ci(pr): add a finalizer to monitor for success

Author: JonZeolla

.github/workflows/ci.yml

@@ -91,3 +91,24 @@ jobs:
           name: vuln-scan-results
           path: vulns.json
           if-no-files-found: error
+  finalizer:
+    # This gives us something to set as required in the repo settings. Some projects use dynamic fan-outs using matrix strategies and the fromJSON function, so
+    # you can't hard-code what _should_ run vs not. Having a finalizer simplifies that so you can just check that the finalizer succeeded, and if so, your
+    # requirements have been met
+    # Example: https://x.com/JonZeolla/status/1877344137713766516
+    name: Finalize the pipeline
+    runs-on: ubuntu-24.04
+    # Keep this aligned with the below steps
+    needs: [lint, test]
+    if: always()  # Ensure it runs even if "needs" fail
+    steps:
+      # Keep this aligned with the above needs
+      - name: Check for failed jobs
+        run: |
+          if [[ "${{ needs.lint.result }}" == "failure" ||
+                "${{ needs.test.result }}" == "failure" ]]; then
+            echo "One or more required jobs failed. Marking finalizer as failed."
+            exit 1
+          fi
+      - name: Finalize
+        run: echo "Pipeline complete!"

{{cookiecutter.project_name|replace(" ", "")}}/.github/workflows/ci.yml

@@ -116,3 +116,25 @@ jobs:
           name: vulns-${{ "{{ env.SANITIZED_PLATFORM }}" }}
           path: vulns.*.json
           if-no-files-found: error
+  finalizer:
+    # This gives us something to set as required in the repo settings. Some projects use dynamic fan-outs using matrix strategies and the fromJSON function, so
+    # you can't hard-code what _should_ run vs not. Having a finalizer simplifies that so you can just check that the finalizer succeeded, and if so, your
+    # requirements have been met
+    # Example: https://x.com/JonZeolla/status/1877344137713766516
+    name: Finalize the pipeline
+    runs-on: ubuntu-24.04
+    # Keep this aligned with the below steps
+    needs: [lint, test, build]
+    if: always()  # Ensure it runs even if "needs" fail
+    steps:
+      # Keep this aligned with the above needs
+      - name: Check for failed jobs
+        run: |
+          if [[ "{% raw %}${{ needs.lint.result }}{% endraw %}" == "failure" ||
+                "{% raw %}${{ needs.test.result }}{% endraw %}" == "failure" ||
+                "{% raw %}${{ needs.build.result }}{% endraw %}" == "failure" ]]; then
+            echo "One or more required jobs failed. Marking finalizer as failed."
+            exit 1
+          fi
+      - name: Finalize
+        run: echo "Pipeline complete!"