From 2eadd6d310044889ef233ce21fa9c052a790fdc7 Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Thu, 4 Dec 2025 11:16:30 +0800 Subject: [PATCH] ci(pipeline): split CI and CD stages; remove env from CI jobs CI jobs no longer carry environment vars and depend only on branches. Deploy remains environment-aware and runs only on workflow_dispatch. --- .github/workflows/pipeline.yml | 43 +++++++++++++++++----------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 4040e99..4641300 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -20,11 +20,12 @@ permissions: jobs: + # ------------------------------------------------------------- + # CI STAGE 1 — Code Quality (environment-independent) + # ------------------------------------------------------------- code-quality: - name: "Code quality • ${{ matrix.service }} @ ${{ matrix.platform }} (${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'dev' }})" + name: "Code quality • ${{ matrix.service }} @ ${{ matrix.platform }}" runs-on: ubuntu-latest - env: - ENVIRONMENT: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'dev' }} strategy: fail-fast: false matrix: @@ -35,14 +36,14 @@ jobs: with: service: ${{ matrix.service }} platform: ${{ matrix.platform }} - environment: ${{ env.ENVIRONMENT }} + # ------------------------------------------------------------- + # CI STAGE 2 — Build + # ------------------------------------------------------------- build: - name: "Build • ${{ matrix.service }} @ ${{ matrix.platform }} (${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'dev' }})" + name: "Build • ${{ matrix.service }} @ ${{ matrix.platform }}" runs-on: ubuntu-latest needs: code-quality - env: - ENVIRONMENT: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'dev' }} strategy: fail-fast: false matrix: @@ -53,14 +54,14 @@ jobs: with: service: ${{ matrix.service }} platform: ${{ matrix.platform }} - environment: ${{ env.ENVIRONMENT }} + # ------------------------------------------------------------- + # CI STAGE 3 — Test + # ------------------------------------------------------------- test: - name: "Test • ${{ matrix.service }} @ ${{ matrix.platform }} (${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'dev' }})" + name: "Test • ${{ matrix.service }} @ ${{ matrix.platform }}" runs-on: ubuntu-latest needs: build - env: - ENVIRONMENT: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'dev' }} strategy: fail-fast: false matrix: @@ -71,14 +72,14 @@ jobs: with: service: ${{ matrix.service }} platform: ${{ matrix.platform }} - environment: ${{ env.ENVIRONMENT }} + # ------------------------------------------------------------- + # CI STAGE 4 — Security + # ------------------------------------------------------------- security: - name: "Security • ${{ matrix.service }} @ ${{ matrix.platform }} (${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'dev' }})" + name: "Security • ${{ matrix.service }} @ ${{ matrix.platform }}" runs-on: ubuntu-latest needs: test - env: - ENVIRONMENT: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'dev' }} strategy: fail-fast: false matrix: @@ -89,17 +90,17 @@ jobs: with: service: ${{ matrix.service }} platform: ${{ matrix.platform }} - environment: ${{ env.ENVIRONMENT }} + # ------------------------------------------------------------- + # CD — Deploy (only with workflow_dispatch) + # ------------------------------------------------------------- deploy: - name: "Deploy • ${{ matrix.service }} (${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'dev' }})" + name: "Deploy • ${{ matrix.service }} (${{ github.event.inputs.environment }})" runs-on: ubuntu-latest needs: security + if: github.event_name == 'workflow_dispatch' env: - ENVIRONMENT: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'dev' }} - if: > - github.event_name == 'workflow_dispatch' && - github.event.inputs.environment == 'prod' + ENVIRONMENT: ${{ github.event.inputs.environment }} strategy: fail-fast: false matrix: