Switch CI deploy trigger to semver tags and document the release workflow #143

New Issue

Open

opened 2026-03-28 10:32:06 +01:00 by marcel · 0 comments

marcel commented 2026-03-28 10:32:06 +01:00

Owner

Copy Link

Why

Without a defined deployment trigger, every push to main would deploy — including work-in-progress merges, dependency bumps, and minor fixes that aren't ready for users. We want deployment to be an explicit, intentional act.

Tag-based deployment gives us this cleanly:

• Day-to-day development: feature branches → PR → main. Tests run, nothing deploys.
• Ready to ship: push a semver tag. Tests run, images build, VPS updates.
• Release history: every deployed version has a permanent git tag and (optionally) a Gitea release with notes.

This is simpler than maintaining a separate develop branch, which would require every feature to be merged twice and adds merge-conflict risk with no real benefit at this team size.

What to do

1. Ensure the CI workflow on: block has the tag trigger

The build-and-push and deploy jobs (added in #142) already gate on startsWith(gitea.ref, 'refs/tags/v'). The on: block at the top of .gitea/workflows/ci.yml must also declare tag pushes as a trigger:

on:
  push:           # runs tests on every branch push — no deploy
  pull_request:   # runs tests on every PR — no deploy
  push:
    tags:
      - 'v*'      # runs tests + build + deploy on semver tags

Note: in Gitea Actions YAML you can merge these into one push: block:

on:
  push:
    tags:
      - 'v*'
  push:           # branch pushes — tests only (jobs gated by if: condition)
  pull_request:

Or more explicitly, using separate entries — verify what Gitea Actions supports and test with a dry run.

2. Document the release process in CONTRIBUTING or DEPLOYMENT.md

Add a "Releasing a new version" section to DEPLOYMENT.md (created in #139):

## Releasing a new version

All work flows through feature branches and pull requests to `main`.
Tests run on every push. Nothing deploys until you create a release tag.

### When to tag

Tag when `main` is in a state you are happy to put in front of users.
There is no minimum number of features required — a tag can contain one fix.

### How to tag

\`\`\`bash
# Make sure you are on main and up to date
git checkout main && git pull

# Create and push a semver tag
git tag v1.2.3
git push origin v1.2.3
\`\`\`

Or create a release via the Gitea UI:
1. Go to the repo → Releases → New Release
2. Choose the tag name (e.g. `v1.2.3`) — Gitea creates the tag for you
3. Write a short changelog in the release notes
4. Publish — CI triggers automatically

### Versioning convention

Use [Semantic Versioning](https://semver.org):

| Change | Version bump | Example |
|---|---|---|
| Breaking change or major feature | MAJOR | `v1.0.0` → `v2.0.0` |
| New feature, backwards compatible | MINOR | `v1.0.0` → `v1.1.0` |
| Bug fix, patch, dependency update | PATCH | `v1.0.0` → `v1.0.1` |

For a family archive at this stage, most releases will be MINOR or PATCH.

### How to roll back

If a deploy causes problems, tag the last known-good commit:

\`\`\`bash
git tag v1.2.4 <sha-of-last-good-commit>
git push origin v1.2.4
\`\`\`

This triggers the full CI pipeline on the old code and redeploys it.
\`\`\`

3. Protect the main branch

In Gitea → repo settings → Branches → add a protection rule for main:

• Require pull request before merging
• Require status checks to pass (the three test jobs)
• Disallow force pushes

This ensures main is always green and tags always point to tested code.

4. Verify CI behaviour with a dry-run tag

Before calling this done, push a test tag and confirm:

• All three test jobs run
• build-and-push runs after they pass
• deploy runs after build-and-push
• Pushing a branch (not a tag) only runs the three test jobs

Acceptance criteria

• git push origin v0.1.0 triggers the full pipeline (tests → build → deploy) in Gitea Actions.
• A branch push triggers only tests — no build or deploy jobs appear.
• DEPLOYMENT.md contains a "Releasing a new version" section covering tagging, versioning convention, and rollback.
• main branch has protection rules requiring passing CI before merge.

## Why Without a defined deployment trigger, every push to `main` would deploy — including work-in-progress merges, dependency bumps, and minor fixes that aren't ready for users. We want deployment to be an explicit, intentional act. Tag-based deployment gives us this cleanly: - Day-to-day development: feature branches → PR → `main`. Tests run, nothing deploys. - Ready to ship: push a semver tag. Tests run, images build, VPS updates. - Release history: every deployed version has a permanent git tag and (optionally) a Gitea release with notes. This is simpler than maintaining a separate `develop` branch, which would require every feature to be merged twice and adds merge-conflict risk with no real benefit at this team size. ## What to do ### 1. Ensure the CI workflow `on:` block has the tag trigger The `build-and-push` and `deploy` jobs (added in #142) already gate on `startsWith(gitea.ref, 'refs/tags/v')`. The `on:` block at the top of `.gitea/workflows/ci.yml` must also declare tag pushes as a trigger: ```yaml on: push: # runs tests on every branch push — no deploy pull_request: # runs tests on every PR — no deploy push: tags: - 'v*' # runs tests + build + deploy on semver tags ``` Note: in Gitea Actions YAML you can merge these into one `push:` block: ```yaml on: push: tags: - 'v*' push: # branch pushes — tests only (jobs gated by if: condition) pull_request: ``` Or more explicitly, using separate entries — verify what Gitea Actions supports and test with a dry run. ### 2. Document the release process in CONTRIBUTING or DEPLOYMENT.md Add a **"Releasing a new version"** section to `DEPLOYMENT.md` (created in #139): ```markdown ## Releasing a new version All work flows through feature branches and pull requests to `main`. Tests run on every push. Nothing deploys until you create a release tag. ### When to tag Tag when `main` is in a state you are happy to put in front of users. There is no minimum number of features required — a tag can contain one fix. ### How to tag \`\`\`bash # Make sure you are on main and up to date git checkout main && git pull # Create and push a semver tag git tag v1.2.3 git push origin v1.2.3 \`\`\` Or create a release via the Gitea UI: 1. Go to the repo → Releases → New Release 2. Choose the tag name (e.g. `v1.2.3`) — Gitea creates the tag for you 3. Write a short changelog in the release notes 4. Publish — CI triggers automatically ### Versioning convention Use [Semantic Versioning](https://semver.org): | Change | Version bump | Example | |---|---|---| | Breaking change or major feature | MAJOR | `v1.0.0` → `v2.0.0` | | New feature, backwards compatible | MINOR | `v1.0.0` → `v1.1.0` | | Bug fix, patch, dependency update | PATCH | `v1.0.0` → `v1.0.1` | For a family archive at this stage, most releases will be MINOR or PATCH. ### How to roll back If a deploy causes problems, tag the last known-good commit: \`\`\`bash git tag v1.2.4 <sha-of-last-good-commit> git push origin v1.2.4 \`\`\` This triggers the full CI pipeline on the old code and redeploys it. \`\`\` ``` ### 3. Protect the `main` branch In Gitea → repo settings → Branches → add a protection rule for `main`: - Require pull request before merging - Require status checks to pass (the three test jobs) - Disallow force pushes This ensures `main` is always green and tags always point to tested code. ### 4. Verify CI behaviour with a dry-run tag Before calling this done, push a test tag and confirm: - All three test jobs run - `build-and-push` runs after they pass - `deploy` runs after `build-and-push` - Pushing a branch (not a tag) only runs the three test jobs ## Acceptance criteria - `git push origin v0.1.0` triggers the full pipeline (tests → build → deploy) in Gitea Actions. - A branch push triggers only tests — no build or deploy jobs appear. - `DEPLOYMENT.md` contains a "Releasing a new version" section covering tagging, versioning convention, and rollback. - `main` branch has protection rules requiring passing CI before merge.

marcel added the devopsphase-3: prod-compose labels 2026-03-28 10:46:52 +01:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/issue-533-mass-import-ux

feat/issue-527-unsaved-warning-new-pages

worktree-feat+issue-557-upload-artifact-v3-pin

worktree-chore+issue-556-drop-client-branches-coverage-gate

fix/issue-514-prerender-crawl-bakes-redirects

fix/issue-472-prerender-entries

feat/issue-395-readme

feat/issue-345-bulk-mark-reviewed

feat/issue-344-bell-tooltip

feat/issue-341-annotieren-contrast

feat/issue-225-bulk-metadata-edit

feat/issue-317-bulk-upload

feat/issue-271-dashboard-redesign

docs/issue-240-mission-control-spec

refactor/issues-193-200

feat/issue-162-korrespondenz-redesign

feature/68-new-document-file-first

feat/81-discussion-discoverability

feat/62-document-bottom-panel

feature/56-backfill-file-hashes

feat/38-document-edit-history

fix/svelte5-test-delegation-and-login-auth

No results found.

Labels

Clear labels

P0-critical

Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.

P1-high

Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.

P2-medium

Noticeable improvement; doesn't block anything; schedule opportunistically.

P3-later

Cosmetic or parking-lot work; fine to stay open indefinitely.

audit

Read-only audit / assessment work; produces a report rather than changing code

bug

Something isn't working

cleanup

Removal of dead code, vague comments, naming violations, and scratch artifacts

collaboration

We want to extend the family archive to have more collaboration tools

conversation

descoped

We will do that later

devops

documentation

README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs

epic

Marker for epic-level issues that group multiple child issues

feature

file-upload

legibility

Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction

notification

person

phase-1: security

Security hygiene — must be done first

phase-2: container-images

Production-ready multi-stage Docker images

phase-3: prod-compose

Production compose overlay + Caddy reverse proxy

phase-4: spring-prod-profile

Spring Boot production configuration profile

phase-5: backups

Database and object storage backup strategy

phase-6: deployment-docs

.env.example, DEPLOYMENT.md, runbook

phase-7: monitoring

Prometheus, Loki, Grafana, Alertmanager

refactor

Code restructuring without behaviour change

security

test

ui

UI/UX and accessibility issues

user

No Label devops phase-3: prod-compose

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Jens marcel

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: marcel/familienarchiv#143