From 05427a37467416681c80bb251a1d769fd1b07c44 Mon Sep 17 00:00:00 2001
From: Jorge Prendes <jorge.prendes@gmail.com>
Date: Fri, 20 Feb 2026 13:01:49 +0000
Subject: [PATCH] add CI job for branch protection

Signed-off-by: Jorge Prendes <jorge.prendes@gmail.com>
---
 .github/workflows/ValidatePullRequests.yml | 27 ++++++++++++++++++++++
 .github/workflows/dep_build.yml            |  5 ----
 2 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/ValidatePullRequests.yml b/.github/workflows/ValidatePullRequests.yml
index b0b1c80..1db1efa 100644
--- a/.github/workflows/ValidatePullRequests.yml
+++ b/.github/workflows/ValidatePullRequests.yml
@@ -6,14 +6,29 @@ on:
   pull_request:
     branches: [ main, 'release/**' ]
 
+# Cancels old running job if a new one is triggered (e.g. by a push onto the same branch).
+# This will cancel dependent jobs as well, such as dep_build and dep_benchmarks
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 permissions:
   id-token: write
   contents: read
 
 jobs:
+  spelling:
+    name: Spell check with typos
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v5
+    - name: Spell Check Repo
+      uses: crate-ci/typos@v1.38.1
+
   build:
     uses: ./.github/workflows/dep_build.yml
     secrets: inherit
+
   benchmarks:
     uses: ./.github/workflows/dep_benchmarks.yml
     secrets: inherit
@@ -21,3 +36,15 @@ jobs:
       download-benchmarks: true
       upload-benchmarks: false
     
+  # Gate PR merges on this specific "join-job" which requires all other
+  # jobs to run first.
+  report-ci-status:
+    needs:
+      - build
+      - benchmarks
+      - spelling
+    if: always()
+    runs-on: ubuntu-latest
+    steps:
+      - name: calculate the correct exit status
+        run: jq --exit-status 'all(.result == "success" or .result == "skipped")' <<< '${{ toJson(needs) }}'
\ No newline at end of file
diff --git a/.github/workflows/dep_build.yml b/.github/workflows/dep_build.yml
index 31e654b..1abbf68 100644
--- a/.github/workflows/dep_build.yml
+++ b/.github/workflows/dep_build.yml
@@ -74,11 +74,6 @@ jobs:
       run: |
           just build-js-host-api ${{ matrix.config }}
 
-    - name: Spell Check Repo
-      # Only run on linux, otherwise we need to install wget on windows...
-      if: runner.os == 'Linux'
-      uses: crate-ci/typos@master
-
     - name: lint
       run: just lint ${{ matrix.config }}