From da5505bd27e358edc744411b99d42bf31db4fd13 Mon Sep 17 00:00:00 2001
From: Jordan Ramos <jordan.ramos@spectrum.com>
Date: Mon, 18 May 2026 15:18:12 -0600
Subject: [PATCH] Add pipeline-to-issue traceability via after_script comments

deploy-staging and deploy-production now parse #N references from the commit
message and post a deployment comment on each referenced GitLab issue with a
link to the pipeline. Requires GITLAB_PAT CI/CD variable (see steering docs).
---
 .gitlab-ci.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b939313..b99a173 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -178,6 +178,16 @@ deploy-staging:
     # Restart staging service
     - sudo systemctl restart cve-backend-staging || sudo systemctl start cve-backend-staging || true
     - echo "Staging deploy complete."
+  after_script:
+    - |
+      ISSUES=$(git log --format=%B -1 | grep -oP '#\d+' | tr -d '#' | sort -u)
+      for ISSUE in $ISSUES; do
+        curl --silent --request POST \
+          --header "PRIVATE-TOKEN: ${GITLAB_PAT}" \
+          "${CI_SERVER_URL}/api/v4/projects/${CI_PROJECT_ID}/issues/${ISSUE}/notes" \
+          --data-urlencode "body=✅ Deployed to **staging** in pipeline [#${CI_PIPELINE_ID}](${CI_PIPELINE_URL}) (commit \`${CI_COMMIT_SHORT_SHA}\`)" \
+          > /dev/null 2>&1 || true
+      done
   needs:
     - build-frontend
     - test-backend
@@ -221,6 +231,16 @@ deploy-production:
     - ssh ${PROD_USER}@${PROD_HOST} "test -f /etc/systemd/system/cve-backend.service" || scp ${CI_PROJECT_DIR}/deploy/cve-backend-production.service ${PROD_USER}@${PROD_HOST}:/etc/systemd/system/cve-backend.service
     - ssh ${PROD_USER}@${PROD_HOST} "systemctl daemon-reload && systemctl enable cve-backend && systemctl restart cve-backend"
     - echo "Production deploy complete."
+  after_script:
+    - |
+      ISSUES=$(git log --format=%B -1 | grep -oP '#\d+' | tr -d '#' | sort -u)
+      for ISSUE in $ISSUES; do
+        curl --silent --request POST \
+          --header "PRIVATE-TOKEN: ${GITLAB_PAT}" \
+          "${CI_SERVER_URL}/api/v4/projects/${CI_PROJECT_ID}/issues/${ISSUE}/notes" \
+          --data-urlencode "body=🚀 Deployed to **production** in pipeline [#${CI_PIPELINE_ID}](${CI_PIPELINE_URL}) (commit \`${CI_COMMIT_SHORT_SHA}\`)" \
+          > /dev/null 2>&1 || true
+      done
   needs:
     - build-frontend
     - test-backend