In the modern continuous integration and continuous deployment (CI/CD) landscape, rigid linear execution models are often insufficient for complex software architectures. Developers frequently encounter scenarios where a step or job failure should not necessarily halt the entire workflow, or where a subsequent job needs to execute based on the success of any preceding job rather than all of them. GitHub Actions provides robust mechanisms for controlling workflow flow, yet specific use cases—such as negative testing, fallback strategies in monorepos, or parallel job dependencies with logical OR conditions—require a nuanced understanding of conditional expressions, error handling flags, and API-based workarounds. The default behavior of GitHub Actions is to fail a job and subsequent dependent jobs if any step fails, but advanced configuration allows for resilience, fallback execution, and complex dependency logic that goes beyond simple sequential triggers.
The Limitation of Default Failure Propagation
By design, GitHub Actions treats a step failure as a critical event that halts the execution of subsequent steps within the same job. This default behavior ensures that deployments or builds do not proceed with unstable code. However, this rigidity creates challenges in specific architectural patterns, particularly in monorepo environments managed by tools like pnpm and nx. In these scenarios, a common workflow pattern involves an initial step that calculates which projects have been affected by changes. If this calculation step fails—for instance, due to a configuration error or a temporary network issue—the subsequent steps that rely on that data are skipped.
A developer transitioning from other CI systems, such as CircleCI, may find this behavior restrictive. Consider a workflow where the first step is "List affected projects." If this step fails, the logical fallback should be to run lint and unit tests on all projects, ensuring that no code goes untested. The desired outcome is for the job to succeed if the fallback step ("Run lint & unit tests on ALL projects") completes successfully, even though an earlier step had failed. The challenge lies in the fact that once a step fails, the job status is flagged as failed. Even if a subsequent step runs conditionally based on that failure (if: ${{ failure() }}) and completes successfully, the job itself retains the failed status. This prevents the job from being marked as successful, thereby blocking any downstream jobs that depend on it.
There is no native actions/reset-job-failure action or built-in command to reset the job's failure marker after a fallback step succeeds. The job status is determined by the outcome of its constituent steps; if any step fails and that failure is not explicitly ignored, the job is considered failed. This limitation necessitates alternative strategies for implementing resilient workflows where a failure in one path should trigger a successful fallback path without penalizing the overall job status.
Leveraging Continue-on-Error for Resilient Workflows
The primary mechanism for preventing a single step failure from terminating a job is the continue-on-error property. This feature allows GitHub Actions to continue executing subsequent steps in a job or workflow even if a prior step or job has failed. It is particularly useful for scenarios such as negative testing, where a test is expected to fail, or for deploying non-critical updates where a failure should not block the entire pipeline.
When applied at the step level, continue-on-error: true instructs the runner to mark the step as failed but proceed to the next step. The job itself will still be marked as failed unless all subsequent steps succeed and the failure is somehow mitigated. However, this does not solve the "reset" problem mentioned earlier. If a step fails and continue-on-error is set, the job status remains failed because the failed step's exit code is non-zero. The job does not automatically become successful just because the subsequent steps run.
For example, in a workflow designed to handle step and job errors, a developer might set continue-on-error: true on a preliminary check step. If that step fails, the workflow continues to a fallback step. However, the job status is still determined by the initial failure. To achieve a successful job status despite an earlier failure, the workflow logic must be structured so that the failing step is not considered a critical path to the job's success. This often requires rethinking the job structure: instead of having one job with multiple steps where one fails and another succeeds, it is more effective to split the logic into separate jobs or use conditional execution to skip the failing step entirely based on context.
Implementing Logical OR Dependencies Between Jobs
A common requirement in complex workflows is to run a final job if any of several preceding jobs succeed, rather than requiring all of them to succeed. GitHub Actions' native needs keyword implements a logical AND dependency; a job will only run if all jobs listed in needs have completed successfully. This creates a bottleneck when dealing with parallel strategies or optional features where only one path needs to be viable for the process to continue.
For instance, consider a workflow with three initial jobs: job1, job2, and job3. A final job, fallback, needs to run if any of these three jobs succeed or are skipped. The native needs: [job1, job2, job3] configuration will cause fallback to be skipped if even one of the preceding jobs fails. Achieving an OR condition is not directly supported through simple YAML syntax.
To implement this logic, developers must resort to more advanced techniques. One approach involves using conditional execution based on the status of the preceding jobs. However, since a job cannot directly access the status of parallel jobs in its if condition without external tools, workarounds are necessary. One such workaround involves using the GitHub REST API. By utilizing the GITHUB_RUN_ID environment variable, a job can query the workflow jobs API to list all jobs in the current workflow run and check their conclusion status. This allows a script to determine if at least one of the required jobs has succeeded.
Another method involves passing job status through artifacts. A preceding job can generate an artifact indicating its success. The final job can then check for the presence of these artifacts. If at least one artifact corresponding to a successful job exists, the final job proceeds. This approach decouples the dependency logic from the native needs keyword and allows for more flexible, OR-based execution flows.
Advanced Status Checking via Workflow Conclusion Actions
For scenarios where native conditionals are insufficient, community-developed actions and API integrations provide additional power. One notable solution is the "Workflow Conclusion Action," which helps in determining the overall status of a workflow or specific jobs. This is particularly useful when you need to report results to external services, such as Slack, or make complex decisions based on the aggregated status of multiple jobs.
The Check API and the newer Workflow Jobs API allow for programmatic inspection of job statuses. By using the GITHUB_RUN_ID, a script can fetch the details of all jobs in the current run. The API response includes a conclusion element for each job, which can be success, failure, skipped, etc. A custom script can then parse this data and determine if the condition for the next job (e.g., "at least one job succeeded") is met. While this approach is more complex and relies on external API calls, it provides the flexibility needed for advanced workflow orchestration.
It is important to note that these API-based solutions are often considered "dirty workarounds" by some, as they add complexity and potential points of failure (such as API rate limits or authentication issues). However, for complex monorepo setups or parallel testing strategies where native GitHub Actions features fall short, they are sometimes the only viable option.
Practical Example: Fallback Strategy in a Monorepo
Consider a practical example involving a monorepo using pnpm and nx. The workflow aims to run tests on affected projects only, but if the detection of affected projects fails, it should fall back to testing all projects.
```yaml
name: CI Pipeline
on:
push:
branches: [ main ]
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependencies
run: pnpm install
- name: List affected projects
id: affected
run: pnpm nx affected --base=HEAD~1 --head=HEAD --json > affected.json
continue-on-error: true
- name: Run lint & unit tests on affected projects only
if: ${{ steps.affected.outcome == 'success' }}
run: |
pnpm nx affected --base=HEAD~1 --head=HEAD --target=lint
pnpm nx affected --base=HEAD~1 --head=HEAD --target=test
- name: Run lint & unit tests on ALL projects
if: ${{ failure() }}
run: |
pnpm lint:all
pnpm test:all
```
In this example, the affected step has continue-on-error: true. If it fails, the next step is skipped because its if condition checks for success. The final step runs if the previous step failed (failure()). However, as noted earlier, the job test will still fail because the affected step failed. To make this job succeed, the affected step should not be marked as failed in a way that affects the job status. One way to achieve this is to avoid using continue-on-error and instead handle the error within the script itself, or to structure the workflow so that the failure of the detection step does not propagate to the job status. This often requires a more sophisticated setup, such as using a matrix strategy or separate jobs for detection and execution.
Conclusion
GitHub Actions provides a powerful but sometimes rigid framework for CI/CD workflows. While the default behavior ensures that failures are caught early, advanced scenarios require deeper manipulation of job and step statuses. The inability to reset a job's failure status after a fallback step succeeds is a notable limitation for monorepo workflows using tools like pnpm and nx. Similarly, implementing logical OR dependencies between jobs requires workarounds such as API calls or artifact-based status passing. Developers must carefully balance the need for resilience with the complexity of these workarounds. By leveraging continue-on-error, conditional execution, and community-driven solutions like the Workflow Conclusion Action, teams can create more flexible and robust pipelines that adapt to the complexities of modern software development.
Sources
- GitHub Actions Runner Issue #2679: Can a job be marked as successful even if one of its steps failed?
- Ken Muse: How to Handle Step and Job Errors in GitHub Actions
- GitHub Community Discussion: Conditional Job Execution and Status Checking
- GitHub Actions Runner Issue #1251: Running Current Job Based on Previous Jobs