[CI] Migrate check-bypass to standalone jobs for core workflows

.github/workflows/Approval.yml

@@ -12,8 +12,18 @@ env:
   token: ${{ vars.ACTION_GITHUB_TOKEN }}
 
 jobs:
+  check-bypass:
+    name: Check bypass
+    uses: ./.github/workflows/check-bypass.yml
+    with:
+      workflow-name: 'approval'
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
+
   check-approvers:
     name: Check approval
+    needs: check-bypass
+    if: ${{ needs.check-bypass.outputs.can-skip != 'true' }}
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
@@ -33,14 +43,6 @@ jobs:
           git config --global user.email "paddle_ci@example.com"
           git merge test
 
-      - name: Check bypass
-        id: check-bypass
-        uses: ./.github/actions/check-bypass
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          workflow-name: approval
-
       - name: Display Required Approvers
-        if: steps.check-bypass.outputs.can-skip != 'true'
         run: |
           bash ci/check_approval.sh

.github/workflows/CheckPRTemplate.yml

@@ -6,8 +6,18 @@ on:
     types: [opened, synchronize, reopened, edited]
 
 jobs:
+  check-bypass:
+    name: Check bypass
+    uses: ./.github/workflows/check-bypass.yml
+    with:
+      workflow-name: 'template'
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
+
   check:
     name: Check
+    needs: check-bypass
+    if: ${{ needs.check-bypass.outputs.can-skip != 'true' }}
     runs-on:
       group: Template
     timeout-minutes: 10
@@ -17,15 +27,7 @@ jobs:
       - name: Clone paddle
         uses: actions/checkout@v4
 
-      - name: Check bypass
-        id: check-bypass
-        uses: ./.github/actions/check-bypass
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          workflow-name: template
-
       - name: Check PR Template
-        if: steps.check-bypass.outputs.can-skip != 'true'
         env:
           AGILE_PULL_ID: ${{ github.event.pull_request.number }}
           AGILE_COMPILE_BRANCH: ${{ github.base_ref }}

.github/workflows/Codestyle-Check.yml

@@ -5,9 +5,19 @@ on:
     branches: ["develop"]
 
 jobs:
+  check-bypass:
+    name: Check bypass
+    if: ${{ github.repository_owner == 'PaddlePaddle' }}
+    uses: ./.github/workflows/check-bypass.yml
+    with:
+      workflow-name: 'codestyle'
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
+
   pre-commit:
     name: Pre Commit
-    if: ${{ github.repository_owner == 'PaddlePaddle' }}
+    if: ${{ github.repository_owner == 'PaddlePaddle' && needs.check-bypass.outputs.can-skip != 'true' }}
+    needs: check-bypass
     runs-on: ubuntu-latest
     timeout-minutes: 10
     env:
@@ -21,39 +31,27 @@ jobs:
           ref: ${{ github.event.pull_request.base.ref }}
           fetch-depth: 1000
 
-      - name: Check bypass
-        id: check-bypass
-        uses: ./.github/actions/check-bypass
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          workflow-name: codestyle
-
       - name: Merge PR to test branch
-        if: steps.check-bypass.outputs.can-skip != 'true'
         run: |
           git fetch origin pull/${PR_ID}/merge
           git checkout -b test FETCH_HEAD
 
       - name: Setup python3.12
-        if: steps.check-bypass.outputs.can-skip != 'true'
         uses: actions/setup-python@v5
         with:
           python-version: "3.12"
           cache: "pip"
 
       - name: Install dependencies
-        if: steps.check-bypass.outputs.can-skip != 'true'
         run: |
           pip install pre-commit==2.17.0 cpplint==1.6.0  clang-format==13.0.0
           pip install ast-grep-cli==0.40.0 # This version should be consistent with the one in .pre-commit-config.yaml
 
       - name: Run ast-grep unit tests
-        if: steps.check-bypass.outputs.can-skip != 'true'
         run: |
           ast-grep test
 
       - name: Check pre-commit
-        if: steps.check-bypass.outputs.can-skip != 'true'
         env:
           SKIP_CLANG_TIDY_CHECK: "ON"
         run: |

.github/workflows/Coverage.yml

@@ -44,15 +44,25 @@ jobs:
       clone_dir: Paddle-coverage
       task: coverage
 
+  check-bypass:
+    name: Check bypass
+    needs: [clone]
+    if: needs.clone.outputs.can-skip != 'true'
+    uses: ./.github/workflows/check-bypass.yml
+    with:
+      workflow-name: coverage
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
+
   build:
     name: Coverage build
-    needs: [clone, build-docker]
-    if: needs.clone.outputs.can-skip != 'true'
+    needs: [clone, build-docker, check-bypass]
+    if: needs.clone.outputs.can-skip != 'true' && needs.check-bypass.outputs.can-skip != 'true'
     runs-on:
       group: GZ_BD-CPU
     timeout-minutes: 120
     outputs:
-      can-skip: ${{ steps.check-bypass.outputs.can-skip }}
+      can-skip: ${{ needs.check-bypass.outputs.can-skip }}
 
     steps:
       - name: Check docker image and run container
@@ -158,15 +168,7 @@ jobs:
           git submodule update
           '
 
-      - name: Check bypass
-        id: check-bypass
-        uses: ./.github/actions/check-bypass
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          workflow-name: coverage
-
       - name: Build
-        if: steps.check-bypass.outputs.can-skip != 'true'
         run: |
           docker exec -t ${{ env.container_name }}  /bin/bash -c '
           mkdir -p ${CFS_DIR}/.cache/coverage
@@ -177,7 +179,6 @@ jobs:
           '
 
       - name: Check added unittests
-        if: steps.check-bypass.outputs.can-skip != 'true'
         run: |
           docker exec -t ${{ env.container_name }} /bin/bash -c '
           source ~/.bashrc
@@ -186,7 +187,6 @@ jobs:
           '
 
       - name: Check coverage build size requires approval
-        if: steps.check-bypass.outputs.can-skip != 'true'
         run: |
           docker exec -t ${{ env.container_name }} /bin/bash -c '
           source ~/.bashrc
@@ -195,7 +195,6 @@ jobs:
           '
 
       - name: Clean up env
-        if: steps.check-bypass.outputs.can-skip != 'true'
         run: |
           docker exec -t ${{ env.container_name }} /bin/bash -c '
           source ~/.bashrc
@@ -216,7 +215,6 @@ jobs:
           '
 
       - name: Upload coverage product
-        if: steps.check-bypass.outputs.can-skip != 'true'
         env:
           home_path: ${{ github.workspace }}/..
           bos_file: ${{ github.workspace }}/../bos_retry/BosClient.py
@@ -247,7 +245,7 @@ jobs:
           '
 
       - name: Terminate and delete the container
-        if: ${{ steps.check-bypass.outputs.can-skip != 'true' && always() }}
+        if: always()
         run: |
           set +e
           docker exec -t ${{ env.container_name }} /bin/bash -c 'rm -rf * .[^.]*'

.github/workflows/H-Coverage.yml

@@ -37,15 +37,25 @@ jobs:
       workflow-name: "coverage"
       clone_dir: h-ci
 
-  build:
-    name: Coverage build
+  check-bypass:
+    name: Check bypass
     needs: [clone]
     if: needs.clone.outputs.can-skip != 'true'
+    uses: ./.github/workflows/check-bypass.yml
+    with:
+      workflow-name: h-ci
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
+
+  build:
+    name: Coverage build
+    needs: [clone, check-bypass]
+    if: needs.clone.outputs.can-skip != 'true' && needs.check-bypass.outputs.can-skip != 'true'
     runs-on:
       group: GZ_BD-CPU
     timeout-minutes: 120
     outputs:
-      can-skip: ${{ steps.check-bypass.outputs.can-skip }}
+      can-skip: ${{ needs.check-bypass.outputs.can-skip }}
 
     steps:
       - name: Check docker image and run container
@@ -136,15 +146,7 @@ jobs:
           git submodule update
           '
 
-      - name: Check bypass
-        id: check-bypass
-        uses: ./.github/actions/check-bypass
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          workflow-name: h-ci
-
       - name: Build
-        if: steps.check-bypass.outputs.can-skip != 'true'
         run: |
           docker exec -t ${{ env.container_name }}  /bin/bash -c '
           flashattn_version=$(git submodule status|grep flashattn|awk "{print \$1}"|sed "s#-##g")
@@ -172,7 +174,6 @@ jobs:
           '
 
       - name: Clean up env
-        if: steps.check-bypass.outputs.can-skip != 'true'
         run: |
           docker exec -t ${{ env.container_name }} /bin/bash -c '
           source ~/.bashrc
@@ -188,7 +189,6 @@ jobs:
           '
 
       - name: Upload coverage product
-        if: steps.check-bypass.outputs.can-skip != 'true'
         env:
           home_path: ${{ github.workspace }}/..
           bos_file: ${{ github.workspace }}/../bos_retry/BosClient.py
@@ -216,7 +216,7 @@ jobs:
           '
 
       - name: Terminate and delete the container
-        if: ${{ steps.check-bypass.outputs.can-skip != 'true' && always() }}
+        if: always()
         run: |
           set +e
           docker exec -t ${{ env.container_name }} /bin/bash -c 'rm -rf * .[^.]*'
@@ -443,7 +443,7 @@ jobs:
           python /bos/BosClient.py paddldfleet.tar.gz ${target_path}
           '
       - name: Terminate and delete the container
-        if: ${{ always() }}
+        if: always()
         run: |
           set +e
           docker exec -t ${{ env.container_name }} /bin/bash -c 'bash ci/clean_uv_cache.sh; rm -rf * .[^.]*'
@@ -555,7 +555,7 @@ jobs:
           '
 
       - name: Terminate and delete the container
-        if: ${{ always() }}
+        if: always()
         run: |
           set +e
           docker exec -t ${{ env.container_name }} /bin/bash -c 'rm -rf * .[^.]*'
@@ -661,7 +661,7 @@ jobs:
           '
 
       - name: Terminate and delete the container
-        if: ${{ always() }}
+        if: always()
         run: |
           set +e
           docker exec -t ${{ env.container_name }} /bin/bash -c 'rm -rf * .[^.]*'