Skip to content

fix(ci): [DEFECT] Manual deploy workflow cicd_8manualdeploy (#34689)#34699

Open
spbolton wants to merge 9 commits intomainfrom
issue-34689-defect-manual-deploy-workflow-cicd8-manual
Open

fix(ci): [DEFECT] Manual deploy workflow cicd_8manualdeploy (#34689)#34699
spbolton wants to merge 9 commits intomainfrom
issue-34689-defect-manual-deploy-workflow-cicd8-manual

Conversation

@spbolton
Copy link
Contributor

@spbolton spbolton commented Feb 19, 2026

Description

Fix the cicd_8-manual-deploy.yml workflow that was failing with invalid input parameters, and improve CI/CD infrastructure consistency across all workflows: run-name visibility, Docker image tag architecture, nightly build repeatability and tag ordering, and CLI artifact deployment control.

Changes

Bug Fixes (cicd_8 manual deploy)

  • Fix invalid inputs: use change-detection='disabled' instead of the invalid validation-level='none'
  • Make ref input optional: defaults to the dispatch branch, preserving legacy behavior and fixing the concurrency group fallback when ref is empty

Run-Name Improvements (all workflows)

  • Add run-name to all CI/CD workflows (cicd_1 through cicd_8) so every run is identifiable in the GitHub Actions UI without opening it
  • Fix expression syntax: switch run-name YAML strings from single-quoted to double-quoted so that GitHub Actions expression parser receives properly single-quoted string literals inside ${{ }} — fixes Unexpected symbol: '"' in expression validation error (cicd_3, cicd_4, cicd_6, cicd_7, cicd_8)
  • Always show ref in manual deploy run-name: fall back to github.ref_name when the ref input is empty, so the run name is always Manual [branch-name] rather than just Manual

Nightly Build Repeatability (cicd_4)

  • New setup job that determines the commit to build from before any other jobs run
  • Default behavior (scheduled and manual dispatch): finds the last commit on main at or before midnight UTC. This ensures repeatability — re-running a nightly later in the day to investigate a failure produces the exact same build as the scheduled run. The date tag (nightly_YYYYMMDD) labels the day covered (yesterday), not the day the workflow runs.
  • New use-latest-commit dispatch input: set to true to build from the current HEAD of main instead, useful when you need to pick up commits made after midnight
  • All downstream jobs (build, deployment, finalize) now depend on setup and pass through its build-ref and tag-date outputs

Docker Image Tag Architecture (nightly + all builds)

  • Redesign tag inputs on deploy-docker action: replace raw type=raw,value=...,enable= format strings with semantic identifier-tag / custom-tag inputs — callers express intent, not bake-meta syntax
  • Centralize tag computation: Compute Docker Tags step consolidates all tag logic in clear bash if/else, replacing the previous Compute Docker Base Tag + scattered enable= expressions
  • Fix tag ordering: identifier appears before suffix (nightly_20250218_java25, not nightly_java25_20250218), consistent with the release pattern
  • Retain extra-tags as an escape hatch for advanced cases

CLI Artifact Deployment Control

  • Add deploy-cli boolean input to the deployment phase composite workflow (default: false); replaces the previous hardcoded environment != 'manual' name check
  • Explicit opt-in pattern: trunk, nightly, and release callers set deploy-cli: true; manual deploys omit it and default to false, preventing accidental JFrog publishes from feature-branch builds — mirrors the same pattern used by publish-npm-cli and publish-npm-sdk-libs
  • Restore publish-npm-sdk-libs condition to input-only guard (environment hardcoding removed)

Miscellaneous

  • Remove dead code: reuse-previous-build removed from all deployment-phase calls (only meaningful in the initialize phase)
  • Remove stale java_version default from cicd_7-release-java-variant dispatch input ('25.0.1-open' was outdated); update description to reference the RELEASE_JAVA_VARIANT_VERSION repository variable used by push-triggered builds

Files Changed

File What changed
.github/actions/core-cicd/deployment/deploy-docker/action.yml New identifier-tag/custom-tag inputs; centralized tag computation
.github/workflows/cicd_1-pr.yml Add run-name
.github/workflows/cicd_2-merge-queue.yml Add run-name
.github/workflows/cicd_3-trunk.yml Add run-name (fixed quotes); add deploy-cli: true
.github/workflows/cicd_4-nightly.yml Add setup job for commit pinning; add use-latest-commit input; add run-name (fixed quotes); fix tag ordering; add deploy-cli: true
.github/workflows/cicd_6-release.yml Fix run-name quotes; add deploy-cli: true
.github/workflows/cicd_7-release-java-variant.yml Fix run-name quotes; remove stale java_version default
.github/workflows/cicd_8-manual-deploy.yml Fix invalid inputs; make ref optional; fix run-name always shows ref
.github/workflows/cicd_comp_deployment-phase.yml Add deploy-cli input; replace env-name guard with input guard
.github/workflows/cicd_comp_initialize-phase.yml Minor cleanup

Testing

  • Workflow YAML validates on push (GitHub Actions schema validation)
  • Manual deploy workflow (cicd_8) can be triggered successfully end-to-end
  • Docker tags produced with correct naming pattern and ordering
  • run-name displays correctly in GitHub Actions UI for all workflow types
  • CLI artifacts are not published when running manual/feature-branch builds
  • Nightly default behavior pins to the midnight UTC commit, not current HEAD

Closes #34689

Issue: [DEFECT] Manual deploy workflow cicd_8manualdeploy

@alwaysmeticulous
Copy link

alwaysmeticulous bot commented Feb 19, 2026

🤖 No test run has been triggered as your Meticulous project has been deactivated (since you haven't viewed any test results in a while). Click here to reactivate.

Last updated for commit 3d5369b. This comment will update as new commits are pushed.

spbolton and others added 6 commits February 20, 2026 12:53
…tecture (#34689)

- Fix cicd_8-manual-deploy: use change-detection='disabled' instead of
  invalid validation-level='none'; make ref input optional (defaults to
  dispatch branch, preserving legacy behavior)
- Redesign Docker tag architecture: add semantic identifier-tag/custom-tag
  inputs to deploy-docker action, replacing raw type=raw,value=...,enable=
  format strings passed from callers
- Centralize tag computation in Compute Docker Tags step (replaces
  Compute Docker Base Tag + raw extra-tags); identifier alias logic is
  now clear bash if/else instead of enable= expressions in format strings
- extra-tags retained as escape hatch for advanced cases
- Fix tag ordering: identifier before suffix (nightly_20250218_java25,
  not nightly_java25_20250218), consistent with release pattern
- Remove dead code: reuse-previous-build from deployment phase calls
  (only meaningful in initialize phase)
- Add run-name to all CI/CD workflows (cicd_1 through cicd_8) for better
  identification in GitHub Actions UI; uses format() now confirmed available
- Fix cicd_8 concurrency group to use fallback when ref input is empty

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
GitHub Actions expression parser only accepts single-quoted string
literals inside \${{ }}. Switching run-name fields from single-quoted
YAML (outer) to double-quoted YAML (outer) allows single-quoted
expression strings without escaping, fixing the validation error:
  Unexpected symbol: '"' in expression

Affected workflows: cicd_3, cicd_4, cicd_6, cicd_7, cicd_8

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When ref input is empty, fall back to github.ref_name (the dispatch
branch) so the run name always shows which branch is being built.
Mirrors the same fallback used in the concurrency group.

Before: "Manual" (when ref input left empty)
After:  "Manual [issue-123-feature]"

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Manual deploys are feature branch builds and should not publish
CLI artifacts to JFrog Artifactory. Only trunk, nightly, and
release environments should deploy CLI artifacts.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…onment

Replace environment name check with a deploy-cli boolean input following
the same pattern as publish-npm-cli and publish-npm-sdk-libs. Callers
that need CLI artifacts deployed to JFrog explicitly opt in with
deploy-cli: true (trunk, nightly, release). Manual deploys omit it,
defaulting to false.

Also restore publish-npm-sdk-libs condition to input-only guard (no
environment hardcoding needed since it already defaults to false).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…dispatch

The hardcoded default '25.0.1-open' was outdated and misleading.
Since the field is required, users must provide the value explicitly.
Push-triggered builds use the RELEASE_JAVA_VARIANT_VERSION repository
variable instead.

Updated the description to reference the repository variable for clarity.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@spbolton spbolton force-pushed the issue-34689-defect-manual-deploy-workflow-cicd8-manual branch from a3064bc to 1a1567f Compare February 20, 2026 12:53
@spbolton spbolton moved this to Current Sprint Backlog in dotCMS - Product Planning Feb 20, 2026
@spbolton spbolton moved this from Current Sprint Backlog to In Progress in dotCMS - Product Planning Feb 20, 2026
@spbolton spbolton marked this pull request as ready for review February 20, 2026 13:11
@spbolton spbolton requested a review from a team as a code owner February 20, 2026 13:11
@spbolton
Copy link
Contributor Author

spbolton commented Feb 20, 2026

The changes to the manual workflow could be tested by selecting this branch as the workflow branch. It ran here and created an image with the expected tags. https://github.com/dotCMS/core/actions/runs/22202349916

The summary now provides additional information on the process:
Screenshot 2026-02-20 at 13 14 06

spbolton and others added 2 commits February 20, 2026 13:52
- Reorder inputs: common fields first (ref, custom_tag, java_version,
  deploy_dev_image), advanced fields last (version, artifact_suffix,
  allow_release_override)
- Clarify custom_tag description: explicitly maps to legacy "Custom
  Docker Image Tag" and explains it adds an alias, not a base tag change
- Clarify artifact_suffix description: makes clear it renames the base
  tag namespace (unrelated to custom_tag)
- Add section comments to separate common from advanced inputs
- Remove latest input: manual builds are feature/hotfix builds and
  should never overwrite the official latest tag; use cicd_6 for that
- Add header note explaining why latest is intentionally absent

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ptions

Input descriptions are shown in the GitHub Actions UI and will outlive
the legacy workflow. Replace "legacy workflow" references with
self-contained explanations so descriptions stay accurate after the
legacy workflow is removed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@spbolton
Copy link
Contributor Author

QA Steps

These steps are for anyone currently using the Build/Push dotCMS docker image workflow to build feature branches — in particular if you have been building issue-33882-primeng-update with a custom tag of modernization.


Background — what changed

The old workflow used the "Use workflow from" dropdown to do two things at once: select the version of the workflow code itself, and select the branch to build. Most of the time this was fine because they were the same thing.

The new -8 Manual Deploy workflow keeps these separate. There is now a dedicated "Branch, tag, or commit SHA to build" field for the branch you actually want to build. If you leave it empty it falls back to whichever branch you selected in the dropdown — so the default behaviour is identical to before.


Testing now (before this PR is merged to main)

Go to Actions → -8 Manual Deploy and set the following:

Field Value
Use workflow from issue-34689-defect-manual-deploy-workflow-cicd8-manual
Branch, tag, or commit SHA to build issue-33882-primeng-update
Custom Docker Image Tag modernization (or leave empty — see below)

Leave all other fields at their defaults.


After this PR is merged to main

The recommended approach — always works regardless of what is in your own branch:

Field Value
Use workflow from main
Branch, tag, or commit SHA to build issue-33882-primeng-update
Custom Docker Image Tag modernization (optional)

Alternatively, if you have merged the latest workflow changes from main into your branch, you can select issue-33882-primeng-update directly from the "Use workflow from" dropdown and leave "Branch, tag, or commit SHA to build" blank — exactly as you did before. If you have not merged those changes, use main in the dropdown and set the build field explicitly, otherwise you will be running an older version of the workflow from your branch.


Automatic tags — you don't always need a Custom Docker Image Tag

Every build automatically creates three tags without you needing to set anything:

  • dotcms/dotcms:manual — always points to the most recent manual build
  • dotcms/dotcms:manual_{sha} — immutable, permanent record of this exact build
  • dotcms/dotcms:manual_issue-33882-primeng-update — rebuilt each time you build that branch

The branch-derived tag means your image is always findable by branch name.

Custom Docker Image Tag is for when you want a short, stable, hand-off-friendly name like modernization that others can reference without knowing your branch name. It adds one extra alias — it does not replace any of the automatic tags.


Done?

Once you have successfully triggered the workflow and confirmed the image is available (e.g. docker pull dotcms/dotcms:modernization or docker pull dotcms/dotcms:manual_issue-33882-primeng-update), please approve this PR.

When empty, falls back to the RELEASE_JAVA_VARIANT_VERSION repository
variable — the same source used by push-triggered builds. This allows
manual dispatch to reproduce the automatic behaviour without having to
look up the current variable value.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Area : CI/CD PR changes GitHub Actions/workflows

Projects

Status: In Progress

Development

Successfully merging this pull request may close these issues.

[DEFECT] Manual deploy workflow (cicd_8-manual-deploy.yml) fails with invalid input parameters

2 participants

Comments