Github Actions CI/CD pipeline (branch -> master -> release tag)

HI there,

I have 3 workflow files:

push.yml (Test & lint when (people create a feature branch):

on:
push:
branches:
-'\*/\*'  
-'\*'  
-'!master' 

master.yml (To deploy to a Staging environment):

on:
push:
branches:
- master# Push events on master branch

and finally I have release.yml (to deploy to production when we create a new tag):

on:
push:
branches:
- releases/*# Push events to branches matching refs/heads/releases/\*

Unfortunately, when I publish a tag, all of the workflows are triggered. What I’m missing here?

Thanks for your help in advance.

3 Likes

I am facing the same issue. It’s quite a show stopper, as we’re not able to migrate our CI/CD workflows from some rival platforms.

9/6/2019: This is no longer relevant - it was a bug that has been fixed, see responses down below.


I’ve had the same issue, it’s a pain in the ass. Github Actions is quite beta still, just wait until you want to get a service container working. Anyway, I’ve found the solution to your current problem. You need to exclude all tags from builds you want triggered on branch(es) only. For example:

name: CI / Automated testing
on:
  push:
    tags:
      - '!refs/tags/*'

…triggers on all branches for my CI.

For my autodeploy-master-to-staging, I use this:

name: Autodeploy
on:
  push:
    branches:
      - master
    tags:
      - '!refs/tags/*'

And finally, for my deploy-a-tagged-and-published-release-to-production, I use

name: Production deploy
on:
  release:
    tags:
      - v*

jobs:
  prod-deploy:
    name: Production deploy
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        if: github.event.action == 'published'
        uses: actions/checkout@master

Most painfully, that little “if” in the final step has to be in EVERY step of the job, because there is no job-level if (yet).

I really like Github Actions, in general I like having the CI/CD nice and close to the code, but it is a far from mature solution at the moment.

6 Likes

This is a bug. It should be fixed this week.

3 Likes

@jeremyepling Thanks! That is great!

Can you please clarify or point out the documentation on how to trigger the build when (and only when) a tag is published ?

3 Likes

The fix is deployed. Now tags will only apply to pushed refs that match that tag. 

https://help.github.com/en/articles/workflow-syntax-for-github-actions#onpushpull_requesttagsbranches is the right syntax. A documentation update with more details will go out today or tomorrow.

Here’s the updated line. “Defining only one of tags: or branches: will mean the workflow skips events affecting the other type of ref.”

3 Likes

They recently added events filter for webhook events so that you can have this instead:

on:
  release:
      types: [published]

You can check the documentation here. That way, you don’t need to litter your workflow with if statements since they don’t have job-level if.

There’s also a setting for jobs to fail fast. If one job fails, it fails everything and doesn’t need the rest of jobs to finish here’s a link of their documentation.

5 Likes

It has been deployed indeed :slight_smile: my old solution is no longer required. To build for all branches and not for tags, I now use:

name: CI / Automated testing
on:
  push:
    branches:

jobs:
  ...
1 Like

Thanks for that, I’m adapting to it now. I have to say, things are improving rapidly :slight_smile: