Github Actions separate to two jobs and staging

[justin808]

This change is 

Summary by CodeRabbit

• Workflow Updates

  • Enhanced GitHub Actions workflows for review app and staging deployments.
  • Updated deployment process with improved job structure and branch validation.
  • Added new jobs for debugging, building, and deploying applications.
  • Refined environment variable and output variable management.
  • Simplified help command workflow with dynamic help text generation.
  • Introduced manual execution trigger for deleting review apps.

• Minor Improvements

  • Adjusted formatting in review app help workflow.
  • Expanded trigger conditions for deployment workflows.

[coderabbitai]

Warning

Rate limit exceeded

@justin808 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 11 minutes and 47 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between c336d22 and a217452.

📒 Files selected for processing (3)

• .github/actions/build-docker-image/action.yml (2 hunks)
• .github/workflows/deploy-to-control-plane-staging.yml (1 hunks)
• .github/workflows/help-command.yml (1 hunks)

Walkthrough

The pull request introduces significant modifications to GitHub Actions workflows for deploying review and staging applications. The changes focus on restructuring deployment workflows for the Control Plane, including renaming jobs, adding new jobs like build and deploy, and introducing output variables. The workflows for both review apps and staging deployments have been updated to improve job organization, branch validation, and deployment processes. Additionally, several actions have been removed, and new actions for validation have been added to enhance functionality.

Changes

File	Change Summary
.github/workflows/deploy-to-control-plane-review-app.yml	- Renamed Process-Deployment-Command job to process-deployment - Added new build and deploy jobs - Introduced output variables for job coordination - Modified APP_NAME environment variable
.github/workflows/deploy-to-control-plane-staging.yml	- Updated workflow name and added run-name - Added debug, build, and deploy jobs - Enhanced validate-branch job - Added new environment variables
.github/workflows/review-app-help.yml	- Minor formatting changes to help message strings
.github/actions/help-command/action.yml	- Removed action for showing help command
.github/workflows/help-command.yml	- Updated workflow name and input parameter for help command
.github/actions/delete-control-plane-app/action.yml	- Removed action for deleting Control Plane App
.github/actions/delete-control-plane-app/delete-app.sh	- Removed script for deleting Control Plane App
.github/actions/validate-required-vars/action.yml	- Added new action for validating required variables
.github/workflows/delete-review-app.yml	- Added workflow_dispatch trigger with input pr_number - Updated APP_NAME and PR_NUMBER environment variables

Possibly related PRs

• Improvements to deployments #615: Improvements to deployments involving workflow modifications
• Github actions fixes #618: Modifications in the deployment action related to workflow changes
• More work on actions #622: Enhancements to the help command and input parameters, relating to overall workflow improvements

Poem

🐰 Workflows dancing, jobs in line,
Deploying code with design so fine
Review apps spinning, staging takes flight
GitHub Actions making everything right!
Rabbit's deployment magic unfurled 🚀

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Hi 👋 Here are the commands available for this PR:

• /deploy-review-app: Deploy your changes to a review environment
• /delete-review-app: Clean up the review environment when you're done
• /help: Show detailed information about all commands

Use /help to see full documentation, including configuration options.

[justin808]

/help

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

.github/workflows/deploy-to-control-plane-staging.yml (1)

22-24: Consider making the concurrency group more specific.

The current concurrency group might be too broad. Consider adding the branch name for more granular control.

concurrency:
-  group: deploy-staging
+  group: deploy-staging-${{ github.ref_name }}
  cancel-in-progress: true

.github/workflows/deploy-to-control-plane-review-app.yml (2)

331-338: Remove trailing spaces in the script.

There are trailing spaces in the message construction that should be removed.

            const buildingMessage = [
              '🏗️ Building Docker image for PR #${{ needs.process-deployment.outputs.pr_number }}, commit ${{ needs.process-deployment.outputs.pr_sha }}',
              '',
              '📝 [View Build Logs](${{ env.WORKFLOW_URL }})',
              '',
              process.env.CONSOLE_LINK
-            ].join('\n');
+            ].join('\n');

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 338-338: trailing spaces

(trailing-spaces)

---

Line range hint 397-441: Consider adding error handling for deployment status updates.

The deployment status update could fail silently if the GitHub API calls fail. Consider adding try-catch blocks for better error handling.

        script: |
+           try {
              const prNumber = process.env.PR_NUMBER;
              const appUrl = process.env.APP_URL;
              const workflowUrl = process.env.WORKFLOW_URL;
              const isSuccess = '${{ job.status }}' === 'success';
              
              const consoleLink = process.env.CONSOLE_LINK;
              
              // Create GitHub deployment status
              const deploymentStatus = {
                owner: context.repo.owner,
                repo: context.repo.repo,
                deployment_id: ${{ steps.init-deployment.outputs.result }},
                state: isSuccess ? 'success' : 'failure',
                environment_url: isSuccess ? appUrl : undefined,
                log_url: workflowUrl,
                environment: 'review'
              };
              
              await github.rest.repos.createDeploymentStatus(deploymentStatus);
              
              // Update the existing comment
              await github.rest.issues.updateComment({
                owner: context.repo.owner,
                repo: context.repo.repo,
                comment_id: ${{ steps.create-comment.outputs.comment-id }},
                body: isSuccess ? successMessage : failureMessage
              });
+           } catch (error) {
+             core.error(`Failed to update deployment status: ${error.message}`);
+             throw error;
+           }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f0c726f and 788e600.

📒 Files selected for processing (3)

• .controlplane/controlplane.yml (1 hunks)
• .github/workflows/deploy-to-control-plane-review-app.yml (4 hunks)
• .github/workflows/deploy-to-control-plane-staging.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/deploy-to-control-plane-review-app.yml

317-317: property "image_tag" is not defined in object type {}

(expression)

.github/workflows/deploy-to-control-plane-staging.yml

12-12: character ' ' is invalid for branch and tag names. ref name cannot contain spaces, ~, ^, :, [, ?, *. see man git-check-ref-format for more details. note that regular expression is unavailable. note: filter pattern syntax is explained at https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet

(glob)

---

12-12: property "vars" is not defined in object type {action: string; action_path: string; action_ref: string; action_repository: string; action_status: string; actor: string; actor_id: string; api_url: string; base_ref: string; env: string; event: object; event_name: string; event_path: string; graphql_url: string; head_ref: string; job: string; job_workflow_sha: string; path: string; ref: string; ref_name: string; ref_protected: string; ref_type: string; repository: string; repository_id: string; repository_owner: string; repository_owner_id: string; repositoryurl: string; retention_days: number; run_attempt: string; run_id: string; run_number: string; secret_source: string; server_url: string; sha: string; token: string; triggering_actor: string; workflow: string; workflow_ref: string; workflow_sha: string; workspace: string}

(expression)

---

12-12: character ' ' is invalid for branch and tag names. ref name cannot contain spaces, ~, ^, :, [, ?, *. see man git-check-ref-format for more details. note that regular expression is unavailable. note: filter pattern syntax is explained at https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet

(glob)

---

53-53: property "image_tag" is not defined in object type {}

(expression)

---

68-68: missing input "PR_NUMBER" which is required by action "Build Docker Image" defined at "./.github/actions/build-docker-image". all required inputs are "PR_NUMBER", "app_name", "commit", "org"

(action)

---

88-88: missing input "pr_number" which is required by action "Deploy to Control Plane" defined at "./.github/actions/deploy-to-control-plane". all required inputs are "app_name", "cpln_token", "github_token", "org", "pr_number"

(action)

🪛 YAMLlint (1.35.1)

.github/workflows/deploy-to-control-plane-review-app.yml

[error] 338-338: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test (22.x, 3.3.4)

🔇 Additional comments (2)

.controlplane/controlplane.yml (1)

58-58: LGTM! Descriptive app name change.

The updated name qa-react-webpack-rails-tutorial-pr better reflects the app's purpose as a PR review environment.

.github/workflows/deploy-to-control-plane-review-app.yml (1)

Line range hint 38-54: LGTM! Well-structured job outputs.

The process-deployment job's outputs are well-defined and provide good visibility into the deployment process.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 45-45: trailing spaces

(trailing-spaces)

[coderabbitai]

⚠️ Potential issue

Fix branch validation configuration.

The github.vars.STAGING_APP_BRANCH reference is incorrect as vars is not a valid property of the github context.

Apply this fix:

    branches:
      - 'main'
      - 'master'
-      - ${{ github.vars.STAGING_APP_BRANCH }}
+      - ${{ vars.STAGING_APP_BRANCH }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	branches:
	- 'main'
	- 'master'
	- ${{ github.vars.STAGING_APP_BRANCH }}
	branches:
	- 'main'
	- 'master'
	- ${{ vars.STAGING_APP_BRANCH }}

🧰 Tools

🪛 actionlint (1.7.4)

12-12: character ' ' is invalid for branch and tag names. ref name cannot contain spaces, ~, ^, :, [, ?, *. see man git-check-ref-format for more details. note that regular expression is unavailable. note: filter pattern syntax is explained at https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet

(glob)

---

12-12: property "vars" is not defined in object type {action: string; action_path: string; action_ref: string; action_repository: string; action_status: string; actor: string; actor_id: string; api_url: string; base_ref: string; env: string; event: object; event_name: string; event_path: string; graphql_url: string; head_ref: string; job: string; job_workflow_sha: string; path: string; ref: string; ref_name: string; ref_protected: string; ref_type: string; repository: string; repository_id: string; repository_owner: string; repository_owner_id: string; repositoryurl: string; retention_days: number; run_attempt: string; run_id: string; run_number: string; secret_source: string; server_url: string; sha: string; token: string; triggering_actor: string; workflow: string; workflow_ref: string; workflow_sha: string; workspace: string}

(expression)

---

12-12: character ' ' is invalid for branch and tag names. ref name cannot contain spaces, ~, ^, :, [, ?, *. see man git-check-ref-format for more details. note that regular expression is unavailable. note: filter pattern syntax is explained at https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet

(glob)

[coderabbitai]

⚠️ Potential issue

Add missing required input for Build Docker Image action.

The action requires a PR_NUMBER input that is not provided.

Add the missing input:

      - name: Build Docker Image
        id: build
        uses: ./.github/actions/build-docker-image
        with:
          app_name: ${{ env.APP_NAME }}
          org: ${{ vars.CPLN_ORG_STAGING }}
          commit: ${{ github.sha }}
+         PR_NUMBER: ''  # Add appropriate value or make it optional in the action

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Build Docker Image
	id: build
	uses: ./.github/actions/build-docker-image
	with:
	app_name: ${{ env.APP_NAME }}
	org: ${{ vars.CPLN_ORG_STAGING }}
	commit: ${{ github.sha }}
	- name: Build Docker Image
	id: build
	uses: ./.github/actions/build-docker-image
	with:
	app_name: ${{ env.APP_NAME }}
	org: ${{ vars.CPLN_ORG_STAGING }}
	commit: ${{ github.sha }}
	PR_NUMBER: '' # Add appropriate value or make it optional in the action

🧰 Tools

🪛 actionlint (1.7.4)

68-68: missing input "PR_NUMBER" which is required by action "Build Docker Image" defined at "./.github/actions/build-docker-image". all required inputs are "PR_NUMBER", "app_name", "commit", "org"

(action)

[coderabbitai]

⚠️ Potential issue

Add missing required input for Deploy to Control Plane action.

The action requires a pr_number input that is not provided.

Add the missing input:

      - name: Deploy to Control Plane
        uses: ./.github/actions/deploy-to-control-plane
        with:
          app_name: ${{ vars.STAGING_APP_NAME }}
          org: ${{ vars.CPLN_ORG_STAGING }}
          github_token: ${{ secrets.GITHUB_TOKEN }}
          wait_timeout: ${{ vars.WAIT_TIMEOUT || 900 }}
          cpln_token: ${{ secrets.CPLN_TOKEN_STAGING }}
+         pr_number: ''  # Add appropriate value or make it optional in the action

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools

🪛 actionlint (1.7.4)

88-88: missing input "pr_number" which is required by action "Deploy to Control Plane" defined at "./.github/actions/deploy-to-control-plane". all required inputs are "app_name", "cpln_token", "github_token", "org", "pr_number"

(action)

[justin808]

/help

[justin808]

/deploy-review-app

[github-actions]

🏗️ Building Docker image for PR #624, commit ec8ab3f

📝 View Build Logs

🎮 Control Plane Console

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/deploy-to-control-plane-review-app.yml (1)

372-372: Remove trailing space.

There's a trailing space at the end of line 372.

-              '📝 [View Deploy Logs](${{ env.WORKFLOW_URL }})',␣
+              '📝 [View Deploy Logs](${{ env.WORKFLOW_URL }})',

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ec8ab3f and b8c9fdc.

📒 Files selected for processing (1)

• .github/workflows/deploy-to-control-plane-review-app.yml (5 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/deploy-to-control-plane-review-app.yml

317-317: property "image_tag" is not defined in object type {}

(expression)

🪛 YAMLlint (1.35.1)

.github/workflows/deploy-to-control-plane-review-app.yml

[error] 338-338: trailing spaces

(trailing-spaces)

🔇 Additional comments (4)

.github/workflows/deploy-to-control-plane-review-app.yml (4)

27-30: LGTM! Well-structured environment configuration.

The environment variables are properly configured using GitHub's secure secrets and variables system.

---

355-359: LGTM! Well-structured deployment job.

The job has proper dependencies, conditions, and comprehensive status updates.

---

48-54: Verify deployment_id output reference.

The deployment_id output references steps.init-deployment.outputs.result, but this step is conditionally executed (if: env.DO_DEPLOY != 'false'). This could lead to undefined output when the deployment is skipped.

Consider adding a default value or handling the case when deployment is skipped:

-      deployment_id: ${{ steps.init-deployment.outputs.result }}
+      deployment_id: ${{ steps.init-deployment.outputs.result || '' }}

---

316-320: Verify image_tag output from build-docker-image action.

The image_tag output is referenced but may not be defined in the build-docker-image action. This could cause undefined behavior in downstream jobs.

Run this script to verify the output definition:

🧰 Tools

🪛 actionlint (1.7.4)

317-317: property "image_tag" is not defined in object type {}

(expression)

[github-actions]

🏗️ Building Docker image for PR #624, commit 33ce218

📝 View Build Logs

[github-actions]

🏗️ Building Docker image for PR #624, commit 33ce218

📝 View Build Logs

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (1)

.github/workflows/deploy-to-control-plane-review-app.yml (1)

Line range hint 376-381: Fix incorrect comment ID reference.

The deploy job is trying to access a non-existent step output. It should use the comment ID from the build job's outputs.

Fix the comment ID reference:

             await github.rest.issues.updateComment({
               owner: context.repo.owner,
               repo: context.repo.repo,
-              comment_id: ${{ steps.create-comment.outputs.comment-id }},
+              comment_id: ${{ needs.build.outputs.comment_id }},
               body: deployingMessage
             });

🧹 Nitpick comments (1)

.github/workflows/deploy-to-control-plane-review-app.yml (1)

Line range hint 38-54: Add explicit permissions for security.

While the job structure and outputs are well-organized, it's recommended to add explicit permissions to follow the principle of least privilege.

Add this configuration to the job:

   process-deployment:
     needs: debug
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
+      deployments: write
     if: |

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 45-45: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b8c9fdc and 33ce218.

📒 Files selected for processing (1)

• .github/workflows/deploy-to-control-plane-review-app.yml (5 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/deploy-to-control-plane-review-app.yml

317-317: property "image_tag" is not defined in object type {}

(expression)

🪛 YAMLlint (1.35.1)

.github/workflows/deploy-to-control-plane-review-app.yml

[error] 338-338: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test (22.x, 3.3.4)

🔇 Additional comments (2)

.github/workflows/deploy-to-control-plane-review-app.yml (2)

27-27: LGTM! Good naming convention improvement.

Adding the 'pr-' prefix to APP_NAME improves resource identification and management.

---

312-359: Great job on workflow restructuring!

The separation into distinct process-deployment, build, and deploy jobs improves:

• Maintainability through clear separation of concerns
• Error handling with better job isolation
• Debugging capability with focused logs per stage

🧰 Tools

🪛 actionlint (1.7.4)

317-317: property "image_tag" is not defined in object type {}

(expression)

🪛 YAMLlint (1.35.1)

[error] 338-338: trailing spaces

(trailing-spaces)

[coderabbitai]

⚠️ Potential issue

Fix missing output value assignment.

The job declares image_tag as an output but the value is never set in the build step. This could cause deployment failures.

Ensure the build step sets the output:

       - name: Build Docker Image
         id: build
         uses: ./.github/actions/build-docker-image
         with:
           app_name: ${{ env.APP_NAME }}
           org: ${{ vars.CPLN_ORG_STAGING }}
           commit: ${{ needs.process-deployment.outputs.pr_sha }}
           PR_NUMBER: ${{ needs.process-deployment.outputs.pr_number }}
+        # Add this step to set the output
+      - name: Set image tag output
+        if: success()
+        run: echo "image_tag=${{ env.APP_NAME }}:${{ needs.process-deployment.outputs.pr_sha }}" >> $GITHUB_OUTPUT

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	outputs:
	image_tag: ${{ steps.build.outputs.image_tag }}
	comment_id: ${{ needs.process-deployment.outputs.comment_id }}
	outputs:
	image_tag: ${{ steps.build.outputs.image_tag }}
	comment_id: ${{ needs.process-deployment.outputs.comment_id }}

🧰 Tools

🪛 actionlint (1.7.4)

317-317: property "image_tag" is not defined in object type {}

(expression)

[github-actions]

🏗️ Building Docker image for PR #624, commit 0c5fb50

📝 View Build Logs

[github-actions]

🏗️ Building Docker image for PR #624, commit 0c5fb50

📝 View Build Logs

[justin808]

/deploy-review-app

[github-actions]

🏗️ Building Docker image for PR #624, commit 742e247

📝 View Build Logs

[github-actions]

✅ Deployment complete for PR #624, commit 742e247

🚀 Review App for PR #624
🎮 Control Plane Console

📋 View Completed Action Build and Deploy Logs

[github-actions]

🏗️ Building Docker image for PR #624, commit 7d2f639

📝 View Build Logs

[github-actions]

🏗️ Building Docker image for PR #624, commit 7d2f639

📝 View Build Logs

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

.github/workflows/deploy-to-control-plane-review-app.yml (1)

Line range hint 391-393: Fix incorrect comment ID reference.

The deployment status update is using steps.create-comment.outputs.comment-id but should use the comment ID from the build job outputs.

               owner: context.repo.owner,
               repo: context.repo.repo,
-              comment_id: ${{ steps.create-comment.outputs.comment-id }},
+              comment_id: ${{ needs.build.outputs.comment_id }},
               body: deployingMessage

♻️ Duplicate comments (1)

.github/workflows/deploy-to-control-plane-review-app.yml (1)

316-320: ⚠️ Potential issue

Fix missing image_tag output value.

The job declares image_tag as an output but the value is never set in the build step.

Add a step to set the output:

       - name: Build Docker Image
         id: build
         uses: ./.github/actions/build-docker-image
         with:
           app_name: ${{ env.APP_NAME }}
           org: ${{ vars.CPLN_ORG_STAGING }}
           commit: ${{ needs.process-deployment.outputs.pr_sha }}
           PR_NUMBER: ${{ needs.process-deployment.outputs.pr_number }}
+      - name: Set image tag output
+        if: success()
+        run: echo "image_tag=${{ env.APP_NAME }}:${{ needs.process-deployment.outputs.pr_sha }}" >> $GITHUB_OUTPUT

🧰 Tools

🪛 actionlint (1.7.4)

317-317: property "image_tag" is not defined in object type {}

(expression)

🧹 Nitpick comments (5)

.github/workflows/help-command.yml (4)

8-11: Consider adding pattern validation for PR number input.

Add a pattern to validate that the PR number is positive and reasonable.

       pr_number:
         description: 'Pull Request number to post help comment on'
         required: true
         type: string
+        pattern: '^[1-9]\d{0,5}$'

---

61-64: Improve clarity of environment secrets description.

The description for CPLN_TOKEN_PRODUCTION appears redundant as it's identical to CPLN_TOKEN_STAGING.

                     items: [
                       '- `CPLN_TOKEN_STAGING`: Control Plane authentication token',
-                      '- `CPLN_TOKEN_PRODUCTION`: Control Plane authentication token'
+                      '- `CPLN_TOKEN_PRODUCTION`: Control Plane authentication token for production environment'
                     ]

---

116-116: Remove trailing spaces.

Several lines contain trailing spaces which should be removed for consistency.

-              const parts = ['# Available Commands', ''];
-              
+              const parts = ['# Available Commands', ''];
+
               // Add commands
               Object.values(sections.commands).forEach(cmd => {
                 parts.push(cmd.title, cmd.purpose, '', ...cmd.details, '');
               });
-              
+
               parts.push('---');
-              
+
               // Add setup section
               parts.push(sections.setup.title, '');
               sections.setup.sections.forEach(section => {
                 parts.push(section.title, ...section.items, '');
               });
               parts.push(sections.setup.note, '');
-              
+
               // Add remaining sections
               ['integration', 'cleanup', 'help'].forEach(section => {
                 parts.push(sections[section].title, '', ...sections[section].details, '');
               });
-              
+
               return parts.join('\n');

Also applies to: 121-121, 123-123, 130-130, 135-135, 140-140, 141-141, 144-144

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 116-116: trailing spaces

(trailing-spaces)

---

150-150: Add newline at end of file.

Add a newline character at the end of the file to follow YAML best practices.

               body: helpText
-            });
+            });
+

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 150-150: no new line character at the end of file

(new-line-at-end-of-file)

.github/workflows/deploy-to-control-plane-review-app.yml (1)

344-344: Remove trailing spaces in status update message.

Remove trailing spaces for consistency.

-            ].join('\n');
+            ].join('\n');

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 344-344: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 33ce218 and 7d2f639.

📒 Files selected for processing (3)

• .github/actions/help-command/action.yml (0 hunks)
• .github/workflows/deploy-to-control-plane-review-app.yml (5 hunks)
• .github/workflows/help-command.yml (1 hunks)

💤 Files with no reviewable changes (1)

• .github/actions/help-command/action.yml

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/help-command.yml

[error] 21-21: trailing spaces

(trailing-spaces)

---

[error] 116-116: trailing spaces

(trailing-spaces)

---

[error] 121-121: trailing spaces

(trailing-spaces)

---

[error] 123-123: trailing spaces

(trailing-spaces)

---

[error] 130-130: trailing spaces

(trailing-spaces)

---

[error] 135-135: trailing spaces

(trailing-spaces)

---

[error] 140-140: trailing spaces

(trailing-spaces)

---

[error] 141-141: trailing spaces

(trailing-spaces)

---

[error] 144-144: trailing spaces

(trailing-spaces)

---

[error] 150-150: no new line character at the end of file

(new-line-at-end-of-file)

.github/workflows/deploy-to-control-plane-review-app.yml

[error] 344-344: trailing spaces

(trailing-spaces)

🪛 actionlint (1.7.4)

.github/workflows/deploy-to-control-plane-review-app.yml

317-317: property "image_tag" is not defined in object type {}

(expression)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: build
• GitHub Check: test (22.x, 3.3.4)

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (3)

.github/workflows/deploy-to-control-plane-staging.yml (2)

70-77: ⚠️ Potential issue

Fix missing required input for Build Docker Image action.

The action requires a PR_NUMBER input that is not provided.

      - name: Build Docker Image
        id: build
        uses: ./.github/actions/build-docker-image
        with:
          app_name: ${{ env.APP_NAME }}
          org: ${{ vars.CPLN_ORG_STAGING }}
          commit: ${{ github.sha }}
+         PR_NUMBER: ''  # Add appropriate value or make it optional in the action

🧰 Tools

🪛 actionlint (1.7.4)

72-72: missing input "PR_NUMBER" which is required by action "Build Docker Image" defined at "./.github/actions/build-docker-image". all required inputs are "PR_NUMBER", "app_name", "commit", "org"

(action)

---

91-98: ⚠️ Potential issue

Fix missing required input for Deploy to Control Plane action.

The action requires a pr_number input that is not provided.

      - name: Deploy to Control Plane
        uses: ./.github/actions/deploy-to-control-plane
        with:
          app_name: ${{ vars.STAGING_APP_NAME }}
          org: ${{ vars.CPLN_ORG_STAGING }}
          github_token: ${{ secrets.GITHUB_TOKEN }}
          wait_timeout: ${{ vars.WAIT_TIMEOUT || 900 }}
          cpln_token: ${{ secrets.CPLN_TOKEN_STAGING }}
+         pr_number: ''  # Add appropriate value or make it optional in the action

🧰 Tools

🪛 actionlint (1.7.4)

92-92: missing input "pr_number" which is required by action "Deploy to Control Plane" defined at "./.github/actions/deploy-to-control-plane". all required inputs are "app_name", "cpln_token", "github_token", "org", "pr_number"

(action)

.github/workflows/deploy-to-control-plane-review-app.yml (1)

291-300: ⚠️ Potential issue

Fix missing output value assignment.

The job declares image_tag as an output but the value is never set in the build step. This could cause deployment failures.

       - name: Build Docker Image
         id: build
         uses: ./.github/actions/build-docker-image
         with:
           app_name: ${{ env.APP_NAME }}
           org: ${{ vars.CPLN_ORG_STAGING }}
           commit: ${{ needs.process-deployment.outputs.pr_sha }}
           PR_NUMBER: ${{ needs.process-deployment.outputs.pr_number }}
+        # Add this step to set the output
+      - name: Set image tag output
+        if: success()
+        run: echo "image_tag=${{ env.APP_NAME }}:${{ needs.process-deployment.outputs.pr_sha }}" >> $GITHUB_OUTPUT

🧰 Tools

🪛 actionlint (1.7.4)

296-296: property "image_tag" is not defined in object type {}

(expression)

🧹 Nitpick comments (1)

.github/actions/validate-required-vars/action.yml (1)

10-28: Consider enhancing variable validation.

While the current validation checks for empty values, consider adding format validation for specific variables:

• CPLN_TOKEN_STAGING: Validate token format/length
• CPLN_ORG_STAGING: Check for valid organization name pattern
• REVIEW_APP_PREFIX: Ensure it follows naming conventions

 missing=()
 
 # Check required secrets
 if [ -z "$CPLN_TOKEN_STAGING" ]; then
   missing+=("Secret: CPLN_TOKEN_STAGING")
+elif [[ ! "$CPLN_TOKEN_STAGING" =~ ^[A-Za-z0-9_-]{20,}$ ]]; then
+  missing+=("Secret: CPLN_TOKEN_STAGING (invalid format)")
 fi
 
 # Check required variables
 if [ -z "$CPLN_ORG_STAGING" ]; then
   missing+=("Variable: CPLN_ORG_STAGING")
+elif [[ ! "$CPLN_ORG_STAGING" =~ ^[a-z0-9][a-z0-9-]*[a-z0-9]$ ]]; then
+  missing+=("Variable: CPLN_ORG_STAGING (invalid format)")
 fi
 if [ -z "$REVIEW_APP_PREFIX" ]; then
   missing+=("Variable: REVIEW_APP_PREFIX")
+elif [[ ! "$REVIEW_APP_PREFIX" =~ ^[a-z0-9][a-z0-9-]*[a-z0-9]$ ]]; then
+  missing+=("Variable: REVIEW_APP_PREFIX (invalid format)")
 fi

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 11-11: trailing spaces

(trailing-spaces)

---

[error] 16-16: trailing spaces

(trailing-spaces)

---

[error] 24-24: trailing spaces

(trailing-spaces)

---

[error] 28-28: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7d2f639 and c336d22.

📒 Files selected for processing (6)

• .github/actions/delete-control-plane-app/action.yml (0 hunks)
• .github/actions/delete-control-plane-app/delete-app.sh (0 hunks)
• .github/actions/validate-required-vars/action.yml (1 hunks)
• .github/workflows/delete-review-app.yml (3 hunks)
• .github/workflows/deploy-to-control-plane-review-app.yml (6 hunks)
• .github/workflows/deploy-to-control-plane-staging.yml (1 hunks)

💤 Files with no reviewable changes (2)

• .github/actions/delete-control-plane-app/action.yml
• .github/actions/delete-control-plane-app/delete-app.sh

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/actions/validate-required-vars/action.yml

[error] 11-11: trailing spaces

(trailing-spaces)

---

[error] 16-16: trailing spaces

(trailing-spaces)

---

[error] 24-24: trailing spaces

(trailing-spaces)

---

[error] 28-28: trailing spaces

(trailing-spaces)

.github/workflows/deploy-to-control-plane-review-app.yml

[error] 323-323: trailing spaces

(trailing-spaces)

🪛 actionlint (1.7.4)

.github/workflows/deploy-to-control-plane-staging.yml

57-57: property "image_tag" is not defined in object type {}

(expression)

---

72-72: missing input "PR_NUMBER" which is required by action "Build Docker Image" defined at "./.github/actions/build-docker-image". all required inputs are "PR_NUMBER", "app_name", "commit", "org"

(action)

---

92-92: missing input "pr_number" which is required by action "Deploy to Control Plane" defined at "./.github/actions/deploy-to-control-plane". all required inputs are "app_name", "cpln_token", "github_token", "org", "pr_number"

(action)

.github/workflows/deploy-to-control-plane-review-app.yml

296-296: property "image_tag" is not defined in object type {}

(expression)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test (22.x, 3.3.4)

🔇 Additional comments (10)

.github/actions/validate-required-vars/action.yml (2)

1-2: LGTM! Clear and descriptive action metadata.

The name and description accurately reflect the action's purpose.

---

4-9: LGTM! Well-structured composite action.

The action follows best practices by using composite runs and bash shell for validation.

.github/workflows/deploy-to-control-plane-staging.yml (3)

20-22: LGTM! Effective concurrency control.

The configuration properly manages concurrent deployments and cancels in-progress ones.

---

30-50: LGTM! Comprehensive branch validation logic.

The validation logic effectively handles both configured branch (STAGING_APP_BRANCH) and default branches (main/master).

---

9-10: Verify branch configuration security.

The '*' pattern allows deployment from any branch. Consider restricting this to specific patterns for better security.

✅ Verification successful

Branch configuration is appropriate for staging environment

The '*' pattern is suitable for a staging environment, being more restrictive than the review app configuration ('**') while allowing necessary feature branch testing. This follows standard GitOps practices.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if there are any recent deployments from unexpected branches
gh api graphql -f query='
query($owner:String!, $repo:String!) {
  repository(owner:$owner, repo:$repo) {
    deployments(last:10) {
      nodes {
        environment
        ref {
          name
        }
      }
    }
  }
}' -f owner=$GITHUB_REPOSITORY_OWNER -f repo=$(basename $GITHUB_REPOSITORY)

Length of output: 1183

---

Script:

#!/bin/bash
# Check branch patterns in other workflow files and environment configuration
echo "=== Workflow Files Branch Patterns ==="
fd -e yml -e yaml . .github/workflows/ --exec grep -l "branches:" {} \; | while read -r file; do
    echo "=== $file ==="
    grep -A 5 "branches:" "$file"
done

echo -e "\n=== Environment Configuration ==="
fd -e yml -e yaml . .github/workflows/ --exec grep -B2 -A2 "environment:" {} \;

Length of output: 2252

.github/workflows/delete-review-app.yml (3)

8-13: LGTM! Well-defined manual trigger.

The workflow_dispatch trigger is properly configured with clear input description.

---

24-25: LGTM! Robust environment variable handling.

The environment variables properly handle PR numbers from all possible sources (PR, issue comment, manual trigger).

---

45-46: LGTM! Proper validation integration.

The validation action is correctly integrated to ensure required variables are present.

.github/workflows/deploy-to-control-plane-review-app.yml (2)

312-330: LGTM! Clear status updates.

The status update implementation provides good visibility into the build process.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 323-323: trailing spaces

(trailing-spaces)

---

332-339: LGTM! Proper build configuration.

The build step correctly uses outputs from the process-deployment job.