|
| 1 | +## Contributing and CI guidelines |
| 2 | + |
| 3 | +This document explains how our GitHub Actions are gated and how to trigger heavier CI jobs (cross-platform builds, Docker tests, security scans) intentionally. |
| 4 | + |
| 5 | +### CI design principles |
| 6 | +- Lightweight checks (unit tests, linters) run on `push` / `pull_request` for `main` and `develop` branches. |
| 7 | +- Heavy tasks (cross-platform builds, Docker image builds & push, release packaging) only run on tag pushes (e.g. `v1.9.1`) or when explicitly requested. |
| 8 | + |
| 9 | +This reduces wasted CI minutes and avoids building/publishing artifacts for every code merge. |
| 10 | + |
| 11 | +### How to trigger heavy CI jobs |
| 12 | +There are multiple intentional ways to trigger full/heavy workflows: |
| 13 | + |
| 14 | +- Push a semantic version tag (recommended for releases): |
| 15 | + ```bash |
| 16 | + git tag v1.9.1 |
| 17 | + git push origin v1.9.1 |
| 18 | + ``` |
| 19 | + Tag pushes trigger the `build.yml` / `release.yml` flows which do cross-platform builds and create the Release. |
| 20 | + |
| 21 | +- Use commit message flags for ad-hoc full CI when pushing branches: |
| 22 | + - `[docker-test]` — triggers Docker Test job |
| 23 | + - `[security-scan]` — triggers Security Scan job |
| 24 | + Example: |
| 25 | + ```bash |
| 26 | + git commit -m "feat: add X [docker-test]" |
| 27 | + git push origin feature/xxx |
| 28 | + ``` |
| 29 | + |
| 30 | +- Use PR labels to request full CI for a pull request (team members with label permissions can add labels): |
| 31 | + - `run-full-ci` — triggers Docker Test |
| 32 | + - `run-security` — triggers Security Scan |
| 33 | + |
| 34 | +- Manual dispatch from GitHub Actions UI (`workflow_dispatch`) — allowed for `build.yml` and can be used to run ad-hoc full builds. |
| 35 | + |
| 36 | +### Release flow (recommended) |
| 37 | +1. Finish work on a branch, open PR and get reviews. |
| 38 | +2. Merge to `main` when ready (this runs lightweight CI only). |
| 39 | +3. Create a version tag on the merge commit and push the tag: |
| 40 | + ```bash |
| 41 | + git tag vX.Y.Z |
| 42 | + git push origin vX.Y.Z |
| 43 | + ``` |
| 44 | +4. The tag push will run the release pipeline (build artifacts, create release, push Docker images). |
| 45 | + |
| 46 | +### Generated files and embeds |
| 47 | +- Some files under `uploads/` or other `generated/` directories may be produced by code generation tools. Do not commit generated artifacts unless they are intentionally tracked. |
| 48 | +- If a file uses `//go:embed` to include generated assets, ensure the assets exist in the repository or exclude the embed file from normal builds (recommended: keep generated assets out of VCS and generate them in CI when needed). |
| 49 | + |
| 50 | +Recommended `.gitignore` additions for generated assets (add if appropriate): |
| 51 | +``` |
| 52 | +# generated embed or build artifacts |
| 53 | +uploads/ |
| 54 | +dist/ |
| 55 | +build/ |
| 56 | +``` |
| 57 | + |
| 58 | +### Debugging CI triggers |
| 59 | +- To see why a job ran, open the Actions page, find the workflow run and view the `Event` and `Jobs` details. The `Event` will indicate whether it was a `push`, `pull_request`, `workflow_dispatch`, or `tag` event. |
| 60 | +- If you expected a heavy job but it didn't run, verify: |
| 61 | + - You pushed a tag (tags trigger build/release flows). |
| 62 | + - The commit message includes the required token (e.g., `[docker-test]`). |
| 63 | + - A PR contains the appropriate label (`run-full-ci` or `run-security`). |
| 64 | + |
| 65 | +### Contact / ownership |
| 66 | +- CI workflow files are located under `.github/workflows/`. If you want to change gating logic, please open a PR and tag the maintainers. |
| 67 | + |
| 68 | +--- |
| 69 | +Thank you for contributing — keeping heavy CI runs intentional saves time and cost for the whole team. |
0 commit comments