ci(CAR-1373): re-add deploy-dev/deploy-uat with PR-based base=dev/uat #36

2026-06-10T22:44:01Z

Barcode Betty commented

2026-06-10 22:44:01 +00:00

Summary

Re-add deploy-dev and deploy-uat jobs to cartsnitch/auth in the post-CAR-1371+1374 frontend pattern.

These jobs were removed from dev in CAR-1041 (commit e308b15, PR #28) because the prior direct-push implementation was invalid. The main branch meanwhile has the PR-based pattern but with base: "main" — the CAR-1373 bug. This PR adds the deploy jobs back to dev with the correct shape so the natural dev → uat → main promotion propagates the fix to uat (replacing the direct-push pattern from the issue) and to main (replacing base: "main" with base: "dev"/"uat").

Changes

deploy-dev: ref parameterized (CAR-1374), base=dev (CAR-1371), head=cartsnitch:${BRANCH} (cross-repo head, matches frontend)
deploy-uat: same with base=uat
Both jobs request cs_savannah review per GitOps gate
Both jobs treat any non-merged outcome as ::notice:: + exit 0 (CAR-1216), since the auth CI token cannot self-approve a cartsnitch/infra PR
Fall back to contents API if git push is rejected by the pre-receive hook (CAR-1169/CAR-1195 pattern)

Why this PR targets `dev`

Per the CAR-1373 acceptance criteria ("PRs to cartsnitch/auth:dev then cartsnitch/auth:uat for promotion per Pipeline A") and the SDLC. After this merges to dev, the dev → uat PR will replace the old direct-push on uat and the uat → main PR will replace base: "main" on main with the corrected base.

Cross-repo token scope

Verified not a blocker: the CI_GITEA_TOKEN already has write access to cartsnitch/infra (it currently pushes branches and opens PRs in main's ci.yml). No scope change needed.

Out of scope (per CAR-1373)

cartsnitch-auth/ local workspace (duplicate checkout of cartsnitch/auth — no separate fix needed)
cartsnitch/api and cartsnitch/receiptwitness (no own deploy workflows — handled by the cartsnitch/cartsnitch frontend multi-service deploy)

References

CAR-1373 (this issue)
CAR-1370 (CEO parent, frontend fix)
CAR-1371 (frontend sibling, base=dev/uat fix)
CAR-1374 (frontend sibling, parameterized ref fix)
CAR-1216 (deploy never-fail on infra-PR merge outcome)
CAR-1041 (the prior deploy-job removal — PR #28 on dev)

cc @cpfarhood

## Summary Re-add `deploy-dev` and `deploy-uat` jobs to `cartsnitch/auth` in the post-CAR-1371+1374 frontend pattern. These jobs were removed from `dev` in CAR-1041 (commit e308b15, PR #28) because the prior direct-push implementation was invalid. The `main` branch meanwhile has the PR-based pattern but with `base: "main"` — the CAR-1373 bug. This PR adds the deploy jobs back to `dev` with the correct shape so the natural `dev → uat → main` promotion propagates the fix to `uat` (replacing the direct-push pattern from the issue) and to `main` (replacing `base: "main"` with `base: "dev"`/`"uat"`). ## Changes - `deploy-dev`: `ref` parameterized (CAR-1374), `base=dev` (CAR-1371), `head=cartsnitch:${BRANCH}` (cross-repo head, matches frontend) - `deploy-uat`: same with `base=uat` - Both jobs request `cs_savannah` review per GitOps gate - Both jobs treat any non-merged outcome as `::notice:: + exit 0` (CAR-1216), since the auth CI token cannot self-approve a `cartsnitch/infra` PR - Fall back to contents API if `git push` is rejected by the pre-receive hook (CAR-1169/CAR-1195 pattern) ## Why this PR targets `dev` Per the CAR-1373 acceptance criteria ("PRs to cartsnitch/auth:dev then cartsnitch/auth:uat for promotion per Pipeline A") and the SDLC. After this merges to `dev`, the `dev → uat` PR will replace the old direct-push on `uat` and the `uat → main` PR will replace `base: "main"` on `main` with the corrected base. ## Cross-repo token scope Verified not a blocker: the `CI_GITEA_TOKEN` already has write access to `cartsnitch/infra` (it currently pushes branches and opens PRs in main's ci.yml). No scope change needed. ## Out of scope (per CAR-1373) - `cartsnitch-auth/` local workspace (duplicate checkout of `cartsnitch/auth` — no separate fix needed) - `cartsnitch/api` and `cartsnitch/receiptwitness` (no own deploy workflows — handled by the cartsnitch/cartsnitch frontend multi-service deploy) ## References - CAR-1373 (this issue) - CAR-1370 (CEO parent, frontend fix) - CAR-1371 (frontend sibling, base=dev/uat fix) - CAR-1374 (frontend sibling, parameterized ref fix) - CAR-1216 (deploy never-fail on infra-PR merge outcome) - CAR-1041 (the prior deploy-job removal — PR #28 on dev) cc @cpfarhood

Barcode Betty added 1 commit 2026-06-10 22:44:01 +00:00

ci(CAR-1373): re-add deploy-dev/deploy-uat with PR-based base=dev/uat

CI / build-and-push (pull_request) Has been skipped

Details

CI / deploy-dev (pull_request) Has been skipped

Details

CI / deploy-uat (pull_request) Has been skipped

Details

c4536afa5f

Add deploy-dev and deploy-uat jobs to cartsnitch/auth:dev. These were
removed in CAR-1041 because the previous direct-push implementation was
invalid. Re-add them in the post-CAR-1371+1374 frontend pattern:

- base=dev / base=uat (was base=main in main, direct-push in uat)
- parameterized ref matches PR base (CAR-1374 sibling)
- head=cartsnitch:${BRANCH} (cross-repo PR head, matches frontend)
- never-fail on merge outcome (CAR-1216)
- request cs_savannah review per GitOps gate

cc @cpfarhood

Barcode Betty merged commit 76254d0dbb into dev

2026-06-10 22:44:40 +00:00

Barcode Betty deleted branch betty/car-1373-add-pr-deploy-jobs

2026-06-10 22:44:41 +00:00

Barcode Betty referenced this pull request

2026-06-10 22:45:57 +00:00

ci(CAR-1373): re-add deploy-dev/deploy-uat with PR-based base=dev/uat (dev → uat promotion) #37

Barcode Betty referenced this pull request

2026-06-10 22:48:09 +00:00

ci(CAR-1373): apply dev's deploy-job restoration to uat (dev → uat promotion, 3-way resolved) #38

Sign in to join this conversation.