Skip to content

Don't use deployments when they aren't needed #10725

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
kewisch wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Don't use deployments when they aren't needed #10725

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion .github/workflows/issue-needinfo-answered.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@ jobs:
if: |
contains(github.event.issue.labels.*.name, 'status: needs information') &&
contains(github.event.issue.labels.*.name, 'status: answered')
environment: botmobile
environment:
name: botmobile
deployment: false
permissions:
issues: write
pull-requests: write
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/issue-needinfo-remove.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,9 @@ jobs:
github.event.comment.author_association != 'OWNER' &&
github.event.comment.author_association != 'MEMBER' &&
github.event.comment.author_association != 'COLLABORATOR'
environment: botmobile
environment:
name: botmobile
deployment: false
permissions:
issues: write
pull-requests: write
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/issue-needinfo-stale.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,9 @@ jobs:
issue-needinfo-stale:
name: Close stale needinfo issues
runs-on: ubuntu-latest
environment: botmobile
environment:
name: botmobile
deployment: false
permissions:
issues: write
pull-requests: write
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/pr-auto-assign-reviewer.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@ jobs:
permissions:
pull-requests: write
runs-on: ubuntu-latest
environment: botmobile
environment:
name: botmobile
deployment: false
steps:
- name: App token generate
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/pr-dependabot-dependency-guard-update.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,9 @@ jobs:
pr-update-dependency-guard:
if: github.actor == 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == 'thunderbird/thunderbird-android'
runs-on: ubuntu-latest
environment: botmobile
environment:
name: botmobile
deployment: false
timeout-minutes: 90
steps:
- name: App Token Generate
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/pr-label-tb-team.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@ jobs:
permissions:
pull-requests: write
runs-on: ubuntu-latest
environment: review
environment:
name: review
deployment: false
steps:
- name: App token generate
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/pr-merged.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@ jobs:
pr-merged:
if: github.event.pull_request.merged
runs-on: ubuntu-latest
environment: botmobile
environment:
name: botmobile
deployment: false
steps:
- name: App token generate
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/pr-opened.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@ jobs:
permissions:
pull-requests: write
runs-on: ubuntu-latest
environment: botmobile
environment:
name: botmobile
deployment: false
steps:
- name: App token generate
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
Expand Down
24 changes: 18 additions & 6 deletions .github/workflows/shippable_builds.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,9 @@ jobs:
name: Show Release Environment
runs-on: ubuntu-latest
needs: get_environment
environment: ${{ needs.get_environment.outputs.releaseEnv }}
environment:
name: ${{ needs.get_environment.outputs.releaseEnv }}
deployment: false
outputs:
matrixInclude: ${{ steps.dump.outputs.matrixInclude }}
releaseDate: ${{ steps.dump.outputs.releaseDate }}
Expand Down Expand Up @@ -157,7 +159,9 @@ jobs:
runs-on: ubuntu-latest
needs: [ dump_config ]
if: ${{ needs.dump_config.outputs.releaseType == 'beta' || needs.dump_config.outputs.releaseType == 'release' }}
environment: notify_matrix
environment:
name: notify_matrix
deployment: false
outputs:
actorLink: ${{ steps.actorLink.outputs.actorLink }}
steps:
Expand Down Expand Up @@ -192,7 +196,9 @@ jobs:
name: Release Bumps
runs-on: ubuntu-latest
needs: [ dump_config, get_environment ]
environment: ${{ needs.get_environment.outputs.releaseEnv }}
environment:
name: ${{ needs.get_environment.outputs.releaseEnv }}
deployment: false
strategy:
max-parallel: 1
matrix:
Expand Down Expand Up @@ -605,7 +611,9 @@ jobs:
needs: [ dump_config, sign_mobile, notify_build_start ]
if: "${{ contains(fromJSON('[\"beta\", \"release\"]'), needs.dump_config.outputs.releaseType) }}"
runs-on: ubuntu-latest
environment: notify_matrix
environment:
name: notify_matrix
deployment: false
steps:
- uses: kewisch/action-matrix-notify@3c45d89acd032c84b955b54c8a9001833ac91d17 # v1
with:
Expand All @@ -623,7 +631,9 @@ jobs:
name: Wait for Approval
needs: [ dump_config, sign_mobile ]
if: "${{ contains(fromJSON('[\"beta\", \"release\"]'), needs.dump_config.outputs.releaseType) }}"
environment: publish_hold
environment:
name: publish_hold
deployment: false
Copy link
Copy Markdown
Collaborator

@coreycb coreycb Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this might need to be true since it has a deployment protection rule.

Copy link
Copy Markdown
Member Author

@kewisch kewisch Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the docs at https://docs.github.com/en/actions/how-tos/deploy/configure-and-manage-deployments/control-deployments#using-environments-without-deployments

When deployment is set to false:
Required reviewers still apply—reviewers must still approve before the job runs.

Copy link
Copy Markdown
Collaborator

@coreycb coreycb Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the link. This will work as-is then. I guess the next question is do we want to have an audit record of deployments for publish hold or not. I think we might want to retain them for security purposes.

runs-on: ubuntu-latest
steps:
- name: Approval
Expand Down Expand Up @@ -999,7 +1009,9 @@ jobs:
if: ${{ always() }}
needs: [ dump_config, release_commit, build_unsigned, sign_mobile, publish_release, notify_build_start ]
runs-on: ubuntu-latest
environment: notify_matrix
environment:
name: notify_matrix
deployment: false
steps:
- name: Get previous workflow status
uses: Mercymeilya/last-workflow-status@3418710aefe8556d73b6f173a0564d38bcfd9a43
Expand Down
Loading