Add develop branch to CI pipeline triggers#192
Open
kirich1409 wants to merge 2 commits into
Open
Conversation
Mirror main triggers onto develop for the new gitflow integration branch: ci, codeql, dependency-review build/scan on push/PR to develop, docs site is built on develop but published to Pages only from main or release tags, and publish.yml emits SNAPSHOTs from both branches while tagged release publication remains main-only.
Review Summary by QodoExtend CI/CD pipeline triggers to develop branch
WalkthroughsDescription• Extend CI/CD pipeline triggers to develop branch for gitflow integration • Build and scan workflows now run on develop push and pull requests • Documentation builds on develop but publishes only from main or tags • SNAPSHOT artifacts published from both main and develop branches Diagramflowchart LR
develop["develop branch"] -->|push/PR| ci["CI, CodeQL, Dependency Review"]
develop -->|push| docs["Build docs"]
docs -->|condition check| pages["Publish to Pages?"]
pages -->|main or tags only| publish["Publish to GitHub Pages"]
develop -->|push| snapshot["Publish SNAPSHOT artifacts"]
main["main branch"] -->|push/PR| ci
main -->|push| docs
main -->|push| snapshot
tags["Release tags"] -->|push| docs
tags -->|push| publish
File Changes1. .github/workflows/ci.yml
|
Code Review by Qodo
1.
|
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
Comment on lines
8
to
+10
| branches: | ||
| - main | ||
| - develop |
There was a problem hiding this comment.
2. Snapshot version collision risk 🐞 Bug ☼ Reliability
publish.yml now runs on pushes to both main and develop, but for any non-tag push it computes the exact same VERSION_NAME (BASE + "-SNAPSHOT") from gradle.properties. This makes main and develop publish identical snapshot coordinates, causing artifacts to overwrite each other or publish failures if the repository rejects re-publishing the same version.
Agent Prompt
### Issue description
Branch pushes to both `main` and `develop` now publish SNAPSHOTs, but the computed SNAPSHOT version is identical across branches (`${BASE}-SNAPSHOT`). This can cause either (a) branch snapshots overwriting each other, or (b) repeated publish failures depending on repository policy.
### Issue Context
The workflow derives `BASE` from `gradle.properties:VERSION_NAME`, strips `-SNAPSHOT`, then appends `-SNAPSHOT` for all non-tag pushes.
### Fix Focus Areas
- .github/workflows/publish.yml[3-11]
- .github/workflows/publish.yml[30-41]
### What to change
Choose one:
- Encode the branch in the snapshot version, e.g. `VERSION="${BASE}-${GITHUB_REF_NAME}-SNAPSHOT"` for non-tag pushes.
- Or publish develop snapshots to a separate repository/coordinate (if supported by your Gradle publishing setup).
- Or gate publishing so only one branch produces the canonical SNAPSHOT (and keep the other branch build-only).
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Contributor
Author
There was a problem hiding this comment.
Acknowledged as an accepted trade-off for the transitional gitflow setup — SNAPSHOTs from both branches are intentional. Maven Central permits SNAPSHOT overwrites; the later push wins. If collisions become a problem in practice we'll either encode the branch into the version (${BASE}-${GITHUB_REF_NAME}-SNAPSHOT) or restrict canonical SNAPSHOTs to develop in a follow-up PR. Not changing here.
There was a problem hiding this comment.
Pull request overview
Extends existing GitHub Actions workflows so CI/CD runs not only on main, but also on the new develop branch as part of a gitflow-style integration setup.
Changes:
- CI (
ci.yml) and CodeQL (codeql.yml) now trigger on push/PR todevelopin addition tomain. - Dependency Review now runs for PRs targeting
develop. - Publish pipeline (
publish.yml) now triggers on pushes todevelopas well asmain.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/publish.yml | Adds develop to push triggers for publishing pipeline. |
| .github/workflows/docs.yml | Adds develop triggers and tightens publish gating to avoid publishing from develop. |
| .github/workflows/dependency-review.yml | Enables dependency review for PRs into develop. |
| .github/workflows/codeql.yml | Enables CodeQL on develop pushes/PRs. |
| .github/workflows/ci.yml | Enables CI on develop pushes/PRs. |
Comments suppressed due to low confidence (1)
.github/workflows/docs.yml:14
- The tag filters here use regex-like syntax (
[0-9]+), but GitHub Actions tag filters are glob patterns. If you intend to match release tags likev1.0.0/v1.2.3-rc1, these patterns likely won’t match; switch to glob-style patterns (e.g.,[0-9]*) or a broaderv*once tags are moved under thepushtrigger.
- main
- develop
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+-*"
Comment on lines
8
to
14
| pull_request: | ||
| branches: | ||
| - main | ||
| - develop | ||
| tags: | ||
| - "v[0-9]+.[0-9]+.[0-9]+" | ||
| - "v[0-9]+.[0-9]+.[0-9]+-*" |
Contributor
Author
There was a problem hiding this comment.
Fixed in b8e139a: tags: moved from on.pull_request to on.push. The pre-existing if: clause in publish-docs now correctly gates publication on main pushes and tag pushes.
Comment on lines
6
to
+11
| - main | ||
| - develop | ||
| pull_request: | ||
| branches: | ||
| - main | ||
| - develop |
Contributor
Author
There was a problem hiding this comment.
Valid security-hardening point. The workflow-level contents: write predates this PR and is out of scope for the gitflow trigger update. Tracked for a follow-up security PR that scopes the token down to the publish-docs job only.
Comment on lines
5
to
+10
| tags: | ||
| - "v[0-9]+.[0-9]+.[0-9]+" | ||
| - "v[0-9]+.[0-9]+.[0-9]+-*" | ||
| branches: | ||
| - main | ||
| - develop |
Contributor
Author
There was a problem hiding this comment.
These patterns are empirically functional: v1.0.0-Beta1 matched and triggered the recent release (commit 7a4dd94 from the publish-xcframework job). GitHub Actions filter globs support [0-9]+ (one or more chars in range), so the patterns work as intended. Not changing.
CodeQL diff-range scanner fails with "no source code seen during build" when a PR touches no Java/Kotlin sources. Add paths-ignore for workflow, docs, and markdown files so docs/CI-config PRs no longer break the scan; weekly schedule still does a full scan. Move docs.yml tag patterns from pull_request to push — pull_request does not support tag filters, so tag-driven docs publication was unreachable despite the publish-docs if: clause checking for refs/tags/.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
maintriggers ontodevelopfor the new gitflow integration branchci.yml,codeql.yml,dependency-review.ymlnow run on push/PR todevelopdocs.ymlbuilds documentation ondevelopbut publishes to GitHub Pages only frommainor release tagspublish.ymlemits SNAPSHOT artifacts from bothmainanddevelop; tagged release publication remains tag-driven and untouchedTest plan
developdevelopdeveloppush but is NOT published to GitHub Pagesdevelopmainremains unaffected