Skip to content

[EVO-1998] ci(docker): publish :develop image on merge to develop#21

Merged
gomessguii merged 2 commits into
developfrom
fix/EVO-1998-processor-develop-docker-trigger
Jul 8, 2026
Merged

[EVO-1998] ci(docker): publish :develop image on merge to develop#21
gomessguii merged 2 commits into
developfrom
fix/EVO-1998-processor-develop-docker-trigger

Conversation

@gomessguii

@gomessguii gomessguii commented Jul 8, 2026

Copy link
Copy Markdown
Member

Problema

O docker-publish.yml do processor dispara só em push → main e tags v*.*.*. Merges em develop nunca rebuildam a imagem evoapicloud/evo-ai-processor-community:develop. Como o staging (evo_crm_test) roda :develop, ele silenciosamente rodava código velho — o :develop estava congelado em 2026-05-25, faltando, entre outras coisas, o RBAC object-level/bot-key do épico EVO-2035 (PR #20).

Os outros 3 serviços do épico (auth/CRM/frontend) buildam :develop normal — o gap de trigger era aqui.

Correção

  • develop adicionado ao trigger de push.
  • Caso develop adicionado no resolvedor de tags do job merge, publicando :develop (e :develop-<sha> pra rastreabilidade), espelhando o comportamento de main.
  • workflow_dispatch adicionado pra rebuild manual.

Sem mudança nos jobs de build/PR nem nas credenciais.

Depois do merge

O push em develop vai buildar/publicar :develop; então é só atualizar o serviço no staging (docker service update --image evoapicloud/evo-ai-processor-community:develop ...) pra o processor entrar no código do épico.

Refs: EVO-1998, EVO-2035.

Summary by Sourcery

Ensure the Docker image for the processor is built and published for the develop branch alongside main, including appropriate tagging and manual rebuild support.

Build:

  • Update the docker-publish workflow to run on pushes to develop in addition to main.
  • Add workflow_dispatch support to allow manually triggering Docker image builds and publishes.

CI:

  • Extend tag resolution in the merge job to publish :develop and :develop- images when merging to the develop branch, mirroring the behavior for main.

The publish workflow only triggered on push to main and version tags, so
merges to develop never rebuilt the evoapicloud/evo-ai-processor-community
:develop image — staging (which runs :develop) silently ran stale code.

- Add develop to the push branch trigger.
- Add a develop case to the manifest tag resolver so it publishes
  :develop (and :develop-<sha> for traceability), mirroring main.
- Add workflow_dispatch for manual rebuilds.
@sourcery-ai

sourcery-ai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Updates the Docker publish GitHub Actions workflow so that merges to the develop branch build and publish a :develop image (and a SHA-suffixed variant), add develop to push triggers, and allow manual rebuilds via workflow_dispatch, without altering existing build logic or credentials.

Flow diagram for updated Docker publish workflow triggers and tagging

flowchart TD
    A[Push to main]
    B[Push to develop]
    C[Push tag v*.*.*]
    D[workflow_dispatch]

    A --> E[Workflow docker-publish.yml]
    B --> E
    C --> E
    D --> E

    E --> F{GH_REF}

    F -->|refs/tags/v*.*.*| G[Set TAGS
IMAGE:VERSION
IMAGE:latest]
    F -->|refs/heads/main| H[Set TAGS
IMAGE:latest
IMAGE:main-SHA_SHORT]
    F -->|refs/heads/develop| I[Set TAGS
IMAGE:develop
IMAGE:develop-SHA_SHORT]
Loading

File-Level Changes

Change Details Files
Enable Docker image publishing on pushes to the develop branch, mirroring main behavior for tag resolution.
  • Extend push trigger branches list to include develop so pushes/merges to develop run the workflow.
  • Add a tag resolution branch for refs/heads/develop that publishes both :develop and :develop- images, analogous to the existing main handling.
.github/workflows/docker-publish.yml
Allow manual execution of the Docker publish workflow for ad‑hoc rebuilds.
  • Add workflow_dispatch as an additional workflow trigger alongside push and pull_request.
.github/workflows/docker-publish.yml

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 2 issues, and left some high level feedback:

  • In the tag resolution step, consider explicitly failing the job if no TAGS value is derived (e.g., with a final else that exits non‑zero) so future workflow changes or additional branches don’t silently skip publishing without a clear error.
  • Since develop now shares the same workflow, it might be worth extracting the branch→tag mapping into a small, clearly separated block or function (e.g., a case statement) to make future additions (other long‑lived branches or preview tags) easier to maintain and reason about.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- In the tag resolution step, consider explicitly failing the job if no TAGS value is derived (e.g., with a final `else` that exits non‑zero) so future workflow changes or additional branches don’t silently skip publishing without a clear error.
- Since `develop` now shares the same workflow, it might be worth extracting the branch→tag mapping into a small, clearly separated block or function (e.g., a case statement) to make future additions (other long‑lived branches or preview tags) easier to maintain and reason about.

## Individual Comments

### Comment 1
<location path=".github/workflows/docker-publish.yml" line_range="5-9" />
<code_context>
 on:
   push:
-    branches: [main]
+    branches: [main, develop]
     tags: ["v*.*.*"]
   pull_request:
     branches: [main, develop]
+  workflow_dispatch:

 permissions:
</code_context>
<issue_to_address>
**suggestion (bug_risk):** Consider constraining manual workflow_dispatch runs to avoid unexpected branches

With `workflow_dispatch` enabled, this job can now be triggered from any ref, not just `main`/`develop`. Given the branch/tag‑specific tagging logic later in the file, a manual run from another branch could produce incorrect tags or an empty `TAGS`. If this workflow is only meant to run manually for `main`/`develop` (or specific tags), consider restricting/validating the ref via inputs or clearly documenting that only those branches should be used when triggering it manually.

Suggested implementation:

```
  pull_request:
    branches: [main, develop]
  workflow_dispatch:
    inputs:
      ref_hint:
        description: "Manual runs should only target main or develop branches (or release tags)"
        required: false
        default: "main"

```

To fully implement the validation part of the suggestion, you should also add a guard step near the start of the relevant job (e.g. your build/publish job) to fail manual runs on unsupported refs. For example (adjust job/step names to match your existing workflow):

```yaml
jobs:
  build-and-publish:
    runs-on: ubuntu-latest
    steps:
      - name: Validate manual trigger ref
        if: ${{ github.event_name == 'workflow_dispatch' }}
        run: |
          echo "GITHUB_REF=${GITHUB_REF}"
          if [[ "${GITHUB_REF}" != "refs/heads/main" && "${GITHUB_REF}" != "refs/heads/develop" && "${GITHUB_REF}" != refs/tags/v* ]]; then
            echo "This workflow may only be run manually from main, develop, or v* tags."
            exit 1
          fi
      # existing steps...
```

This ensures that even if someone manually selects another branch in the UI, the workflow will exit early and avoid generating incorrect or empty tags based on the later `GH_REF`-dependent tagging logic you already have in the file.
</issue_to_address>

### Comment 2
<location path=".github/workflows/docker-publish.yml" line_range="144-145" />
<code_context>
             TAGS="${IMAGE}:${VERSION},${IMAGE}:latest"
           elif [[ "${GH_REF}" == refs/heads/main ]]; then
             TAGS="${IMAGE}:latest,${IMAGE}:main-${SHA_SHORT}"
+          elif [[ "${GH_REF}" == refs/heads/develop ]]; then
+            TAGS="${IMAGE}:develop,${IMAGE}:develop-${SHA_SHORT}"
           fi

</code_context>
<issue_to_address>
**issue:** Handle TAGS for non-main/non-develop refs or fail early to avoid empty tags

With this change, `TAGS` is only set for tag refs, `main`, or `develop`. If this job runs on any other ref (e.g., `workflow_dispatch` on a feature branch), `TAGS` will be empty and downstream steps may mis-tag or publish incorrectly. Consider adding a default/else case (safe no-op/safe tag) or failing explicitly when `GH_REF` doesn’t match a supported pattern so these cases are handled deterministically.
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread .github/workflows/docker-publish.yml
Comment thread .github/workflows/docker-publish.yml
workflow_dispatch can now run from any ref; a run on an unsupported ref
would leave TAGS empty and fail confusingly in the manifest step after
building. Fail early in tag resolution with a clear message instead.
@gomessguii gomessguii merged commit 9bb90d0 into develop Jul 8, 2026
4 checks passed
@gomessguii gomessguii deleted the fix/EVO-1998-processor-develop-docker-trigger branch July 8, 2026 16:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant