ci: post canvas deploy reminder comment after every main merge

Adds a `canvas-deploy-reminder` job to ci.yml that fires on every push to main once `canvas-build` passes. It posts a commit comment via the built-in GITHUB_TOKEN (no new secrets needed) reminding whoever monitors CI to run: cd /g/personal_programs/molecule-monorepo git pull origin main docker compose build canvas && docker compose up -d canvas The comment includes the commit SHA and a direct link to the build log. Rationale: 5 consecutive merge cycles (PRs #21, #25, #30, #32, #34) went undeployed because there is no auto-deploy hook and the manual step was silently forgotten. A commit comment on the merge commit is the lowest-friction reminder that requires no external secrets or infra. Does NOT run on PRs — only on direct pushes to main (i.e. post-merge). Uses `needs: canvas-build` so the reminder only fires after build+tests pass; a failing build produces no comment. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-14 08:28:42 +00:00 · 2026-04-14 08:28:42 +00:00 · f54d6c02ae
commit f54d6c02ae
parent c9e1a8e6e2
1 changed files with 38 additions and 0 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -176,6 +176,44 @@ jobs:
        with:
          scandir: tests/e2e

+  canvas-deploy-reminder:
+    name: Canvas Deploy Reminder
+    runs-on: ubuntu-latest
+    needs: canvas-build
+    # Only fires on direct pushes to main (i.e. after a PR merges).
+    # PRs get canvas-build CI but no reminder — no deployment happens on PRs.
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    permissions:
+      # Required to post commit comments via the GitHub API.
+      contents: write
+    steps:
+      - name: Post deploy reminder as commit comment
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          COMMIT_SHA: ${{ github.sha }}
+          RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+        run: |
+          # Write body to a temp file — avoids backtick escaping in shell.
+          cat > /tmp/deploy-reminder.md << 'BODY'
+          ## Canvas build passed ✅ — deploy required
+
+          The canvas container is **not auto-deployed**. Merged canvas changes are invisible until the host container is rebuilt.
+
+          Run this on the host machine to apply:
+          ```bash
+          cd /g/personal_programs/molecule-monorepo
+          git pull origin main
+          docker compose build canvas && docker compose up -d canvas
+          ```
+          BODY
+          printf '\n> Posted automatically by CI · commit `%s` · [build log](%s)\n' \
+            "$COMMIT_SHA" "$RUN_URL" >> /tmp/deploy-reminder.md
+
+          gh api \
+            --method POST \
+            "repos/${{ github.repository }}/commits/${{ github.sha }}/comments" \
+            --field "body=@/tmp/deploy-reminder.md"
+
  python-lint:
    name: Python Lint & Test
    runs-on: ubuntu-latest