Skip to content

feat: add git commit SHA metadata to all Nomad jobs#1993

Draft
joe-lombrozo-s-bot[bot] wants to merge 6 commits intomainfrom
feature/add-git-commit-sha-to-nomad-jobs
Draft

feat: add git commit SHA metadata to all Nomad jobs#1993
joe-lombrozo-s-bot[bot] wants to merge 6 commits intomainfrom
feature/add-git-commit-sha-to-nomad-jobs

Conversation

@joe-lombrozo-s-bot
Copy link
Contributor

@joe-lombrozo-s-bot joe-lombrozo-s-bot bot commented Feb 25, 2026

Summary

This change adds the git_commit_sha as metadata to all Nomad jobs deployed via Terraform. The commit SHA is passed from GitHub Actions workflows through Terraform variables down to the Nomad job specifications.

Changes

  • Updated deploy-infra.yml and deploy-job.yml workflows to export GIT_COMMIT_SHA
  • Added git_commit_sha to Makefile tf_vars
  • Added git_commit_sha variable to provider-gcp and nomad module variables
  • Added meta block with git_commit_sha to all Nomad job HCL files
  • Updated all module calls to pass git_commit_sha through

Benefits

This enables tracking which git commit is currently deployed for each Nomad job, which helps with:

  • Debugging deployment issues
  • Audit trails
  • Understanding which code version is running in production

Testing

  • Variables default to "unknown" to maintain backward compatibility
  • No breaking changes to existing deployments
@djeebot
feat: add git commit SHA metadata to all Nomad jobs
ca7d58e 
This change adds the git_commit_sha as metadata to all Nomad jobs deployed via Terraform. The commit SHA is passed from GitHub Actions workflows through Terraform variables down to the Nomad job specifications. Changes: - Updated deploy-infra.yml and deploy-job.yml workflows to export GIT_COMMIT_SHA - Added git_commit_sha to Makefile tf_vars - Added git_commit_sha variable to provider-gcp and nomad module variables - Added meta block with git_commit_sha to all Nomad job HCL files - Updated all module calls to pass git_commit_sha through This enables tracking which git commit is currently deployed for each Nomad job.
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Feb 25, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ca7d58e982

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
github-actions bot and others added 4 commits February 25, 2026 16:03
@github-actions
chore: auto-commit generated changes
822bd4a
@djeebot
fix: add git_commit_sha to clean-nfs-cache templatefile
559a381
@djeebot
fix: remove default values from git_commit_sha in job modules
ccb2f05 
Make git_commit_sha required in all job modules to catch missing pass-throughs at plan time. The root provider-gcp/variables.tf still has a default for when the env var isn't set during local development.
@djeebot
feat: auto-detect git commit SHA from HEAD when running make plan
89c0c86 
Uses `git rev-parse --short HEAD` as the default value for GIT_COMMIT_SHA if not explicitly set via environment variable. Falls back to 'unknown' if not in a git repository.
dobrac
dobrac approved these changes Feb 26, 2026
View reviewed changes
Copy link
Contributor

@dobrac dobrac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one nit
iac/provider-gcp/Makefile
-include ${ENV_FILE}

# Default to current git commit SHA if not set via environment
GIT_COMMIT_SHA ?= $(shell git rev-parse --short HEAD 2>/dev/null || echo "unknown")
Copy link
Contributor

@dobrac dobrac Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wouldn't this be annoying for dev where you rebuild just one job, but then run make plan ; make apply?
Copy link
Member

@jakubno jakubno Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would it be possible to set up terraform to ignore_changes for this somehow?
@ValentaTomas ValentaTomas removed their assignment Mar 12, 2026
@ValentaTomas ValentaTomas removed their request for review March 12, 2026 02:14
@jakubno jakubno marked this pull request as draft March 13, 2026 08:19
@djeebot
feat: track deployment commit SHA via nomad variable
0169cec 
Instead of adding git_commit_sha to every Nomad job's meta block (which would cause job re-registration on every commit), store the deployment commit SHA in a Nomad Variable at deployments/metadata. This avoids unnecessary job version bumps and batch job re-runs while still making the commit SHA available for debugging and audit via the Nomad Variables API/UI. Jobs can optionally read the SHA at runtime using: {{ with nomadVar "deployments/metadata" }}{{ .git_commit_sha }}{{ end }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

5 participants

@dobrac @jakubno @djeebus @ValentaTomas @djeebot