Refresh cpflow flow from latest PR 278

Author: justin808

.controlplane/shakacode-team.md

@@ -53,6 +53,8 @@ Optional repository settings:
 - `CPLN_CLI_VERSION`: pin a specific `@controlplane/cli` version; defaults to the generated action pin.
 - `CPFLOW_VERSION`: pin a specific cpflow gem version; defaults to the generated action pin.
 - `HEALTH_CHECK_ACCEPTED_STATUSES`: production promotion health statuses; defaults to `200 301 302`.
+- `HEALTH_CHECK_RETRIES` / `HEALTH_CHECK_INTERVAL`: production health polling controls; defaults to `24` retries and `15` seconds.
+- `ROLLBACK_READINESS_RETRIES` / `ROLLBACK_READINESS_INTERVAL`: post-rollback health polling controls; defaults to `24` retries and `15` seconds.
 
 If staging moves off `master`, update both `STAGING_APP_BRANCH` and the branch
 filter in `.github/workflows/cpflow-deploy-staging.yml`.

.github/actions/cpflow-build-docker-image/action.yml

@@ -74,6 +74,15 @@ runs:
 
         PR_INFO=""
         docker_build_args=()
+        ssh_agent_started=false
+
+        cleanup_build_ssh() {
+          if [[ "${ssh_agent_started}" == "true" ]]; then
+            ssh-agent -k >/dev/null || true
+          fi
+          rm -f "${HOME}/.ssh/cpflow_build_key"
+        }
+        trap cleanup_build_ssh EXIT
 
         if [[ -n "${PR_NUMBER}" ]]; then
           PR_INFO=" for PR #${PR_NUMBER}"
@@ -96,7 +105,7 @@ runs:
 
         if [[ -f "${HOME}/.ssh/cpflow_build_key" ]]; then
           eval "$(ssh-agent -s)"
-          trap 'ssh-agent -k >/dev/null; rm -f "${HOME}/.ssh/cpflow_build_key"' EXIT
+          ssh_agent_started=true
           ssh-add "${HOME}/.ssh/cpflow_build_key"
           docker_build_args+=("--ssh=default")
         fi
@@ -105,10 +114,9 @@ runs:
         cpflow build-image -a "${APP_NAME}" --commit="${COMMIT_SHA}" --org="${CONTROL_PLANE_ORG}" "${docker_build_args[@]}"
         echo "✅ Docker image build successful${PR_INFO} (commit ${COMMIT_SHA})"
 
-    - name: Cleanup Docker build SSH key
+    - name: Remove SSH key
       if: ${{ always() }}
       shell: bash
       run: |
-        # Defence in depth: the build step also traps EXIT, but this still runs
-        # if a future refactor exits before that trap is installed.
+        # Defence in depth for cancellations or future refactors around the build trap.
         rm -f "${HOME}/.ssh/cpflow_build_key"

.github/actions/cpflow-delete-control-plane-app/check-app-exists.sh

@@ -14,17 +14,42 @@ if [[ "$APP_NAME" != "${expected_prefix}"* ]]; then
   exit 1
 fi
 
+# Guard against a misconfigured REVIEW_APP_PREFIX that would otherwise match
+# a well-known shared environment.
+if echo "$APP_NAME" | grep -iqE '(^|-)(production|staging)(-|$)'; then
+  echo "❌ ERROR: refusing to delete an app whose name contains 'production' or 'staging'" >&2
+  echo "App name: $APP_NAME" >&2
+  exit 1
+fi
+
 echo "🔍 Checking if application exists: $APP_NAME"
-script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-if bash "${script_dir}/check-app-exists.sh"; then
-  :
-else
-  exists_status=$?
-  if [[ "$exists_status" -ne 1 ]]; then
+exists_output=""
+set +e
+exists_output="$(cpflow exists -a "$APP_NAME" --org "$CPLN_ORG" 2>&1)"
+exists_status=$?
+set -e
+
+case "$exists_status" in
+  0)
+    ;;
+  2)
+    if [[ -n "$exists_output" ]]; then
+      printf '%s\n' "$exists_output"
+    fi
+    echo "⚠️ Application does not exist: $APP_NAME"
+    exit 0
+    ;;
+  *)
+    echo "❌ ERROR: failed to determine whether application exists: $APP_NAME" >&2
+    if [[ -n "$exists_output" ]]; then
+      printf '%s\n' "$exists_output" >&2
+    fi
     exit "$exists_status"
-  fi
-  echo "⚠️ Application does not exist: $APP_NAME"
-  exit 0
+    ;;
+esac
+
+if [[ -n "$exists_output" ]]; then
+  printf '%s\n' "$exists_output"
 fi
 
 echo "🗑️ Deleting application: $APP_NAME"

.github/actions/cpflow-delete-control-plane-app/delete-app.sh

@@ -1,6 +1,6 @@
 name: Detect release phase support
 description: >-
-  Inspects the cpflow config for an app and emits `flag=--run-release-phase`
+  Inspects .controlplane/controlplane.yml for an app and emits `flag=--run-release-phase`
   when a `release_script:` is configured. Outputs an empty `flag` otherwise.
 
 inputs:
@@ -24,15 +24,32 @@ runs:
       run: |
         set -euo pipefail
 
-        config_output=""
-        if ! config_output="$(cpflow config -a "${APP_NAME}" 2>&1)"; then
-          echo "Failed to read cpflow config for app '${APP_NAME}'" >&2
-          printf '%s\n' "${config_output}" >&2
+        release_script="$(ruby - "${APP_NAME}" <<'RUBY'
+        require "yaml"
+
+        app_name = ARGV.fetch(0)
+        data = YAML.load_file(".controlplane/controlplane.yml", aliases: true)
+        apps = data["apps"] || {}
+        app_config = apps[app_name]
+
+        unless app_config
+          app_config = apps.find do |name, config|
+            config.is_a?(Hash) &&
+              config["match_if_app_name_starts_with"] &&
+              app_name.start_with?(name)
+          end&.last
+        end
+
+        unless app_config.is_a?(Hash)
+          warn "Error: app '#{app_name}' is not defined under `apps:` in `.controlplane/controlplane.yml`."
           exit 1
-        fi
+        end
+
+        puts app_config["release_script"].to_s
+        RUBY
+        )"
 
-        # Anchor to start-of-line so commented-out release_script: entries don't enable --run-release-phase.
-        if grep -qE '^[[:space:]]*release_script:' <<< "${config_output}"; then
+        if [[ -n "${release_script}" ]]; then
           echo "flag=--run-release-phase" >> "$GITHUB_OUTPUT"
         else
           echo "flag=" >> "$GITHUB_OUTPUT"

.github/actions/cpflow-detect-release-phase/action.yml

@@ -17,13 +17,13 @@ inputs:
   cpln_cli_version:
     description: >-
       @controlplane/cli version. Empty string falls back to the action's pinned default
-      so callers can pass a repository-variable-backed input unconditionally.
+      so callers can pass `${{ vars.CPLN_CLI_VERSION }}` unconditionally.
     required: false
     default: ""
   cpflow_version:
     description: >-
       cpflow gem version. Empty string falls back to the action's pinned default
-      so callers can pass a repository-variable-backed input unconditionally.
+      so callers can pass `${{ vars.CPFLOW_VERSION }}` unconditionally.
     required: false
     default: ""
 
@@ -52,7 +52,12 @@ runs:
         CPLN_CLI_VERSION="${CPLN_CLI_VERSION:-${default_cpln_cli_version}}"
         CPFLOW_VERSION="${CPFLOW_VERSION:-${default_cpflow_version}}"
 
-        sudo npm install -g "@controlplane/cli@${CPLN_CLI_VERSION}"
+        npm_global_prefix="${HOME}/.npm-global"
+        mkdir -p "${npm_global_prefix}"
+        echo "${npm_global_prefix}/bin" >> "$GITHUB_PATH"
+        export PATH="${npm_global_prefix}/bin:${PATH}"
+
+        npm install --global --prefix "${npm_global_prefix}" "@controlplane/cli@${CPLN_CLI_VERSION}"
         cpln --version
 
         gem install cpflow -v "${CPFLOW_VERSION}" --no-document
@@ -78,15 +83,6 @@ runs:
           exit 1
         fi
 
-        # Later workflow steps call cpflow/cpln, so persist the token without putting it on argv.
-        # This intentionally gives subsequent trusted steps in the same job a CPLN_TOKEN env var.
-        token_delimiter="CPLN_TOKEN_$(openssl rand -hex 8)"
-        {
-          echo "CPLN_TOKEN<<${token_delimiter}"
-          printf '%s\n' "$CPLN_TOKEN"
-          echo "${token_delimiter}"
-        } >> "$GITHUB_ENV"
-
         create_output=""
         if ! create_output="$(cpln profile create default --org "$ORG" 2>&1)"; then
           if ! echo "$create_output" | grep -qi "already exists"; then

.github/actions/cpflow-setup-environment/action.yml

@@ -39,7 +39,8 @@ runs:
         missing=()
         while IFS= read -r entry; do
           entry="${entry%$'\r'}"
-          entry="$(printf '%s' "${entry}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
+          entry="${entry#"${entry%%[![:space:]]*}"}"
+          entry="${entry%"${entry##*[![:space:]]}"}"
           [[ -z "${entry}" ]] && continue
 
           type="${entry%%:*}"
@@ -70,6 +71,5 @@ runs:
           exit 0
         fi
 
-        echo "Missing required GitHub configuration:" >&2
-        printf -- '- %s\n' "${missing[@]}" >&2
+        printf 'Missing required GitHub configuration:\n- %s\n' "${missing[@]}" >&2
         exit 1

.github/actions/cpflow-validate-config/action.yml

@@ -61,10 +61,14 @@ runs:
         for attempt in $(seq 1 "${CPFLOW_MAX_RETRIES}"); do
           echo "Health check attempt ${attempt}/${CPFLOW_MAX_RETRIES}"
 
-          if ! endpoint="$(cpln workload get "${CPFLOW_WORKLOAD_NAME}" --gvc "${CPFLOW_APP_NAME}" --org "${CPFLOW_ORG}" -o json | jq -r '.status.endpoint // empty')"; then
-            echo "Unable to fetch workload endpoint; will retry if attempts remain."
-            endpoint=""
+          if ! workload_json="$(cpln workload get "${CPFLOW_WORKLOAD_NAME}" --gvc "${CPFLOW_APP_NAME}" --org "${CPFLOW_ORG}" -o json 2>&1)"; then
+            echo "::error::Workload '${CPFLOW_WORKLOAD_NAME}' not found in GVC '${CPFLOW_APP_NAME}'. Set PRIMARY_WORKLOAD to the correct workload name." >&2
+            printf '%s\n' "${workload_json}" >&2
+            echo "healthy=false" >> "$GITHUB_OUTPUT"
+            exit 1
           fi
+
+          endpoint="$(echo "${workload_json}" | jq -r '.status.endpoint // empty')"
           if [[ -n "${endpoint}" ]]; then
             http_status="$(curl -s -o /dev/null -w '%{http_code}' --max-time "${CPFLOW_CURL_MAX_TIME}" "${endpoint}" 2>/dev/null || echo 000)"
             echo "Endpoint: ${endpoint}, HTTP status: ${http_status}"
@@ -75,6 +79,8 @@ runs:
                 exit 0
               fi
             done
+          else
+            echo "Workload '${CPFLOW_WORKLOAD_NAME}' has no endpoint yet; waiting for one to be assigned."
           fi
 
           if [[ "${attempt}" -lt "${CPFLOW_MAX_RETRIES}" ]]; then

.github/actions/cpflow-wait-for-health/action.yml

@@ -6,11 +6,12 @@
 - Creates the review app if it does not exist
 - Builds the PR commit image
 - Deploys the image and comments with the review URL
-- The command must be the only text in the comment
+- The comment must contain exactly `/deploy-review-app` and no other text
 
 `/delete-review-app`
 - Deletes the review app when the PR is done
 - This also runs automatically when the PR closes
+- The comment must contain exactly `/delete-review-app` and no other text
 
 ## Repository secrets
 
@@ -34,6 +35,8 @@
 | `DOCKER_BUILD_EXTRA_ARGS` | optional | Newline-delimited extra docker build tokens (e.g. `--build-arg=FOO=bar`). |
 | `DOCKER_BUILD_SSH_KNOWN_HOSTS` | optional | SSH known_hosts entries when SSH build hosts are not GitHub.com. |
 | `HEALTH_CHECK_ACCEPTED_STATUSES` | optional | Space-separated HTTP statuses considered healthy on promote (default `200 301 302`). |
+| `HEALTH_CHECK_RETRIES` / `HEALTH_CHECK_INTERVAL` | optional | Production health polling controls; defaults to `24` retries and `15` seconds. |
+| `ROLLBACK_READINESS_RETRIES` / `ROLLBACK_READINESS_INTERVAL` | optional | Post-rollback health polling controls; defaults to `24` retries and `15` seconds. |
 | `CPLN_CLI_VERSION` | optional | Pin a specific `@controlplane/cli` version; falls back to the action default when unset. |
 | `CPFLOW_VERSION` | optional | Pin a specific cpflow gem version; falls back to the generated default when unset. |
 

.github/cpflow-help.md

@@ -46,8 +46,8 @@ jobs:
 
       - name: Remove stale review apps
         env:
-          CPLN_ORG_STAGING: ${{ vars.CPLN_ORG_STAGING }}
           REVIEW_APP_PREFIX: ${{ vars.REVIEW_APP_PREFIX }}
+          CPLN_ORG_STAGING: ${{ vars.CPLN_ORG_STAGING }}
         shell: bash
         run: |
           set -euo pipefail