Skip to content

Publish locked Netlify production deploys after CI#99

Draft
john-kurkowski wants to merge 2 commits into
masterfrom
codex/locked-netlify-publish
Draft

Publish locked Netlify production deploys after CI#99
john-kurkowski wants to merge 2 commits into
masterfrom
codex/locked-netlify-publish

Conversation

@john-kurkowski

@john-kurkowski john-kurkowski commented Jun 14, 2026

Copy link
Copy Markdown
Owner

Context

Production deploys currently come from GitHub Actions building the site and uploading dist directly to Netlify. That works, but it creates duplicate production deploy entries because Netlify also observes the production branch.

This changes the model so Netlify owns production builds, while GitHub Actions acts as the CI gate that publishes the matching Netlify-built deploy only after checks pass. Auto publishing is locked in Netlify, so production deploys are built but not made live until GHA explicitly publishes the deploy for the pushed commit.

Changes

  • Re-enable Netlify production builds by removing the production ignore rule from netlify.toml.
  • Replace the production artifact upload step in GitHub Actions with a publish step.
  • Add src/scripts/publish-netlify-production-deploy.ts to:
    • poll Netlify production deploys for the current GITHUB_SHA
    • require the matching deploy to be for master and production
    • wait for in-progress deploys to become ready
    • fail on skipped, errored, unsupported, or missing deploys
    • publish the exact matching deploy via Netlify’s restore endpoint
  • Add tsx as a direct dev dependency for running the TypeScript script in CI.
  • Add tests for matching, publishing, waiting, failure, skipped deploys, and timeout behavior.

Test Plan

  1. Open a PR from a non-master branch and confirm Netlify still creates a normal Deploy Preview.
  2. Push or merge a commit to master and confirm Netlify creates a production deploy but does not publish it automatically while auto publishing is locked.
  3. Confirm the GitHub Actions production deploy job waits for the Netlify deploy for the same commit SHA, then publishes that deploy after the required checks pass.
  4. In Netlify’s deploy list, confirm the published production deploy corresponds to the same commit that passed GitHub Actions.
  5. Confirm future production deploys remain locked until GitHub Actions publishes them; do not unlock Netlify auto publishing.

@john-kurkowski
Publish locked Netlify production deploys
8db76f7 
Let Netlify build production deploys and have GitHub Actions publish the matching deploy only after CI passes.
@argos-ci

argos-ci Bot commented Jun 14, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Argos notifications ↗︎

Awaiting the start of a new Argos build…

@john-kurkowski
Document Netlify deployment flow
845f1df 
Record the locked auto-publishing invariant and explain why GitHub Actions publishes Netlify-built production deploys.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@john-kurkowski