feat(release): add SubPlat tag schema and release workflow#20647
Open
david1alvarez wants to merge 1 commit into
Open
feat(release): add SubPlat tag schema and release workflow#20647david1alvarez wants to merge 1 commit into
david1alvarez wants to merge 1 commit into
Conversation
Because:
- SubPlat-owned services (payments-next, payments-api) need to
deploy on an independent cadence from FxA without dragging the
rest of the monorepo's pods along on every release.
- PAY-3701 introduces the fxa-repo half of that split: a parallel
subplat-v1.TRAIN.PATCH tag convention and CI routing so SubPlat
tags only run payments tests. The MozCloud/ArgoCD half (which
pods actually roll for each tag) lands in PAY-3702.
This commit:
- Adds .github/workflows/tag-release-subplat.yml, a manual
workflow_dispatch that resolves the latest v1.TRAIN.0 tag,
fails fast if subplat-v1.TRAIN.0 or subplat-train-TRAIN already
exists on origin, and otherwise creates the SubPlat train
branch and tag at the same commit.
- Expands the docker.yml tag-validation regex to accept an
optional `subplat-` prefix so the same image-build pipeline can
build either tag scheme.
- Adds _scripts/trigger-docker-push-subplat.sh and
_scripts/trigger-dot-release-subplat.sh, mirroring their FxA
siblings but strict on the subplat-v1.TRAIN.PATCH format and
rooted on the subplat-train-TRAIN branch.
- Wires both scripts up via new trigger:docker-push-subplat and
trigger:dot-release-subplat yarn aliases in root package.json.
- Tightens the FxA test-job tag filters in .circleci/config.yml
from `/.*/` to `/^v\d+\.\d+\.\d+(-rc\d+)?$/` so v1.* tags only
trigger FxA test jobs, and adds a playwright-payments-tests
invocation filtered to `/^subplat-v\d+\.\d+\.\d+(-rc\d+)?$/`
for SubPlat tags. Init / Build / Lint stay on `/.*/` and run
for both schemes.
Closes #PAY-3701
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a SubPlat-specific tag/branch convention (subplat-v* / subplat-train-*) and routes CI appropriately so SubPlat-owned services can ship on an independent cadence without triggering the full FxA tag-test fanout.
Changes:
- Added a manual GitHub Actions workflow to create
subplat-train-<TRAIN>andsubplat-v1.<TRAIN>.0from the latest FxA train tag after preflight checks. - Updated the GitHub Actions Docker workflow and CircleCI tag filters so SubPlat tags trigger only payments Playwright tests, while FxA tags continue to trigger FxA test jobs.
- Added SubPlat-specific helper scripts and wired them into
package.jsonfor triggering docker builds and dot-releases.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
package.json |
Adds yarn aliases for SubPlat docker push and dot-release scripts. |
.github/workflows/tag-release-subplat.yml |
New workflow to create SubPlat train branch + .0 tag from latest FxA train tag. |
.github/workflows/docker.yml |
Expands tag validation to accept optional subplat- prefix. |
.circleci/config.yml |
Tightens FxA tag filters and adds a SubPlat-tag-only invocation for payments Playwright tests. |
_scripts/trigger-dot-release-subplat.sh |
New SubPlat dot-release tagging script with train-branch enforcement and remote/local tag existence checks. |
_scripts/trigger-docker-push-subplat.sh |
New SubPlat docker build trigger script via gh workflow run. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Resolve latest FxA train tag | ||
| run: | | ||
| set -euo pipefail | ||
| latest_fxa_tag=$(git tag -l 'v1.*.0' --sort=version:refname | grep -v '-' | tail -1) |
| ignore: /.*/ | ||
| tags: | ||
| only: /.*/ | ||
| only: /^v\d+\.\d+\.\d+(-rc\d+)?$/ |
| ignore: /.*/ | ||
| tags: | ||
| only: /.*/ | ||
| only: /^v\d+\.\d+\.\d+(-rc\d+)?$/ |
| ignore: /.*/ | ||
| tags: | ||
| only: /.*/ | ||
| only: /^v\d+\.\d+\.\d+(-rc\d+)?$/ |
| ignore: /.*/ | ||
| tags: | ||
| only: /.*/ | ||
| only: /^v\d+\.\d+\.\d+(-rc\d+)?$/ |
| ignore: /.*/ | ||
| tags: | ||
| only: /.*/ | ||
| only: /^v\d+\.\d+\.\d+(-rc\d+)?$/ |
| ignore: /.*/ | ||
| tags: | ||
| only: /.*/ | ||
| only: /^v\d+\.\d+\.\d+(-rc\d+)?$/ |
| ignore: /.*/ | ||
| tags: | ||
| only: /.*/ | ||
| only: /^v\d+\.\d+\.\d+(-rc\d+)?$/ |
| branches: | ||
| ignore: /.*/ | ||
| tags: | ||
| only: /^subplat-v\d+\.\d+\.\d+(-rc\d+)?$/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Because
payments-next,payments-api) need to deploy on an independent cadence from FxA so the two teams can ship without dragging the rest of the monorepo's pods along on every release. The parent epic (PAY-3556) describes the goal of alternating-week deploys so QA can focus on one service area at a time.This pull request
.github/workflows/tag-release-subplat.yml, a manualworkflow_dispatchworkflow that resolves the latestv1.TRAIN.0tag, runs two pre-flight existence checks (refusing ifsubplat-v1.TRAIN.0orsubplat-train-TRAINalready exists on origin with a clear error message), and otherwise creates thesubplat-train-TRAINbranch andsubplat-v1.TRAIN.0tag at the same commit as the latest FxA train..github/workflows/docker.ymlto accept an optionalsubplat-prefix, so the same Docker image-build pipeline serves either tag scheme (one mono image, two tag strings)._scripts/trigger-docker-push-subplat.shand_scripts/trigger-dot-release-subplat.sh, mirroring their FxA siblings but strict onsubplat-v1.X.Y[-rcN]format. The dot-release script enforces that the user is onsubplat-train-TRAINand refuses to tag ifsubplat-v1.X.Yalready exists locally or on the remote.package.jsonastrigger:docker-push-subplatandtrigger:dot-release-subplatyarn aliases..circleci/config.ymlfrom/.*/to/^v\d+\.\d+\.\d+(-rc\d+)?$/, sov1.*tags only fan out to FxA test jobs.Init,Build, andLintstay on/.*/and run for both tag schemes.playwright-payments-testsinvocation to thetest_and_deploy_tagworkflow with tag filter/^subplat-v\d+\.\d+\.\d+(-rc\d+)?$/, so SubPlat tags run only payments functional tests. The job definition itself was already parameterized; this is just a new invocation.Issue that this pull request solves
Closes: PAY-3701
Checklist
Put an
xin the boxes that applyHow to review (Optional)
.github/workflows/tag-release-subplat.yml— pre-flight existence checks for the SubPlat tag and branch.circleci/config.yml— the seventags: only:filter changes and the newplaywright-payments-testsjob.github/workflows/docker.yml— single-line regex change.github/workflows/tag-release-subplat.yml(the new workflow, biggest net-new file).circleci/config.yml(filter tightening + new job invocation).github/workflows/docker.yml(regex)_scripts/trigger-{docker-push,dot-release}-subplat.sh(parallel to existing FxA scripts)package.json(two new yarn aliases)/.*/to/^v\d+\.\d+\.\d+(-rc\d+)?$/means any ad-hoc tag that doesn't match either the FxA or SubPlat pattern (e.g. a manually-pushedstaging-1) will no longer trigger CircleCI test jobs. No such ad-hoc tags appear to be in active use, but worth a sanity check with SREs.Screenshots (Optional)
Please attach the screenshots of the changes made in case of change in user interface.
Other information (Optional)
This PR alone does not change deploy behavior — it only adds the SubPlat tag convention and routes the right CircleCI jobs. The actual pod-rolling split (teaching ArgoCD that
subplat-*tags should only updatepayments-next/payments-apipods) lives in PAY-3702 (global-platform-admin+webservices-infrachanges), which is blocked on this work landing.