Skip to content

ci: standardize CI/CD onto the golden path#415

Open
AlexanderBrevig wants to merge 3 commits into
mainfrom
ci/standardize
Open

ci: standardize CI/CD onto the golden path#415
AlexanderBrevig wants to merge 3 commits into
mainfrom
ci/standardize

Conversation

@AlexanderBrevig

@AlexanderBrevig AlexanderBrevig commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Standardizes this repo's CI/CD onto the kvalitet golden-path variant.

📋 Flow & rationale: https://github.com/entur/team-kvalitet/blob/cf2e0a6cc5b68330aaf45d969e2d1fa2b407e201/CICD-FLOW.md

What changes

  • Only ci.yml + cd.yml (no build.yml split); ci deploys to dev/sbx on every PR.
  • Merge promotes the PR-built image to tst → prd (image promotion via git tag).
  • pr.yml validates the Conventional-Commit PR title.
  • Dependabot reuses CI after a human approval (with the correct token permissions).
  • All non-entur/* actions SHA-pinned (latest majors); workflows named CI / CD / PR.

Comment thread .github/workflows/ci.yml Outdated
Comment thread .github/workflows/ci.yml
Comment thread .github/workflows/ci.yml Outdated
Comment thread .github/workflows/dependabot-pr.yml Outdated
- collapse build/ci/cd into ci.yml (PR + deploy dev) and cd.yml (promote tst->prd)
- ci auto-deploys to dev/sbx for non-dependabot PRs; dependabot reuses ci after approval
- pr.yml validates the PR title as a Conventional Commit (gha-meta verify-pr)
- Template E JVM library: ci.yml runs ./gradlew build (pull_request + workflow_call)
  on temurin Java 25, publishing JUnit results via dorny/test-reporter over the
  multi-module path **/build/test-results/test/*.xml
- this library publishes to Maven Central (JReleaser / gha-maven-central), NOT
  Artifactory, so no ARTIFACTORY_AUTH_* env was added (confirmed absent in build.gradle)
- removed pr-verify.yml (superseded by ci.yml + pr.yml); KEPT main-verify.yml because it
  also verifies push-to-main and posts Slack success/failure, which ci.yml does not cover
- KEPT Maven Central publish workflows (deploy-main-manual-gradle.yml,
  deploy-legacy-branch-manual-gradle.yml), codeql.yml, copilot-setup-steps.yml untouched
- kept existing .github/dependabot.yaml (already covers gradle + github-actions)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
AlexanderBrevig and others added 2 commits June 29, 2026 14:15
- ci.yml: make test-reporter check-run name unique per run attempt so
  reruns don't collide on the SHA-bound check (dorny/test-reporter#67)
- ci.yml: run CI on PRs to the 5.x and 6.x legacy branches, not just main
- dependabot-pr.yml: drop unneeded secrets: inherit and trim permissions
  to match ci.yml (build/test only; no Maven Central publishing here)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@AlexanderBrevig AlexanderBrevig marked this pull request as ready for review June 29, 2026 12:19
@AlexanderBrevig AlexanderBrevig requested a review from a team as a code owner June 29, 2026 12:19
Copilot AI review requested due to automatic review settings June 29, 2026 12:19
@AlexanderBrevig AlexanderBrevig requested a review from a team as a code owner June 29, 2026 12:19

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Standardizes this repository’s GitHub Actions configuration toward the kvalitet golden-path approach by introducing reusable CI, a dedicated PR-title verification workflow, and a Dependabot post-approval CI re-run mechanism.

Changes:

  • Adds a new reusable CI workflow (ci.yml) that runs the Gradle build/tests and publishes JUnit results.
  • Replaces the old PR verification workflow with a PR workflow that calls entur/gha-meta’s PR-title verification.
  • Adds a Dependabot CI (post-approval) workflow to re-run CI after a human approval, and updates Copilot setup steps to use the newer checkout action pin.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
.github/workflows/pr.yml New PR workflow calling the shared PR-title verification reusable workflow.
.github/workflows/pr-verify.yml Removes the legacy PR verification workflow.
.github/workflows/dependabot-pr.yml Adds post-approval CI rerun for Dependabot PRs via reusable ci.yml.
.github/workflows/copilot-setup-steps.yml Updates the actions/checkout pin used for Copilot setup validation.
.github/workflows/ci.yml Adds new reusable CI workflow running Gradle build/tests with JUnit reporting and an aggregate “CI” job.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/ci.yml
Comment on lines +42 to +46
ci:
name: CI
needs: [test]
if: ${{ !cancelled() }}
runs-on: ubuntu-24.04
Comment thread .github/workflows/ci.yml
Comment on lines +1 to +5
# Continuous Integration — kvalitet golden-path variant (JVM library, Template E).
#
# Reusable (workflow_call) AND directly triggered on pull_request. Runs the multi-module
# Gradle build and publishes the JUnit test results. This library publishes to Maven Central
# (JReleaser / gha-maven-central) via the manual deploy workflows, NOT Artifactory, so no
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants