Report Examples as job checks

Fork pull_request runs should stay unprivileged even when Examples statuses are required. The workflow now records the Examples result in the Windows build job and lets a tiny downstream Actions job publish the required check name automatically.

Why: The old checks.create/update path cannot safely publish required Examples statuses for fork pull_request runs.
Why: The reporter job fails closed when build-windows never reaches or never succeeds at the Examples step so required checks do not get stuck as Expected.

Author: AnastaZIuk

.github/workflows/build-nabla.yml

@@ -7,7 +7,7 @@ on:
 
 permissions:
   contents: read
-  checks: write
+  actions: read
 
 concurrency:
   group: push-lock-${{ github.ref }}
@@ -219,31 +219,14 @@ jobs:
               --profiling-format=google-trace
 
       - name: Container – Build & Install Nabla
+        id: build-nabla
         run: |
           docker exec orphan `
             ${{ env.entry }} ${{ env.cmd }} -Command cmake --build `
               --preset ci-build-dynamic-${{ matrix.vendor }} `
               --target install `
               --config ${{ matrix.config }}
 
-      - name: API / Examples / Check Run (Create)
-        id: check-run-create
-        if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
-        uses: actions/github-script@v6
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          result-encoding: string
-          script: |
-            const headSha = context.payload.pull_request ? context.payload.pull_request.head.sha : context.sha;
-            const response = await github.rest.checks.create({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              name: `Examples (${{ matrix.os }}, ${{ matrix.vendor }}-${{ matrix.tag }}, ${{ matrix.config }})`,
-              head_sha: headSha,
-              status: 'in_progress'
-            });
-            return response.data.id;
-
       - name: Container – Build & Install Examples
         id: build-examples
         continue-on-error: true
@@ -259,35 +242,36 @@ jobs:
               ${{ env.binary }}\examples_tests --config ${{ matrix.config }} `
               --prefix ${{ env.install }}
 
-      - name: API / Examples / Check Run (Conclusion)
-        id: outcome-examples
+      - name: Record Examples result
+        if: ${{ always() }}
+        shell: pwsh
         run: |
-          $completedAt = (Get-Date).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
-          if ("${{ steps.build-examples.outcome }}" -eq "success") {
-            "conclusion=success" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
+          $examplesResult = if (
+            "${{ steps.build-nabla.outcome }}" -eq "success" -and
+            "${{ steps.build-examples.outcome }}" -eq "success"
+          ) {
+            "success"
           } else {
-            "conclusion=failure" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
+            "failure"
           }
-          "completed_at=$completedAt" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
-
-      - name: API / Examples / Check Run (Update)
-        if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
-        uses: actions/github-script@v6
+          $statusDir = Join-Path $env:RUNNER_TEMP "examples-status"
+          New-Item -ItemType Directory -Force -Path $statusDir | Out-Null
+          $statusFile = Join-Path $statusDir "status.txt"
+          $detailsFile = Join-Path $statusDir "details.txt"
+          $examplesResult | Set-Content -Path $statusFile -Encoding ascii -NoNewline
+          @(
+            "build-nabla=${{ steps.build-nabla.outcome }}"
+            "build-examples=${{ steps.build-examples.outcome }}"
+            "result=$examplesResult"
+          ) | Set-Content -Path $detailsFile -Encoding ascii
+
+      - name: Upload Examples result
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            await github.rest.checks.update({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              check_run_id: ${{ steps.check-run-create.outputs.result }},
-              status: 'completed',
-              conclusion: '${{ steps.outcome-examples.outputs.conclusion }}',
-              completed_at: '${{ steps.outcome-examples.outputs.completed_at }}',
-              output: {
-                title: '',
-                summary: '[View logs](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) to see details.'
-              }
-            });
+          name: examples-status-${{ matrix.os }}-${{ matrix.vendor }}-${{ matrix.tag }}-${{ matrix.config }}
+          path: ${{ runner.temp }}/examples-status
+          if-no-files-found: error
 
       - name: Container – Save NSC Image
         run: |
@@ -438,6 +422,46 @@ jobs:
         run: |
           docker push ${{ steps.set-prefix.outputs.nscTargetTaggedImageLatest }}
 
+  examples-status:
+    name: Examples (${{ matrix.os }}, ${{ matrix.vendor }}-${{ matrix.tag }}, ${{ matrix.config }})
+    needs: build-windows
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        vendor: [msvc]
+        config: [Release, Debug, RelWithDebInfo]
+        tag: ['17.13.6']
+        os: [windows-2022]
+
+    steps:
+      - name: Download Examples result
+        uses: actions/download-artifact@v4
+        with:
+          name: examples-status-${{ matrix.os }}-${{ matrix.vendor }}-${{ matrix.tag }}-${{ matrix.config }}
+          path: examples-status
+
+      - name: Fail if Examples did not succeed
+        shell: bash
+        run: |
+          status_file="examples-status/status.txt"
+          if [[ ! -f "$status_file" ]]; then
+            echo "Missing Examples status artifact"
+            exit 1
+          fi
+
+          result="$(tr -d '\r\n' < "$status_file")"
+          echo "Examples result: $result"
+
+          if [[ "$result" != "success" ]]; then
+            if [[ -f "examples-status/details.txt" ]]; then
+              echo "Details:"
+              cat "examples-status/details.txt"
+            fi
+            exit 1
+          fi
+
   update-badges:
     name: Update Build & Image Badges
     if: ${{ always() && github.ref == 'refs/heads/master' }}