Fix deploy workflow

.github/environments.json

@@ -0,0 +1,23 @@
+{
+    "Develop": {
+        "deployment_branch_policy": {
+            "protected_branches": false,
+            "custom_branch_policies": true
+        },
+        "reviewers": [],
+        "wait_timer": 0
+    },
+    "Production": {
+        "deployment_branch_policy": {
+            "protected_branches": false,
+            "custom_branch_policies": true
+        },
+        "reviewers": [],
+        "wait_timer": 0
+    },
+    "github-pages": {
+        "deployment_branch_policy": null,
+        "reviewers": [],
+        "wait_timer": 0
+    }
+}

.github/protection.json

@@ -1,4 +1,19 @@
 {
+    "develop": {
+        "allow_deletions": false,
+        "allow_force_pushes": false,
+        "enforce_admins": false,
+        "required_pull_request_reviews": {
+            "dismiss_stale_reviews": false,
+            "require_code_owner_reviews": false,
+            "required_approving_review_count": 1
+        },
+        "required_status_checks": {
+            "contexts": [],
+            "strict": true
+        },
+        "restrictions": null
+    },
     "main": {
         "allow_deletions": false,
         "allow_force_pushes": false,

.github/workflows/gh-deploy.yml

@@ -20,6 +20,8 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
 
+    environment: github-pages
+
     steps:
       - name: Checkout
         uses: actions/checkout@v6

.github/workflows/publish-app.yml

@@ -3,7 +3,7 @@ name: Publish App to GHCR
 on:
   push:
     branches:
-      - main
+      - develop
     paths:
       - ".github/workflows/publish-app.yml"
       - ".python-version"

.github/workflows/publish-devcontainer.yml

@@ -3,7 +3,7 @@ name: Publish Devcontainer to GHCR
 on:
   push:
     branches:
-      - main
+      - develop
     paths:
       - ".devcontainer/Dockerfile"
       - ".github/workflows/publish-devcontainer.yml"

.github/workflows/release.yml

@@ -3,6 +3,7 @@ name: Release
 on:
   pull_request:
     branches:
+      - develop
       - main
     types:
       - closed
@@ -12,11 +13,33 @@ permissions:
   pull-requests: read
 
 jobs:
-  publish:
-    if: github.event.pull_request.merged == true && contains(github.head_ref, 'release/')
+  develop:
+    if: github.event.pull_request.merged == true && github.base_ref == 'develop'
 
     runs-on: ubuntu-latest
 
+    environment: Develop
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Update Draft Release
+        uses: release-drafter/release-drafter@v6
+        with:
+          config-name: release-drafter.yml
+          disable-autolabeler: true
+          publish: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  production:
+    if: github.event.pull_request.merged == true && github.base_ref == 'main'
+
+    runs-on: ubuntu-latest
+
+    environment: Production
+
     steps:
       - name: Checkout
         uses: actions/checkout@v6

.github/workflows/setting.yml

@@ -4,6 +4,7 @@ on:
   pull_request:
     paths:
       - .github/workflows/setting.yml
+      - .github/environments.json
       - .github/protection.json
   schedule:
     - cron: "0 0 * * *"
@@ -23,7 +24,9 @@ jobs:
 
       - name: Enable auto-delete head branches
         run: |
-          gh repo edit ${{ github.repository }} --delete-branch-on-merge
+          gh repo edit ${{ github.repository }} \
+            --default-branch develop \
+            --delete-branch-on-merge
         env:
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}
 
@@ -40,14 +43,15 @@ jobs:
 
       - name: Set GitHub Pages Source
         run: |
-          gh api -X POST "repos/${{ github.repository }}/pages" \
+          gh api -X POST ${{ env.ENDPOINT }} \
             -f "source[branch]=${{ env.BRANCH }}" \
             -f "source[path]=${{ env.TARGET_PATH }}" --silent \
           || \
-          gh api -X PUT "repos/${{ github.repository }}/pages" \
+          gh api -X PUT ${{ env.ENDPOINT }} \
             -f "source[branch]=${{ env.BRANCH }}" \
             -f "source[path]=${{ env.TARGET_PATH }}"
         env:
+          ENDPOINT: repos/${{ github.repository }}/pages
           BRANCH: gh-pages
           TARGET_PATH: /
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}
@@ -68,21 +72,75 @@ jobs:
 
       - name: Apply Branch Protection Rules
         run: |
-          if [ ! -f "$CONFIG_FILE" ]; then
-            echo "Error: $CONFIG_FILE not found!"
+          if [ ! -f ${{ env.CONFIG_FILE }} ]; then
+            echo "Error: ${{ env.CONFIG_FILE }} not found!"
             exit 1
           fi
 
-          BRANCHES=$(jq -r 'keys[]' "$CONFIG_FILE")
+          BRANCHES=$(jq -r 'keys[]' ${{ env.CONFIG_FILE }})
 
           for BRANCH in $BRANCHES; do
-            if ! gh api "repos/${{ github.repository }}/branches/$BRANCH" --silent >/dev/null 2>&1; then
-              echo "Warning: Branch '$BRANCH' does not exist in this repository. Skipping..."
+            if ! gh api "${{ env.ENDPOINT }}/$BRANCH" --silent >/dev/null 2>&1; then
+              echo "Warning: Branch $BRANCH does not exist in this repository. Skipping..."
               continue
             fi
 
-            jq -c ".\"$BRANCH\"" "$CONFIG_FILE" | gh api -X PUT "repos/${{ github.repository }}/branches/$BRANCH/protection" --input -
+            jq -c ".\"$BRANCH\"" ${{ env.CONFIG_FILE }} | gh api -X PUT "${{ env.ENDPOINT }}/$BRANCH/protection" --input -
           done
         env:
           CONFIG_FILE: .github/protection.json
+          ENDPOINT: repos/${{ github.repository }}/branches
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+  environments:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        include:
+          - environment: Develop
+            branch: develop
+          - environment: Production
+            branch: main
+          - environment: github-pages
+            branch: gh-pages
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_KEY }}
+
+      - name: Configure Environment
+        run: |
+          if [ ! -f ${{ env.CONFIG_FILE }} ]; then
+            echo "Error: ${{ env.CONFIG_FILE }} not found!"
+            exit 1
+          fi
+
+          jq -c ".\"${{ env.ENVIRONMENT_NAME }}\"" ${{ env.CONFIG_FILE }} | gh api -X PUT "${{ env.ENDPOINT }}/${{ env.ENVIRONMENT_NAME }}" --input -
+
+          CUSTOM_BRANCH_POLICIES=$(jq -r ".\"${{ env.ENVIRONMENT_NAME }}\".deployment_branch_policy.custom_branch_policies" ${{ env.CONFIG_FILE }})
+
+          if [ "$CUSTOM_BRANCH_POLICIES" != true ]; then
+            IDS=$(gh api "${{ env.ENDPOINT }}/${{ env.ENVIRONMENT_NAME }}/deployment-branch-policies" --jq '.branch_policies[].id' || true)
+            for ID in $IDS; do
+              gh api -X DELETE "${{ env.ENDPOINT }}/${{ env.ENVIRONMENT_NAME }}/deployment-branch-policies/$ID" --silent || true
+            done
+            exit 0
+          fi
+
+          gh api -X POST "${{ env.ENDPOINT }}/${{ env.ENVIRONMENT_NAME }}/deployment-branch-policies" \
+            -f "name=${{ env.BRANCH_NAME }}" \
+            -f "type=branch"
+        env:
+          CONFIG_FILE: .github/environments.json
+          BRANCH_NAME: ${{ matrix.branch }}
+          ENDPOINT: repos/${{ github.repository }}/environments
+          ENVIRONMENT_NAME: ${{ matrix.environment }}
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}