fix(ci): replace continue-on-error with conditional step execution (#172 )

Remove all continue-on-error usages from CI workflows: - deploy.yml: replace continue-on-error on SSH deploy steps with if: secrets.SSH_PRIVATE_KEY != '' so steps are skipped (not failed) when the secret is absent - windows-nightly.yml: remove continue-on-error from job and steps (job is already disabled via if: false) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
perf: parallelize APK deploy and reduce fetch-depth in deploy.yml (#171 ) (#188 )
2026-05-23 19:03:04 +02:00 · 2026-05-23 18:55:08 +02:00 · 2026-05-23 18:35:15 +02:00
2 changed files with 39 additions and 25 deletions
@@ -14,7 +14,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
        with:
-          fetch-depth: 50
+          fetch-depth: 1

      - name: Check runner tools
        run: |
@@ -49,7 +49,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
        with:
-          fetch-depth: 50
+          fetch-depth: 1

      - name: Check runner tools
        run: |
@@ -73,12 +73,36 @@ jobs:
          DAGGER_NO_NAG: "1"
        run: task publish-android

+      - name: Cleanup TLS credentials
+        if: always()
+        run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
+
+  deploy-apk:
+    name: Build & Deploy APK to Server
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Check runner tools
+        run: |
+          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
+
+      - name: Setup Dagger Remote Engine (via stunnel)
+        env:
+          DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
+          DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
+          DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
+          DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
+        run: scripts/setup_dagger_remote.sh
+
      - name: Build & Deploy APK to server
-        # continue-on-error: step requires SSH_PRIVATE_KEY secret; if unset the task
-        # precondition fails, but we don't want that to fail the whole job — the Play
-        # Store publish above already succeeded.  The overall job stays green even
-        # though this step shows as failed/orange in the UI.
-        continue-on-error: true
+        if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          SSH_USER: ${{ secrets.SSH_USER }}
@@ -100,7 +124,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
        with:
-          fetch-depth: 50
+          fetch-depth: 1

      - name: Check runner tools
        run: |
@@ -117,12 +141,7 @@ jobs:
        run: scripts/setup_dagger_remote.sh

      - name: Build & Deploy Linux to server
-        # continue-on-error: step requires SSH_PRIVATE_KEY secret; if unset the task
-        # precondition fails, but the build step that precedes this (done via Dagger)
-        # already succeeded.  Deployment is best-effort; a missing secret should not
-        # turn the job red.  The step will show as failed/orange in the UI even though
-        # the overall job is green — this is intentional.
-        continue-on-error: true
+        if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          SSH_USER: ${{ secrets.SSH_USER }}
@@ -137,16 +156,16 @@ jobs:
  publish-website:
    name: Publish Website Build History
    runs-on: ubuntu-latest
-    needs: [build-linux, deploy-playstore]
+    needs: [build-linux, deploy-playstore, deploy-apk]
    if: |
      always() &&
-      (needs.build-linux.result == 'success' || needs.deploy-playstore.result == 'success')
+      (needs.build-linux.result == 'success' || needs.deploy-playstore.result == 'success' || needs.deploy-apk.result == 'success')
    timeout-minutes: 60

    steps:
      - uses: actions/checkout@v4
        with:
-          fetch-depth: 50
+          fetch-depth: 1

      - name: Check runner tools
        run: |
@@ -163,9 +182,7 @@ jobs:
        run: scripts/setup_dagger_remote.sh

      - name: Generate build history and deploy website
-        # continue-on-error: website publish is best-effort; a missing SSH_PRIVATE_KEY
-        # should not block the overall workflow status.
-        continue-on-error: true
+        if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          SSH_USER: ${{ secrets.SSH_USER }}
@@ -180,7 +197,7 @@ jobs:
  label-deploy-health:
    name: Update Deploy Health Label
    runs-on: ubuntu-latest
-    needs: [test-android-firebase, deploy-playstore, build-linux]
+    needs: [test-android-firebase, deploy-playstore, deploy-apk, build-linux]
    if: always() && vars.DEPLOY_HEALTH_ISSUE != ''
    timeout-minutes: 5

@@ -190,7 +207,7 @@ jobs:
          FORGEJO_TOKEN: ${{ github.token }}
          FORGEJO_URL: ${{ github.server_url }}
          DEPLOY_HEALTH_ISSUE: ${{ vars.DEPLOY_HEALTH_ISSUE }}
-          ALL_SUCCEEDED: ${{ needs.test-android-firebase.result == 'success' && needs.deploy-playstore.result == 'success' && needs.build-linux.result == 'success' }}
+          ALL_SUCCEEDED: ${{ needs.test-android-firebase.result == 'success' && needs.deploy-playstore.result == 'success' && needs.deploy-apk.result == 'success' && needs.build-linux.result == 'success' }}
        run: |
          python3 - << 'PYEOF'
          import os, json, urllib.request, urllib.error
@@ -11,7 +11,6 @@ jobs:
    name: Build & Deploy Windows (Nightly)
    runs-on: windows-runner
    if: false
-    continue-on-error: true

    steps:
      - uses: actions/checkout@v4
@@ -32,7 +31,6 @@ jobs:

      - name: Set up SSH key
        if: env.SKIP_BUILD != 'true'
-        continue-on-error: true
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
        run: |
@@ -42,7 +40,6 @@ jobs:

      - name: Deploy Windows to server
        if: env.SKIP_BUILD != 'true'
-        continue-on-error: true
        env:
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
Author	SHA1	Message	Date
Thomas SharedInboxandClaude Sonnet 4.6	9f657cd624	fix(ci): replace continue-on-error with conditional step execution (#172 ) Remove all continue-on-error usages from CI workflows: - deploy.yml: replace continue-on-error on SSH deploy steps with if: secrets.SSH_PRIVATE_KEY != '' so steps are skipped (not failed) when the secret is absent - windows-nightly.yml: remove continue-on-error from job and steps (job is already disabled via if: false) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-23 19:03:04 +02:00
Bot of Thomas Güttler	6adba9b001	perf: parallelize APK deploy and reduce fetch-depth in deploy.yml (#171 ) (#188 )	2026-05-23 18:55:08 +02:00
Bot of Thomas Güttler	11d9805fca	test: cover _resolveDatabasePath retry logic (#167 ) (#187 )	2026-05-23 18:35:15 +02:00