bao/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

review: remove version-bump from deploy workflow — VERSION is read-only source of truth
CI - Build & Test / Backend (.NET) (push) Successful in 27s
Details
CI - Build & Test / Frontend (Vue/TS) (push) Has been cancelled
Details
CI - Build & Test / Security Check (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Reviewer
2026-06-14 11:31:04 +02:00
parent 485357c6dc
commit 88cafc7b8e
1 changed files with 22 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/deploy.yaml
+22 -56
View File
@@ -15,12 +15,11 @@ run-name: 🚀 Deploy by @${{ gitea.actor }}
# Concurrency: one deploy at a time.
# Queued deploys wait — no race conditions with parallel builds.
#
# Version-Bump / CI Loop Prevention:
# The version-bump commit includes "[skip ci]" in its message,
# which Gitea Actions respects. The auto-trigger additionally
# checks for "[skip ci]" as a second safety layer. Together
# they guarantee that a version-bump commit does NOT trigger
# another CI → Deploy → Bump → CI cycle.
# Version Management:
# The VERSION file in the repo root is the single source of truth.
# Version bumps happen in the Dev workflow BEFORE merge to main.
# The deploy workflow only reads, validates, and logs the version.
# The [skip ci] filter remains as a safety layer for auto-triggers.
# ───────────────────────────────────────────────────────
concurrency:
group: deploy-production
@@ -36,15 +35,6 @@ on:
# ── Manual Trigger (full control) ──
workflow_dispatch:
inputs:
version_bump:
description: 'Version bump type'
required: true
default: 'patch'
type: choice
options:
- patch
- minor
- major
service:
description: 'Service to deploy (empty = all)'
required: false
@@ -102,60 +92,39 @@ jobs:
# ═══════════════════════════════════════════════════
# Step 3: Resolve deploy version
#
# Deploying main: DevOps may bump VERSION and create a tag.
# Deploying any other ref: deploy exactly that ref, but DO NOT
# mutate main or create a version-bump commit on another branch.
#
# For auto-deploys (workflow_run): always "patch" bump on main.
# Reads VERSION from repo root — the single source of truth.
# Validates semver format, logs version + git metadata.
# No git mutation: version bumps happen in the Dev workflow.
# ═══════════════════════════════════════════════════
- name: Resolve Version
id: version
run: |
set -euo pipefail
# Determine bump type (auto-deploy → patch; manual → user choice)
BUMP_TYPE="${{ github.event_name == 'workflow_dispatch' && inputs.version_bump || 'patch' }}"
# Read current version
# 1. Check VERSION exists
if [ ! -f VERSION ]; then
echo "❌ VERSION file not found"
exit 1
fi
CURRENT=$(cat VERSION | tr -d '[:space:]')
if ! echo "$CURRENT" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then
echo "❌ Invalid semver in VERSION: '$CURRENT'"
# 2. Read and validate semver format
VERSION=$(cat VERSION | tr -d '[:space:]')
if ! echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then
echo "❌ Invalid semver in VERSION: '$VERSION'"
exit 1
fi
MAJOR=$(echo "$CURRENT" | cut -d. -f1)
MINOR=$(echo "$CURRENT" | cut -d. -f2)
PATCH=$(echo "$CURRENT" | cut -d. -f3)
# 3. Log version, git ref, and describe
GIT_REF=$(git rev-parse --short HEAD)
GIT_DESCRIBE=$(git describe --always --dirty)
case "$BUMP_TYPE" in
major) NEW_MAJOR=$((MAJOR + 1)); NEW_MINOR=0; NEW_PATCH=0 ;;
minor) NEW_MAJOR=$MAJOR; NEW_MINOR=$((MINOR + 1)); NEW_PATCH=0 ;;
patch) NEW_MAJOR=$MAJOR; NEW_MINOR=$MINOR; NEW_PATCH=$((PATCH + 1)) ;;
*) echo "❌ Unknown bump type: $BUMP_TYPE"; exit 1 ;;
esac
echo "📦 Deploy version: v${VERSION}"
echo "🔖 Git ref: ${GIT_REF}"
echo "🏷️ Git describe: ${GIT_DESCRIBE}"
# Determine git ref — auto-deploy always uses main
DEPLOY_REF="${{ github.event_name == 'workflow_dispatch' && inputs.git_ref || 'main' }}"
if [ -z "$DEPLOY_REF" ] || [ "$DEPLOY_REF" = "main" ] || [ "$DEPLOY_REF" = "refs/heads/main" ]; then
NEW_VERSION="${NEW_MAJOR}.${NEW_MINOR}.${NEW_PATCH}"
echo "$NEW_VERSION" > VERSION
git add VERSION
git commit -m "chore: bump version to ${NEW_VERSION} [skip ci]"
git tag -a "v${NEW_VERSION}" -m "Release v${NEW_VERSION}"
git push origin HEAD:main --tags
echo "version=$NEW_VERSION" >> "$GITEA_OUTPUT"
echo "mutated_main=true" >> "$GITEA_OUTPUT"
echo "📦 Main deploy: version $CURRENT -> v${NEW_VERSION} (bump: $BUMP_TYPE, trigger: ${{ github.event_name }})"
else
echo "version=$CURRENT" >> "$GITEA_OUTPUT"
echo "mutated_main=false" >> "$GITEA_OUTPUT"
echo "📦 Non-main deploy from '$DEPLOY_REF': using committed VERSION $CURRENT without git mutation"
fi
# 4. Set outputs for downstream steps
echo "version=${VERSION}" >> "$GITEA_OUTPUT"
echo "mutated_main=false" >> "$GITEA_OUTPUT"
# ═══════════════════════════════════════════════════
# Step 4: Build .env from secrets (SAFE)
@@ -334,17 +303,14 @@ jobs:
if: always()
run: |
TRIGGER="${{ github.event_name == 'workflow_run' && 'Auto (CI success)' || 'Manual (workflow_dispatch)' }}"
VERSION_BUMP="${{ github.event_name == 'workflow_dispatch' && inputs.version_bump || 'patch (auto)' }}"
echo ""
echo "═══════════════════════════════════════"
echo " 📦 Deploy Summary"
echo "═══════════════════════════════════════"
echo " Version: v${{ steps.version.outputs.version }}"
echo " Git ref: ${{ github.event_name == 'workflow_dispatch' && inputs.git_ref || 'main' }}"
echo " Main bump: ${{ steps.version.outputs.mutated_main }}"
echo " Service: ${{ github.event_name == 'workflow_dispatch' && inputs.service || 'all' }}"
echo " Trigger: ${TRIGGER}"
echo " Bump type: ${VERSION_BUMP}"
echo " Actor: @${{ gitea.actor }}"
echo " Status: ${{ job.status }}"
echo "═══════════════════════════════════════"