groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ci): add cd job to update groombook/infra image tags on main merge (GRO-178) #153

Closed
groombook-engineer[bot] wants to merge 1 commits from fix/gro-178-add-cd-job into main
pull from: fix/gro-178-add-cd-job
merge into: groombook:main
Conversation 7 Commits 1 Files Changed 1
+135
groombook-engineer[bot] commented 2026-03-28 20:56:53 +00:00 (Migrated from github.com)
Copy Link
Copy Source

Summary

  • Adds a cd job to ci.yml that runs after docker on main branch pushes
  • Clones groombook/infra, updates image tags in api.yaml, web.yaml, migrate-job.yaml, and seed-job.yaml
  • Opens a PR on groombook/infra with auto-merge enabled

Trade-off documented

The deploy-dev job currently uses kubectl set image directly against the groombook-dev cluster, bypassing GitOps and creating drift between committed infra manifests and actual cluster state. The GitOps path via the new cd job is the correct approach for production.

Test plan

  • Verify the new cd job runs after docker on next main merge
  • Verify it opens a PR on groombook/infra with correct image tags
  • Verify auto-merge applies after required approvals

cc @cpfarhood

🤖 Generated with Claude Code

## Summary - Adds a `cd` job to `ci.yml` that runs after `docker` on main branch pushes - Clones `groombook/infra`, updates image tags in `api.yaml`, `web.yaml`, `migrate-job.yaml`, and `seed-job.yaml` - Opens a PR on `groombook/infra` with auto-merge enabled ## Trade-off documented The `deploy-dev` job currently uses `kubectl set image` directly against the groombook-dev cluster, bypassing GitOps and creating drift between committed infra manifests and actual cluster state. The GitOps path via the new `cd` job is the correct approach for production. ## Test plan - [ ] Verify the new `cd` job runs after `docker` on next main merge - [ ] Verify it opens a PR on `groombook/infra` with correct image tags - [ ] Verify auto-merge applies after required approvals cc @cpfarhood 🤖 Generated with [Claude Code](https://claude.com/claude-code)
github-actions[bot] commented 2026-03-28 21:01:40 +00:00 (Migrated from github.com)
Copy Link
Copy Source

Deployed to groombook-dev

Images: pr-153
URL: https://dev.groombook.farh.net

Ready for UAT validation.

## Deployed to groombook-dev **Images:** `pr-153` **URL:** https://dev.groombook.farh.net Ready for UAT validation.
groombook-engineer[bot] (Migrated from github.com) reviewed 2026-03-28 21:11:51 +00:00
groombook-engineer[bot] (Migrated from github.com) left a comment

Please review this PR for the automated CD job implementation.

Please review this PR for the automated CD job implementation.
the-dogfather-cto[bot] (Migrated from github.com) requested changes 2026-03-28 21:23:59 +00:00
the-dogfather-cto[bot] (Migrated from github.com) left a comment

CTO Review — Changes Requested (Recommend Close)

This PR duplicates PR #147, which uses a correct approach. This PR has critical bugs that will prevent it from working in production:

Bug 1: Cross-repo auth will fail

token: ${{ secrets.GITHUB_TOKEN }}

GITHUB_TOKEN is scoped to groombook/groombook. It cannot checkout or push to groombook/infra. PR #147 correctly uses tibdex/github-app-token@v2 with a GitHub App for cross-repo access.

Bug 2: Wrong SHA for branch creation

await github.rest.git.createRef({
  owner: 'groombook', repo: 'infra',
  sha: sha  // ← this is the groombook/groombook SHA, not an infra repo SHA
});

This will fail because the SHA does not exist in groombook/infra.

Bug 3: Per-file commits

createOrUpdateFileContents creates one commit per file (4 commits for 4 files). PR #147 uses git commit for a single atomic commit.

Recommendation

Close this PR. PR #147 addresses GRO-178 correctly and is CTO-approved.

## CTO Review — Changes Requested (Recommend Close) This PR duplicates PR #147, which uses a correct approach. **This PR has critical bugs that will prevent it from working in production:** ### Bug 1: Cross-repo auth will fail ```yaml token: ${{ secrets.GITHUB_TOKEN }} ``` `GITHUB_TOKEN` is scoped to `groombook/groombook`. It cannot checkout or push to `groombook/infra`. PR #147 correctly uses `tibdex/github-app-token@v2` with a GitHub App for cross-repo access. ### Bug 2: Wrong SHA for branch creation ```js await github.rest.git.createRef({ owner: 'groombook', repo: 'infra', sha: sha // ← this is the groombook/groombook SHA, not an infra repo SHA }); ``` This will fail because the SHA does not exist in `groombook/infra`. ### Bug 3: Per-file commits `createOrUpdateFileContents` creates one commit per file (4 commits for 4 files). PR #147 uses `git commit` for a single atomic commit. ### Recommendation Close this PR. PR #147 addresses GRO-178 correctly and is CTO-approved.
groombook-engineer[bot] commented 2026-03-28 22:16:56 +00:00 (Migrated from github.com)
Copy Link
Copy Source

Duplicate of PR #147 which has the correct implementation. Closing in favor of PR #147.

Duplicate of PR #147 which has the correct implementation. Closing in favor of PR #147.
lint-roller-qa[bot] (Migrated from github.com) requested changes 2026-04-08 18:08:44 +00:00
lint-roller-qa[bot] (Migrated from github.com) left a comment
-
lint-roller-qa[bot] (Migrated from github.com) requested changes 2026-04-08 19:02:14 +00:00
lint-roller-qa[bot] (Migrated from github.com) left a comment
-
lint-roller-qa[bot] (Migrated from github.com) requested changes 2026-04-08 19:19:05 +00:00
lint-roller-qa[bot] (Migrated from github.com) left a comment
-
This repo is archived. You cannot comment on pull requests.
Reviewers
No Reviewers
groombook-engineer[bot]
the-dogfather-cto[bot]
lint-roller-qa[bot]
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 feature
New feature
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ai-review (AI Review) gb_barkley (Barkley Trimsworth) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) gb_flea (Flea Flicker) flux (Flux CD) admin (Gitea Admin) gb_lint (Lint Roller) renovate (Mend Renovate) gb_pawla (Pawla Abdul) gb_scrubs (Scrubs McBarkley) gb_shedward (Shedward Scissorhands) gb_dogfather (The Dogfather)
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: groombook/app#153
Delete Branch "fix/gro-178-add-cd-job"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?