Skip to content

build: split deploy to unstable main workflow #6514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
NyanKiyoshi merged 5 commits into from
Apr 24, 2026
Merged

build: split deploy to unstable main workflow #6514

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9c05759
build: split deploy to unstable main workflow
NyanKiyoshi Apr 15, 2026
898c573
Explain cache poisoning in comments
NyanKiyoshi Apr 16, 2026
b564164
Merge branch 'main' into build/deploy-unstable-main/split-workflow
NyanKiyoshi Apr 20, 2026
5b35169
Merge branch 'main' into build/deploy-unstable-main/split-workflow
NyanKiyoshi Apr 20, 2026
4052cb7
Merge branch 'main' into build/deploy-unstable-main/split-workflow
NyanKiyoshi Apr 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 42 additions & 7 deletions .github/workflows/deploy-master-staging.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,14 @@ on:
push:
branches:
- main
Comment thread
stmpn marked this conversation as resolved.
- ci/staging/**
workflow_dispatch:

permissions: {}

jobs:
build:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
permissions:
id-token: write # needed by aws-actions/configure-aws-credentials
contents: read
outputs:
CUSTOM_VERSION: ${{ env.CUSTOM_VERSION }}
Expand All @@ -32,19 +33,28 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false

- name: Set custom version
run: |
HASH=$(git rev-parse --short HEAD)
CURRENT_VERSION=$(jq -r .version package.json)
RELEASE="${CURRENT_VERSION}-${HASH}"
echo "CUSTOM_VERSION=${RELEASE}" >> $GITHUB_ENV
echo "SENTRY_RELEASE=${RELEASE}" >> $GITHUB_ENV

- uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
with:
# Explicitly disables cache to ensure cache is always disabled
cache: false

- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version-file: "package.json"
cache: "pnpm"
# Cache disabled to prevent poisonings due to lack of cryptographic signatures
Comment thread
NyanKiyoshi marked this conversation as resolved.
Outdated
package-manager-cache: false
cache: ""

- name: Package
timeout-minutes: 15
run: |
Expand All @@ -54,6 +64,31 @@ jobs:
run: |
pnpm run build

- name: Upload Build
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: "build"
path: "build/"
if-no-files-found: error
retention-days: 7

deploy:
runs-on: ubuntu-24.04
needs: [build]

environment:
deployment: false
name: deploy-staging

permissions:
id-token: write

steps:
- uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
with:
name: build
path: build/

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
with:
Expand Down Expand Up @@ -85,14 +120,14 @@ jobs:
CDN_DISTRIBUTIONS: ${{ secrets.AWS_CLOUD_STAGING_CDN_DISTRIBUTIONS }}

notify-slack:
needs: build
needs: [build, deploy]
if: always()
permissions: {}
uses: saleor/saleor-internal-actions/.github/workflows/notify-slack.yaml@eb0c692da7bf13f5e1a82c17488b24c514dd10a1 # v1.10.0
with:
type: deployment
ref: ${{ needs.build.outputs.CUSTOM_VERSION || github.ref_name }}
status: ${{ needs.build.result }}
status: ${{ needs.deploy.result }}
product: dashboard
environment: saleor-master-staging
mention_on: failure
Expand Down
Loading