fix: deploy flow

Author: a5chin

.github/environments.json

@@ -0,0 +1,18 @@
+{
+    "Develop": {
+        "deployment_branch_policy": {
+            "protected_branches": false,
+            "custom_branch_policies": true
+        },
+        "reviewers": [],
+        "wait_timer": 0
+    },
+    "Production": {
+        "deployment_branch_policy": {
+            "protected_branches": false,
+            "custom_branch_policies": true
+        },
+        "reviewers": [],
+        "wait_timer": 0
+    }
+}

.github/protection.json

@@ -14,6 +14,21 @@
         },
         "restrictions": null
     },
+    "develop": {
+        "allow_deletions": false,
+        "allow_force_pushes": false,
+        "enforce_admins": false,
+        "required_pull_request_reviews": {
+            "dismiss_stale_reviews": false,
+            "require_code_owner_reviews": false,
+            "required_approving_review_count": 1
+        },
+        "required_status_checks": {
+            "contexts": [],
+            "strict": true
+        },
+        "restrictions": null
+    },
     "gh-pages": {
         "allow_deletions": false,
         "allow_force_pushes": true,

.github/workflows/publish-app.yml

@@ -3,7 +3,7 @@ name: Publish App to GHCR
 on:
   push:
     branches:
-      - main
+      - develop
     paths:
       - ".github/workflows/publish-app.yml"
       - ".python-version"

.github/workflows/publish-devcontainer.yml

@@ -3,7 +3,7 @@ name: Publish Devcontainer to GHCR
 on:
   push:
     branches:
-      - main
+      - develop
     paths:
       - ".devcontainer/Dockerfile"
       - ".github/workflows/publish-devcontainer.yml"

.github/workflows/release.yml

@@ -3,20 +3,41 @@ name: Release
 on:
   pull_request:
     branches:
+      - develop
       - main
-    types:
-      - closed
 
 permissions:
   contents: write
   pull-requests: read
 
 jobs:
-  publish:
-    if: github.event.pull_request.merged == true && contains(github.head_ref, 'release/')
+  develop:
+    if: github.event.pull_request.merged == true && github.base_ref == 'develop'
 
     runs-on: ubuntu-latest
 
+    environment: Develop
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Update Draft Release
+        uses: release-drafter/release-drafter@v6
+        with:
+          config-name: release-drafter.yml
+          disable-autolabeler: true
+          publish: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  production:
+    if: github.event.pull_request.merged == true && github.base_ref == 'main'
+
+    runs-on: ubuntu-latest
+
+    environment: Production
+
     steps:
       - name: Checkout
         uses: actions/checkout@v6

.github/workflows/setting.yml

@@ -23,7 +23,9 @@ jobs:
 
       - name: Enable auto-delete head branches
         run: |
-          gh repo edit ${{ github.repository }} --delete-branch-on-merge
+          gh repo edit ${{ github.repository }} \
+            --delete-branch-on-merge \
+            --default-branch develop
         env:
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}
 
@@ -68,12 +70,12 @@ jobs:
 
       - name: Apply Branch Protection Rules
         run: |
-          if [ ! -f "$CONFIG_FILE" ]; then
-            echo "Error: $CONFIG_FILE not found!"
+          if [ ! -f "${{ env.CONFIG_FILE }}" ]; then
+            echo "Error: ${{ env.CONFIG_FILE }} not found!"
             exit 1
           fi
 
-          BRANCHES=$(jq -r 'keys[]' "$CONFIG_FILE")
+          BRANCHES=$(jq -r 'keys[]' "${{ env.CONFIG_FILE }}")
 
           for BRANCH in $BRANCHES; do
             if ! gh api "repos/${{ github.repository }}/branches/$BRANCH" --silent >/dev/null 2>&1; then
@@ -86,3 +88,45 @@ jobs:
         env:
           CONFIG_FILE: .github/protection.json
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+  environments:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        include:
+          - environment: Develop
+            branch: develop
+          - environment: Production
+            branch: main
+
+    environment: ${{ matrix.environment }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_KEY }}
+
+      - name: Configure Environment
+        run: |
+          if [ ! -f "${{ env.CONFIG_FILE }}" ]; then
+            echo "Error: ${{ env.CONFIG_FILE }} not found!"
+            exit 1
+          fi
+
+          jq -c ".\"${{ env.ENVIRONMENT_NAME }}\"" "${{ env.CONFIG_FILE }}" | gh api -X PUT "repos/${{ github.repository }}/environments/${{ env.ENVIRONMENT_NAME }}" --input -
+
+          gh api -X PUT "repos/${{ github.repository }}/environments/${{ env.ENVIRONMENT_NAME }}/deployment-branch-policies" \
+            -f "name=${{ env.ENVIRONMENT_NAME }}" \
+            -f "type=branch"
+        env:
+          CONFIG_FILE: .github/environments.json
+          BRANCH_NAME: ${{ matrix.branch }}
+          ENVIRONMENT_NAME: ${{ matrix.environment }}
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}