From bb61109330464f0799cc668f0e5438f9f0e84c18 Mon Sep 17 00:00:00 2001
From: Greg <greg@hndrx.co>
Date: Tue, 1 Jul 2025 16:16:19 -0700
Subject: [PATCH] feat: improve pipeline architecture with proper dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Deploy-dev now depends on build completion (no race conditions)
- Remove duplicate build logic from deploy-dev workflow
- Use commit-specific image tags for reliable deployments
- Deploy workflows now wait for build to complete before deploying
- Consistent image tagging across all environments (branch-commit)
- Eliminates race conditions between build and deploy

Pipeline flow: push → build → deploy → test → promote
---
 .github/workflows/deploy-dev.yml     | 51 ++++++++++------------------
 .github/workflows/deploy-prod.yml    |  2 +-
 .github/workflows/deploy-staging.yml |  4 +--
 3 files changed, 20 insertions(+), 37 deletions(-)

diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
index 4e97fa9..91f37e8 100644
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@@ -1,15 +1,16 @@
 name: Deploy to Development
 
 on:
-  push:
-    branches: [ main, master, develop ]
-    paths:
-      - 'src/**'
-      - 'Dockerfile'
-      - 'nginx.conf'
-      - 'package.json'
-      - 'manifests/dev/**'
+  workflow_run:
+    workflows: ["Build and Push Container Image"]
+    types:
+      - completed
+    branches: [ develop ]
   workflow_dispatch:
+    inputs:
+      image_tag:
+        description: 'Image tag to deploy (default: latest build)'
+        required: false
 
 env:
   REGISTRY: ghcr.io
@@ -19,41 +20,23 @@ jobs:
   deploy-dev:
     runs-on: ubuntu-latest
     environment: development
+    if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
     
     steps:
     - name: Checkout code
       uses: actions/checkout@v4
 
-    - name: Log in to Container Registry
-      uses: docker/login-action@v3
-      with:
-        registry: ${{ env.REGISTRY }}
-        username: ${{ github.actor }}
-        password: ${{ secrets.GH_TOKEN }}
-
-    - name: Extract metadata
-      id: meta
-      uses: docker/metadata-action@v5
-      with:
-        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-        tags: |
-          type=ref,event=branch
-          type=ref,event=pr
-          type=sha,prefix={{branch}}-
-
-    - name: Build and push Docker image
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        push: true
-        tags: ${{ steps.meta.outputs.tags }}
-        labels: ${{ steps.meta.outputs.labels }}
-
     - name: Set image tag for deployment
       run: |
-        IMAGE_TAG=$(echo "${{ steps.meta.outputs.tags }}" | head -n1 | cut -d':' -f2)
+        if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ -n "${{ github.event.inputs.image_tag }}" ]; then
+          IMAGE_TAG="${{ github.event.inputs.image_tag }}"
+        else
+          # Use the commit-based tag that was just built
+          IMAGE_TAG="develop-$(echo "${{ github.sha }}" | cut -c1-7)"
+        fi
         echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
         echo "🏷️ Using image tag: $IMAGE_TAG"
+        echo "📦 Full image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$IMAGE_TAG"
 
     - name: Deploy to development via webhook
       run: |
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
index 5f0035e..54a8bf9 100644
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -41,7 +41,7 @@ jobs:
         if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
           IMAGE_TAG="${{ github.event.inputs.image_tag || 'latest' }}"
         else
-          # For auto-promotion, use the latest successful build
+          # For production deployment, use the main branch commit tag
           IMAGE_TAG="main-$(echo "${{ github.sha }}" | cut -c1-7)"
         fi
         echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml
index 406604d..4ee7635 100644
--- a/.github/workflows/deploy-staging.yml
+++ b/.github/workflows/deploy-staging.yml
@@ -33,8 +33,8 @@ jobs:
         if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
           IMAGE_TAG="${{ github.event.inputs.image_tag || 'latest' }}"
         else
-          # For auto-promotion, use the latest successful build
-          IMAGE_TAG="main-$(echo "${{ github.sha }}" | cut -c1-7)"
+          # For staging deployment, use the staging branch commit tag
+          IMAGE_TAG="staging-$(echo "${{ github.sha }}" | cut -c1-7)"
         fi
         echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
         echo "Deploying image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$IMAGE_TAG"