Skip to content

Push fix without deploy#885

Closed
AchoArnold wants to merge 1 commit into
mainfrom
security/hacking-pipeline
Closed

Push fix without deploy#885
AchoArnold wants to merge 1 commit into
mainfrom
security/hacking-pipeline

Conversation

@AchoArnold
Copy link
Copy Markdown
Member

@AchoArnold AchoArnold commented May 14, 2026

No description provided.

@codacy-production
Copy link
Copy Markdown

codacy-production Bot commented May 14, 2026

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented May 14, 2026
edited
Loading

Greptile Summary

This PR removes the if condition that previously restricted the deploy job to only run on direct pushes to main. Without the guard, the deploy job will now fire on every pull request that targets main as well.

  • The deleted line if: github.event_name == 'push' && github.ref == 'refs/heads/main' was the only thing preventing PR events from triggering production deployments; its removal means any PR opened against main will attempt a Cloud Build deploy after tests pass.
  • If the goal is a one-off forced deployment, a safer approach would be adding a workflow_dispatch trigger and running the workflow manually, rather than removing a permanent guard that protects production from unreviewed code.

Confidence Score: 3/5

Merging this as-is will cause every future PR targeting main to trigger a production deployment, which is almost certainly not the intended long-term behaviour.

The single changed line removes the only guard that prevents production deployments from running on unreviewed pull requests. The PR title suggests this was a temporary workaround to force a one-time deploy, but the file will live on main and affect all future PRs until reverted.

.github/workflows/api.yml — the removed if condition needs to be reinstated or replaced with a workflow_dispatch trigger.

Important Files Changed

Filename Overview
.github/workflows/api.yml Removed the deploy job's branch guard, causing production deployments to trigger on every PR targeting main, not just pushes to main.

Comments Outside Diff (1)

  1. .github/workflows/api.yml, line 77-81 (link)

    P1 Deploy runs on every PR targeting main

    Removing the if: github.event_name == 'push' && github.ref == 'refs/heads/main' guard means the deploy job will now trigger whenever a pull request is opened or updated against main. Since the workflow fires on both push and pull_request events, any contributor PR will pass tests and then immediately deploy to production using github.sha (the ephemeral merge-commit SHA, not a validated main-branch commit) before the PR is even reviewed or merged.

Reviews (1): Last reviewed commit: "Push fix without deploy" | Re-trigger Greptile

@AchoArnold AchoArnold closed this May 14, 2026
@AchoArnold AchoArnold deleted the security/hacking-pipeline branch May 14, 2026 07:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AchoArnold