The CI should never alter the commit history of the repo.
The correct solution here is for no commits to be added to master branch if they haven't been tested and verified.
Do you work on feature branches, have the CI run automatically on those, and if the builds fail, don't merge them into master.
You can have an additional build that tests merges if those are a concern, by running on the feature branch, and during the build merging master/integration/whatever into the local branch, then running tests.