Add PR comment command to trigger full CI suite and fix workflow issues (#1974)

## Summary

This PR adds a `/run-skipped-ci` command that can be used in PR comments
to trigger the complete CI suite, including tests that are normally
skipped on PRs for faster feedback. It also fixes several workflow
issues identified during development.

## What Changed

**New GitHub Actions Workflows:**
- `.github/workflows/run-skipped-ci.yml` - Listens for `/run-skipped-ci`
comments and triggers all CI workflows with verification
- `.github/workflows/pr-welcome-comment.yml` - Automatically comments on
new PRs explaining the command

**New Documentation:**
- `.github/README.md` - Comprehensive documentation of all workflows and
the comment command feature

**Workflow Fixes:**
- Fixed duplicate `if` conditions in `examples.yml` and `main.yml` that
caused YAML parsing errors
- Replaced inefficient `SKIP_MINIMUM_ON_PR` env var pattern with cleaner
matrix-level `exclude` approach
- Added workflow verification logic to confirm triggered workflows
actually start
- Improved error handling with detailed status reporting
(verified/pending/failed workflows)

## How It Works

1. **Default PR behavior** - Runs subset of CI (latest Ruby/Node only)
for fast feedback
2. **Full CI on demand** - Comment `/run-skipped-ci` on any PR to run:
   - Main test suite with all Ruby/Node version combinations
   - Example generator tests
   - Pro package integration tests
   - Pro package unit tests
3. **User feedback** - Bot reacts with 🚀, waits 5 seconds for workflows
to queue, verifies they started, and posts detailed status

## Why This Approach

By default, PRs run a limited CI suite to keep feedback loops fast:
- Only latest versions (Ruby 3.4, Node 22, Shakapacker 9.3.0, React 19)
- Skips minimum versions (Ruby 3.2, Node 20, Shakapacker 8.2.0, React
18)

Before merging, we want to verify compatibility across all supported
versions. This command makes it easy to run full CI without:
- Waiting for merge to master
- Manually triggering individual workflows
- Modifying workflow files

## Technical Improvements

### Matrix Filtering
Before:
```yaml
env:
  SKIP_MINIMUM_ON_PR: ${{ matrix.dependency-level == 'minimum' && ... }}
steps:
  - uses: actions/checkout@v4
    if: env.SKIP_MINIMUM_ON_PR != 'true'  # ❌ Step-level conditional
```

After:
```yaml
matrix:
  include: [...]
  exclude:  # ✅ Job-level filtering - more efficient
    - ruby-version: ${{ ... && '3.2' || '' }}
      dependency-level: ${{ ... && 'minimum' || '' }}
```

### Workflow Verification
The `/run-skipped-ci` command now:
1. Triggers all workflows via API
2. Waits 5 seconds for workflows to queue
3. Queries GitHub Actions API to verify workflows started
4. Reports detailed status showing which workflows are verified,
pending, or failed

## Testing Notes

**Important:** The comment-triggered workflow must be merged to `master`
before it can be tested, because GitHub Actions only executes
`issue_comment` workflows from the default branch (security feature).

Once merged, test by:
1. Creating a test PR
2. Commenting `/run-skipped-ci`
3. Verifying all workflows trigger and status is reported accurately

## Inspiration

Based on similar pattern from
shakacode/react-webpack-rails-tutorial#687

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- Reviewable:start -->
- - -
This change is [<img src="https://reviewable.io/review_button.svg"
height="34" align="absmiddle"
alt="Reviewable"/>](https://reviewable.io/reviews/shakacode/react_on_rails/1974)
<!-- Reviewable:end -->

---------

Co-authored-by: Claude <[email protected]>

Author: justin808

.github/README.md

@@ -0,0 +1,114 @@
+# GitHub Actions CI/CD Configuration
+
+This directory contains GitHub Actions workflows for continuous integration and deployment.
+
+## PR Comment Commands
+
+### `/run-skipped-ci` - Run Full CI Suite
+
+When you open a PR, CI automatically runs a subset of tests for faster feedback (latest Ruby/Node versions only). To run the **complete CI suite** including all dependency combinations, add a comment to your PR:
+
+```
+/run-skipped-ci
+```
+
+This command will trigger:
+
+- ✅ Main test suite with both latest and minimum supported versions
+- ✅ All example app generator tests
+- ✅ React on Rails Pro integration tests
+- ✅ React on Rails Pro package tests
+
+The bot will:
+
+1. React with a 🚀 to your comment
+2. Post a confirmation message with links to the triggered workflows
+3. Start all CI jobs on your PR branch
+
+### Why This Exists
+
+By default, PRs run a subset of CI jobs to provide fast feedback:
+
+- Only latest dependency versions (Ruby 3.4, Node 22)
+- Skips example generator tests
+- Skips some Pro package tests
+
+This is intentional to keep PR feedback loops fast. However, before merging, you should verify compatibility across all supported versions. The `/run-skipped-ci` command makes this easy without waiting for the PR to be merged to master.
+
+### Security & Access Control
+
+**Only repository collaborators with write access can trigger full CI runs.** This prevents:
+
+- Resource abuse from external contributors
+- Unauthorized access to Pro package tests
+- Potential DoS attacks via repeated CI runs
+
+If an unauthorized user attempts to use `/run-skipped-ci`, they'll receive a message explaining the restriction.
+
+### Concurrency Protection
+
+Multiple `/run-skipped-ci` comments on the same PR will cancel in-progress runs to prevent resource waste and duplicate results.
+
+## Testing Comment-Triggered Workflows
+
+**Important**: Comment-triggered workflows (`issue_comment` event) only execute from the **default branch** (master). This creates a chicken-and-egg problem when developing workflow changes.
+
+### Recommended Testing Approach
+
+1. **Develop the workflow**: Create/modify the workflow in your feature branch
+2. **Test locally**: Validate YAML syntax and logic as much as possible
+3. **Merge to master**: The workflow must be in master to be triggered by comments
+4. **Test on a PR**: Create a test PR and use the comment command to verify
+
+### Why This Limitation Exists
+
+GitHub Actions workflows triggered by `issue_comment` events always use the workflow definition from the default branch, not the PR branch. This is a security feature to prevent malicious actors from modifying workflows through PRs.
+
+For more details, see [GitHub's documentation on issue_comment events](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment).
+
+## Available Workflows
+
+### CI Workflows (Triggered on Push/PR)
+
+- **`main.yml`** - Main test suite (dummy app integration tests)
+- **`lint-js-and-ruby.yml`** - Linting for JavaScript and Ruby code
+- **`package-js-tests.yml`** - JavaScript unit tests for the package
+- **`rspec-package-specs.yml`** - RSpec tests for the Ruby package
+- **`examples.yml`** - Generator tests for example apps
+- **`playwright.yml`** - Playwright E2E tests
+- **`pro-integration-tests.yml`** - Pro package integration tests
+- **`pro-package-tests.yml`** - Pro package unit tests
+- **`pro-lint.yml`** - Pro package linting
+
+### Utility Workflows
+
+- **`run-skipped-ci.yml`** - Triggered by `/run-skipped-ci` comment on PRs
+- **`pr-welcome-comment.yml`** - Auto-comments on new PRs with helpful info
+- **`detect-changes.yml`** - Detects which parts of the codebase changed
+
+### Code Review Workflows
+
+- **`claude.yml`** - Claude AI code review
+- **`claude-code-review.yml`** - Additional Claude code review checks
+
+### Other Workflows
+
+- **`check-markdown-links.yml`** - Validates markdown links
+
+## Workflow Permissions
+
+Most workflows use minimal permissions. The comment-triggered workflows require:
+
+- `contents: read` - To read the repository code
+- `pull-requests: write` - To post comments and reactions
+- `actions: write` - To trigger other workflows
+
+## Conditional Execution
+
+Many workflows use change detection to skip unnecessary jobs:
+
+- Runs all jobs on pushes to `master`
+- Runs only relevant jobs on PRs based on changed files
+- Can be overridden with `workflow_dispatch` or `/run-skipped-ci` command
+
+See `script/ci-changes-detector` for the change detection logic.

.github/workflows/examples.yml

@@ -38,17 +38,23 @@ jobs:
 
   examples:
     needs: detect-changes
-    if: github.ref == 'refs/heads/master' || needs.detect-changes.outputs.run_generators == 'true'
+    # Run on master, workflow_dispatch, OR when generators needed
+    if: |
+      github.ref == 'refs/heads/master' || github.event_name == 'workflow_dispatch' || needs.detect-changes.outputs.run_generators == 'true'
     strategy:
       fail-fast: false
       matrix:
         include:
           # Always run: Latest versions (fast feedback on PRs)
           - ruby-version: '3.4'
             dependency-level: 'latest'
-          # Master only: Minimum supported versions (full coverage)
+          # Master and workflow_dispatch: Minimum supported versions (full coverage)
           - ruby-version: '3.2'
             dependency-level: 'minimum'
+        exclude:
+          # Skip minimum dependency matrix on regular PRs (run only on master/workflow_dispatch)
+          - ruby-version: ${{ github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && '3.2' || '' }}
+            dependency-level: ${{ github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && 'minimum' || '' }}
     env:
       SKIP_YARN_COREPACK_CHECK: 0
       BUNDLE_FROZEN: ${{ matrix.dependency-level == 'minimum' && 'false' || 'true' }}

.github/workflows/main.yml

@@ -38,20 +38,25 @@ jobs:
 
   build-dummy-app-webpack-test-bundles:
     needs: detect-changes
-    # Run on master OR when tests needed on PR (but skip minimum deps on PR)
+    # Run on master, workflow_dispatch, OR when tests needed on PR
     if: |
-      (github.ref == 'refs/heads/master' || needs.detect-changes.outputs.run_dummy_tests == 'true')
+      github.ref == 'refs/heads/master' || github.event_name == 'workflow_dispatch' || needs.detect-changes.outputs.run_dummy_tests == 'true'
     strategy:
       matrix:
         include:
           # Always run: Latest versions (fast feedback on PRs)
           - ruby-version: '3.4'
             node-version: '22'
             dependency-level: 'latest'
-          # Master only: Minimum supported versions (full coverage)
+          # Master and workflow_dispatch: Minimum supported versions (full coverage)
           - ruby-version: '3.2'
             node-version: '20'
             dependency-level: 'minimum'
+        exclude:
+          # Skip minimum dependency matrix on regular PRs (run only on master/workflow_dispatch)
+          - ruby-version: ${{ github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && '3.2' || '' }}
+            node-version: ${{ github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && '20' || '' }}
+            dependency-level: ${{ github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && 'minimum' || '' }}
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
@@ -122,9 +127,9 @@ jobs:
 
   dummy-app-integration-tests:
     needs: [detect-changes, build-dummy-app-webpack-test-bundles]
-    # Run on master OR when tests needed on PR (but skip minimum deps on PR)
+    # Run on master, workflow_dispatch, OR when tests needed on PR
     if: |
-      (github.ref == 'refs/heads/master' || needs.detect-changes.outputs.run_dummy_tests == 'true')
+      github.ref == 'refs/heads/master' || github.event_name == 'workflow_dispatch' || needs.detect-changes.outputs.run_dummy_tests == 'true'
     strategy:
       fail-fast: false
       matrix:
@@ -133,10 +138,15 @@ jobs:
           - ruby-version: '3.4'
             node-version: '22'
             dependency-level: 'latest'
-          # Master only: Minimum supported versions (full coverage)
+          # Master and workflow_dispatch: Minimum supported versions (full coverage)
           - ruby-version: '3.2'
             node-version: '20'
             dependency-level: 'minimum'
+        exclude:
+          # Skip minimum dependency matrix on regular PRs (run only on master/workflow_dispatch)
+          - ruby-version: ${{ github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && '3.2' || '' }}
+            node-version: ${{ github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && '20' || '' }}
+            dependency-level: ${{ github.event_name == 'pull_request' && github.ref != 'refs/heads/master' && 'minimum' || '' }}
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4

.github/workflows/pr-welcome-comment.yml

@@ -0,0 +1,38 @@
+name: PR Welcome Comment
+
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  welcome:
+    # Skip for bots (dependabot, renovate, etc.)
+    if: github.event.pull_request.user.type != 'Bot'
+    runs-on: ubuntu-22.04
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Add welcome comment with CI command info
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            👋 Thanks for opening this PR!
+
+            ### 🚀 Running Full CI Suite
+
+            By default, PRs run a subset of CI jobs for faster feedback (latest Ruby/Node versions only).
+
+            To run the **complete CI suite** including all dependency combinations and skipped jobs, comment:
+
+            ```
+            /run-skipped-ci
+            ```
+
+            This will trigger:
+            - ✅ Minimum supported versions (Ruby 3.2, Node 20)
+            - ✅ All example app tests
+            - ✅ Pro package integration tests
+            - ✅ All test matrices
+
+            The full CI suite takes longer but ensures compatibility across all supported versions before merging.

.github/workflows/pro-integration-tests.yml

@@ -34,7 +34,7 @@ jobs:
   # Build webpack test bundles for dummy app
   build-dummy-app-webpack-test-bundles:
     needs: detect-changes
-    if: github.ref == 'refs/heads/master' || needs.detect-changes.outputs.run_pro_tests == 'true'
+    if: github.ref == 'refs/heads/master' || github.event_name == 'workflow_dispatch' || needs.detect-changes.outputs.run_pro_tests == 'true'
     runs-on: ubuntu-22.04
     env:
       REACT_ON_RAILS_PRO_LICENSE: ${{ secrets.REACT_ON_RAILS_PRO_LICENSE_V2 }}
@@ -124,7 +124,7 @@ jobs:
     needs:
       - detect-changes
       - build-dummy-app-webpack-test-bundles
-    if: github.ref == 'refs/heads/master' || needs.detect-changes.outputs.run_pro_tests == 'true'
+    if: github.ref == 'refs/heads/master' || github.event_name == 'workflow_dispatch' || needs.detect-changes.outputs.run_pro_tests == 'true'
     runs-on: ubuntu-22.04
     env:
       REACT_ON_RAILS_PRO_LICENSE: ${{ secrets.REACT_ON_RAILS_PRO_LICENSE_V2 }}
@@ -304,7 +304,7 @@ jobs:
     needs:
       - detect-changes
       - build-dummy-app-webpack-test-bundles
-    if: github.ref == 'refs/heads/master' || needs.detect-changes.outputs.run_pro_tests == 'true'
+    if: github.ref == 'refs/heads/master' || github.event_name == 'workflow_dispatch' || needs.detect-changes.outputs.run_pro_tests == 'true'
     runs-on: ubuntu-22.04
     env:
       REACT_ON_RAILS_PRO_LICENSE: ${{ secrets.REACT_ON_RAILS_PRO_LICENSE_V2 }}

.github/workflows/pro-package-tests.yml

@@ -34,7 +34,7 @@ jobs:
   # Build webpack test bundles for dummy app
   build-dummy-app-webpack-test-bundles:
     needs: detect-changes
-    if: github.ref == 'refs/heads/master' || needs.detect-changes.outputs.run_pro_tests == 'true'
+    if: github.ref == 'refs/heads/master' || github.event_name == 'workflow_dispatch' || needs.detect-changes.outputs.run_pro_tests == 'true'
     runs-on: ubuntu-22.04
     env:
       REACT_ON_RAILS_PRO_LICENSE: ${{ secrets.REACT_ON_RAILS_PRO_LICENSE_V2 }}
@@ -124,7 +124,7 @@ jobs:
     needs:
       - detect-changes
       - build-dummy-app-webpack-test-bundles
-    if: github.ref == 'refs/heads/master' || needs.detect-changes.outputs.run_pro_tests == 'true'
+    if: github.ref == 'refs/heads/master' || github.event_name == 'workflow_dispatch' || needs.detect-changes.outputs.run_pro_tests == 'true'
     runs-on: ubuntu-22.04
     # Redis service container
     services:
@@ -205,7 +205,7 @@ jobs:
   # RSpec tests for Pro package
   rspec-package-specs:
     needs: detect-changes
-    if: github.ref == 'refs/heads/master' || needs.detect-changes.outputs.run_pro_tests == 'true'
+    if: github.ref == 'refs/heads/master' || github.event_name == 'workflow_dispatch' || needs.detect-changes.outputs.run_pro_tests == 'true'
     strategy:
       matrix:
         ruby-version: ['3.3.7']