bao/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

review: remove version-bump from deploy workflow — VERSION is read-only source of truth
CI - Build & Test / Backend (.NET) (push) Successful in 27s
Details
CI - Build & Test / Frontend (Vue/TS) (push) Has been cancelled
Details
CI - Build & Test / Security Check (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Reviewer
2026-06-14 11:31:04 +02:00
parent 485357c6dc
commit 88cafc7b8e
1 changed files with 22 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/deploy.yaml
+22 -56
View File
@@ -15,12 +15,11 @@ run-name: 🚀 Deploy by @${{ gitea.actor }}
# Concurrency: one deploy at a time. # Concurrency: one deploy at a time.
# Queued deploys wait — no race conditions with parallel builds. # Queued deploys wait — no race conditions with parallel builds.
# #
# Version-Bump / CI Loop Prevention: # Version Management:
# The version-bump commit includes "[skip ci]" in its message, # The VERSION file in the repo root is the single source of truth.
# which Gitea Actions respects. The auto-trigger additionally # Version bumps happen in the Dev workflow BEFORE merge to main.
# checks for "[skip ci]" as a second safety layer. Together # The deploy workflow only reads, validates, and logs the version.
# they guarantee that a version-bump commit does NOT trigger # The [skip ci] filter remains as a safety layer for auto-triggers.
# another CI → Deploy → Bump → CI cycle.
# ─────────────────────────────────────────────────────── # ───────────────────────────────────────────────────────
concurrency: concurrency:
group: deploy-production group: deploy-production
@@ -36,15 +35,6 @@ on:
# ── Manual Trigger (full control) ── # ── Manual Trigger (full control) ──
workflow_dispatch: workflow_dispatch:
inputs: inputs:
version_bump:
description: 'Version bump type'
required: true
default: 'patch'
type: choice
options:
- patch
- minor
- major
service: service:
description: 'Service to deploy (empty = all)' description: 'Service to deploy (empty = all)'
required: false required: false
@@ -102,60 +92,39 @@ jobs:
# ═══════════════════════════════════════════════════ # ═══════════════════════════════════════════════════
# Step 3: Resolve deploy version # Step 3: Resolve deploy version
# #
# Deploying main: DevOps may bump VERSION and create a tag. # Reads VERSION from repo root — the single source of truth.
# Deploying any other ref: deploy exactly that ref, but DO NOT # Validates semver format, logs version + git metadata.
# mutate main or create a version-bump commit on another branch. # No git mutation: version bumps happen in the Dev workflow.
#
# For auto-deploys (workflow_run): always "patch" bump on main.
# ═══════════════════════════════════════════════════ # ═══════════════════════════════════════════════════
- name: Resolve Version - name: Resolve Version
id: version id: version
run: | run: |
set -euo pipefail set -euo pipefail
# Determine bump type (auto-deploy → patch; manual → user choice) # 1. Check VERSION exists
BUMP_TYPE="${{ github.event_name == 'workflow_dispatch' && inputs.version_bump || 'patch' }}"
# Read current version
if [ ! -f VERSION ]; then if [ ! -f VERSION ]; then
echo "❌ VERSION file not found" echo "❌ VERSION file not found"
exit 1 exit 1
fi fi
CURRENT=$(cat VERSION | tr -d '[:space:]') # 2. Read and validate semver format
if ! echo "$CURRENT" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then VERSION=$(cat VERSION | tr -d '[:space:]')
echo "❌ Invalid semver in VERSION: '$CURRENT'" if ! echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then
echo "❌ Invalid semver in VERSION: '$VERSION'"
exit 1 exit 1
fi fi
MAJOR=$(echo "$CURRENT" | cut -d. -f1) # 3. Log version, git ref, and describe
MINOR=$(echo "$CURRENT" | cut -d. -f2) GIT_REF=$(git rev-parse --short HEAD)
PATCH=$(echo "$CURRENT" | cut -d. -f3) GIT_DESCRIBE=$(git describe --always --dirty)
case "$BUMP_TYPE" in echo "📦 Deploy version: v${VERSION}"
major) NEW_MAJOR=$((MAJOR + 1)); NEW_MINOR=0; NEW_PATCH=0 ;; echo "🔖 Git ref: ${GIT_REF}"
minor) NEW_MAJOR=$MAJOR; NEW_MINOR=$((MINOR + 1)); NEW_PATCH=0 ;; echo "🏷️ Git describe: ${GIT_DESCRIBE}"
patch) NEW_MAJOR=$MAJOR; NEW_MINOR=$MINOR; NEW_PATCH=$((PATCH + 1)) ;;
*) echo "❌ Unknown bump type: $BUMP_TYPE"; exit 1 ;;
esac
# Determine git ref — auto-deploy always uses main # 4. Set outputs for downstream steps
DEPLOY_REF="${{ github.event_name == 'workflow_dispatch' && inputs.git_ref || 'main' }}" echo "version=${VERSION}" >> "$GITEA_OUTPUT"
if [ -z "$DEPLOY_REF" ] || [ "$DEPLOY_REF" = "main" ] || [ "$DEPLOY_REF" = "refs/heads/main" ]; then echo "mutated_main=false" >> "$GITEA_OUTPUT"
NEW_VERSION="${NEW_MAJOR}.${NEW_MINOR}.${NEW_PATCH}"
echo "$NEW_VERSION" > VERSION
git add VERSION
git commit -m "chore: bump version to ${NEW_VERSION} [skip ci]"
git tag -a "v${NEW_VERSION}" -m "Release v${NEW_VERSION}"
git push origin HEAD:main --tags
echo "version=$NEW_VERSION" >> "$GITEA_OUTPUT"
echo "mutated_main=true" >> "$GITEA_OUTPUT"
echo "📦 Main deploy: version $CURRENT -> v${NEW_VERSION} (bump: $BUMP_TYPE, trigger: ${{ github.event_name }})"
else
echo "version=$CURRENT" >> "$GITEA_OUTPUT"
echo "mutated_main=false" >> "$GITEA_OUTPUT"
echo "📦 Non-main deploy from '$DEPLOY_REF': using committed VERSION $CURRENT without git mutation"
fi
# ═══════════════════════════════════════════════════ # ═══════════════════════════════════════════════════
# Step 4: Build .env from secrets (SAFE) # Step 4: Build .env from secrets (SAFE)
@@ -334,17 +303,14 @@ jobs:
if: always() if: always()
run: | run: |
TRIGGER="${{ github.event_name == 'workflow_run' && 'Auto (CI success)' || 'Manual (workflow_dispatch)' }}" TRIGGER="${{ github.event_name == 'workflow_run' && 'Auto (CI success)' || 'Manual (workflow_dispatch)' }}"
VERSION_BUMP="${{ github.event_name == 'workflow_dispatch' && inputs.version_bump || 'patch (auto)' }}"
echo "" echo ""
echo "═══════════════════════════════════════" echo "═══════════════════════════════════════"
echo " 📦 Deploy Summary" echo " 📦 Deploy Summary"
echo "═══════════════════════════════════════" echo "═══════════════════════════════════════"
echo " Version: v${{ steps.version.outputs.version }}" echo " Version: v${{ steps.version.outputs.version }}"
echo " Git ref: ${{ github.event_name == 'workflow_dispatch' && inputs.git_ref || 'main' }}" echo " Git ref: ${{ github.event_name == 'workflow_dispatch' && inputs.git_ref || 'main' }}"
echo " Main bump: ${{ steps.version.outputs.mutated_main }}"
echo " Service: ${{ github.event_name == 'workflow_dispatch' && inputs.service || 'all' }}" echo " Service: ${{ github.event_name == 'workflow_dispatch' && inputs.service || 'all' }}"
echo " Trigger: ${TRIGGER}" echo " Trigger: ${TRIGGER}"
echo " Bump type: ${VERSION_BUMP}"
echo " Actor: @${{ gitea.actor }}" echo " Actor: @${{ gitea.actor }}"
echo " Status: ${{ job.status }}" echo " Status: ${{ job.status }}"
echo "═══════════════════════════════════════" echo "═══════════════════════════════════════"