Skip to content

Generate index.yaml on merge instead of gating it in PRs#6

Merged
scotwells merged 2 commits into
mainfrom
ci/generate-index-on-merge
Jul 1, 2026
Merged

Generate index.yaml on merge instead of gating it in PRs#6
scotwells merged 2 commits into
mainfrom
ci/generate-index-on-merge

Conversation

@scotwells

Copy link
Copy Markdown
Contributor

Why

index.yaml is what datumctl reads, and it's fully derived from plugins/*.yaml. The current CI treats it as a reviewed source file: every PR must regenerate and commit it, and validation fails if it drifts. That puts generation work on:

  • every human contributor, and
  • the release bot — the update-plugin-index automation only edits plugins/<name>.yaml, so its catalog PRs fail the drift gate (#5 is exactly this: v0.3.0 opened, then failed Check index.yaml is in sync).

It was also the root of the earlier merge conflict on #1 — the same generated file edited on both a PR branch and main.

What

Treat index.yaml as a build artifact, reconciled automatically:

  • Drop the index-sync gate from PR validation. PRs — human or bot — touch only plugins/*.yaml. Validation still schema-checks each manifest and verifies every download URL and checksum, so nothing broken can merge; only the generated index is no longer reviewed.
  • Regenerate on merge (generate-index.yaml): a push to main that touches plugins/** regenerates index.yaml and commits it straight back to main. main is unprotected, so the built-in GITHUB_TOKEN pushes directly — no app token, no trailing chore PR. The commit changes only index.yaml (not plugins/**) and token pushes don't retrigger workflows, so it never loops; a concurrency group + rebase-retry covers closely-spaced merges.

Net: contributors and the bot edit exactly one file and never touch the index by hand.

Notes

  • No change needed in datum-cloud/actions or the ipam release workflow — the generic update-plugin-index action keeps doing only what it should (edit the manifest).
  • The scripts/generate_index.py generator is unchanged and still runnable locally to preview.
  • Assumes catalog PRs come from same-repo branches (no forks), which lets the built-in token push the regenerated index.

Verification

actionlint clean on both workflows; the generator no-ops against the current in-sync main.

index.yaml is what datumctl reads and is fully derived from plugins/*.yaml.
Treating it as a reviewed source file — regenerated and committed in every PR,
with CI failing on drift — put that work on every contributor and on the release
bot, which only edits plugins/<name>.yaml (its catalog PRs failed the drift
gate). It was also the source of the earlier merge conflict, since the same
generated file was edited on both a PR branch and main.

Treat it as a build artifact instead:

- Drop the index-sync gate from PR validation. PRs (human or bot) touch only
  plugins/*.yaml. Validation still schema-checks each manifest and verifies every
  download URL and checksum, so correctness is enforced before merge.
- Regenerate index.yaml on merge (push to main touching plugins/**) and commit
  it straight back to main. main is unprotected, so the built-in token pushes
  directly — no app token, no trailing PR. The commit touches only index.yaml
  and token pushes don't retrigger workflows, so it never loops; a concurrency
  group plus rebase-retry handles closely-spaced merges.

Contributors now edit one file and never touch the index by hand.
@scotwells scotwells merged commit ebc96bd into main Jul 1, 2026
1 check passed
@scotwells scotwells deleted the ci/generate-index-on-merge branch July 1, 2026 16:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants