feat(generate): emit cascade-hotfix workflow for multi-env repos#106
Merged
Conversation
Add a HotfixGenerator that renders .github/workflows/cascade-hotfix.yaml, wired into generate-workflow beside the other auxiliary generators. The workflow cherry-picks a trunk fix onto a diverged intermediate environment through an env/<env> integration branch, opens a resolution pull request, and on merge builds, deploys, and finalizes the hotfix. The generator emits only when two or more environments are configured; target_env is the configured environments minus the build target. Dual triggers cover manual dispatch and merged env/* pull requests. Clean cherry-picks auto-merge with the cascade-hotfix label; conflicting ones commit the markers and open a cascade-hotfix-conflict pull request carrying machine-readable trailers and resolve-locally instructions. The deploy job binds the GitHub environment of the target so org protection rules gate production hotfixes, branch protection is verified with a non-failing warning, and plan protection suggestions surface as notices. Signed-off-by: Joshua Temple <joshua.temple@stablekernel.com>
This was referenced Jun 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Multi-environment repos need a generated workflow to hotfix a trunk fix onto a diverged intermediate environment. The pieces existed in the CLI (
cascade hotfix plan/finalize, divergence state, promotion guards) but nothing emitted the orchestrating workflow.Fix
New
HotfixGeneratorrenders.github/workflows/cascade-hotfix.yaml, wired intogenerate-workflowbeside the other auxiliary generators. It emits only when two or more environments are configured (below that, direct promotion already covers every case);target_envis the configured environments minus the build target.Two triggers in one file:
workflow_dispatch(inputscommit,target_envchoice,pr_numberreplay,dry_run) andpull_request: types: [closed]onenv/*, gated on merge plus thecascade-hotfixlabel. Jobs: plan, apply, check, context, build, deploy, rollback, finalize, withconcurrency: hotfix-<env>.cascade-hotfix-conflictPR with the conflicting-file list, resolve-locally instructions, and machine-readable trailers (Cascade-Hotfix-Target/Source/Base).environment:of the target env so org protection rules gate production hotfixes.env/*has no required status checks and prints the exact configuration command.finalizeruns only on deploy success.Verification
go build ./...cleango test ./...clean (17 new golden tests ininternal/generate, including an actionlint pass over the generated output)go vet ./...cleangolangci-lint run ./internal/generate/...reports 0 issuesNotes
cascade-hotfix.yamlto regenerate.rollback_shasourcing is left as a placeholder output; the rollback job shape, environment binding, andwith: shaplumbing mirror the promote workflow and activate once a CLI output supplies the value.