Skip to content

Commit 220b28f

Browse files
fix
1 parent 3989f7f commit 220b28f

4 files changed

Lines changed: 19 additions & 38 deletions

File tree

.github/workflows/core-ci.yml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,12 @@
11
name: "[Core] CI"
22

3+
# Continuous Integration pipeline for the platform.
4+
# Runs on push to tracked branches and release tags. On success, artifacts
5+
# are picked up by the downstream promotion and deployment automation.
6+
37
on:
48
push:
5-
branches: [main]
9+
branches: [main, testing-xtm-one]
610
tags:
711
- "[0-9]*.[0-9]*.[0-9]*"
812
pull_request:

.github/workflows/deploy-feature-branch-build.yml

Lines changed: 5 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,10 @@ name: "[Core] Deploy Feature Branch Build"
33
# Unprivileged build workflow dispatched by deploy-feature-branch.yml.
44
# SECURITY: This workflow has contents:read ONLY — no secrets, no write token.
55
# It checks out and builds untrusted PR code in a safe sandbox.
6+
#
7+
# The Docker image is built from source via a multi-stage Dockerfile — no
8+
# pre-compiled artifacts are needed. On success, the OCI archive is uploaded
9+
# as an artifact for downstream promotion and deployment.
610

711
on:
812
workflow_dispatch:
@@ -28,42 +32,10 @@ permissions:
2832
contents: read # strictly read-only — no secrets, no write token
2933

3034
jobs:
31-
backend-compile:
32-
name: "🔨 Backend Compile"
33-
runs-on: ubuntu-latest
34-
timeout-minutes: 10
35-
steps:
36-
- uses: actions/checkout@v7
37-
with:
38-
ref: ${{ inputs.head_sha }}
39-
- uses: ./.github/actions/backend-compile
40-
41-
frontend-build:
42-
name: "🎨 Frontend Build"
43-
runs-on: ubuntu-latest
44-
timeout-minutes: 15
45-
steps:
46-
- uses: actions/checkout@v7
47-
with:
48-
ref: ${{ inputs.head_sha }}
49-
- uses: ./.github/actions/frontend-build
50-
51-
backend-package:
52-
name: "📦 Backend Package"
53-
needs: [frontend-build, backend-compile]
54-
runs-on: ubuntu-latest
55-
timeout-minutes: 15
56-
steps:
57-
- uses: actions/checkout@v7
58-
with:
59-
ref: ${{ inputs.head_sha }}
60-
- uses: ./.github/actions/backend-package
61-
6235
docker-build:
6336
name: "🐳 Docker Build"
64-
needs: backend-package
6537
runs-on: ubuntu-latest
66-
timeout-minutes: 20
38+
timeout-minutes: 30
6739
steps:
6840
- uses: actions/checkout@v7
6941
with:

.github/workflows/deploy-feature-branch-done.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,11 @@
11
name: "[Core] Deploy Feature Branch Done"
22

3-
# Privileged follow-up: triggered when the unprivileged build completes.
3+
# Triggered when the unprivileged build workflow completes.
4+
# Updates the PR comment with the build result. On success, downstream
5+
# automation picks up the artifact and handles promotion + deployment.
6+
#
47
# SECURITY: This workflow NEVER checks out PR code. It only downloads
5-
# the metadata artifact and updates the PR comment with the result.
8+
# the metadata artifact and updates the PR comment.
69

710
on:
811
workflow_run:

.github/workflows/deploy-feature-branch.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,9 @@
11
name: "[Core] Deploy Feature Branch"
22

3-
# Privileged workflow: handles /deploy comment, posts PR comment,
4-
# then dispatches the unprivileged build workflow.
3+
# Handles the /deploy command on PRs. Posts an in-progress comment, then
4+
# dispatches the unprivileged build workflow (deploy-feature-branch-build.yml).
5+
# Once that build succeeds, downstream automation promotes and deploys the image.
6+
#
57
# SECURITY: This workflow NEVER checks out PR code. It only does API calls.
68

79
on:

0 commit comments

Comments
 (0)