workflows/merge-queue: run owners check job

.github/workflows/check.yml

@@ -4,10 +4,10 @@ on:
   workflow_call:
     inputs:
       baseBranch:
-        required: true
+        required: false
         type: string
       headBranch:
-        required: true
+        required: false
         type: string
       mergedSha:
         required: true
@@ -27,6 +27,7 @@ defaults:
 
 jobs:
   commits:
+    if: inputs.baseBranch && inputs.headBranch
     permissions:
       pull-requests: write
     runs-on: ubuntu-24.04-arm

.github/workflows/merge-group.yml

@@ -56,6 +56,19 @@ jobs:
             core.info(`targetSha: ${context.payload.merge_group?.base_sha ?? process.env.TARGET_SHA}`)
             core.setOutput('systems', require('./ci/supportedSystems.json'))
 
+  check:
+    name: Check
+    needs: [prepare]
+    uses: ./.github/workflows/check.yml
+    permissions:
+      # cherry-picks; formality right now, but unused
+      pull-requests: write
+    secrets:
+      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+    with:
+      mergedSha: ${{ needs.prepare.outputs.mergedSha }}
+      targetSha: ${{ needs.prepare.outputs.targetSha }}
+
   lint:
     name: Lint
     needs: [prepare]

.github/workflows/test.yml

@@ -82,6 +82,7 @@ jobs:
     uses: ./.github/workflows/merge-group.yml
     # Those are actually only used on the merge_group event, but will throw an error if not set.
     permissions:
+      pull-requests: write
       statuses: write
     secrets:
       CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}