From 4cabfcd2e07daf503825ada995b83a6cd89fb06d Mon Sep 17 00:00:00 2001
From: Alex Skrenchuk <alexskr@stanford.edu>
Date: Wed, 12 Nov 2025 11:22:28 -0800
Subject: [PATCH 01/10] reset branch specifier to master

---
 Gemfile      | 12 ++++++------
 Gemfile.lock | 20 ++++++++++----------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/Gemfile b/Gemfile
index c0f5193f4..069ba56b6 100644
--- a/Gemfile
+++ b/Gemfile
@@ -43,11 +43,11 @@ gem 'haml', '~> 5.2.2' # pin see https://github.com/ncbo/ontologies_api/pull/107
 gem 'redcarpet'
 
 # NCBO gems (can be from a local dev path or from rubygems/git)
-gem 'goo', github: 'ncbo/goo', branch: 'develop'
-gem 'ncbo_annotator', github: 'ncbo/ncbo_annotator', branch: 'develop'
-gem 'ncbo_cron', github: 'ncbo/ncbo_cron', branch: 'develop'
-gem 'ncbo_ontology_recommender', github: 'ncbo/ncbo_ontology_recommender', branch: 'develop'
-gem 'ontologies_linked_data', github: 'ncbo/ontologies_linked_data', branch: 'develop'
+gem 'goo', github: 'ncbo/goo', branch: 'master'
+gem 'ncbo_annotator', github: 'ncbo/ncbo_annotator', branch: 'master'
+gem 'ncbo_cron', github: 'ncbo/ncbo_cron', branch: 'master'
+gem 'ncbo_ontology_recommender', github: 'ncbo/ncbo_ontology_recommender', branch: 'master'
+gem 'ontologies_linked_data', github: 'ncbo/ontologies_linked_data', branch: 'master'
 gem 'sparql-client', github: 'ncbo/sparql-client', tag: 'v6.3.0'
 
 group :development do
@@ -82,4 +82,4 @@ group :test do
   gem 'webmock', '~> 3.19.1'
   gem 'webrick'
   gem 'minitest-bisect'
-end
\ No newline at end of file
+end
diff --git a/Gemfile.lock b/Gemfile.lock
index 7ee73a860..6fed911a6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 GIT
   remote: https://github.com/ncbo/goo.git
-  revision: b92ae7ab3d2fad40a8b4a7563047c7157765472c
-  branch: develop
+  revision: 5cac44e06a6bf0c093563dad66240ab07fec4d9c
+  branch: master
   specs:
     goo (0.0.2)
       addressable (~> 2.8)
@@ -16,8 +16,8 @@ GIT
 
 GIT
   remote: https://github.com/ncbo/ncbo_annotator.git
-  revision: 55e8cbfac358b2c40deb0bd963bfe6dee91e8347
-  branch: develop
+  revision: 4fb9114b80b99f0a654c7f70aaa96839c74fc615
+  branch: master
   specs:
     ncbo_annotator (0.0.1)
       goo
@@ -27,8 +27,8 @@ GIT
 
 GIT
   remote: https://github.com/ncbo/ncbo_cron.git
-  revision: 111c7263d8a98b1e8f7c033cb0b7d9c6cc10cd01
-  branch: develop
+  revision: 7ee2651664e411945c878133073351f817ff6b8d
+  branch: master
   specs:
     ncbo_cron (0.0.1)
       dante
@@ -45,8 +45,8 @@ GIT
 
 GIT
   remote: https://github.com/ncbo/ncbo_ontology_recommender.git
-  revision: 76d9516adc3c5c6d5c95f21f307bdd60eb3e0acd
-  branch: develop
+  revision: c6a18eb7700b23a1a4f1e32ebc94003bf75efe93
+  branch: master
   specs:
     ncbo_ontology_recommender (0.0.1)
       goo
@@ -56,8 +56,8 @@ GIT
 
 GIT
   remote: https://github.com/ncbo/ontologies_linked_data.git
-  revision: 9cae83def8a2a4a9bd1a3a1e8388c595c339ce72
-  branch: develop
+  revision: 1a6d42628cfcf1704b96de45e27e81392333e343
+  branch: master
   specs:
     ontologies_linked_data (0.0.1)
       activesupport

From 91a1dadecc66e33be11568a3e51d8d3a303370ed Mon Sep 17 00:00:00 2001
From: Alex Skrenchuk <alexskr@stanford.edu>
Date: Wed, 12 Nov 2025 14:10:50 -0800
Subject: [PATCH 02/10] use lowercase branch input parameter

---
 .github/workflows/deploy.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 3f0f0d75c..d2398e333 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -32,7 +32,7 @@ on:
   workflow_dispatch:
     branches: [master, develop]
     inputs:
-      BRANCH:
+      branch:
         description: 'Branch/tag to deploy'
         default: develop
         required: true
@@ -64,12 +64,12 @@ jobs:
         USER_INPUT_ENVIRONMENT=${{ inputs.environment }}
         echo "TARGET=${USER_INPUT_ENVIRONMENT:-staging}" >> $GITHUB_ENV
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - uses: ruby/setup-ruby@v1
       with:
         bundler-cache: true # runs 'bundle install' and caches installed gems automatically
     - name: get-deployment-config
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
       with:
         repository: ${{ secrets.CONFIG_REPO }} # repository containing deployment settings
         token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT

From 347aea97170b94904509c90521b5353f1570f7f2 Mon Sep 17 00:00:00 2001
From: Alex Skrenchuk <alexskr@stanford.edu>
Date: Wed, 12 Nov 2025 14:55:46 -0800
Subject: [PATCH 03/10] remove push trigger

capistrano deployments to staging are triggered by successeful unit
test runs or manually so push trigger is pointless
---
 .github/workflows/deploy.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index d2398e333..7714c5150 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -18,10 +18,6 @@
 name: Capistrano Deployment
 # Controls when the action will run.
 on:
-  push:
-    branches:
-      - master
-      - develop
   # Trigger deployment to staging after unit test action completes
   workflow_run:
     workflows: ["Ruby Unit Tests"]

From 75d7e14a3c7b93e8949d796a7aeba37313506fa8 Mon Sep 17 00:00:00 2001
From: Alex Skrenchuk <alexskr@stanford.edu>
Date: Wed, 12 Nov 2025 16:14:57 -0800
Subject: [PATCH 04/10] Refactor deployment workflow: safer permissions, better
 triggers, add concurrency

Add minimal token permissions
Auto-deploy only from develop
Add per-environment concurrency lock
Improve BRANCH/TARGET logic
Add deployment detail output
---
 .github/workflows/deploy.yml | 61 ++++++++++++++++++++++++++----------
 1 file changed, 45 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 7714c5150..38db247c8 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -16,17 +16,19 @@
 # this SSH key is used for accessing jump host, UI nodes, and private github repo.
 
 name: Capistrano Deployment
-# Controls when the action will run.
+
+permissions:
+  contents: read
+
 on:
   # Trigger deployment to staging after unit test action completes
   workflow_run:
     workflows: ["Ruby Unit Tests"]
     types:
       - completed
-    branches: [master, develop]
+    branches: [develop]  # trigger auto deployment to staging from develop branch
   # Allows running this workflow manually from the Actions tab
   workflow_dispatch:
-    branches: [master, develop]
     inputs:
       branch:
         description: 'Branch/tag to deploy'
@@ -42,23 +44,50 @@ on:
 
 jobs:
   deploy:
+    concurrency:
+      group: deploy-${{ env.TARGET }}
+      cancel-in-progress: true
     runs-on: ubuntu-latest
-    # run deployment only if "Ruby Unit Tests" workflow completes sucessefully or when manually triggered
-    if: ${{ (github.event.workflow_run.conclusion == 'success') || (github.event_name == 'workflow_dispatch') }}
+    # run deployment only if "Ruby Unit Tests" workflow completes sucessefully
+    # or when manually triggered
+    if: >
+      (github.event_name == 'workflow_run' &&
+       github.event.workflow_run.conclusion == 'success') ||
+      (github.event_name == 'workflow_dispatch')
     env:
-      BUNDLE_WITHOUT: default #install gems required primarily for the deployment in order to speed this workflow
+      BUNDLE_WITHOUT: default:test:development #install gems required primarily for the deployment in order to speed this workflow
       PRIVATE_CONFIG_REPO: ${{ format('git@github.com:{0}.git', secrets.CONFIG_REPO) }}
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
     - name: set branch/tag and environment to deploy from inputs
       run: |
-        # workflow_dispatch default input doesn't get set on push so we need to set defaults
-        # via shell parameter expansion
-        # https://dev.to/mrmike/github-action-handling-input-default-value-5f2g
-        USER_INPUT_BRANCH=${{ inputs.branch }}
-        echo "BRANCH=${USER_INPUT_BRANCH:-develop}" >> $GITHUB_ENV
-        USER_INPUT_ENVIRONMENT=${{ inputs.environment }}
-        echo "TARGET=${USER_INPUT_ENVIRONMENT:-staging}" >> $GITHUB_ENV
+        if [ "${{ github.event_name }}" = "workflow_run" ]; then
+          # Auto: always deploy develop to staging
+          echo "BRANCH=develop" >> "$GITHUB_ENV"
+          # echo "BRANCH=${{ github.event.workflow_run.head_branch }}" >> "$GITHUB_ENV"  # auto deploy from branch if needed
+          echo "TARGET=staging" >> "$GITHUB_ENV"
+        else
+          # Manual: use inputs, with defaulting via parameter expansion
+          USER_INPUT_BRANCH=${{ inputs.branch }}
+          USER_INPUT_ENVIRONMENT=${{ inputs.environment }}
+
+          echo "BRANCH=${USER_INPUT_BRANCH:-develop}" >> "$GITHUB_ENV"
+          echo "TARGET=${USER_INPUT_ENVIRONMENT:-staging}" >> "$GITHUB_ENV"
+        fi
+    - name: Provide deployment info
+      run: |
+        echo "=== Deployment Details ======================================"
+        echo "Time:        $(date -u +"%Y-%m-%d %H:%M:%S UTC")"
+        echo "Branch/Tag:  ${BRANCH}"
+        echo "Environment: ${TARGET}"
+        echo "Commit:      ${GITHUB_SHA}"
+        echo "Triggered by: ${GITHUB_ACTOR}"
+        echo "Event:       ${GITHUB_EVENT_NAME}"
+        if [ "${GITHUB_EVENT_NAME}" = "workflow_run" ]; then
+          echo "Mode:        auto-deploy from develop"
+        else
+          echo "Mode:        manual deployment"
+        fi
+        echo "=============================================================="
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
     - uses: actions/checkout@v5
     - uses: ruby/setup-ruby@v1
@@ -69,9 +98,9 @@ jobs:
       with:
         repository: ${{ secrets.CONFIG_REPO }} # repository containing deployment settings
         token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
-        path:  deploy_config
+        path: deploy_config
     - name: copy-deployment-config
-      run:  cp -r deploy_config/ontologies_api/* .
+      run: cp -r deploy_config/ontologies_api/* .
     # add ssh hostkey so that capistrano doesn't complain
     - name: Add jumphost's hostkey to Known Hosts
       run: |

From 2132d4648d115e05704cc3f70e77ddf6de2a3740 Mon Sep 17 00:00:00 2001
From: Alex Skrenchuk <alexskr@stanford.edu>
Date: Wed, 12 Nov 2025 16:32:02 -0800
Subject: [PATCH 05/10] don't use env in concurrency

---
 .github/workflows/deploy.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 38db247c8..b2cb04cf3 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -14,7 +14,6 @@
 #
 # DEPLOY_ENC_KEY - key for decrypting deploymnet ssh key residing in config/deploy_id_rsa_enc (see miloserdow/capistrano-deploy)
 # this SSH key is used for accessing jump host, UI nodes, and private github repo.
-
 name: Capistrano Deployment
 
 permissions:
@@ -45,8 +44,7 @@ on:
 jobs:
   deploy:
     concurrency:
-      group: deploy-${{ env.TARGET }}
-      cancel-in-progress: true
+      group: deploy-${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'staging' }}
     runs-on: ubuntu-latest
     # run deployment only if "Ruby Unit Tests" workflow completes sucessefully
     # or when manually triggered

From 52d496f80234a4ff2b165d0a6531745bc07b62cb Mon Sep 17 00:00:00 2001
From: Alex Skrenchuk <alexskr@stanford.edu>
Date: Wed, 12 Nov 2025 16:44:53 -0800
Subject: [PATCH 06/10] fix issue with expression

---
 .github/workflows/deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index b2cb04cf3..b07f1a2b2 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -44,7 +44,7 @@ on:
 jobs:
   deploy:
     concurrency:
-      group: deploy-${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'staging' }}
+      group: ${{ format('deploy-{0}', github.event_name == 'workflow_dispatch' ? github.event.inputs.environment : 'staging') }}
     runs-on: ubuntu-latest
     # run deployment only if "Ruby Unit Tests" workflow completes sucessefully
     # or when manually triggered

From 6ec6397fbcc80bfa0a019182e751c552f3db6a5a Mon Sep 17 00:00:00 2001
From: Alex Skrenchuk <alexskr@stanford.edu>
Date: Wed, 12 Nov 2025 16:51:11 -0800
Subject: [PATCH 07/10] debug: add quote to the expression

---
 .github/workflows/deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index b07f1a2b2..7392b787b 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -44,7 +44,7 @@ on:
 jobs:
   deploy:
     concurrency:
-      group: ${{ format('deploy-{0}', github.event_name == 'workflow_dispatch' ? github.event.inputs.environment : 'staging') }}
+      group: "${{ format('deploy-{0}', github.event_name == 'workflow_dispatch' ? github.event.inputs.environment : 'staging') }}"
     runs-on: ubuntu-latest
     # run deployment only if "Ruby Unit Tests" workflow completes sucessefully
     # or when manually triggered

From 708e0b91b6bd7095727cfda25487fa4b4c9e4722 Mon Sep 17 00:00:00 2001
From: Alex Skrenchuk <alexskr@stanford.edu>
Date: Wed, 12 Nov 2025 16:54:25 -0800
Subject: [PATCH 08/10] debug github actions

---
 .github/workflows/deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 7392b787b..a6bc1221a 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -44,7 +44,7 @@ on:
 jobs:
   deploy:
     concurrency:
-      group: "${{ format('deploy-{0}', github.event_name == 'workflow_dispatch' ? github.event.inputs.environment : 'staging') }}"
+      group: "${{ format('deploy-{0}', github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'staging') }}"
     runs-on: ubuntu-latest
     # run deployment only if "Ruby Unit Tests" workflow completes sucessefully
     # or when manually triggered

From 694498819e89fcc53b2ba0a43ace5ed71b90c4f4 Mon Sep 17 00:00:00 2001
From: Alex Skrenchuk <alexskr@stanford.edu>
Date: Wed, 12 Nov 2025 17:08:29 -0800
Subject: [PATCH 09/10] debug github actions

---
 .github/workflows/deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index a6bc1221a..0c71ee3aa 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -44,7 +44,7 @@ on:
 jobs:
   deploy:
     concurrency:
-      group: "${{ format('deploy-{0}', github.event_name == 'workflow_dispatch' && github.event.inputs.environment || 'staging') }}"
+      group: deploy-${{ github.event.inputs.environment }}
     runs-on: ubuntu-latest
     # run deployment only if "Ruby Unit Tests" workflow completes sucessefully
     # or when manually triggered

From 20ee714ae2b686b2b2b9ddadf5303228ea3c60c5 Mon Sep 17 00:00:00 2001
From: Alex Skrenchuk <alexskr@stanford.edu>
Date: Fri, 21 Nov 2025 12:39:29 -0800
Subject: [PATCH 10/10] use global lock for simplicity sake

---
 .github/workflows/deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 0c71ee3aa..6cab3db44 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -44,7 +44,7 @@ on:
 jobs:
   deploy:
     concurrency:
-      group: deploy-${{ github.event.inputs.environment }}
+      group: deploy
     runs-on: ubuntu-latest
     # run deployment only if "Ruby Unit Tests" workflow completes sucessefully
     # or when manually triggered