fix(cartsnitch/cartsnitch): deploy-dev/deploy-uat checkout ref must match PR base (CAR-1374) #300

Merged

Barcode Betty merged 1 commits from barcode-betty/car-1374-checkout-ref-match-base into dev 2026-06-10 22:19:13 +00:00

Conversation 0 Commits 1 Files Changed 1

+2 -2

Barcode Betty commented 2026-06-10 22:17:29 +00:00

Member

Copy Link

Copy Source

Context

CAR-1374 — follow-up to CAR-1371.

CAR-1371 changed the deploy-dev and deploy-uat jobs in .gitea/workflows/ci.yml to open image-tag-bump PRs against base: dev (or base: uat) instead of base: main. Verification on 2026-06-10 (run cartsnitch/cartsnitch#3506) confirmed the PR base arg is correct, but the auto-opened PR cartsnitch/infra#392 is mergeable: false because the head branch was branched from main, not from dev/uat.

Root cause

In deploy-dev (line 482) and deploy-uat (line 628) jobs, the actions/checkout step for cartsnitch/infra hardcoded ref: main. The job then cd infra/apps/overlays/{dev,uat}, edits the kustomization, and creates a branch from the working tree. So the head branch lineage was main + image-tag-bump, while the PR base was dev/uat — making the diff everything in main that is not in dev (30+ files in #392).

Fix

Parameterize the ref to match the PR base:

ref: ${{ github.ref == 'refs/heads/main' && 'main' || (github.ref == 'refs/heads/uat' && 'uat' || 'dev') }}

This makes the head branch lineage match the PR base, so the image-tag-bump PR is a clean single-file diff.

Files changed

• .gitea/workflows/ci.yml — 2 lines, deploy-dev (line 487) and deploy-uat (line 633)

Verification plan

After merge to dev:

1. Push a no-op to dev
2. Confirm the new deploy-dev PR in cartsnitch/infra is mergeable: true
3. Confirm the diff is limited to the image-tag update in apps/overlays/dev/kustomization.yaml

Out of scope (separate issues)

• CAR-1372 (defense-in-depth CI guard in cartsnitch/infra)
• CAR-1373 (cartsnitch/auth direct-push bug)

cc @cpfarhood

## Context [CAR-1374](/CAR/issues/CAR-1374) — follow-up to [CAR-1371](/CAR/issues/CAR-1371). CAR-1371 changed the `deploy-dev` and `deploy-uat` jobs in `.gitea/workflows/ci.yml` to open image-tag-bump PRs against `base: dev` (or `base: uat`) instead of `base: main`. Verification on 2026-06-10 (run [cartsnitch/cartsnitch#3506](https://git.farh.net/cartsnitch/cartsnitch/actions/runs/3506)) confirmed the PR base arg is correct, but the auto-opened PR [cartsnitch/infra#392](https://git.farh.net/cartsnitch/infra/pulls/392) is `mergeable: false` because the head branch was branched from `main`, not from `dev`/`uat`. ## Root cause In `deploy-dev` (line 482) and `deploy-uat` (line 628) jobs, the `actions/checkout` step for `cartsnitch/infra` hardcoded `ref: main`. The job then `cd infra/apps/overlays/{dev,uat}`, edits the kustomization, and creates a branch from the working tree. So the head branch lineage was `main + image-tag-bump`, while the PR base was `dev`/`uat` — making the diff everything in main that is not in dev (30+ files in #392). ## Fix Parameterize the `ref` to match the PR base: ```yaml ref: ${{ github.ref == 'refs/heads/main' && 'main' || (github.ref == 'refs/heads/uat' && 'uat' || 'dev') }} ``` This makes the head branch lineage match the PR base, so the image-tag-bump PR is a clean single-file diff. ## Files changed - `.gitea/workflows/ci.yml` — 2 lines, deploy-dev (line 487) and deploy-uat (line 633) ## Verification plan After merge to dev: 1. Push a no-op to dev 2. Confirm the new deploy-dev PR in cartsnitch/infra is `mergeable: true` 3. Confirm the diff is limited to the image-tag update in `apps/overlays/dev/kustomization.yaml` ## Out of scope (separate issues) - CAR-1372 (defense-in-depth CI guard in cartsnitch/infra) - CAR-1373 (cartsnitch/auth direct-push bug) cc @cpfarhood

Barcode Betty added 1 commit 2026-06-10 22:17:29 +00:00

fix(cartsnitch): deploy-dev/deploy-uat checkout ref must match PR base (CAR-1374) ... eb899c46bf

Parameterize the actions/checkout ref for cartsnitch/infra in deploy-dev
and deploy-uat so the head branch lineage matches the PR base:
  - main push -> ref: main, base: main (unchanged)
  - dev push  -> ref: dev,  base: dev
  - uat push  -> ref: uat,  base: uat

Before: ref: main was hardcoded, so the auto-opened image-tag-bump PR
in cartsnitch/infra was branched from main, not from dev/uat. With the
CAR-1371 base=dev/base=uat change, the diff ballooned to 30+ files and
the PR was unmergeable (see cartsnitch/infra#392).

Co-Authored-By: Paperclip <noreply@paperclip.ing>

Barcode Betty merged commit 4cb051a104 into dev 2026-06-10 22:19:13 +00:00

Barcode Betty referenced this pull request 2026-06-10 22:20:49 +00:00

Promote to UAT: alembic version_num widen (CAR-1365) + deploy-dev/uat checkout ref match base (CAR-1374) #298

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

Something isn't working

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

marketing

Marketing content

question

Further information is requested

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

ai-review (AI Review) cs_betty (Barcode Betty) cs_charlie (Checkout Charlie) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) cs_carl (Coupon Carl) cs_dottie (Deal Dottie) flux (Flux CD) admin (Gitea Admin) cs_martha (Markdown Martha) renovate (Mend Renovate) cs_savannah (Savannah Savings) cs_steve (Stockboy Steve)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: cartsnitch/cartsnitch#300