build-push.yaml now pushes branch-conditional env tags alongside SHA tags:
- main/master → prod, staging → staging, dev → dev
- Optional version input for pinned dev-v{N} tags
- New env-tag output for downstream consumers
deploy-k8s.yaml adds use-env-tag option:
- When true, skips SHA-based manifest updates and instead bumps a deploy
annotation so ArgoCD rolls pods with the mutable tag
- Backward compatible: existing services using SHA tags are unaffected
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Gitea Actions expression evaluator truncates multiline strings in
run blocks at blank lines. Using a simple single-line commit message.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Gitea Actions expression evaluator truncates multiline strings in
git commit -m "...", causing EOF while looking for matching quote.
Build the commit message in a variable instead.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
${SHA:0:7} substring expansion is bash-specific and fails in sh.
Adding explicit shell: bash to both steps, matching the fix already
applied to build-push.yaml.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The runner is ARM64 but yq was hardcoded to download amd64 binary.
Auto-detect architecture to download the correct binary.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
P1 — deploy-k8s.yaml:
- Add set -euo pipefail to all run blocks
- Replace sed-based image tag patching with yq for YAML-safe updates
- Add source commit SHA and CI run link to deploy commit messages
- Install yq v4.44.1 as prerequisite step
P1 — build-push.yaml:
- Add runner input parameter for future ARM64 self-hosted runners
(default: ubuntu-latest with QEMU emulation)
P2 — test-python.yaml:
- Add pyproject.toml support (pip install -e) before requirements.txt fallback
P2 — build-push.yaml:
- Pin catthehacker/ubuntu container image to act-22.04 (was act-latest)
Ref: CON-578
Reusable Gitea Actions workflows for lint, test, build, and deploy:
- lint-python, lint-node, lint-rust
- test-python, test-node, test-rust
- build-push (Docker build + push to Gitea registry)
- deploy-k8s (GitOps image tag update in cluster repo)
Plus example caller workflows for python-fullstack, rust-service,
and node-frontend stacks. Branch refs aligned to staging per CON-570 standards.
