feat(ci): implement deployment workflow for tagged versions

[cleot]

User description

• Automatic Preview Deploys: Automatically deploys to the preview branch of both projects when a new version tag is pushed.
• Manual Production Deploys: Allows for manual promotion to the production branch of a chosen environment via workflow_dispatch.
• Multi-Environment Support: Uses a strategy: matrix to build the application with different environment variables for multiple targets
• Tag Validation: Includes a validation step to ensure manual deployments are only run from a git tag, preventing accidental deploys from branches.

---

PR Type

Enhancement

---

Description

• Add GitHub Actions workflow for tagged version deployments
• Support automatic preview deploys on tag push
• Enable manual production deploys via workflow dispatch
• Configure multi-environment matrix for wildcat-docker projects

---

Changes walkthrough 📝

Relevant files

Enhancement

deploy-wildcat-docker.yml New deployment workflow for tagged releases                            .github/workflows/deploy-wildcat-docker.yml • Creates new GitHub Actions workflow for Cloudflare Pages deployment • Implements automatic preview deployment on version tag push • Adds manual production deployment with environment selection • Configures matrix strategy for wildcat-docker and wildcat-dev-docker environments +103/-0

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

[qodo-code-review]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Matrix Logic The matrix strategy runs all environments on tag push but only the selected environment on manual dispatch. This could lead to unnecessary deployments and resource usage when tags are pushed, as both environments will be deployed to preview simultaneously. strategy: matrix: include: - environment: 'wildcat-dev-docker' project_name: ${{ secrets.CLOUDFLARE_PROJECT_DEV_DOCKER }} vite_api_base_url: ${{ vars.VITE_API_BASE_URL_DEV_DOCKER }} vite_keycloak_url: ${{ vars.VITE_KEYCLOAK_URL_DEV_DOCKER }} vite_keycloak_realm: 'dev' vite_keycloak_client_id: 'bff-dashboard' - environment: 'wildcat-docker' project_name: ${{ secrets.CLOUDFLARE_PROJECT_DOCKER }} vite_api_base_url: ${{ vars.VITE_API_BASE_URL_DOCKER }} vite_keycloak_url: ${{ vars.VITE_KEYCLOAK_URL_DOCKER }} vite_keycloak_realm: 'dev' vite_keycloak_client_id: 'bff-dashboard' # only run job for the selected environment on manual dispatch or on push to a tag if: | github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == matrix.environment) Hardcoded Values Several configuration values are hardcoded in the matrix (keycloak realm 'dev', client_id 'bff-dashboard', branch 'master') which reduces flexibility and may cause issues if these values need to change per environment or over time. include: - environment: 'wildcat-dev-docker' project_name: ${{ secrets.CLOUDFLARE_PROJECT_DEV_DOCKER }} vite_api_base_url: ${{ vars.VITE_API_BASE_URL_DEV_DOCKER }} vite_keycloak_url: ${{ vars.VITE_KEYCLOAK_URL_DEV_DOCKER }} vite_keycloak_realm: 'dev' vite_keycloak_client_id: 'bff-dashboard' - environment: 'wildcat-docker' project_name: ${{ secrets.CLOUDFLARE_PROJECT_DOCKER }} vite_api_base_url: ${{ vars.VITE_API_BASE_URL_DOCKER }} vite_keycloak_url: ${{ vars.VITE_KEYCLOAK_URL_DOCKER }} vite_keycloak_realm: 'dev' vite_keycloak_client_id: 'bff-dashboard' Error Handling The workflow lacks proper error handling and rollback mechanisms. If deployment fails, there's no cleanup or notification strategy, and the tag validation only covers manual dispatch but not other potential edge cases. - name: Deploy ${{ matrix.environment }} to Cloudflare Pages (PREVIEW) id: deploy_preview if: github.event_name == 'push' uses: cloudflare/wrangler-action@v3 with: apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} command: pages deploy dist --project-name=${{ matrix.project_name }} --branch=preview - name: Deploy ${{ matrix.environment }} to Cloudflare Pages (PRODUCTION) id: deploy_production if: github.event_name == 'workflow_dispatch' uses: cloudflare/wrangler-action@v3 with: apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} # Target the production branch ('main' or 'master') for manual deployments command: pages deploy dist --project-name=${{ matrix.project_name }} --branch=master

[Copilot]

Pull Request Overview

This PR implements a deployment workflow that automatically deploys to a preview environment on tag pushes and enables manual production deployments through workflow_dispatch. Key changes include:

• Automatic Preview Deploys on tag pushes.
• Manual Production Deploys for multiple environments using workflow_dispatch.
• Tag validation to prevent accidental deployments from branches.

Comments suppressed due to low confidence (2)

.github/workflows/deploy-wildcat-docker.yml:62

• Ensure that 'github.ref_type' is reliably available in workflow_dispatch events. If this property is not consistently provided in manual dispatch contexts, consider revising the tag validation logic to verify that deployments are only triggered from tags.

          if [[ "${{ github.ref_type }}" != 'tag' ]]; then

.github/workflows/deploy-wildcat-docker.yml:103

• Verify that the production branch is correctly configured. If your repository uses 'main' instead of 'master', update the command accordingly.

          command: pages deploy dist --project-name=${{ matrix.project_name }} --branch=master

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Optimize matrix job execution filtering The matrix strategy will run all environments for push events, but the condition only filters after job creation. This creates unnecessary job executions and resource waste. Consider restructuring to avoid running unwanted matrix combinations entirely. .github/workflows/deploy-wildcat-docker.yml [46-49] # only run job for the selected environment on manual dispatch or on push to a tag if: | - github.event_name == 'push' || + (github.event_name == 'push' && matrix.environment == 'wildcat-dev-docker') || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == matrix.environment) Apply / Chat Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies that the original if condition would trigger jobs for both matrix environments on a push event. The proposed change restricts the push trigger to the wildcat-dev-docker environment, which aligns with the likely intent of deploying tags to a preview/dev environment and prevents a redundant job run.	Medium
Possible issue	Improve tag validation reliability The validation logic assumes github.ref_type will be 'tag' when running from a tag, but this may not be reliable in all GitHub Actions contexts. Use a more robust tag validation by checking if the ref starts with 'refs/tags/'. .github/workflows/deploy-wildcat-docker.yml [59-67] - name: Validate Tag on Manual Dispatch if: github.event_name == 'workflow_dispatch' run: | - if [[ "${{ github.ref_type }}" != 'tag' ]]; then + if [[ "${{ github.ref }}" != refs/tags/* ]]; then echo "::error::Manual deployments must be triggered from a tag." echo "::error::Please select a tag from the 'Use workflow from' dropdown, not a branch." exit 1 fi echo "✅ Validation successful: Running from tag '${{ github.ref_name }}'." Apply / Chat Suggestion importance[1-10]: 3 __ Why: The existing code using github.ref_type is correct according to GitHub Actions documentation. The suggested change to check github.ref against refs/tags/* is also correct but offers no significant reliability improvement over the existing method. It is more of a stylistic preference than a necessary correction.	Low
More

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!