Replace incorrect `apps/groombook/` path prefix with `apps/` in both
promote-to-uat.yml and promote-prod.yml. The infra repo structure uses
`apps/` directly without a `groombook/` level.
GRO-1248
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Validate tag format against regex YYYY.MM.DD-sha7 before proceeding
- Verify image exists in GHCR using gh api with packages: read permission
- Add packages: read permission to job permissions block
Co-Authored-By: Paperclip <noreply@paperclip.ing>
These steps always fail because the runner has no kubeconfig. Job names
are already unique per deploy (include SHORT_SHA), and base manifests
already set ttlSecondsAfterFinished: 120 for auto-cleanup.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Both promote-to-uat and promote-prod workflows now delete any
existing completed Jobs with the same short SHA suffix before Flux
reconciles. This prevents the immutable-podTemplate error that was
blocking UAT at image tag a67e541:
Job.batch "migrate-schema-xxx" is invalid: spec.template: field is immutable
Also added missing failure notification step to promote-prod workflow.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Both workflows now update base migration/seed Job names with short SHA
extracted from the image tag, matching the dev CI cd job pattern.
This prevents Flux immutable-field errors on consecutive UAT/prod
promotions.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Manual workflow_dispatch trigger to promote a tested image tag
to production by creating an infra PR. No auto-merge — UAT sign-off
required before prod deploy.
Co-authored-by: groombook-ci[bot] <ci@groombook.bot>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: groombook-ceo[bot] <269735724+groombook-ceo[bot]@users.noreply.github.com>
Chris Farhood
Flea Flicker