diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml
index 9d99c888bec7..60634e8e571c 100644
--- a/.github/workflows/eval.yml
+++ b/.github/workflows/eval.yml
@@ -139,7 +139,7 @@ jobs:
         if: inputs.targetSha
         env:
           MATRIX_SYSTEM: ${{ matrix.system }}
-        # This should be very quick, because it pulls the eval results from Cachix.
+        # This is very quick, because it pulls the eval results from Cachix.
         run: |
           nix-build nixpkgs/trusted/ci --arg nixpkgs ./nixpkgs/trusted-pinned -A eval.singleSystem \
             --argstr evalSystem "$MATRIX_SYSTEM" \
diff --git a/.github/workflows/merge-group.yml b/.github/workflows/merge-group.yml
index 0d21b768f6e0..6ae96f0900f7 100644
--- a/.github/workflows/merge-group.yml
+++ b/.github/workflows/merge-group.yml
@@ -17,6 +17,21 @@ on:
 permissions: {}
 
 jobs:
+  prepare:
+    runs-on: ubuntu-24.04-arm
+    outputs:
+      systems: ${{ steps.systems.outputs.systems }}
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          sparse-checkout: |
+            ci/supportedSystems.json
+
+      - name: Load supported systems
+        id: systems
+        run: |
+          echo "systems=$(jq -c <ci/supportedSystems.json)" >> "$GITHUB_OUTPUT"
+
   lint:
     name: Lint
     uses: ./.github/workflows/lint.yml
@@ -26,6 +41,21 @@ jobs:
       mergedSha: ${{ inputs.mergedSha || github.event.merge_group.head_sha }}
       targetSha: ${{ inputs.targetSha || github.event.merge_group.base_sha }}
 
+  eval:
+    name: Eval
+    needs: [prepare]
+    uses: ./.github/workflows/eval.yml
+    # The eval workflow requests these permissions so we must explicitly allow them,
+    # even though they are unused when working with the merge queue.
+    permissions:
+      # compare
+      statuses: write
+    secrets:
+      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+    with:
+      mergedSha: ${{ inputs.mergedSha || github.event.merge_group.head_sha }}
+      systems: ${{ needs.prepare.outputs.systems }}
+
   # This job's only purpose is to create the target for the "Required Status Checks" branch ruleset.
   # It "needs" all the jobs that should block the Merge Queue.
   unlock:
@@ -33,6 +63,7 @@ jobs:
     # Modify this list to add or remove jobs from required status checks.
     needs:
       - lint
+      - eval
     runs-on: ubuntu-24.04-arm
     permissions:
       statuses: write
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
deleted file mode 100644
index d76b7f3867bd..000000000000
--- a/.github/workflows/push.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-name: Push
-
-on:
-  push:
-    branches:
-      - master
-      - staging
-      - release-*
-      - staging-*
-      - haskell-updates
-  workflow_call:
-    inputs:
-      mergedSha:
-        required: true
-        type: string
-    secrets:
-      CACHIX_AUTH_TOKEN:
-        required: true
-
-permissions: {}
-
-jobs:
-  prepare:
-    runs-on: ubuntu-24.04-arm
-    outputs:
-      systems: ${{ steps.systems.outputs.systems }}
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          sparse-checkout: |
-            ci/supportedSystems.json
-
-      - name: Load supported systems
-        id: systems
-        run: |
-          echo "systems=$(jq -c <ci/supportedSystems.json)" >> "$GITHUB_OUTPUT"
-
-  eval:
-    name: Eval
-    needs: [prepare]
-    uses: ./.github/workflows/eval.yml
-    # Those are not actually used on push, but will throw an error if not set.
-    permissions:
-      # compare
-      statuses: write
-    secrets:
-      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-    with:
-      mergedSha: ${{ inputs.mergedSha || github.sha }}
-      systems: ${{ needs.prepare.outputs.systems }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 0806b61c34c9..0d5f20e3b57b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -48,6 +48,7 @@ jobs:
             })).map(file => file.filename)
 
             if (files.some(file => [
+              '.github/workflows/eval.yml',
               '.github/workflows/lint.yml',
               '.github/workflows/merge-group.yml',
               '.github/workflows/test.yml',
@@ -65,12 +66,6 @@ jobs:
               '.github/workflows/test.yml',
             ].includes(file))) core.setOutput('pr', true)
 
-            if (files.some(file => [
-              '.github/workflows/eval.yml',
-              '.github/workflows/push.yml',
-              '.github/workflows/test.yml',
-            ].includes(file))) core.setOutput('push', true)
-
   merge-group:
     if: needs.prepare.outputs.merge-group
     name: Merge Group
@@ -98,16 +93,3 @@ jobs:
     secrets:
       CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
       NIXPKGS_CI_APP_PRIVATE_KEY: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
-
-  push:
-    if: needs.prepare.outputs.push
-    name: Push
-    needs: [prepare]
-    uses: ./.github/workflows/push.yml
-    # Those are not actually used on the push or pull_request events, but will throw an error if not set.
-    permissions:
-      statuses: write
-    secrets:
-      CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-    with:
-      mergedSha: ${{ needs.prepare.outputs.mergedSha }}