Skip to content

ci: standardize workflows and chart patterns to match org playbook#23

Merged
kphunter merged 1 commit into
mainfrom
devin/1779662901-standardize-patterns
May 25, 2026
Merged

ci: standardize workflows and chart patterns to match org playbook#23
kphunter merged 1 commit into
mainfrom
devin/1779662901-standardize-patterns

Conversation

@devin-ai-integration

Copy link
Copy Markdown
Contributor

Summary

Standardizes CI/CD workflows and Helm chart patterns to match the org playbook, using bcit-tlu/qcon-api as the reference implementation.

Changes across all workflows:

  • Add FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true to top-level env: (was missing from pr-title-lint.yaml, release-please.yaml, helm-publish.yaml, docs.yml)
  • Upgrade actions/checkout to v6 in docs.yml (was v5)
  • Reduce verbose multi-line block comments to concise single-liners
  • Remove verbose permission comments (e.g. # Cosign keyless (Sigstore OIDC))
  • Remove section separator comments (e.g. # ── Sign with Cosign ...)

ci.yaml (helm-publish job):

  • Move ${{ }} expressions from run: blocks into step-level env: blocks (Cosign login, Helm login, package/push/sign)
  • Replace awk '/^name:/{print $2; exit}' with yq '.name' for chart name extraction
  • Replace old helm push error guard (|| true + grep -q) with new pattern (|| { echo; exit 1; })
  • Replace old digest parse with tolerant version (case-insensitive, leading whitespace, missing-digest guard)

helm-publish.yaml:

  • Same shell-safe GHA expression, chart name extraction, error guard, and digest parse changes
  • Move sign step's ${{ }} refs into env: block

release-retag.yaml:

  • Move ${{ }} expressions into env: blocks for highest-check, retag, and sign steps
  • Add digest guard (&& steps.retag.outputs.digest != '') to sign step condition

release-please.yaml:

  • Add FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true env block
  • Reduce verbose comments to concise versions

Chart.yaml:

  • Remove # x-release-please-version from version: line (chart version is hand-maintained per repo convention; only appVersion: is managed by release-please)

release-please-config.json:

  • Change extra-files from generic type to yaml type with jsonpath: "$.appVersion" to only update appVersion (matching the hand-maintained chart version convention)

deployment.yaml:

  • Change {{- if $aff }} to {{- if ne (toJson $aff) "{}" }} for proper empty-map detection

values.yaml:

  • Remove verbose multi-line comment block above zoneAntiAffinity

New: AGENTS.md

  • Created following qcon-api structure with helm lint/validate commands, CI/CD section, project structure, etc.

Review & Testing Checklist for Human

  • Verify release-please-config.json change from generic to yaml+jsonpath correctly targets only appVersion — this is the most significant semantic change. Confirm that future release-please runs update appVersion but leave version untouched.
  • Spot-check that no ${{ }} expressions remain in run: blocks for Cosign/Helm login and sign steps across all workflows.
  • Confirm the docs.yml workflow still deploys GitHub Pages correctly after the actions/checkout bump to v6 and addition of the env block.

Notes

  • The build-and-push-app.yaml.inactive file was not modified since it is inactive.
  • Helm lint and kubeconform validation both pass locally.
  • The docs.yml ID token permission was already present; only the env block and checkout version were updated.

Link to Devin session: https://app.devin.ai/sessions/8fed2b4905fe46529f3030e4818b239a
Requested by: @kphunter

Co-Authored-By: kyle_hunter@bcit.ca <kyle_hunter@bcit.ca>
@devin-ai-integration

Copy link
Copy Markdown
Contributor Author

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@kphunter kphunter merged commit 2ede62d into main May 25, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant