till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 20:21:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

chore(ci): add staging config protection and validation

Browse source 
- Add staging-config-check.yml workflow to validate HTTPS URLs on PRs
- Add CODEOWNERS to require team lead review for critical config files
- Update GIT_WORKFLOW.md with config file protection guidelines

Prevents accidental reversion of staging URLs (HTTP vs HTTPS) during rebases.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Wuesteon 2025-12-10 13:48:45 +01:00
parent dd0199c083
commit 422fcd6b34
3 changed files with 193 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

52
docs/GIT_WORKFLOW.md
View file

@ -224,6 +224,58 @@ git checkout till-dev
git reset --hard origin/dev
```
## Critical Configuration Files
### Protected Files (CODEOWNERS)
The following files are protected via `.github/CODEOWNERS` and require team lead review:
| File | Reason |
|------|--------|
| `docker-compose.staging.yml` | Staging deployment config |
| `docker-compose.production.yml` | Production deployment config |
| `docker/caddy/Caddyfile.*` | Reverse proxy configuration |
| `.github/workflows/cd-*.yml` | Deployment pipelines |
### Configuration Conflict Prevention
**Problem:** When rebasing a long-lived branch, configuration files can accidentally overwrite critical settings (e.g., HTTPS URLs reverted to HTTP).
**Solution:** Always review configuration files carefully during rebase conflicts:
```bash
# During rebase, if docker-compose.staging.yml has conflicts:
git diff HEAD -- docker-compose.staging.yml # See what changed
# Key things to verify:
# 1. _CLIENT URLs use HTTPS staging domains (not HTTP IP addresses)
# 2. CORS_ORIGINS include all HTTPS staging domains
# 3. Environment variables haven't regressed
```
### Staging URL Rules
**NEVER** use HTTP IP addresses for `_CLIENT` variables:
```yaml
# WRONG - HTTP IP address
PUBLIC_MANA_CORE_AUTH_URL_CLIENT: http://46.224.108.214:3001
# CORRECT - HTTPS staging domain
PUBLIC_MANA_CORE_AUTH_URL_CLIENT: https://auth.staging.manacore.ai
```
**CI Check:** The `staging-config-check.yml` workflow validates this on every PR that touches `docker-compose.staging.yml`.
### Rebase Checklist for Config Files
Before completing a rebase that touched configuration files:
- [ ] `_CLIENT` URLs use `https://*.staging.manacore.ai` format
- [ ] `CORS_ORIGINS` include all HTTPS staging domains
- [ ] No HTTP IP addresses in client-facing URLs
- [ ] Caddy config matches docker-compose port mappings
## Troubleshooting
### "fatal: no rebase in progress"