ci: collapse preview + production deploy into one reusable workflow#130
Merged
Merged
Conversation
Preview and production share scripts/gcp-deploy.sh but each had its own
job body in release.yml and production-deploy.yml — three copies of the
same health-wait, STONITH, dashboard verify, drifting apart (preview
already ran /cp/attest MRTD verify; prod didn't).
Extract the common body into .github/workflows/deploy-cp.yml as a
reusable workflow. release.yml deploy-preview and production-deploy.yml
deploy both call it with env-specific inputs. Prod now runs the stronger
MRTD attestation check preview already had, and every PR push exercises
the exact code prod uses.
Move the SSH+relaunch of dd-local-{kind} into a composite action
.github/actions/relaunch-agent/ so deploy-cp.yml can cascade it
directly. local-agents.yml shrinks to a workflow_dispatch-only entry
point for operator-driven one-shots.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.github/workflows/deploy-cp.ymlreusable workflow: auth →gcp-deploy.sh→ wait-for-health-with-serial →/cp/attestMRTD verify → dashboard 200 → STONITH verify → optional PR comment → cascadedd-local-{kind}relaunch.release.yml deploy-previewcollapses from ~220 lines to 15 —uses: ./.github/workflows/deploy-cp.ymlwith preview inputs.production-deploy.yml deploycollapses from ~110 lines to 15 — same workflow, prod inputs. Prod now runs/cp/attestMRTD verify for the first time (preview already did)..github/actions/relaunch-agent/composite action holds the SSH +dd-relaunch.shbody; shared betweendeploy-cp.yml(cascade path) andlocal-agents.yml(operator dispatch).local-agents.ymlshrinks toworkflow_dispatch-only — the everyday cascade now flows throughdeploy-cp.yml. Net: 543 lines deleted, 432 added across the changed files.Depends on #127 — built on top of that branch so the preview probe + REF plumbing don't have to be re-invented. Retarget to main after #127 merges.
Test plan
deploy-cp.yml(preview)runs,/cp/attestreturns a valid MRTD, preview URL comment posts,relaunch-agentcascades →dd-local-previewrelaunches againstpr-N.devopsdefender.com.deploy-cp.yml(production)runs with the same body —/cp/attestnow also verifies prod (new signal), STONITH reaps old prod VM,dd-local-prodrelaunches.workflow_dispatchon Local Agents fires a manual relaunch without touching the CP (validates the script-iteration path).git diff .github/workflows/release.yml .github/workflows/production-deploy.ymlshows only trigger + input differences, zero duplicated steps (code-reuse invariant).🤖 Generated with Claude Code