From 88cafc7b8ee3cdc2bfc7b038df61c2c6f442c7c9 Mon Sep 17 00:00:00 2001 From: Reviewer Date: Sun, 14 Jun 2026 11:31:04 +0200 Subject: [PATCH] =?UTF-8?q?review:=20remove=20version-bump=20from=20deploy?= =?UTF-8?q?=20workflow=20=E2=80=94=20VERSION=20is=20read-only=20source=20o?= =?UTF-8?q?f=20truth?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/deploy.yaml | 78 ++++++++++-------------------------- 1 file changed, 22 insertions(+), 56 deletions(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 852646b..c4b3904 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -15,12 +15,11 @@ run-name: 🚀 Deploy by @${{ gitea.actor }} # Concurrency: one deploy at a time. # Queued deploys wait — no race conditions with parallel builds. # -# Version-Bump / CI Loop Prevention: -# The version-bump commit includes "[skip ci]" in its message, -# which Gitea Actions respects. The auto-trigger additionally -# checks for "[skip ci]" as a second safety layer. Together -# they guarantee that a version-bump commit does NOT trigger -# another CI → Deploy → Bump → CI cycle. +# Version Management: +# The VERSION file in the repo root is the single source of truth. +# Version bumps happen in the Dev workflow BEFORE merge to main. +# The deploy workflow only reads, validates, and logs the version. +# The [skip ci] filter remains as a safety layer for auto-triggers. # ─────────────────────────────────────────────────────── concurrency: group: deploy-production @@ -36,15 +35,6 @@ on: # ── Manual Trigger (full control) ── workflow_dispatch: inputs: - version_bump: - description: 'Version bump type' - required: true - default: 'patch' - type: choice - options: - - patch - - minor - - major service: description: 'Service to deploy (empty = all)' required: false @@ -102,60 +92,39 @@ jobs: # ═══════════════════════════════════════════════════ # Step 3: Resolve deploy version # - # Deploying main: DevOps may bump VERSION and create a tag. - # Deploying any other ref: deploy exactly that ref, but DO NOT - # mutate main or create a version-bump commit on another branch. - # - # For auto-deploys (workflow_run): always "patch" bump on main. + # Reads VERSION from repo root — the single source of truth. + # Validates semver format, logs version + git metadata. + # No git mutation: version bumps happen in the Dev workflow. # ═══════════════════════════════════════════════════ - name: Resolve Version id: version run: | set -euo pipefail - # Determine bump type (auto-deploy → patch; manual → user choice) - BUMP_TYPE="${{ github.event_name == 'workflow_dispatch' && inputs.version_bump || 'patch' }}" - - # Read current version + # 1. Check VERSION exists if [ ! -f VERSION ]; then echo "❌ VERSION file not found" exit 1 fi - CURRENT=$(cat VERSION | tr -d '[:space:]') - if ! echo "$CURRENT" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then - echo "❌ Invalid semver in VERSION: '$CURRENT'" + # 2. Read and validate semver format + VERSION=$(cat VERSION | tr -d '[:space:]') + if ! echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then + echo "❌ Invalid semver in VERSION: '$VERSION'" exit 1 fi - MAJOR=$(echo "$CURRENT" | cut -d. -f1) - MINOR=$(echo "$CURRENT" | cut -d. -f2) - PATCH=$(echo "$CURRENT" | cut -d. -f3) + # 3. Log version, git ref, and describe + GIT_REF=$(git rev-parse --short HEAD) + GIT_DESCRIBE=$(git describe --always --dirty) - case "$BUMP_TYPE" in - major) NEW_MAJOR=$((MAJOR + 1)); NEW_MINOR=0; NEW_PATCH=0 ;; - minor) NEW_MAJOR=$MAJOR; NEW_MINOR=$((MINOR + 1)); NEW_PATCH=0 ;; - patch) NEW_MAJOR=$MAJOR; NEW_MINOR=$MINOR; NEW_PATCH=$((PATCH + 1)) ;; - *) echo "❌ Unknown bump type: $BUMP_TYPE"; exit 1 ;; - esac + echo "📦 Deploy version: v${VERSION}" + echo "🔖 Git ref: ${GIT_REF}" + echo "🏷️ Git describe: ${GIT_DESCRIBE}" - # Determine git ref — auto-deploy always uses main - DEPLOY_REF="${{ github.event_name == 'workflow_dispatch' && inputs.git_ref || 'main' }}" - if [ -z "$DEPLOY_REF" ] || [ "$DEPLOY_REF" = "main" ] || [ "$DEPLOY_REF" = "refs/heads/main" ]; then - NEW_VERSION="${NEW_MAJOR}.${NEW_MINOR}.${NEW_PATCH}" - echo "$NEW_VERSION" > VERSION - git add VERSION - git commit -m "chore: bump version to ${NEW_VERSION} [skip ci]" - git tag -a "v${NEW_VERSION}" -m "Release v${NEW_VERSION}" - git push origin HEAD:main --tags - echo "version=$NEW_VERSION" >> "$GITEA_OUTPUT" - echo "mutated_main=true" >> "$GITEA_OUTPUT" - echo "📦 Main deploy: version $CURRENT -> v${NEW_VERSION} (bump: $BUMP_TYPE, trigger: ${{ github.event_name }})" - else - echo "version=$CURRENT" >> "$GITEA_OUTPUT" - echo "mutated_main=false" >> "$GITEA_OUTPUT" - echo "📦 Non-main deploy from '$DEPLOY_REF': using committed VERSION $CURRENT without git mutation" - fi + # 4. Set outputs for downstream steps + echo "version=${VERSION}" >> "$GITEA_OUTPUT" + echo "mutated_main=false" >> "$GITEA_OUTPUT" # ═══════════════════════════════════════════════════ # Step 4: Build .env from secrets (SAFE) @@ -334,17 +303,14 @@ jobs: if: always() run: | TRIGGER="${{ github.event_name == 'workflow_run' && 'Auto (CI success)' || 'Manual (workflow_dispatch)' }}" - VERSION_BUMP="${{ github.event_name == 'workflow_dispatch' && inputs.version_bump || 'patch (auto)' }}" echo "" echo "═══════════════════════════════════════" echo " 📦 Deploy Summary" echo "═══════════════════════════════════════" echo " Version: v${{ steps.version.outputs.version }}" echo " Git ref: ${{ github.event_name == 'workflow_dispatch' && inputs.git_ref || 'main' }}" - echo " Main bump: ${{ steps.version.outputs.mutated_main }}" echo " Service: ${{ github.event_name == 'workflow_dispatch' && inputs.service || 'all' }}" echo " Trigger: ${TRIGGER}" - echo " Bump type: ${VERSION_BUMP}" echo " Actor: @${{ gitea.actor }}" echo " Status: ${{ job.status }}" echo "═══════════════════════════════════════"