From 350b88e604b267b714e0ce9c27cc05e222bd7d54 Mon Sep 17 00:00:00 2001 From: achyu-dev Date: Fri, 29 Aug 2025 00:37:24 +0530 Subject: [PATCH 1/9] setup new workflow for dev and prod --- .github/workflows/build-and-push-image.yml | 47 ++++++ .github/workflows/deploy.yaml | 121 ---------------- .github/workflows/dev-deploy.yml | 42 ++++++ .github/workflows/prod-deploy.yml | 161 +++++++++++++++++++++ 4 files changed, 250 insertions(+), 121 deletions(-) create mode 100644 .github/workflows/build-and-push-image.yml delete mode 100644 .github/workflows/deploy.yaml create mode 100644 .github/workflows/dev-deploy.yml create mode 100644 .github/workflows/prod-deploy.yml diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml new file mode 100644 index 0000000..514cf87 --- /dev/null +++ b/.github/workflows/build-and-push-image.yml @@ -0,0 +1,47 @@ +name: Build and Push Docker Image to GHCR + +on: + workflow_dispatch: + inputs: + tag: + description: 'Branch or tag to build from' + required: true + + workflow_call: + inputs: + tag: + required: true + type: string + +jobs: + build: + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: GHCR login + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build Docker image + run: | + IMAGE=ghcr.io/${{ github.repository_owner }}/pesu-auth + + docker build \ + -t $IMAGE:${{ inputs.tag }} \ + -t $IMAGE:${{ github.sha }} \ + . + + - name: Push images to GHCR + run: | + IMAGE=ghcr.io/${{ github.repository_owner }}/pesu-auth + docker push $IMAGE:${{ inputs.tag }} + docker push $IMAGE:${{ github.sha }} diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml deleted file mode 100644 index 9c63594..0000000 --- a/.github/workflows/deploy.yaml +++ /dev/null @@ -1,121 +0,0 @@ -name: Deploy - -on: - workflow_run: - workflows: [ "Pre-Commit Checks" ] - types: - - completed - -jobs: - # Docker build and push (main only) - push-to-dockerhub: - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.head_branch == 'main' && github.event.workflow_run.conclusion == 'success' }} - env: - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - steps: - - uses: actions/checkout@v3 - - name: Check Docker credentials - run: | - if [ -z "${{ secrets.DOCKER_USERNAME }}" ] || [ -z "${{ secrets.DOCKER_PASSWORD }}" ]; then - echo "Secrets missing, skipping push" - exit 1 - fi - - name: Get short commit hash - id: vars - run: echo "tag=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Build and tag image - run: | - docker build . --tag ${{ secrets.DOCKER_USERNAME }}/pesu-auth:${{ steps.vars.outputs.tag }} - docker tag ${{ secrets.DOCKER_USERNAME }}/pesu-auth:${{ steps.vars.outputs.tag }} ${{ secrets.DOCKER_USERNAME }}/pesu-auth:latest - - name: Push image to Docker Hub - run: | - docker push ${{ secrets.DOCKER_USERNAME }}/pesu-auth:${{ steps.vars.outputs.tag }} - docker push ${{ secrets.DOCKER_USERNAME }}/pesu-auth:latest - - # GHCR build and push (main only) - push-to-ghcr: - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.head_branch == 'main' && github.event.workflow_run.conclusion == 'success' }} - permissions: - contents: read - packages: write - steps: - - uses: actions/checkout@v3 - - name: Get short commit hash - id: vars - run: echo "tag=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - - name: Log in to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and tag image for GHCR - run: | - docker build . --tag ghcr.io/${{ github.repository_owner }}/pesu-auth:${{ steps.vars.outputs.tag }} - docker tag ghcr.io/${{ github.repository_owner }}/pesu-auth:${{ steps.vars.outputs.tag }} ghcr.io/${{ github.repository_owner }}/pesu-auth:latest - - name: Push image to GitHub Container Registry - run: | - docker push ghcr.io/${{ github.repository_owner }}/pesu-auth:${{ steps.vars.outputs.tag }} - docker push ghcr.io/${{ github.repository_owner }}/pesu-auth:latest - - # Deploy both environments on main - deploy-prod-and-staging: - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.head_branch == 'main' && github.event.workflow_run.conclusion == 'success' }} - env: - RENDER_DEPLOY_HOOK_URL_PROD: ${{ secrets.RENDER_DEPLOY_HOOK_URL_PROD }} - RENDER_DEPLOY_HOOK_URL_DEV: ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} - steps: - - name: Check Deploy Hook URLs - run: | - if [ -z "${{ secrets.RENDER_DEPLOY_HOOK_URL_PROD }}" ]; then - echo "Production deploy hook missing!" - exit 1 - fi - if [ -z "${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }}" ]; then - echo "Staging deploy hook missing!" - exit 1 - fi - - name: Deploy to Production - run: | - echo "🚀 Deploying to Production..." - curl -X POST ${{ secrets.RENDER_DEPLOY_HOOK_URL_PROD }} || { - echo "❌ Production deploy failed!" - exit 1 - } - - name: Sync Staging with Production - run: | - echo "🚀 Deploying to Staging (mirror prod)..." - curl -X POST ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} || { - echo "❌ Staging deploy failed!" - exit 1 - } - - # Deploy only to staging on dev - deploy-staging-only: - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.head_branch == 'dev' && github.event.workflow_run.conclusion == 'success' }} - env: - RENDER_DEPLOY_HOOK_URL_DEV: ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} - steps: - - name: Check Staging Deploy Hook URL - run: | - if [ -z "${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }}" ]; then - echo "Staging deploy hook missing!" - exit 1 - fi - - name: Deploy to Staging (Dev branch) - run: | - echo "🚀 Deploying to Staging..." - curl -X POST ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} || { - echo "❌ Staging deploy failed!" - exit 1 - } diff --git a/.github/workflows/dev-deploy.yml b/.github/workflows/dev-deploy.yml new file mode 100644 index 0000000..7ebbf4b --- /dev/null +++ b/.github/workflows/dev-deploy.yml @@ -0,0 +1,42 @@ +name: Dev Deploy + +on: + push: + branches: + - dev + +env: + DEPLOYMENT_PATH: ${{ vars.DEV_DEPLOYMENT_PATH }} + +jobs: + build_and_push_image: + uses: ./.github/workflows/build-and-push-image.yml + with: + tag: dev + + deploy: + needs: [build_and_push_image] + runs-on: ubuntu-latest + steps: + - name: Pull latest image and restart + run: | + cd ${{ env.DEPLOYMENT_PATH }} + git reset --hard HEAD + git pull origin dev + REPO_OWNER=${{ github.repository_owner }} \ + IMAGE_TAG=${{ vars.DEV_DOCKER_IMAGE_TAG }} \ + docker compose pull + REPO_OWNER=${{ github.repository_owner }} \ + IMAGE_TAG=${{ vars.DEV_DOCKER_IMAGE_TAG }} \ + docker compose up -d + + - name: Health Check + run: | + sleep 10 + if docker ps --filter "name=${{ vars.DEV_DOCKER_CONTAINER_NAME }}" --filter "status=running" --format '{{.Names}}' | grep -q "${{ vars.DEV_DOCKER_CONTAINER_NAME }}"; then + echo "Dev Container is running successfully" + else + echo "Dev Container failed to start" + docker logs ${{ vars.DEV_DOCKER_CONTAINER_NAME }} --tail 20 + exit 1 + fi diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml new file mode 100644 index 0000000..c3154d7 --- /dev/null +++ b/.github/workflows/prod-deploy.yml @@ -0,0 +1,161 @@ +name: Production Merge and Deploy + +on: + workflow_dispatch: + +env: + DEPLOYMENT_PATH: ${{ vars.PROD_DEPLOYMENT_PATH }} + SUPERUSER_TOKEN: ${{ secrets.PESU_DEV_SUPERUSER_TOKEN }} + ALLOWED_USERS: ${{ vars.PROD_DEPLOYMENT_ALLOWED_USERS }} + +jobs: + check-permissions: + name: Check Permissions + runs-on: ubuntu-latest + steps: + - name: Check if user has permissions + id: check-permissions + run: | + PERMISSION_GRANTED=0 + IFS=',' read -ra USERS <<< "${{ env.ALLOWED_USERS }}" + for user in "${USERS[@]}"; do + if [[ "$user" == "${{ github.actor }}" ]]; then + PERMISSION_GRANTED=1 + break + fi + done + if [[ "$PERMISSION_GRANTED" -ne 1 ]]; then + echo "❌ You do not have permission to trigger this workflow." + exit 1 + fi + echo "✅ Permission granted" + echo "user=${{ github.actor }}" >> $GITHUB_OUTPUT + echo "allowed=true" >> $GITHUB_OUTPUT + + merge: + name: Merge dev to main + runs-on: ubuntu-latest + needs: [check-permissions] + outputs: + has_changes: ${{ steps.check-changes.outputs.has_changes }} + concurrency: + group: production-merge + cancel-in-progress: false + steps: + - name: Checkout main branch + uses: actions/checkout@v4 + with: + ref: main + token: ${{ env.SUPERUSER_TOKEN }} + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + - name: Fetch latest code from dev branch + id: check-changes + run: | + set -e + git fetch origin dev + CHANGES=$(git rev-list main..origin/dev --count) + echo "changes=$CHANGES" >> $GITHUB_OUTPUT + if [ "$CHANGES" -eq "0" ]; then + echo "ℹī¸ No new changes to deploy" + echo "has_changes=false" >> $GITHUB_OUTPUT + else + echo "has_changes=true" >> $GITHUB_OUTPUT + echo "📊 Found $CHANGES commits to merge" + git log --oneline main..origin/dev + fi + + - name: Merge changes + if: steps.check-changes.outputs.has_changes == 'true' + run: | + git merge --ff origin/dev || { + echo "❌ Merge conflict detected. Please resolve conflicts manually." + git merge --abort + exit 1 + } + + - name: Push changes to main branch + if: steps.check-changes.outputs.has_changes == 'true' + run: git push origin main + + rollback_image: + needs: [merge] + if: needs.merge.result == 'success' && needs.merge.outputs.has_changes == 'true' + runs-on: ubuntu-latest + steps: + - name: GHCR login + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Tagging Image as rollback + run: | + IMAGE=ghcr.io/${{ github.repository_owner }}/${{ vars.DOCKER_IMAGE_NAME }} + docker pull $IMAGE:${{ vars.PROD_DOCKER_IMAGE_TAG}} + echo "Tagging current prod image as rollback" + docker tag $IMAGE:${{ vars.PROD_DOCKER_IMAGE_TAG}} $IMAGE:rollback + echo "Pushing rollback tag" + docker push $IMAGE:rollback + + build_and_push_image: + needs: [rollback_image] + uses: ./.github/workflows/build-and-push-image.yml + with: + tag: prod + + deploy: + needs: [build_and_push_image] + name: Deploy image to production + runs-on: ubuntu-latest + steps: + - name: Pull latest image and restart + run: | + cd ${{ env.DEPLOYMENT_PATH }} + git reset --hard HEAD + git pull origin main + REPO_OWNER=${{ github.repository_owner }} \ + IMAGE_TAG=${{ vars.PROD_DOCKER_IMAGE_TAG }} \ + docker compose pull + REPO_OWNER=${{ github.repository_owner }} \ + IMAGE_TAG=${{ vars.PROD_DOCKER_IMAGE_TAG }} \ + docker compose up -d + + - name: Health Check + run: | + sleep 10 + if docker ps --filter "name=${{ vars.PROD_DOCKER_CONTAINER_NAME }}" --filter "status=running" --format '{{.Names}}' | grep -q "${{ vars.PROD_DOCKER_CONTAINER_NAME }}"; then + echo "Production Container is running successfully" + else + echo "Production Container failed to start" + docker logs ${{ vars.PROD_DOCKER_CONTAINER_NAME }} --tail 20 + exit 1 + fi + + rollback: + name: Rollback on failure + runs-on: ubuntu-latest + needs: [deploy] + if: failure() + steps: + - name: GHCR login + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Switch to rollback image + run: | + echo "Deployment failed. Rolling back..." + docker rm -f ${{ vars.PROD_DOCKER_CONTAINER_NAME }} || true + docker run -d \ + --name ${{ vars.PROD_DOCKER_CONTAINER_NAME }} \ + ghcr.io/${{ github.repository_owner }}/${{ vars.DOCKER_IMAGE_NAME }}:rollback + exit 1 From edf4e58e248ddf9e64e4499d007f026d5ac54223 Mon Sep 17 00:00:00 2001 From: achyu-dev Date: Fri, 29 Aug 2025 00:54:34 +0530 Subject: [PATCH 2/9] added new job for syncing dev and main --- .github/workflows/build-and-push-image.yml | 47 ------ .github/workflows/deploy.yaml | 152 +++++++++++++++++++ .github/workflows/dev-deploy.yml | 42 ------ .github/workflows/prod-deploy.yml | 161 --------------------- 4 files changed, 152 insertions(+), 250 deletions(-) delete mode 100644 .github/workflows/build-and-push-image.yml create mode 100644 .github/workflows/deploy.yaml delete mode 100644 .github/workflows/dev-deploy.yml delete mode 100644 .github/workflows/prod-deploy.yml diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml deleted file mode 100644 index 514cf87..0000000 --- a/.github/workflows/build-and-push-image.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: Build and Push Docker Image to GHCR - -on: - workflow_dispatch: - inputs: - tag: - description: 'Branch or tag to build from' - required: true - - workflow_call: - inputs: - tag: - required: true - type: string - -jobs: - build: - runs-on: ubuntu-latest - permissions: - packages: write - contents: read - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: GHCR login - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build Docker image - run: | - IMAGE=ghcr.io/${{ github.repository_owner }}/pesu-auth - - docker build \ - -t $IMAGE:${{ inputs.tag }} \ - -t $IMAGE:${{ github.sha }} \ - . - - - name: Push images to GHCR - run: | - IMAGE=ghcr.io/${{ github.repository_owner }}/pesu-auth - docker push $IMAGE:${{ inputs.tag }} - docker push $IMAGE:${{ github.sha }} diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml new file mode 100644 index 0000000..cecd2c5 --- /dev/null +++ b/.github/workflows/deploy.yaml @@ -0,0 +1,152 @@ +name: Deploy + +on: + workflow_run: + workflows: [ "Pre-Commit Checks" ] + types: + - completed + +jobs: + # Syncing Dev to main + sync-dev-to-main: + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.head_branch == 'dev' && github.event.workflow_run.conclusion == 'success' }} + steps: + - name: Checkout main branch + uses: actions/checkout@v3 + with: + ref: main + token: ${{ secrets.GITHUB_TOKEN }} + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + - name: Fetch dev branch + run: git fetch origin dev + + - name: Merge dev into main + run: | + git merge --ff-only origin/dev || { + echo "❌ Merge conflict detected. Please resolve conflicts manually." + git merge --abort + exit 1 + } + + - name: Push changes to main + run: git push origin main + + # Docker build and push (main only) + push-to-dockerhub: + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.head_branch == 'main' && github.event.workflow_run.conclusion == 'success' }} + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + steps: + - uses: actions/checkout@v3 + - name: Check Docker credentials + run: | + if [ -z "${{ secrets.DOCKER_USERNAME }}" ] || [ -z "${{ secrets.DOCKER_PASSWORD }}" ]; then + echo "Secrets missing, skipping push" + exit 1 + fi + - name: Get short commit hash + id: vars + run: echo "tag=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Build and tag image + run: | + docker build . --tag ${{ secrets.DOCKER_USERNAME }}/pesu-auth:${{ steps.vars.outputs.tag }} + docker tag ${{ secrets.DOCKER_USERNAME }}/pesu-auth:${{ steps.vars.outputs.tag }} ${{ secrets.DOCKER_USERNAME }}/pesu-auth:latest + - name: Push image to Docker Hub + run: | + docker push ${{ secrets.DOCKER_USERNAME }}/pesu-auth:${{ steps.vars.outputs.tag }} + docker push ${{ secrets.DOCKER_USERNAME }}/pesu-auth:latest + + # GHCR build and push (main only) + push-to-ghcr: + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.head_branch == 'main' && github.event.workflow_run.conclusion == 'success' }} + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v3 + - name: Get short commit hash + id: vars + run: echo "tag=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and tag image for GHCR + run: | + docker build . --tag ghcr.io/${{ github.repository_owner }}/pesu-auth:${{ steps.vars.outputs.tag }} + docker tag ghcr.io/${{ github.repository_owner }}/pesu-auth:${{ steps.vars.outputs.tag }} ghcr.io/${{ github.repository_owner }}/pesu-auth:latest + - name: Push image to GitHub Container Registry + run: | + docker push ghcr.io/${{ github.repository_owner }}/pesu-auth:${{ steps.vars.outputs.tag }} + docker push ghcr.io/${{ github.repository_owner }}/pesu-auth:latest + + # Deploy both environments on main + deploy-prod-and-staging: + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.head_branch == 'main' && github.event.workflow_run.conclusion == 'success' }} + env: + RENDER_DEPLOY_HOOK_URL_PROD: ${{ secrets.RENDER_DEPLOY_HOOK_URL_PROD }} + RENDER_DEPLOY_HOOK_URL_DEV: ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} + steps: + - name: Check Deploy Hook URLs + run: | + if [ -z "${{ secrets.RENDER_DEPLOY_HOOK_URL_PROD }}" ]; then + echo "Production deploy hook missing!" + exit 1 + fi + if [ -z "${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }}" ]; then + echo "Staging deploy hook missing!" + exit 1 + fi + - name: Deploy to Production + run: | + echo "🚀 Deploying to Production..." + curl -X POST ${{ secrets.RENDER_DEPLOY_HOOK_URL_PROD }} || { + echo "❌ Production deploy failed!" + exit 1 + } + - name: Sync Staging with Production + run: | + echo "🚀 Deploying to Staging (mirror prod)..." + curl -X POST ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} || { + echo "❌ Staging deploy failed!" + exit 1 + } + + # Deploy only to staging on dev + deploy-staging-only: + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.head_branch == 'dev' && github.event.workflow_run.conclusion == 'success' }} + env: + RENDER_DEPLOY_HOOK_URL_DEV: ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} + steps: + - name: Check Staging Deploy Hook URL + run: | + if [ -z "${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }}" ]; then + echo "Staging deploy hook missing!" + exit 1 + fi + - name: Deploy to Staging (Dev branch) + run: | + echo "🚀 Deploying to Staging..." + curl -X POST ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} || { + echo "❌ Staging deploy failed!" + exit 1 + } diff --git a/.github/workflows/dev-deploy.yml b/.github/workflows/dev-deploy.yml deleted file mode 100644 index 7ebbf4b..0000000 --- a/.github/workflows/dev-deploy.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Dev Deploy - -on: - push: - branches: - - dev - -env: - DEPLOYMENT_PATH: ${{ vars.DEV_DEPLOYMENT_PATH }} - -jobs: - build_and_push_image: - uses: ./.github/workflows/build-and-push-image.yml - with: - tag: dev - - deploy: - needs: [build_and_push_image] - runs-on: ubuntu-latest - steps: - - name: Pull latest image and restart - run: | - cd ${{ env.DEPLOYMENT_PATH }} - git reset --hard HEAD - git pull origin dev - REPO_OWNER=${{ github.repository_owner }} \ - IMAGE_TAG=${{ vars.DEV_DOCKER_IMAGE_TAG }} \ - docker compose pull - REPO_OWNER=${{ github.repository_owner }} \ - IMAGE_TAG=${{ vars.DEV_DOCKER_IMAGE_TAG }} \ - docker compose up -d - - - name: Health Check - run: | - sleep 10 - if docker ps --filter "name=${{ vars.DEV_DOCKER_CONTAINER_NAME }}" --filter "status=running" --format '{{.Names}}' | grep -q "${{ vars.DEV_DOCKER_CONTAINER_NAME }}"; then - echo "Dev Container is running successfully" - else - echo "Dev Container failed to start" - docker logs ${{ vars.DEV_DOCKER_CONTAINER_NAME }} --tail 20 - exit 1 - fi diff --git a/.github/workflows/prod-deploy.yml b/.github/workflows/prod-deploy.yml deleted file mode 100644 index c3154d7..0000000 --- a/.github/workflows/prod-deploy.yml +++ /dev/null @@ -1,161 +0,0 @@ -name: Production Merge and Deploy - -on: - workflow_dispatch: - -env: - DEPLOYMENT_PATH: ${{ vars.PROD_DEPLOYMENT_PATH }} - SUPERUSER_TOKEN: ${{ secrets.PESU_DEV_SUPERUSER_TOKEN }} - ALLOWED_USERS: ${{ vars.PROD_DEPLOYMENT_ALLOWED_USERS }} - -jobs: - check-permissions: - name: Check Permissions - runs-on: ubuntu-latest - steps: - - name: Check if user has permissions - id: check-permissions - run: | - PERMISSION_GRANTED=0 - IFS=',' read -ra USERS <<< "${{ env.ALLOWED_USERS }}" - for user in "${USERS[@]}"; do - if [[ "$user" == "${{ github.actor }}" ]]; then - PERMISSION_GRANTED=1 - break - fi - done - if [[ "$PERMISSION_GRANTED" -ne 1 ]]; then - echo "❌ You do not have permission to trigger this workflow." - exit 1 - fi - echo "✅ Permission granted" - echo "user=${{ github.actor }}" >> $GITHUB_OUTPUT - echo "allowed=true" >> $GITHUB_OUTPUT - - merge: - name: Merge dev to main - runs-on: ubuntu-latest - needs: [check-permissions] - outputs: - has_changes: ${{ steps.check-changes.outputs.has_changes }} - concurrency: - group: production-merge - cancel-in-progress: false - steps: - - name: Checkout main branch - uses: actions/checkout@v4 - with: - ref: main - token: ${{ env.SUPERUSER_TOKEN }} - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - - - name: Fetch latest code from dev branch - id: check-changes - run: | - set -e - git fetch origin dev - CHANGES=$(git rev-list main..origin/dev --count) - echo "changes=$CHANGES" >> $GITHUB_OUTPUT - if [ "$CHANGES" -eq "0" ]; then - echo "ℹī¸ No new changes to deploy" - echo "has_changes=false" >> $GITHUB_OUTPUT - else - echo "has_changes=true" >> $GITHUB_OUTPUT - echo "📊 Found $CHANGES commits to merge" - git log --oneline main..origin/dev - fi - - - name: Merge changes - if: steps.check-changes.outputs.has_changes == 'true' - run: | - git merge --ff origin/dev || { - echo "❌ Merge conflict detected. Please resolve conflicts manually." - git merge --abort - exit 1 - } - - - name: Push changes to main branch - if: steps.check-changes.outputs.has_changes == 'true' - run: git push origin main - - rollback_image: - needs: [merge] - if: needs.merge.result == 'success' && needs.merge.outputs.has_changes == 'true' - runs-on: ubuntu-latest - steps: - - name: GHCR login - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Tagging Image as rollback - run: | - IMAGE=ghcr.io/${{ github.repository_owner }}/${{ vars.DOCKER_IMAGE_NAME }} - docker pull $IMAGE:${{ vars.PROD_DOCKER_IMAGE_TAG}} - echo "Tagging current prod image as rollback" - docker tag $IMAGE:${{ vars.PROD_DOCKER_IMAGE_TAG}} $IMAGE:rollback - echo "Pushing rollback tag" - docker push $IMAGE:rollback - - build_and_push_image: - needs: [rollback_image] - uses: ./.github/workflows/build-and-push-image.yml - with: - tag: prod - - deploy: - needs: [build_and_push_image] - name: Deploy image to production - runs-on: ubuntu-latest - steps: - - name: Pull latest image and restart - run: | - cd ${{ env.DEPLOYMENT_PATH }} - git reset --hard HEAD - git pull origin main - REPO_OWNER=${{ github.repository_owner }} \ - IMAGE_TAG=${{ vars.PROD_DOCKER_IMAGE_TAG }} \ - docker compose pull - REPO_OWNER=${{ github.repository_owner }} \ - IMAGE_TAG=${{ vars.PROD_DOCKER_IMAGE_TAG }} \ - docker compose up -d - - - name: Health Check - run: | - sleep 10 - if docker ps --filter "name=${{ vars.PROD_DOCKER_CONTAINER_NAME }}" --filter "status=running" --format '{{.Names}}' | grep -q "${{ vars.PROD_DOCKER_CONTAINER_NAME }}"; then - echo "Production Container is running successfully" - else - echo "Production Container failed to start" - docker logs ${{ vars.PROD_DOCKER_CONTAINER_NAME }} --tail 20 - exit 1 - fi - - rollback: - name: Rollback on failure - runs-on: ubuntu-latest - needs: [deploy] - if: failure() - steps: - - name: GHCR login - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Switch to rollback image - run: | - echo "Deployment failed. Rolling back..." - docker rm -f ${{ vars.PROD_DOCKER_CONTAINER_NAME }} || true - docker run -d \ - --name ${{ vars.PROD_DOCKER_CONTAINER_NAME }} \ - ghcr.io/${{ github.repository_owner }}/${{ vars.DOCKER_IMAGE_NAME }}:rollback - exit 1 From 715409c469989c1db9d0973f3c70b70ab99ee85a Mon Sep 17 00:00:00 2001 From: achyu-dev Date: Fri, 29 Aug 2025 00:58:44 +0530 Subject: [PATCH 3/9] minor fix --- .github/workflows/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index cecd2c5..15a1034 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -10,7 +10,7 @@ jobs: # Syncing Dev to main sync-dev-to-main: runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.head_branch == 'dev' && github.event.workflow_run.conclusion == 'success' }} + if: ${{ github.event.workflow_run.head_branch == 'main' && github.event.workflow_run.conclusion == 'success' }} steps: - name: Checkout main branch uses: actions/checkout@v3 From 813b5a1ceb8800ad345628e09e2d9f47742bd911 Mon Sep 17 00:00:00 2001 From: aditeyabaral Date: Wed, 3 Sep 2025 14:08:17 +0530 Subject: [PATCH 4/9] Update workflow triggers --- .github/workflows/docker.yaml | 15 +++++++++++---- .github/workflows/lint.yaml | 18 ++++++++++++------ .github/workflows/pre-commit.yaml | 20 ++++++++++++++------ .github/workflows/source.yaml | 14 +++++--------- 4 files changed, 42 insertions(+), 25 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 30b69fb..2f0e9f6 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -1,15 +1,22 @@ name: Docker Image Build -on: [ push, pull_request ] +on: + push: + branches-ignore: + - main + - dev + pull_request: + types: + - opened + - synchronize + - reopened jobs: - build: - runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Get short commit hash id: vars diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index c70cdda..ccb485f 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,6 +1,15 @@ name: Lint -on: [ push, pull_request ] +on: + push: + branches-ignore: + - main + - dev + pull_request: + types: + - opened + - synchronize + - reopened jobs: lint: @@ -11,14 +20,11 @@ jobs: python-version: [ "3.11", "3.12", "3.13" ] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v3 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - - name: Install dependencies - run: | - pip install -r requirements.txt - name: Install Ruff run: pip install ruff diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 10898ba..4e60f00 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -1,6 +1,15 @@ name: Pre-Commit Checks -on: [ push, pull_request ] +on: + push: + branches-ignore: + - main + - dev + pull_request: + types: + - opened + - synchronize + - reopened jobs: pre-commit: @@ -16,7 +25,6 @@ jobs: TEST_SRN: ${{ secrets.TEST_SRN }} TEST_PASSWORD: ${{ secrets.TEST_PASSWORD }} TEST_BRANCH: ${{ secrets.TEST_BRANCH }} - TEST_BRANCH_SHORT_CODE: ${{ secrets.TEST_BRANCH_SHORT_CODE }} TEST_PROGRAM: ${{ secrets.TEST_PROGRAM }} TEST_SEMESTER: ${{ secrets.TEST_SEMESTER }} TEST_SECTION: ${{ secrets.TEST_SECTION }} @@ -26,18 +34,18 @@ jobs: TEST_CAMPUS_CODE: ${{ secrets.TEST_CAMPUS_CODE }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v3 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Install dependencies run: | python -m pip install --upgrade pip - pip install -r requirements.txt - pip install pre-commit pytest pytest-cov httpx python-dotenv pytest-asyncio + pip install . + pip install .[dev] - name: Run pre-commit hooks run: pre-commit run --all-files diff --git a/.github/workflows/source.yaml b/.github/workflows/source.yaml index d3bcadf..b637698 100644 --- a/.github/workflows/source.yaml +++ b/.github/workflows/source.yaml @@ -26,25 +26,21 @@ jobs: - name: Validate PR origin and target branch run: | - # Allow dev → main PRs, but only if it's within the same repo (not a fork) - if [ "$SOURCE_REPO" = "$TARGET_REPO" ] && [ "$SOURCE_BRANCH" = "dev" ] && [ "$TARGET_BRANCH" = "main" ]; then - echo "✅ Dev to Main PR (release) allowed (same repo)." - exit 0 - fi - - # Otherwise: PRs must come from a fork, non-main branch, targeting dev + # PRs must come from a fork if [ "$SOURCE_REPO" = "$TARGET_REPO" ]; then - echo "❌ PR must come from a fork (not the main repo)." + echo "❌ PR must come from a fork." exit 1 fi + # PRs cannot come from the 'main' branch of a fork if [ "$SOURCE_BRANCH" = "main" ]; then echo "❌ PR cannot come from the 'main' branch of a fork." exit 1 fi + # PRs must target the 'dev' branch only if [ "$TARGET_BRANCH" != "dev" ]; then - echo "❌ PR must target the 'dev' branch (unless it's a dev → main release)." + echo "❌ PR must target the 'dev' branch only. PRs to 'main' are not allowed." exit 1 fi From 625df1162b613b9cd3cba490f545b47030fca9b5 Mon Sep 17 00:00:00 2001 From: aditeyabaral Date: Wed, 3 Sep 2025 14:09:49 +0530 Subject: [PATCH 5/9] Create staging workflow --- .github/workflows/deploy-staging.yaml | 29 +++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/deploy-staging.yaml diff --git a/.github/workflows/deploy-staging.yaml b/.github/workflows/deploy-staging.yaml new file mode 100644 index 0000000..f2d6a91 --- /dev/null +++ b/.github/workflows/deploy-staging.yaml @@ -0,0 +1,29 @@ +name: Deploy to Staging + +on: + push: + branches: + - dev + +jobs: + # Deploy to staging environment + deploy-to-staging: + runs-on: ubuntu-latest + env: + RENDER_DEPLOY_HOOK_URL_DEV: ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} + steps: + - name: Check Staging Deploy Hook URL + run: | + if [ -z "${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }}" ]; then + echo "❌ Staging deploy hook missing!" + exit 1 + fi + + - name: Deploy to Staging Environment + run: | + echo "🚀 Deploying to Staging..." + curl -X POST ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} || { + echo "❌ Staging deploy failed!" + exit 1 + } + echo "✅ Staging deployment completed successfully!" \ No newline at end of file From e26b25aed93fa4b3f4b2f4e5007712bdc3476247 Mon Sep 17 00:00:00 2001 From: aditeyabaral Date: Wed, 3 Sep 2025 18:50:27 +0530 Subject: [PATCH 6/9] Update staging and prod workflow --- .../{deploy.yaml => deploy-prod.yaml} | 107 ++++++++++-------- .github/workflows/deploy-staging.yaml | 4 +- 2 files changed, 63 insertions(+), 48 deletions(-) rename .github/workflows/{deploy.yaml => deploy-prod.yaml} (65%) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy-prod.yaml similarity index 65% rename from .github/workflows/deploy.yaml rename to .github/workflows/deploy-prod.yaml index 15a1034..6ec1078 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy-prod.yaml @@ -1,21 +1,21 @@ -name: Deploy +name: Deploy to Production on: - workflow_run: - workflows: [ "Pre-Commit Checks" ] - types: - - completed + workflow_dispatch: + +env: + # Array of usernames allowed to trigger production deploys + ALLOWED_USERS: '["aditeyabaral", "achyu-dev", "ndigvijay"]' jobs: - # Syncing Dev to main + # Sync dev branch to main before deployment sync-dev-to-main: runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.head_branch == 'main' && github.event.workflow_run.conclusion == 'success' }} + if: ${{ contains(fromJson(env.ALLOWED_USERS), github.actor) }} steps: - - name: Checkout main branch - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v4 with: - ref: main token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 @@ -24,83 +24,107 @@ jobs: git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" - - name: Fetch dev branch - run: git fetch origin dev + - name: Fetch all branches + run: | + git fetch origin dev + git fetch origin main + + - name: Checkout main branch + run: git checkout main - name: Merge dev into main run: | git merge --ff-only origin/dev || { - echo "❌ Merge conflict detected. Please resolve conflicts manually." + echo "❌ Fast-forward merge failed. Manual conflict resolution required." + echo "Please ensure dev branch is ahead of main with no conflicts." git merge --abort exit 1 } - - name: Push changes to main + - name: Push updated main branch run: git push origin main - # Docker build and push (main only) + # Build and push Docker images push-to-dockerhub: runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.head_branch == 'main' && github.event.workflow_run.conclusion == 'success' }} + needs: sync-dev-to-main + if: ${{ contains(fromJson(env.ALLOWED_USERS), github.actor) }} env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} steps: - - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: main + - name: Check Docker credentials run: | if [ -z "${{ secrets.DOCKER_USERNAME }}" ] || [ -z "${{ secrets.DOCKER_PASSWORD }}" ]; then - echo "Secrets missing, skipping push" + echo "❌ Docker credentials missing, skipping Docker Hub push" exit 1 fi + - name: Get short commit hash id: vars run: echo "tag=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" + - name: Log in to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + - name: Build and tag image run: | docker build . --tag ${{ secrets.DOCKER_USERNAME }}/pesu-auth:${{ steps.vars.outputs.tag }} docker tag ${{ secrets.DOCKER_USERNAME }}/pesu-auth:${{ steps.vars.outputs.tag }} ${{ secrets.DOCKER_USERNAME }}/pesu-auth:latest + - name: Push image to Docker Hub run: | docker push ${{ secrets.DOCKER_USERNAME }}/pesu-auth:${{ steps.vars.outputs.tag }} docker push ${{ secrets.DOCKER_USERNAME }}/pesu-auth:latest - # GHCR build and push (main only) + # Push to GitHub Container Registry push-to-ghcr: runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.head_branch == 'main' && github.event.workflow_run.conclusion == 'success' }} + needs: sync-dev-to-main + if: ${{ contains(fromJson(env.ALLOWED_USERS), github.actor) }} permissions: contents: read packages: write steps: - - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: main + - name: Get short commit hash id: vars run: echo "tag=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" + - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and tag image for GHCR run: | docker build . --tag ghcr.io/${{ github.repository_owner }}/pesu-auth:${{ steps.vars.outputs.tag }} docker tag ghcr.io/${{ github.repository_owner }}/pesu-auth:${{ steps.vars.outputs.tag }} ghcr.io/${{ github.repository_owner }}/pesu-auth:latest + - name: Push image to GitHub Container Registry run: | docker push ghcr.io/${{ github.repository_owner }}/pesu-auth:${{ steps.vars.outputs.tag }} docker push ghcr.io/${{ github.repository_owner }}/pesu-auth:latest - # Deploy both environments on main + # Deploy to both Production and Staging deploy-prod-and-staging: runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.head_branch == 'main' && github.event.workflow_run.conclusion == 'success' }} + needs: [sync-dev-to-main, push-to-dockerhub, push-to-ghcr] + if: ${{ contains(fromJson(env.ALLOWED_USERS), github.actor) }} env: RENDER_DEPLOY_HOOK_URL_PROD: ${{ secrets.RENDER_DEPLOY_HOOK_URL_PROD }} RENDER_DEPLOY_HOOK_URL_DEV: ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} @@ -108,13 +132,14 @@ jobs: - name: Check Deploy Hook URLs run: | if [ -z "${{ secrets.RENDER_DEPLOY_HOOK_URL_PROD }}" ]; then - echo "Production deploy hook missing!" + echo "❌ Production deploy hook missing!" exit 1 fi if [ -z "${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }}" ]; then - echo "Staging deploy hook missing!" + echo "❌ Staging deploy hook missing!" exit 1 fi + - name: Deploy to Production run: | echo "🚀 Deploying to Production..." @@ -122,31 +147,21 @@ jobs: echo "❌ Production deploy failed!" exit 1 } - - name: Sync Staging with Production - run: | - echo "🚀 Deploying to Staging (mirror prod)..." - curl -X POST ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} || { - echo "❌ Staging deploy failed!" - exit 1 - } + echo "✅ Production deployment completed successfully!" - # Deploy only to staging on dev - deploy-staging-only: - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.head_branch == 'dev' && github.event.workflow_run.conclusion == 'success' }} - env: - RENDER_DEPLOY_HOOK_URL_DEV: ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} - steps: - - name: Check Staging Deploy Hook URL - run: | - if [ -z "${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }}" ]; then - echo "Staging deploy hook missing!" - exit 1 - fi - - name: Deploy to Staging (Dev branch) + - name: Deploy to Staging run: | echo "🚀 Deploying to Staging..." curl -X POST ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} || { echo "❌ Staging deploy failed!" exit 1 } + echo "✅ Staging deployment completed successfully!" + + - name: Deployment Summary + run: | + echo "🎉 All deployments completed successfully!" + echo "✅ Branch sync: dev → main" + echo "✅ Docker images: pushed to Docker Hub and GHCR" + echo "✅ Production: deployed" + echo "✅ Staging: deployed" diff --git a/.github/workflows/deploy-staging.yaml b/.github/workflows/deploy-staging.yaml index f2d6a91..2784cb2 100644 --- a/.github/workflows/deploy-staging.yaml +++ b/.github/workflows/deploy-staging.yaml @@ -18,7 +18,7 @@ jobs: echo "❌ Staging deploy hook missing!" exit 1 fi - + - name: Deploy to Staging Environment run: | echo "🚀 Deploying to Staging..." @@ -26,4 +26,4 @@ jobs: echo "❌ Staging deploy failed!" exit 1 } - echo "✅ Staging deployment completed successfully!" \ No newline at end of file + echo "✅ Staging deployment completed successfully!" From 62a41a9a09894cdc4d0c5e3105003a87bf37944d Mon Sep 17 00:00:00 2001 From: aditeyabaral Date: Wed, 3 Sep 2025 18:57:34 +0530 Subject: [PATCH 7/9] Update workflow names --- .github/workflows/deploy-staging.yaml | 2 +- .github/workflows/pre-commit.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-staging.yaml b/.github/workflows/deploy-staging.yaml index 2784cb2..78a3e84 100644 --- a/.github/workflows/deploy-staging.yaml +++ b/.github/workflows/deploy-staging.yaml @@ -7,7 +7,7 @@ on: jobs: # Deploy to staging environment - deploy-to-staging: + deploy-staging: runs-on: ubuntu-latest env: RENDER_DEPLOY_HOOK_URL_DEV: ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 4e60f00..80abcea 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -12,7 +12,7 @@ on: - reopened jobs: - pre-commit: + pre-commit-checks: runs-on: ubuntu-latest strategy: max-parallel: 1 From 84963388cde565c04562b618a70b9fc76857ab12 Mon Sep 17 00:00:00 2001 From: aditeyabaral Date: Wed, 3 Sep 2025 19:15:37 +0530 Subject: [PATCH 8/9] Update pre-commit workflow --- .github/workflows/pre-commit.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 80abcea..ce77c93 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -44,7 +44,6 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install . pip install .[dev] - name: Run pre-commit hooks From 0ede044a89b8218825bda86b92dfd3ee58dbc1a5 Mon Sep 17 00:00:00 2001 From: aditeyabaral Date: Wed, 3 Sep 2025 19:41:46 +0530 Subject: [PATCH 9/9] Update pre-commit workflow --- .github/workflows/deploy-staging.yaml | 8 +++++--- .github/workflows/pre-commit.yaml | 11 +---------- 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/.github/workflows/deploy-staging.yaml b/.github/workflows/deploy-staging.yaml index 78a3e84..10813b8 100644 --- a/.github/workflows/deploy-staging.yaml +++ b/.github/workflows/deploy-staging.yaml @@ -1,14 +1,16 @@ name: Deploy to Staging on: - push: - branches: - - dev + workflow_run: + workflows: [ "Pre-Commit Checks" ] + types: + - completed jobs: # Deploy to staging environment deploy-staging: runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'dev' }} env: RENDER_DEPLOY_HOOK_URL_DEV: ${{ secrets.RENDER_DEPLOY_HOOK_URL_DEV }} steps: diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index ce77c93..c4e7349 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -1,15 +1,6 @@ name: Pre-Commit Checks -on: - push: - branches-ignore: - - main - - dev - pull_request: - types: - - opened - - synchronize - - reopened +on: [ push, pull_request ] jobs: pre-commit-checks: