From 031669c710feeb55880cf9023397089f449561f4 Mon Sep 17 00:00:00 2001
From: Reto Gantenbein <reto.gantenbein@linuxmonk.ch>
Date: Tue, 24 Mar 2026 23:21:31 +0100
Subject: [PATCH 1/3] github-workflow: Ensure e2e workflow can be used as merge
 checks

---
 .github/workflows/e2e.yaml | 39 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 331b296..41d52e6 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -3,13 +3,30 @@ name: E2E Tests
 
 on:
   workflow_dispatch:
+  pull_request:
 
 permissions:
   contents: read
+  statuses: write
 
 jobs:
 
+  set-pending:
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    name: Set pending e2e status
+    steps:
+      - name: Set pending e2e status
+        run: |
+          gh api "repos/${{ github.repository }}/statuses/${{ github.event.pull_request.head.sha }}" \
+            -f state="pending" \
+            -f context="e2e" \
+            -f description="E2E tests must be triggered manually via workflow_dispatch"
+        env:
+          GH_TOKEN: ${{ github.token }}
+
   e2e:
+    if: github.event_name == 'workflow_dispatch'
     runs-on: ubuntu-latest
     timeout-minutes: 5
 
@@ -55,3 +72,25 @@ jobs:
           E2E_RELEASE: ${{ matrix.release }}
           CONTAINER_RUNTIME: docker
         run: go test -tags e2e -v -race -timeout 5m -run ${{ matrix.test }} ./test/e2e/
+
+  report-status:
+    if: always() && github.event_name == 'workflow_dispatch'
+    needs: [e2e]
+    runs-on: ubuntu-latest
+    name: Report e2e status
+    steps:
+      - name: Report e2e status
+        run: |
+          if [ "${{ needs.e2e.result }}" = "success" ]; then
+            state="success"
+            description="All E2E tests passed"
+          else
+            state="failure"
+            description="E2E tests failed"
+          fi
+          gh api "repos/${{ github.repository }}/statuses/${{ github.sha }}" \
+            -f state="$state" \
+            -f context="e2e" \
+            -f description="$description"
+        env:
+          GH_TOKEN: ${{ github.token }}

From 9102eef79b575cea25ffa77ec99e9dac6bb56dc0 Mon Sep 17 00:00:00 2001
From: Reto Gantenbein <reto.gantenbein@linuxmonk.ch>
Date: Tue, 24 Mar 2026 23:42:17 +0100
Subject: [PATCH 2/3] github-workflow: Map cancelled/skipped e2e runs to error
 status

Distinguish between test failures and cancelled/skipped runs in the
commit status reported to PRs. Cancelled and skipped results now map
to GitHub's "error" state with descriptive messages instead of being
reported as failures.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/e2e.yaml | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 41d52e6..417150e 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -81,13 +81,24 @@ jobs:
     steps:
       - name: Report e2e status
         run: |
-          if [ "${{ needs.e2e.result }}" = "success" ]; then
-            state="success"
-            description="All E2E tests passed"
-          else
-            state="failure"
-            description="E2E tests failed"
-          fi
+          case "${{ needs.e2e.result }}" in
+            success)
+              state="success"
+              description="All E2E tests passed"
+              ;;
+            cancelled)
+              state="error"
+              description="E2E tests were cancelled"
+              ;;
+            skipped)
+              state="error"
+              description="E2E tests were skipped"
+              ;;
+            *)
+              state="failure"
+              description="E2E tests failed"
+              ;;
+          esac
           gh api "repos/${{ github.repository }}/statuses/${{ github.sha }}" \
             -f state="$state" \
             -f context="e2e" \

From b9c5b2c8708196b2bb12754435f1828dddcf7929 Mon Sep 17 00:00:00 2001
From: Reto Gantenbein <reto.gantenbein@linuxmonk.ch>
Date: Tue, 24 Mar 2026 23:47:14 +0100
Subject: [PATCH 3/3] github-workflow: Use pull_request_target for e2e pending
 status

Switch from pull_request to pull_request_target so the GITHUB_TOKEN
has write access to commit statuses even for fork PRs. The job only
posts a status and never checks out PR code, so this is safe.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/e2e.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 417150e..f1d4dfb 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -3,7 +3,7 @@ name: E2E Tests
 
 on:
   workflow_dispatch:
-  pull_request:
+  pull_request_target:
 
 permissions:
   contents: read
@@ -12,7 +12,7 @@ permissions:
 jobs:
 
   set-pending:
-    if: github.event_name == 'pull_request'
+    if: github.event_name == 'pull_request_target'
     runs-on: ubuntu-latest
     name: Set pending e2e status
     steps: