Board API keys are not available in current Paperclip version, so CI
cannot create UAT issues. Rollback Rhonda will detect new dev deployments
via polling instead.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Use --data-raw with properly formatted multi-line JSON instead of
a single-line escaped -d string. This ensures newlines in the
description are correctly interpreted.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add deploy-dev job to update the dev overlay image tag in cartsnitch/infra
via kustomize after a successful main build. Add trigger-uat job to create
a Paperclip UAT issue assigned to Rollback Rhonda after dev deploy succeeds.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The build-and-push job pulls nginx:stable-alpine from Docker Hub during
docker build. Anonymous pulls hit rate limits on self-hosted runners.
Add docker/login-action for Docker Hub using org secrets before the
build step (unconditional — needed for both PR and push builds).
Closes#22
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Tag container images with YYYY.MM.DD CalVer format on merge to main,
with build number suffix for same-day collisions. Creates matching
git tags (vYYYY.MM.DD). Retains latest tag as convenience alias.
GitHub issue: cartsnitch/infra#24
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The correct self-hosted ARC runner label is runners-cartsnitch, not
cartsnitch-runners. All CI jobs were failing because no runners
matched the old label.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
We push to GHCR only per infrastructure policy. The Docker Hub login
step was added in error and would fail since DOCKERHUB_USERNAME/TOKEN
secrets are not configured.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Confirmed secrets are length 0 from CI runners. Docker Hub auth
cannot work until secrets are properly scoped to these repos.
Refs: CAR-77
Co-Authored-By: Paperclip <noreply@paperclip.ing>
DOCKERHUB_USERNAME/DOCKERHUB_TOKEN secrets are not accessible from
the self-hosted runners. Remove credentials blocks and login steps
to avoid template validation failures. Docker Hub pulls will use
anonymous access.
Refs: CAR-77
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Docker Hub login step is now conditional on secret existence
to avoid failures when org secrets are not yet provisioned.
Refs: CAR-77
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Avoids Docker Hub 429 rate limits by pulling node:20-alpine and
nginx:stable-alpine from ghcr.io/cartsnitch/mirror/. GHCR login
now runs on all builds (not just main push) to authenticate pulls.
Ref: cartsnitch/infra#7, CAR-55
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The build-and-push job had an unconditional Docker Hub login step that
was failing because DOCKERHUB_USERNAME and DOCKERHUB_TOKEN secrets are
not provisioned. Since we push images to GHCR (not Docker Hub), this
step is not needed.
Closescartsnitch/infra#5
Co-authored-by: deploy-debbie[bot] <268472978+deploy-debbie[bot]@users.noreply.github.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
The build-and-push job pulls node:20-alpine and nginx:stable-alpine from
Docker Hub during docker build. Without authentication these pulls hit
the unauthenticated rate limit, causing intermittent build failures.
Closes#8
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Stockboy Steve
Stockboy Steve