deploy: allow backend config changes through auto deploy guard#2580
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8a550292b9
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| /^backend\/database\//, | ||
| /^backend\/config\//, | ||
| /^backend\/content_assets\//, |
There was a problem hiding this comment.
Keep risky config files on the manual deploy path
For a PR that changes only a high-impact config file such as backend/config/database.php, backend/config/queue.php, or backend/config/payments.php and is not manually labeled, removing the backend/config/** matcher means none of the path patterns match, so this guard will set auto_deploy_allowed to true and proceed with production deploy after CI. That bypasses the same manual-review boundary this workflow still enforces for database, queue, payment/secret-adjacent changes elsewhere; consider allowing only known-safe config files like gotenberg.php or adding explicit deny patterns for the risky config files.
Useful? React with 👍 / 👎.
What changed
backend/config/**from the production auto-deploy policy guard risky path list.Why
Recent backend runtime changes that only touch config, such as
backend/config/gotenberg.php, should be eligible for automatic production deploy after CI. The guard still blocks workflow, database, script deploy/release/import, content asset, CMS/search/sitemap/llms/service, env, and secret paths.Validation
php artisan test tests/Sre/DeployStorageAndDatabaseConfigTest.php./vendor/bin/pint --dirtygit diff --checkDeferred
Note
This PR itself modifies
.github/workflows/deploy-production.yml, so it is expected to remain subject to the manual deploy path for this one workflow-policy change.