ci(handbook): split deploy by branch — staging→DEV, develop→PRD#693
Merged
Conversation
The handbook deploy used to trigger only on push to develop and fan that single run out to BOTH environments, with both jobs pushing the same Docker tag (:beta). That coupled the environments and let a develop build clobber the dev image (and vice versa) on Docker Hub whenever builds overlapped. Split it into one environment per branch: - push to staging → build from staging → deploy DEV (dev-handbook.realunit.app, :beta) - push to develop → build from develop → deploy PRD (handbook.realunit.app, :latest) Changes: - handbook-deploy.yaml: trigger on [staging, develop]; route each branch to its env via per-job 'if: github.ref_name == ...'; drop the in-run needs:/sequential coupling (the 'DEV green before PRD' guarantee now comes from the staging→develop promotion flow); per-branch concurrency group (handbook-deploy-<ref_name>) so DEV and PRD never block/cancel each other; distinct image tags per env (:beta DEV, :latest PRD) to stop the clobber. - handbook.yaml: add a required 'ref' input and check out THIS repo at it, so DEV builds the staging 'Stand' and PRD the develop 'Stand'. The DFXswiss/api mail-preview checkout stays pinned to develop for both envs (it does not track the handbook branch split). - docs: README workflow table, docs/handbook/README.md trigger section, and two handbook index.html prose spots updated to the new mapping. The image tags (:beta DEV / :latest PRD) match the mapping already documented in README.md, so the server-side compose references stay valid. Verified locally: actionlint clean on the changed workflows (only pre-existing SC2012 infos in the untouched mail-preview step), both handbook generators are no-ops on the edited index.html (sync gates green), docker build + container smoke pass.
Address review: update doc-comments that the branch split made inaccurate. - handbook.yaml header: drop the 'fans out DEV→PRD with needs:' description, list the new 'ref' parameter, point at the promotion-flow guarantee. - handbook-build-check.yaml header: 'develop push → DEV → PRD' → 'staging push → DEV, develop push → PRD'. - docs/handbook/README.md: golden-baseline pickup is staging→DEV / develop→PRD, not a develop push.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Der Handbook-Deploy triggerte bisher nur auf
developund fächerte diesen einen Run in beide Environments auf — beide Jobs pushten denselben Docker-Tag (:beta). Das koppelt DEV und PRD und führt zum Clobber: ein develop-Build überschreibt das dev-Image (und umgekehrt) auf Docker Hub, sobald sich Builds zeitlich überlappen.Lösung: ein Environment pro Branch
staging:betadevelop:latestÄnderungen
.github/workflows/handbook-deploy.yaml[staging, develop](+workflow_dispatch, Ziel-Env nach dispatchtem Branch)if: github.ref_name == 'staging' | 'develop'needs:/sequenziell) entfernt — die „DEV grün vor PRD"-Garantie liefert jetzt der Promotion-Flow selbst: Inhalt erreichtdeveloperst nachstaging(viaauto-staging-pr.yaml), also nach DEV-Build+Smokehandbook-deploy-${{ github.ref_name }}) → DEV und PRD blockieren/canceln sich nicht mehr gegenseitig:betaDEV,:latestPRD) → kein Clobber mehr.github/workflows/handbook.yamlref; der Handbook-Checkout nutzt ihn → DEV baut den staging-Stand, PRD den develop-Stand (jeweils der triggernde Branch)DFXswiss/api-Mail-Preview-Checkout bleibt für beide Envs aufdevelopgepinnt (er folgt dem Handbook-Branch-Split bewusst nicht) — klargestellt im Code-KommentarDoku: README-Workflow-Tabelle,
docs/handbook/README.mdTrigger-Sektion und zwei Prosa-Stellen indocs/handbook/de/index.htmlauf das neue Mapping aktualisiert.Tag-Wahl / Server-Kompatibilität
Die Tags
:beta(DEV) /:latest(PRD) entsprechen exakt dem bereits inREADME.mddokumentierten Mapping (der YAML war auf beide-:betaregressiert). Damit bleiben die serverseitigen Compose-Referenzen auf dfxdev/dfxprd gültig — keine Server-Änderung nötig.Lokal verifiziert
actionlintsauber auf beiden geänderten Workflows (Reusable-Input-Verdrahtung inkl. neuemrefvalide). Die einzigen Hinweise sind vorbestehendeSC2012-infos in der nicht angefassten Mail-Preview-Stufe.index.html(Sync-Gates grün)docker build -f Dockerfile.handbook+ Container-Smoke (/healthz200,/de/401) grün; geänderte Prosa im Image vorhanden