/govulncheck.yml

@@ -8,11 +8,14 @@ on:
         type: string
   push:
     branches:
-      - main
       - release-v*
+      - mq-working-branch-**
     tags-ignore:
       - 'contrib/**'
       - 'instrumentation/**'
+      - 'internal/**'
+      - 'orchestrion/**'
+      - 'scripts/**'
   schedule:
     - cron: '00 00 * * *'
   workflow_dispatch:

.github/workflows/main-branch-tests.yml

@@ -1,44 +1,27 @@
 name: Main Branch and Release Tests
 
 on:
-  workflow_call: # allows to reuse this workflow
-    inputs:
-      ref:
-        description: 'The branch to run the workflow on'
-        required: true
-        type: string
   push:
     branches:
-      - main
       - release-v*
+      - mq-working-branch-**
     tags-ignore:
       - 'contrib/**'
       - 'instrumentation/**'
+      - 'internal/**'
+      - 'orchestrion/**'
+      - 'scripts/**'
 
 concurrency:
   group: ${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
   unit-integration-tests:
-    strategy:
-      matrix:
-        go-version: [ "1.25", "1.24" ]
-      fail-fast: false
     uses: ./.github/workflows/unit-integration-tests.yml
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
     with:
-      go-version: ${{ matrix.go-version }}
-      ref: ${{ inputs.ref || github.ref }}
-    secrets: inherit
-  multios-unit-tests:
-    strategy:
-      matrix:
-        runs-on: [ macos-latest, windows-latest, ubuntu-latest ]
-        go-version: [ "1.25", "1.24" ]
-      fail-fast: false
-    uses: ./.github/workflows/multios-unit-tests.yml
-    with:
-      go-version: ${{ matrix.go-version }}
-      runs-on: ${{ matrix.runs-on }}
-      ref: ${{ inputs.ref || github.ref }}
-    secrets: inherit
+      go-version: "1.25" # Should be the highest supported version of Go

.github/workflows/multios-unit-tests.yml

@@ -4,13 +4,11 @@ on:
   workflow_dispatch: # manually
     inputs:
       go-version:
+        description: The Go version to use
         required: true
         type: string
       runs-on:
-        required: true
-        type: string
-      ref:
-        description: 'The branch to run the workflow on'
+        description: The OS to run the tests on
         required: true
         type: string
   workflow_call:
@@ -21,10 +19,6 @@ on:
       runs-on:
         required: true
         type: string
-      ref:
-        description: 'The branch to run the workflow on'
-        required: true
-        type: string
 
 env:
   DD_APPSEC_WAF_TIMEOUT: 1m # Increase time WAF time budget to reduce CI flakiness
@@ -51,10 +45,16 @@ jobs:
         shell: pwsh
         run: |
           "normalized_workspace=${{ github.workspace }}" >> $env:GITHUB_ENV
+      - name: Restore repo cache
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+        with:
+          path: .git
+          key: gitdb-${{ github.repository_id }}-${{ github.sha }}
       - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v2.7.0
         with:
-          ref: ${{ inputs.ref || github.ref }}
+          ref: ${{ github.sha }}
+          clean: false
       - name: Setup Go and development tools
         uses: ./.github/actions/setup-go
         with:
@@ -64,7 +64,7 @@ jobs:
       - name: Mac OS Coreutils
         if: inputs.runs-on == 'macos-latest'
         run: brew install coreutils
-      - name: "Runner ${{ matrix.runner-index }}: Test Core and Contrib (No Integration Tests)"
+      - name: "Runner: Test Core and Contrib (No Integration Tests)"
         shell: bash
         run: |
           export PATH="${{ github.workspace }}/bin:${PATH}"

.github/workflows/orchestrion.yml

@@ -15,13 +15,15 @@ on:
       DD_API_KEY:
         required: false
   pull_request:
-  merge_group:
   push:
     branches:
       - release-v*
     tags-ignore:
       - 'contrib/**'
       - 'instrumentation/**'
+      - 'internal/**'
+      - 'orchestrion/**'
+      - 'scripts/**'
 
 permissions: read-all
 

.github/workflows/parametric-tests.yml

@@ -9,15 +9,15 @@ on:
         type: string
   push:
     branches:
-      - main
       - release-v*
+      - mq-working-branch-**
     tags-ignore:
       - 'contrib/**'
       - 'instrumentation/**'
+      - 'internal/**'
+      - 'orchestrion/**'
+      - 'scripts/**'
   pull_request:
-    branches:
-      - "**"
-  merge_group:
   workflow_dispatch:
     inputs:
       ref:

.github/workflows/pull-request-title-validation.yml

@@ -2,7 +2,11 @@ name: Validate PR Title
 
 on:
   pull_request:
-    types: [opened, edited,reopened,synchronize]
+    types:
+      - opened
+      - edited
+      - reopened
+      - synchronize
 
 jobs:
   check-title:

.github/workflows/pull-request.yml

@@ -2,29 +2,64 @@ name: Pull Request Tests
 
 on:
   pull_request:
-    branches:
-      - "**"
-  merge_group:
-  push:
-    branches:
-      - 'mq-working-branch-**'
-    tags-ignore:
-      - 'contrib/**'
-      - 'instrumentation/**'
 
 concurrency:
   group: ${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
+  warm-repo-cache:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Cache
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+        with:
+          path: .git
+          key: gitdb-${{ github.repository_id }}-${{ github.sha }}
   unit-integration-tests:
     name: PR Unit and Integration Tests
+    needs:
+      - warm-repo-cache
+    strategy:
+      matrix:
+        go-version: [ "1.24", "1.25" ]
+      fail-fast: false
     uses: ./.github/workflows/unit-integration-tests.yml
-    permissions:
-      contents: read
-      id-token: write
-      pull-requests: write
     with:
-      go-version: "1.24"
-      ref: ${{ github.ref }}
+      go-version: ${{ matrix.go-version }}
     secrets: inherit
+  multios-unit-tests:
+    needs:
+      - warm-repo-cache
+    strategy:
+      matrix:
+        runs-on: [ macos-latest, windows-latest, ubuntu-latest ]
+        go-version: [ "1.24", "1.25" ]
+      fail-fast: false
+    uses: ./.github/workflows/multios-unit-tests.yml
+    with:
+      go-version: ${{ matrix.go-version }}
+      runs-on: ${{ matrix.runs-on }}
+    secrets: inherit
+  # This is a simple join point to make it easy to set up branch protection rules in GitHub.
+  pull-request-tests-done:
+    name: PR Unit and Integration Tests / ${{ matrix.name }}
+    strategy:
+      matrix:
+        name: [ "test-contrib", "test-core" ]
+    needs:
+      - unit-integration-tests
+      - multios-unit-tests
+    runs-on: ubuntu-latest
+    if: success() || failure()
+    steps:
+      - name: Success
+        if: needs.unit-integration-tests.result == 'success' && needs.multios-unit-tests.result == 'success'
+        run: echo "Success!"
+      - name: Failure
+        if: needs.unit-integration-tests.result != 'success' || needs.multios-unit-tests.result != 'success'
+        run: echo "Failure!" && exit 1

.github/workflows/smoke-tests.yml

@@ -13,17 +13,18 @@ on:
         type: string
   push:
     branches:
-      - main
       - release-v*
+      - mq-working-branch-**
     tags-ignore:
       - 'contrib/**'
       - 'instrumentation/**'
+      - 'internal/**'
+      - 'orchestrion/**'
+      - 'scripts/**'
   schedule: # nightly
     - cron: "0 0 * * *"
   workflow_dispatch: { } # manually
   pull_request:
-    branches:
-      - '**'
 
 env:
   TEST_RESULTS: /tmp/test-results # path to where test results will be saved

.github/workflows/static-checks.yml

@@ -3,12 +3,15 @@ name: Static Checks
 on:
   push:
     branches:
-      - main
       - release-*
+      - mq-working-branch-**
+    tags-ignore:
+      - 'contrib/**'
+      - 'instrumentation/**'
+      - 'internal/**'
+      - 'orchestrion/**'
+      - 'scripts/**'
   pull_request:
-    branches:
-      - main
-      - release-*
   workflow_call:
     inputs:
       go-version: