refactor: split dev build into separate workflow that only runs on main

d0ugal · d0ugal · commit 83ffc3fdfc24 · 2025-11-28T21:24:21.000Z
Move dev-build job to its own workflow file that only triggers on push to main.
This ensures dev builds never run for:
- PRs (including release PRs)
- Release-please branches
- Any branch other than main

Benefits:
- Clearer separation of concerns
- Simpler CI workflow
- Impossible for dev builds to run on PRs or release branches
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -109,171 +109,3 @@ jobs:
           format: 'table'
           exit-code: '1'
           severity: 'CRITICAL,HIGH'
-
-  check-build-needed:
-    name: Check if build is needed
-    runs-on: ubuntu-latest
-    needs: [test]
-    outputs:
-      should-build: ${{ steps.check.outputs.should-build }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v6
-        with:
-          fetch-depth: 0
-          ref: ${{ github.ref }}
-          sha: ${{ github.sha }}
-
-      - name: Check if build should be skipped
-        id: check
-        run: |
-          # Only check for push events (dev-build only runs on push to main)
-          if [ "${{ github.event_name }}" != "push" ]; then
-            echo "should-build=false" >> $GITHUB_OUTPUT
-            exit 0
-          fi
-
-          # Get the current commit SHA
-          CURRENT_SHA="${{ github.sha }}"
-
-          # Get commit message from git log
-          COMMIT_MSG=$(git log -1 --format="%s" "$CURRENT_SHA" 2>/dev/null || echo "")
-
-          echo "Checking commit: $CURRENT_SHA"
-          echo "Commit message: $COMMIT_MSG"
-
-          # Check if it's a release commit (pattern: "chore(main): release" or similar)
-          # BUT: Always run CI for release-please branches and PRs
-          if echo "$COMMIT_MSG" | grep -qiE "^(chore|release|version).*(release|version|changelog)"; then
-            # Check if this is from a release-please branch or PR (should always run CI)
-            if echo "${{ github.ref }}" | grep -qiE "release-please" || echo "${{ github.head_ref }}" | grep -qiE "release-please"; then
-              echo "Release commit from release-please branch/PR - running CI"
-              echo "should-build=true" >> $GITHUB_OUTPUT
-              exit 0
-            fi
-            # Check if commit message explicitly says to skip CI
-            if echo "$COMMIT_MSG" | grep -qiE "[skip ci]|[ci skip]|skip ci"; then
-              echo "Skip reason: [skip ci] detected in commit message"
-              echo "should-build=false" >> $GITHUB_OUTPUT
-              exit 0
-            fi
-            echo "Skip reason: Release commit detected (not from release-please branch)"
-            echo "should-build=false" >> $GITHUB_OUTPUT
-            exit 0
-          fi
-
-          # For push events, check changed files against base branch
-          BASE_SHA="${{ github.event.before }}"
-          HEAD_SHA="${{ github.event.after }}"
-
-          if [ -z "$BASE_SHA" ] || [ "$BASE_SHA" = "0000000000000000000000000000000000" ]; then
-            # Initial commit or no base, check all files
-            CHANGED_FILES=$(git ls-tree -r --name-only HEAD)
-          else
-            # Get list of changed files
-            CHANGED_FILES=$(git diff --name-only "$BASE_SHA" "$HEAD_SHA")
-          fi
-
-          if [ -z "$CHANGED_FILES" ]; then
-            echo "No changed files detected, skipping build"
-            echo "should-build=false" >> $GITHUB_OUTPUT
-            exit 0
-          fi
-
-          # Documentation file patterns to ignore
-          DOC_PATTERNS="^README\.md$|^CHANGELOG\.md$|^docs/|\.md$|^LICENSE"
-
-          # Check if all changed files are documentation
-          NON_DOC_FILES=$(echo "$CHANGED_FILES" | grep -vE "$DOC_PATTERNS" || true)
-
-          if [ -z "$NON_DOC_FILES" ]; then
-            echo "Skip reason: Only documentation files changed"
-            echo "Changed files:"
-            echo "$CHANGED_FILES" | sed 's/^/  - /'
-            echo "should-build=false" >> $GITHUB_OUTPUT
-          else
-            echo "Build needed: Non-documentation files changed"
-            echo "Non-doc files:"
-            echo "$NON_DOC_FILES" | sed 's/^/  - /'
-            echo "should-build=true" >> $GITHUB_OUTPUT
-          fi
-
-  dev-build:
-    name: Development Build
-    runs-on: ubuntu-latest
-    needs: [test, check-build-needed]
-    if: |
-      github.event_name == 'push' &&
-      needs.check-build-needed.outputs.should-build == 'true'
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v6
-        with:
-          fetch-depth: 0
-          ref: ${{ github.ref }}
-          sha: ${{ github.sha }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Log in to GHCR
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Generate dev tag
-        id: meta
-        run: |
-          # Create a semver-compatible dev tag with commits since last release and commit SHA
-          SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)
-
-          # Get the last release tag (excluding pre-release tags)
-          LAST_TAG=$(git describe --tags --abbrev=0 --match="v[0-9]*.[0-9]*.[0-9]*" 2>/dev/null || echo "")
-
-          if [ -z "$LAST_TAG" ]; then
-            # No release tags found, use 0.0.0 and count all commits
-            VERSION="0.0.0"
-            COMMIT_COUNT=$(git rev-list --count HEAD)
-          else
-            # Extract version from tag (remove 'v' prefix)
-            VERSION=${LAST_TAG#v}
-            # Count commits since last release
-            COMMIT_COUNT=$(git rev-list --count ${LAST_TAG}..HEAD)
-          fi
-
-          DEV_TAG="v${VERSION}-dev.${COMMIT_COUNT}.${SHORT_SHA}"
-          echo "dev_tag=${DEV_TAG}" >> $GITHUB_OUTPUT
-          echo "Last release tag: ${LAST_TAG:-'none'}"
-          echo "Base version: ${VERSION}"
-          echo "Commits since last release: ${COMMIT_COUNT}"
-          echo "Generated dev tag: ${DEV_TAG}"
-
-      - name: Extract metadata
-        id: docker_meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: |
-            ${{ steps.meta.outputs.dev_tag }}
-            dev
-
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.docker_meta.outputs.tags }}
-          labels: ${{ steps.docker_meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=min
-          build-args: |
-            VERSION=${{ steps.meta.outputs.dev_tag }}
-            COMMIT=${{ github.sha }}
-            BUILD_DATE=${{ github.event.head_commit.timestamp }}
diff --git a/.github/workflows/dev-build.yml b/.github/workflows/dev-build.yml
@@ -0,0 +1,164 @@
+name: Dev Build
+
+on:
+  push:
+    branches: [main]
+    paths-ignore:
+      - CHANGELOG.md
+      - '**.md'
+      - LICENSE
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  check-build-needed:
+    name: Check if build is needed
+    runs-on: ubuntu-latest
+
+    outputs:
+      should-build: ${{ steps.check.outputs.should-build }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Check if build should be skipped
+        id: check
+        run: |
+          # Get the current commit SHA
+          CURRENT_SHA="${{ github.sha }}"
+
+          # Get commit message from git log
+          COMMIT_MSG=$(git log -1 --format="%s" "$CURRENT_SHA" 2>/dev/null || echo "")
+
+          echo "Checking commit: $CURRENT_SHA"
+          echo "Commit message: $COMMIT_MSG"
+
+          # Never build dev images for release commits (they get built by release workflow)
+          if echo "$COMMIT_MSG" | grep -qiE "^(chore|release|version).*(release|version|changelog)"; then
+            # Check if commit message explicitly says to skip CI
+            if echo "$COMMIT_MSG" | grep -qiE "[skip ci]|[ci skip]|skip ci"; then
+              echo "Skip reason: [skip ci] detected in commit message"
+              echo "should-build=false" >> $GITHUB_OUTPUT
+              exit 0
+            fi
+            echo "Skip reason: Release commit detected - dev builds only run for non-release commits"
+            echo "should-build=false" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          # For push events, check changed files against base branch
+          BASE_SHA="${{ github.event.before }}"
+          HEAD_SHA="${{ github.event.after }}"
+
+          if [ -z "$BASE_SHA" ] || [ "$BASE_SHA" = "0000000000000000000000000000000000" ]; then
+            # Initial commit or no base, check all files
+            CHANGED_FILES=$(git ls-tree -r --name-only HEAD)
+          else
+            # Get list of changed files
+            CHANGED_FILES=$(git diff --name-only "$BASE_SHA" "$HEAD_SHA")
+          fi
+
+          if [ -z "$CHANGED_FILES" ]; then
+            echo "No changed files detected, skipping build"
+            echo "should-build=false" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          # Documentation file patterns to ignore
+          DOC_PATTERNS="^README\.md$|^CHANGELOG\.md$|^docs/|\.md$|^LICENSE"
+
+          # Check if all changed files are documentation
+          NON_DOC_FILES=$(echo "$CHANGED_FILES" | grep -vE "$DOC_PATTERNS" || true)
+
+          if [ -z "$NON_DOC_FILES" ]; then
+            echo "Skip reason: Only documentation files changed"
+            echo "Changed files:"
+            echo "$CHANGED_FILES" | sed 's/^/  - /'
+            echo "should-build=false" >> $GITHUB_OUTPUT
+          else
+            echo "Build needed: Non-documentation files changed"
+            echo "Non-doc files:"
+            echo "$NON_DOC_FILES" | sed 's/^/  - /'
+            echo "should-build=true" >> $GITHUB_OUTPUT
+          fi
+
+  dev-build:
+    name: Development Build
+    runs-on: ubuntu-latest
+    needs: [check-build-needed]
+    if: needs.check-build-needed.outputs.should-build == 'true'
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Generate dev tag
+        id: meta
+        run: |
+          # Create a semver-compatible dev tag with commits since last release and commit SHA
+          SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)
+
+          # Get the last release tag (excluding pre-release tags)
+          LAST_TAG=$(git describe --tags --abbrev=0 --match="v[0-9]*.[0-9]*.[0-9]*" 2>/dev/null || echo "")
+
+          if [ -z "$LAST_TAG" ]; then
+            # No release tags found, use 0.0.0 and count all commits
+            VERSION="0.0.0"
+            COMMIT_COUNT=$(git rev-list --count HEAD)
+          else
+            # Extract version from tag (remove 'v' prefix)
+            VERSION=${LAST_TAG#v}
+            # Count commits since last release
+            COMMIT_COUNT=$(git rev-list --count ${LAST_TAG}..HEAD)
+          fi
+
+          DEV_TAG="v${VERSION}-dev.${COMMIT_COUNT}.${SHORT_SHA}"
+          echo "dev_tag=${DEV_TAG}" >> $GITHUB_OUTPUT
+          echo "Last release tag: ${LAST_TAG:-'none'}"
+          echo "Base version: ${VERSION}"
+          echo "Commits since last release: ${COMMIT_COUNT}"
+          echo "Generated dev tag: ${DEV_TAG}"
+
+      - name: Extract metadata
+        id: docker_meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            ${{ steps.meta.outputs.dev_tag }}
+            dev
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=min
+          continue-on-error: false
+          build-args: |
+            VERSION=${{ steps.meta.outputs.dev_tag }}
+            COMMIT=${{ github.sha }}
+            BUILD_DATE=${{ github.event.head_commit.timestamp }}
