tree: 5b60afca34bd071242b728a22d3fcb42d4f4ee05
  1. _reusable-build.yml
  2. deploy-staging.yml
  3. pr-validation.yml
  4. promote-staging-to-production.yml
  5. README.md
.github/workflows/README.md

GitHub Actions Architecture Documentation

This document describes the CI/CD architecture for the Apache Teaclave website.

πŸ“ Workflow Files

.github/workflows/
β”œβ”€β”€ _reusable-build.yml              # [Reusable] Shared build logic for Docker + website
β”œβ”€β”€ pr-validation.yml                # PR validation workflow (read-only)
β”œβ”€β”€ deploy-staging.yml               # Deploys build to asf-staging branch
β”œβ”€β”€ promote-staging-to-production.yml  # [Manual] Replaces asf-site with asf-staging
└── README.md                        # This file

Naming Convention

  • pr-*.yml - PR validation workflows (read-only permissions)
  • deploy-*.yml - Deployment workflows (write permissions)
  • promote-*.yml - Manual promotion workflows (e.g. staging β†’ production)
  • _reusable-*.yml - Reusable workflows (called by others, underscore prefix)

🌐 Website Update Flow

  1. PR merged (or push to master) β†’ Deploy Staging runs β†’ build is deployed to the asf-staging branch. Staging site is updated.
  2. Verify β†’ Visit the staging website and confirm everything looks correct.
  3. Promote to production β†’ Go to Actions β†’ “Promote Staging to Production” β†’ Run workflow. This replaces the asf-site branch with the content of asf-staging, updating the final live website.
StepWhat happens
Merge / push to masterdeploy-staging.yml β†’ asf-staging updated
Manual checkYou verify the staging site
Manual triggerpromote-staging-to-production.yml β†’ asf-site = asf-staging

πŸ—οΈ Architecture Overview

Design Principles

  1. DRY (Don't Repeat Yourself): Shared build logic via reusable workflow
  2. Separation of Concerns: Separate workflows for validation vs deployment
  3. Least Privilege: Minimal permissions per workflow
  4. Security First: No credentials on disk, token in memory only
  5. Developer Experience: Clear feedback, fast builds, easy debugging

Architecture Diagram

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                     GitHub Repository Events                             β”‚
β”‚                                                                          β”‚
β”‚  Pull Request          Push to master        Manual Trigger               β”‚
β”‚       β”‚                       β”‚                     β”‚                     β”‚
β”‚       β–Ό                       β–Ό                     β–Ό                     β”‚
β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”       β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”      β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”    β”‚
β”‚  β”‚pr-validationβ”‚       β”‚deploy-       β”‚      β”‚promote-staging-to-   β”‚    β”‚
β”‚  β”‚.yml         β”‚       β”‚staging.yml   β”‚      β”‚production.yml        β”‚    β”‚
β”‚  β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜       β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜      β”‚ (manual only)        β”‚    β”‚
β”‚       β”‚                       β”‚              β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜    β”‚
β”‚       β”‚                       β”‚                        β”‚                  β”‚
β”‚       β–Ό                       β–Ό                        β”‚                  β”‚
β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”           β”‚                  β”‚
β”‚  β”‚     _reusable-build.yml (Shared Logic)  β”‚           β”‚                  β”‚
β”‚  β”‚  build-docker-image β†’ build-website     β”‚           β”‚                  β”‚
β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜           β”‚                  β”‚
β”‚                        β”‚                               β”‚                  β”‚
β”‚       β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”              β”‚                  β”‚
β”‚       β–Ό                                 β–Ό              β–Ό                  β”‚
β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”                    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”         β”‚
β”‚  β”‚ validateβ”‚                    β”‚deploy-stagingβ”‚  β”‚ promote      β”‚         β”‚
β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                    β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜  β”‚ (asf-stagingβ”‚         β”‚
β”‚       β”‚                                 β”‚         β”‚  β†’ asf-site)β”‚         β”‚
β”‚       β”‚                                 β–Ό         β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜         β”‚
β”‚       β”‚                            asf-staging           β”‚                 β”‚
β”‚       β”‚                            (staging site)        β–Ό                 β”‚
β”‚       β”‚                                 β”‚           asf-site               β”‚
β”‚       β”‚                                 β”‚           (live site)           β”‚
β”‚       β”‚                                 β”‚                                  β”‚
β”‚       β–Ό                                 └──► Verify staging, then run       β”‚
β”‚  Result: βœ“ PR Check                      "Promote Staging to Production"   β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜