Two bugs in the previous CI:
- needs: [] on the tag job bypassed stage ordering — tags were created before
tests finished, defeating the entire pull-based deploy safety guarantee
- changes: rules meant a push to infra/ or docs would skip all tests but still
create a tag
Now matches the padelnomics pattern: all three test jobs always run on master
and MRs, tag job runs after the test stage completes (stage ordering, no needs).
Also use uv sync --all-packages consistently across all jobs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2b2a7274ca