Right now, deploys are triggered from the main branch. This is causing false positive build failures when merging dependabot PRs.
Some background:
GH-dependabot PRs get merged into main, which this triggers an NPM audit on main build, which fails the build since there are subsequent dependabot PRs that are yet to be merged.
Eventually, after all dependabot PRs are merged, the NPM audit passes but the main build can't go green because it is in a Hold state. At this point the only way it can go green is to do a full deploy to NPM.
But a full deploy to NPM should be unnecessary since these are only NPM audit fixes for dev dependancies.
This PR updates the build process so that it only triggers the Hold + Deploy state when a version tag (/v.*/) is pushed to remote.
Right now, deploys are triggered from the
main
branch. This is causing false positive build failures when merging dependabot PRs.Some background:
GH-dependabot PRs get merged into
main
, which this triggers an NPM audit onmain
build, which fails the build since there are subsequent dependabot PRs that are yet to be merged.Eventually, after all dependabot PRs are merged, the NPM audit passes but the
main
build can't go green because it is in a Hold state. At this point the only way it can go green is to do a full deploy to NPM.But a full deploy to NPM should be unnecessary since these are only NPM audit fixes for dev dependancies.
This PR updates the build process so that it only triggers the Hold + Deploy state when a version tag (
/v.*/
) is pushed to remote.