ci: adapt deployment workflow

[cleot]

User description

Overview

• Adapted deployment workflow for dev branch
• Changed ENV vars
• Configured GitHub Environments

Environments

• dev
• staging
• production

Workflow Design

dev

• on push to branch dev, automatic deployment with Cloudflare Github Integration, automatic PR previews
• manually on dispatch (from dev branch)

staging

• (preview: on push to master)
• on push of tag
• manually on dispatch of selected tag

production

• (preview: on push of tag)
• manually on dispatch of selected tag

---

PR Type

Enhancement

---

Description

• Restructured deployment workflow for three environments (dev, staging, production)

• Added GitHub environment configurations with concurrency controls

• Simplified environment variables using centralized configuration

• Enhanced deployment triggers with branch-specific validations

---

Changes diagram

flowchart LR
  A["dev branch"] --> B["deploy-dev"]
  C["master branch"] --> D["deploy-staging preview"]
  E["tag push"] --> F["deploy-staging prod"]
  E --> G["deploy-production preview"]
  H["manual dispatch"] --> I["environment selection"]
  I --> B
  I --> J["deploy-staging prod"]
  I --> K["deploy-production prod"]

Loading

---

Changes walkthrough 📝

Relevant files

Enhancement

deploy.yml Multi-environment deployment workflow restructure                .github/workflows/deploy.yml Restructured workflow from 2 to 3 environment-specific jobs (dev, staging, production) Added GitHub environment configurations with concurrency controls Simplified environment variables using centralized vars configuration Enhanced deployment triggers with branch-specific validation logic +154/-153

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

[qodo-code-review]

You are nearing your monthly Qodo Merge usage quota. For more information, please visit here.

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Missing Trigger The dev environment job only triggers on manual workflow_dispatch but lacks automatic deployment on push to dev branch as mentioned in the PR description. This contradicts the stated workflow design where dev should deploy automatically on push to dev branch. if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'dev' Branch Validation The staging and production jobs lack branch validation for manual dispatch, unlike the dev job. This could allow deployments from incorrect branches when manually triggered, potentially causing inconsistent deployments. if: | github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'staging') Environment Variables All three environments use identical environment variable configurations from vars context. This means dev, staging, and production will have the same API URLs and configuration, which is likely incorrect for a proper multi-environment setup. env: CLOUDFLARE_PROJECT: ${{ vars.CLOUDFLARE_PROJECT }} NODE_VERSION: ${{ vars.NODE_VERSION }} VITE_API_BASE_URL: ${{ vars.VITE_API_BASE_URL }} VITE_KEYCLOAK_URL: ${{ vars.VITE_KEYCLOAK_URL }} VITE_KEYCLOAK_REALM: ${{ vars.VITE_KEYCLOAK_REALM }} VITE_KEYCLOAK_CLIENT_ID: ${{ vars.VITE_KEYCLOAK_CLIENT_ID }} VITE_API_MOCKING_ENABLED: ${{ vars.VITE_API_MOCKING_ENABLED }}

[Copilot]

Pull Request Overview

This PR adapts the deployment workflow to support different environments (dev, staging, and production) and adjusts environment variables and branch validation accordingly.

• Adapted deployment jobs for dev, staging, and production with specific configuration and validation.
• Modified environment variable usage and deployment command parameters.
• Added concurrency settings for deployment jobs to avoid overlapping runs.

[qodo-code-review]

You are nearing your monthly Qodo Merge usage quota. For more information, please visit here.

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Restrict production push triggers The production job will run on all push events, including branch pushes, which may not be intended. Consider restricting push triggers to only tags for production deployments to prevent accidental deployments from branch commits. .github/workflows/deploy.yml [206-207] -if: github.event_name == 'push' || +if: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'production') [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 7 __ Why: This is a good suggestion that prevents the deploy-production job from running unnecessarily on pushes to master, which saves resources as no deployment steps would execute anyway.	Medium
General	Add staging deployment conditions The staging job will run on all push events regardless of branch or tag, which could lead to unintended deployments. Consider adding specific branch or tag conditions to control when staging deployments occur. .github/workflows/deploy.yml [111-113] -if: github.event_name == 'push' || +if: (github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/'))) || (github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'staging') [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 3 __ Why: The suggestion makes the job's trigger condition more explicit, but it's redundant because the top-level on trigger already limits pushes to the master branch and v* tags, so this change has no functional impact.	Low
More

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!

[cleot]

@stefanbitcr this also needs to be included into the dev branch to be able to manually use the workflow from dev and deploy latest dev branch to the dev environment

[stefanbitcr]

@stefanbitcr this also needs to be included into the dev branch to be able to manually use the workflow from dev and deploy latest dev branch to the dev environment

Will update dev after the merge

[cleot]

@stefanbitcr this also needs to be included into the dev branch to be able to manually use the workflow from dev and deploy latest dev branch to the dev environment

Will update dev after the merge

Thx!