Simplify docs exclusion: use paths-ignore on push trigger

Replace in-job file check with paths-ignore filter. Workflow won't trigger at all for docs-only changes. Co-authored-by: Cursor <cursoragent@cursor.com>
Fix CI checkout: use token auth for git clone
2026-02-19 20:58:48 +00:00 · 2026-02-19 20:56:50 +00:00 · 2026-02-19 20:54:42 +00:00 · 2026-02-19 20:40:22 +00:00 · 2026-02-19 20:35:53 +00:00
3 changed files with 17 additions and 13 deletions
@@ -1,5 +1,5 @@
 # FleetDM Stack - Gitea Actions
-# CI: lint on every push
+# CI: lint on every push (skips docs-only changes)
 # Semantic Release: auto-bump version on push to main/master
 #   - merge from feature/* branch → major bump
 #   - any other commit (fix, chore, etc.) → patch bump
@@ -12,6 +12,14 @@ on:
    branches:
      - main
      - master
+    paths-ignore:
+      - 'docs/**'
+      - 'README.md'
+      - 'STATUS.md'
+      - 'AGENTS.md'
+      - 'TASKS.md'
+      - '.gitignore'
+      - 'djinni-*/**'
  pull_request:
    branches:
      - main
@@ -24,7 +32,7 @@ jobs:
    steps:
      - name: Checkout
        run: |
-          git clone --depth=1 https://git.produktor.io/${{ gitea.repository }}.git .
+          git clone --depth=1 https://${{ gitea.actor }}:${{ gitea.token }}@git.produktor.io/${{ gitea.repository }}.git .
          git checkout ${{ gitea.sha }}

      - name: Install Helm
@@ -48,7 +56,7 @@ jobs:
    steps:
      - name: Checkout (full history for tags)
        run: |
-          git clone https://git.produktor.io/${{ gitea.repository }}.git .
+          git clone https://${{ gitea.actor }}:${{ gitea.token }}@git.produktor.io/${{ gitea.repository }}.git .
          git fetch --tags

      - name: Determine version bump
@@ -60,13 +68,11 @@ jobs:
          fi
          echo "Latest tag: $LATEST_TAG"

-          # Strip 'v' prefix and split
          VER="${LATEST_TAG#v}"
          MAJOR=$(echo "$VER" | cut -d. -f1)
          MINOR=$(echo "$VER" | cut -d. -f2)
          PATCH=$(echo "$VER" | cut -d. -f3)

-          # Check if this commit is a merge from a feature/* branch
          COMMIT_MSG=$(git log -1 --format='%s' ${{ gitea.sha }})
          echo "Commit message: $COMMIT_MSG"

@@ -74,7 +80,6 @@ jobs:
          if echo "$COMMIT_MSG" | grep -qiE "^Merge.*feature/"; then
            IS_FEATURE="true"
          fi
-          # Also check parent branches for merge commits
          if git log -1 --format='%P' ${{ gitea.sha }} | grep -q ' '; then
            MERGE_BRANCH=$(git log -1 --format='%s' ${{ gitea.sha }} | grep -oE "feature/[^ '\"]*" || true)
            if [ -n "$MERGE_BRANCH" ]; then
@@ -130,7 +135,6 @@ jobs:
          API="https://git.produktor.io/api/v1/repos/${{ gitea.repository }}/releases"
          TOKEN="${{ gitea.token }}"

-          # Create release
          RELEASE=$(curl -sf -X POST "$API" \
            -H "Authorization: token $TOKEN" \
            -H "Content-Type: application/json" \
@@ -138,7 +142,6 @@ jobs:
          RELEASE_ID=$(echo "$RELEASE" | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
          echo "Created release ID: $RELEASE_ID"

-          # Upload chart package
          for f in .tmp/*.tgz; do
            FNAME=$(basename "$f")
            curl -sf -X POST "$API/$RELEASE_ID/assets?name=$FNAME" \
@@ -106,6 +106,7 @@ flowchart TD

 Zero-downtime releases without duplicating infrastructure. Both versions run inside the **same GKE cluster**; the load balancer switches traffic atomically.

+
 ```mermaid
 flowchart LR
    LB[Load Balancer]
@@ -113,7 +114,7 @@ flowchart LR
    LB -.->|0% traffic| Blue[Blue — v1.3.0<br/>new release]
    Blue -.->|smoke tests pass| LB
 ```
-
+---
 | Phase | Action |
 |-------|--------|
 | **Deploy** | New version deployed to the idle slot (blue) |
@@ -207,7 +208,7 @@ Not everything in a "best practices" architecture is worth implementing on day o
 ## 7. High-Level Architecture Diagram

 ```mermaid
-flowchart TB
+flowchart TD
    Users((Users))

    Users --> CDN[Cloud CDN<br/>Static Assets]
@@ -230,7 +231,7 @@ flowchart TB

    API --> Mongo
    API --> Secrets
-    GKE --> Registry
+    GKE ----> Registry
 ```

 ---
@@ -67,7 +67,7 @@ flowchart TB

    Git --> Actions
    Actions --> Registry
-    Argo --> GKE
+    Argo ----> GKE
 ```

 ## Blue-Green Deployment Flow
@@ -103,7 +103,7 @@ flowchart LR
 ## Network Security Layers

 ```mermaid
-flowchart TD
+flowchart LR
    Internet((Internet)) --> FW[VPC Firewall<br/>Default deny]
    FW --> LB[Load Balancer<br/>HTTPS only]
    LB --> NP[K8s Network Policies]
Author	SHA1	Message	Date
Andriy Oblivantsev	a44aef5381	Simplify docs exclusion: use paths-ignore on push trigger Helm Chart CI & Release / Lint Helm Chart (push) Successful in 10s Details Helm Chart CI & Release / Semantic Release (push) Successful in 10s Details Replace in-job file check with paths-ignore filter. Workflow won't trigger at all for docs-only changes. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-19 20:58:48 +00:00
Andriy Oblivantsev	4a278b1419	Fix CI checkout: use token auth for git clone Helm Chart CI & Release / Lint Helm Chart (push) Successful in 9s Details Helm Chart CI & Release / Semantic Release (push) Successful in 10s Details Repo requires authentication; use gitea.token in clone URLs. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-19 20:56:50 +00:00
Andriy Oblivantsev	698c977511	Skip release for docs-only changes Helm Chart CI & Release / Lint Helm Chart (push) Successful in 10s Details Helm Chart CI & Release / Semantic Release (push) Successful in 10s Details Semantic release now checks changed files and skips tag/publish when only docs, README, STATUS, AGENTS, or .gitignore are modified. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-19 20:54:42 +00:00
Andriy Oblivantsev	86108f5b75	Minor docs change Helm Chart CI & Release / Lint Helm Chart (push) Successful in 9s Details Helm Chart CI & Release / Semantic Release (push) Successful in 9s Details	2026-02-19 20:40:22 +00:00
Andriy Oblivantsev	fb92b4c000	Minor docs change	2026-02-19 20:35:53 +00:00