From d6bdf9e662c38df3c73be29df98245d7e632e226 Mon Sep 17 00:00:00 2001 From: Levi McDonough Date: Thu, 6 Nov 2025 19:46:52 -0500 Subject: [PATCH 1/9] Add PR preview deployment workflow for frontend PRs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Implement frontend PR preview overlay workflow that calls the reusable deployment workflow from the backend repository. **New File:** - pr-preview-frontend.yml: Frontend PR overlay workflow - Triggers on frontend PR events (opened, synchronize, reopened) - Calls refactor-platform-rs reusable workflow - Builds frontend from PR branch, uses main-arm64 backend - Uses repository-level secrets (no pr-preview environment) - Passes all required secrets for deployment to RPi5 **Workflow Strategy:** - repo_type: 'frontend' - builds frontend from PR, backend from main - Automatic main-arm64 backend build if image doesn't exist - Isolated PR environment with unique ports - Full stack deployment (postgres, backend, frontend) on Neo/RPi5 **Secret Requirements:** All secrets must be configured at repository level in frontend repo: - RPi5 SSH/Tailscale connection details - Database configuration (postgres user, password, db, schema) - Third-party service credentials (TipTap, MailerSend) - Frontend build configuration (backend service connection) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .github/workflows/pr-preview-frontend.yml | 85 +++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 .github/workflows/pr-preview-frontend.yml diff --git a/.github/workflows/pr-preview-frontend.yml b/.github/workflows/pr-preview-frontend.yml new file mode 100644 index 0000000..f4fad2e --- /dev/null +++ b/.github/workflows/pr-preview-frontend.yml @@ -0,0 +1,85 @@ +# ============================================================================= +# Frontend PR Preview Overlay Workflow +# ============================================================================= +# Purpose: Trigger PR preview deployments when frontend PRs are opened/updated +# Strategy: Build frontend from PR branch, use main-arm64 backend image +# Calls: refactor-platform-rs/ci-deploy-pr-preview.yml (reusable workflow) +# ============================================================================= + +name: PR Preview (Frontend) + +on: + pull_request: + # Trigger on PR lifecycle events + types: [opened, synchronize, reopened] + # Only run for frontend code changes + paths-ignore: + - '**.md' + - 'docs/**' + - '.github/**' + - '!.github/workflows/pr-preview-frontend.yml' + +# Prevent multiple deployments for the same PR +concurrency: + group: pr-preview-frontend-${{ github.event.pull_request.number }} + cancel-in-progress: true + +permissions: + contents: read + packages: write + pull-requests: write + attestations: write + id-token: write + +jobs: + # =========================================================================== + # JOB: Call reusable workflow with frontend-specific configuration + # =========================================================================== + deploy-frontend-pr: + name: Deploy Frontend PR Preview + # Call the reusable workflow from backend repository + uses: refactor-group/refactor-platform-rs/.github/workflows/ci-deploy-pr-preview.yml@main + with: + # This is a frontend PR deployment + repo_type: 'frontend' + # Use the PR number for port allocation and naming + pr_number: ${{ github.event.pull_request.number }} + # Build frontend from this PR's branch + branch_name: ${{ github.head_ref }} + # Use main branch for backend (will use main-arm64 image) + backend_branch: 'main' + # Optional: override with specific image tags if needed + # backend_image: '' # Leave empty to use main-arm64 + # frontend_image: '' # Leave empty to build from PR branch + # Optional: force complete rebuild + force_rebuild: false + # Pass all required secrets to the reusable workflow + # Frontend repo uses repository-level secrets (no pr-preview environment) + secrets: + # RPi5 SSH connection details (from frontend repo secrets) + RPI5_SSH_KEY: ${{ secrets.RPI5_SSH_KEY }} + RPI5_HOST_KEY: ${{ secrets.RPI5_HOST_KEY }} + RPI5_TAILSCALE_NAME: ${{ secrets.RPI5_TAILSCALE_NAME }} + RPI5_USERNAME: ${{ secrets.RPI5_USERNAME }} + # Database configuration (from frontend repo secrets) + PR_PREVIEW_POSTGRES_USER: ${{ secrets.PR_PREVIEW_POSTGRES_USER }} + PR_PREVIEW_POSTGRES_PASSWORD: ${{ secrets.PR_PREVIEW_POSTGRES_PASSWORD }} + PR_PREVIEW_POSTGRES_DB: ${{ secrets.PR_PREVIEW_POSTGRES_DB }} + PR_PREVIEW_POSTGRES_SCHEMA: ${{ secrets.PR_PREVIEW_POSTGRES_SCHEMA }} + # Third-party service credentials (from frontend repo secrets) + PR_PREVIEW_TIPTAP_APP_ID: ${{ secrets.PR_PREVIEW_TIPTAP_APP_ID }} + PR_PREVIEW_TIPTAP_URL: ${{ secrets.PR_PREVIEW_TIPTAP_URL }} + PR_PREVIEW_TIPTAP_AUTH_KEY: ${{ secrets.PR_PREVIEW_TIPTAP_AUTH_KEY }} + PR_PREVIEW_TIPTAP_JWT_SIGNING_KEY: ${{ secrets.PR_PREVIEW_TIPTAP_JWT_SIGNING_KEY }} + PR_PREVIEW_MAILERSEND_API_KEY: ${{ secrets.PR_PREVIEW_MAILERSEND_API_KEY }} + PR_PREVIEW_WELCOME_EMAIL_TEMPLATE_ID: ${{ secrets.PR_PREVIEW_WELCOME_EMAIL_TEMPLATE_ID }} + # Frontend build configuration (from frontend repo secrets/vars) + PR_PREVIEW_BACKEND_SERVICE_PROTOCOL: ${{ secrets.PR_PREVIEW_BACKEND_SERVICE_PROTOCOL }} + PR_PREVIEW_BACKEND_SERVICE_HOST: ${{ secrets.PR_PREVIEW_BACKEND_SERVICE_HOST }} + PR_PREVIEW_BACKEND_SERVICE_PORT: ${{ secrets.PR_PREVIEW_BACKEND_SERVICE_PORT }} + PR_PREVIEW_BACKEND_SERVICE_API_PATH: ${{ secrets.PR_PREVIEW_BACKEND_SERVICE_API_PATH }} + PR_PREVIEW_BACKEND_API_VERSION: ${{ secrets.PR_PREVIEW_BACKEND_API_VERSION }} + PR_PREVIEW_FRONTEND_SERVICE_PORT: ${{ secrets.PR_PREVIEW_FRONTEND_SERVICE_PORT }} + PR_PREVIEW_FRONTEND_SERVICE_INTERFACE: ${{ secrets.PR_PREVIEW_FRONTEND_SERVICE_INTERFACE }} + # GitHub token (automatically provided) + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From e902daf28fb67b02a2f942e0662100b525ed880b Mon Sep 17 00:00:00 2001 From: Levi McDonough Date: Thu, 6 Nov 2025 20:16:33 -0500 Subject: [PATCH 2/9] Simplify PR preview workflow and add documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove all secret passing from frontend PR preview workflow. Secrets are now automatically accessed from backend repo's pr-preview environment. **Workflow Changes:** - Remove entire `secrets:` section (45+ lines removed) - No secrets needed in frontend repo for PR previews - Workflow now only passes configuration inputs - Uses backend repo's pr-preview environment automatically **Documentation:** - Add comprehensive PR preview runbook - Links to backend runbook for complete details - Add PR preview section to README - Quick reference for developers **Result:** - Frontend repo needs ZERO PR preview secrets - All secrets managed centrally in backend repo - Single source of truth for configuration - Simpler onboarding for new developers 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .github/workflows/pr-preview-frontend.yml | 36 ++----- README.md | 16 +++ docs/runbooks/pr-preview-environments.md | 115 ++++++++++++++++++++++ 3 files changed, 137 insertions(+), 30 deletions(-) create mode 100644 docs/runbooks/pr-preview-environments.md diff --git a/.github/workflows/pr-preview-frontend.yml b/.github/workflows/pr-preview-frontend.yml index f4fad2e..ac49c42 100644 --- a/.github/workflows/pr-preview-frontend.yml +++ b/.github/workflows/pr-preview-frontend.yml @@ -53,33 +53,9 @@ jobs: # frontend_image: '' # Leave empty to build from PR branch # Optional: force complete rebuild force_rebuild: false - # Pass all required secrets to the reusable workflow - # Frontend repo uses repository-level secrets (no pr-preview environment) - secrets: - # RPi5 SSH connection details (from frontend repo secrets) - RPI5_SSH_KEY: ${{ secrets.RPI5_SSH_KEY }} - RPI5_HOST_KEY: ${{ secrets.RPI5_HOST_KEY }} - RPI5_TAILSCALE_NAME: ${{ secrets.RPI5_TAILSCALE_NAME }} - RPI5_USERNAME: ${{ secrets.RPI5_USERNAME }} - # Database configuration (from frontend repo secrets) - PR_PREVIEW_POSTGRES_USER: ${{ secrets.PR_PREVIEW_POSTGRES_USER }} - PR_PREVIEW_POSTGRES_PASSWORD: ${{ secrets.PR_PREVIEW_POSTGRES_PASSWORD }} - PR_PREVIEW_POSTGRES_DB: ${{ secrets.PR_PREVIEW_POSTGRES_DB }} - PR_PREVIEW_POSTGRES_SCHEMA: ${{ secrets.PR_PREVIEW_POSTGRES_SCHEMA }} - # Third-party service credentials (from frontend repo secrets) - PR_PREVIEW_TIPTAP_APP_ID: ${{ secrets.PR_PREVIEW_TIPTAP_APP_ID }} - PR_PREVIEW_TIPTAP_URL: ${{ secrets.PR_PREVIEW_TIPTAP_URL }} - PR_PREVIEW_TIPTAP_AUTH_KEY: ${{ secrets.PR_PREVIEW_TIPTAP_AUTH_KEY }} - PR_PREVIEW_TIPTAP_JWT_SIGNING_KEY: ${{ secrets.PR_PREVIEW_TIPTAP_JWT_SIGNING_KEY }} - PR_PREVIEW_MAILERSEND_API_KEY: ${{ secrets.PR_PREVIEW_MAILERSEND_API_KEY }} - PR_PREVIEW_WELCOME_EMAIL_TEMPLATE_ID: ${{ secrets.PR_PREVIEW_WELCOME_EMAIL_TEMPLATE_ID }} - # Frontend build configuration (from frontend repo secrets/vars) - PR_PREVIEW_BACKEND_SERVICE_PROTOCOL: ${{ secrets.PR_PREVIEW_BACKEND_SERVICE_PROTOCOL }} - PR_PREVIEW_BACKEND_SERVICE_HOST: ${{ secrets.PR_PREVIEW_BACKEND_SERVICE_HOST }} - PR_PREVIEW_BACKEND_SERVICE_PORT: ${{ secrets.PR_PREVIEW_BACKEND_SERVICE_PORT }} - PR_PREVIEW_BACKEND_SERVICE_API_PATH: ${{ secrets.PR_PREVIEW_BACKEND_SERVICE_API_PATH }} - PR_PREVIEW_BACKEND_API_VERSION: ${{ secrets.PR_PREVIEW_BACKEND_API_VERSION }} - PR_PREVIEW_FRONTEND_SERVICE_PORT: ${{ secrets.PR_PREVIEW_FRONTEND_SERVICE_PORT }} - PR_PREVIEW_FRONTEND_SERVICE_INTERFACE: ${{ secrets.PR_PREVIEW_FRONTEND_SERVICE_INTERFACE }} - # GitHub token (automatically provided) - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # ========================================================================= + # NO SECRETS NEEDED! + # ========================================================================= + # The reusable workflow uses the backend repo's pr-preview environment + # which contains all necessary secrets and variables for deployment. + # This eliminates the need to duplicate secrets in the frontend repo! diff --git a/README.md b/README.md index dcd373a..8a87047 100644 --- a/README.md +++ b/README.md @@ -156,3 +156,19 @@ All tests should pass before merging code. The test suite is designed to: For more detailed testing information, see [docs/testing/frontend-testing-strategy.md](./docs/testing/frontend-testing-strategy.md). #### For Working with and Running the Application in Docker, navigate to the [Container-README](./docs/runbooks/Container-README.md) + +--- + +## PR Preview Environments + +This repository automatically deploys **isolated preview environments** for each pull request. When you open a PR, a complete stack (backend + frontend + database) deploys to a dedicated server on our Tailnet for testing before merge. + +**What happens automatically:** + +- ✅ PR opened → Environment deploys +- ✅ New commits → Environment updates +- ✅ PR closed/merged → Environment cleans up + +**Access:** Requires Tailscale VPN connection. Access URLs are posted as a comment on your PR in the GitHub Web UI. + +For detailed information, see the [PR Preview Environments Runbook](docs/runbooks/pr-preview-environments.md). diff --git a/docs/runbooks/pr-preview-environments.md b/docs/runbooks/pr-preview-environments.md new file mode 100644 index 0000000..1297949 --- /dev/null +++ b/docs/runbooks/pr-preview-environments.md @@ -0,0 +1,115 @@ +# PR Preview Environments - Developer Guide + +This guide explains how to use automatic PR preview environments for the Refactor Platform. + +## 🚀 Quick Start + +**Open a PR = Get a live preview environment automatically!** + +Every PR in `refactor-platform-rs` (backend) or `refactor-platform-fe` (frontend) triggers an automatic deployment of a full-stack preview environment. + +### What Happens When You Open a PR + +1. ✅ **Automatic deployment** starts (~5-10 min for first build) +2. ✅ **Full stack** deployed: Postgres + Backend + Frontend +3. ✅ **Unique ports** assigned based on PR number +4. ✅ **PR comment** posted with access URLs +5. ✅ **Auto-cleanup** when PR closes/merges + +### Access Your Preview + +After deployment completes, check the PR comment for your URLs: + +``` +🚀 PR Preview Environment Deployed! + +Frontend: http://rpi5-hostname:3042 +Backend: http://rpi5-hostname:4042 +Health: http://rpi5-hostname:4042/health + +Ports: Frontend: 3042 | Backend: 4042 | Postgres: 5474 +``` + +**Requirements:** +- 🔐 Must be connected to Tailscale VPN + +--- + +## 📖 Full Documentation + +For complete documentation including troubleshooting, advanced usage, and monitoring: + +👉 **See: [Backend Repo PR Preview Runbook](https://github.com/refactor-group/refactor-platform-rs/blob/main/docs/runbooks/pr-preview-environments.md)** + +The complete runbook covers: +- Port allocation formula +- Deployment architecture +- Testing & debugging +- Manual cleanup procedures +- Advanced configuration options +- Security considerations + +--- + +## 🎯 Quick Reference + +### Port Formula + +| Service | Formula | Example (PR #42) | +|---------|---------|------------------| +| Frontend | 3000 + PR# | 3042 | +| Backend | 4000 + PR# | 4042 | +| Postgres | 5432 + PR# | 5474 | + +### Common Commands + +**Health check:** +```bash +curl http://rpi5-hostname:4042/health +``` + +**View logs:** +```bash +ssh user@rpi5-hostname +docker logs pr-42-frontend-1 -f +docker logs pr-42-backend-1 -f +``` + +**Check status:** +```bash +ssh user@rpi5-hostname +docker compose -p pr-42 ps +``` + +--- + +## 🔧 How Frontend PRs Work + +When you open a frontend PR: +1. **Frontend:** Builds from your PR branch 📦 +2. **Backend:** Uses main-arm64 image (or builds if missing) +3. **Deploy:** Full stack with your frontend changes + +**No secrets needed in frontend repo!** All configuration is managed centrally in the backend repo's `pr-preview` environment. + +--- + +## 🐛 Troubleshooting + +**Deployment failed?** +- Check workflow logs: PR → "Checks" tab → View failed workflow +- Common: Lint errors, test failures, build errors + +**Can't access preview?** +- Verify Tailscale: `tailscale status` +- Check correct port from PR comment +- Ensure workflow succeeded + +**Need help?** +- Check full runbook (linked above) +- Ask in #engineering Slack +- Open an issue + +--- + +**Happy Testing! 🚀** From 3163ae7c72d6bf5e9c98742084ba0fa0010c61ac Mon Sep 17 00:00:00 2001 From: Levi McDonough Date: Thu, 6 Nov 2025 20:34:01 -0500 Subject: [PATCH 3/9] Add PR preview cleanup workflow for frontend MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add automatic cleanup workflow that triggers when frontend PRs are closed or merged, calling the backend repo's reusable cleanup workflow. **Frontend Caller (cleanup-pr-preview-frontend.yml):** - Triggers on pull_request types: [closed] - Calls backend repo's reusable cleanup workflow - Passes only repo_type, pr_number, branch_name - No secrets needed (uses backend pr-preview environment) **What Gets Cleaned:** - Docker containers (postgres, backend, frontend, migrator) - Docker volumes (database data) - Compose and environment files - PR-specific images from RPi5 and GHCR **What Gets Kept:** - PostgreSQL base images (shared across PRs) - main-arm64 images (for Docker layer caching) **Benefits:** - Automatic cleanup on PR close/merge - Zero secrets required in frontend repo - Prevents resource accumulation - Follows same pattern as deploy workflow 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .../workflows/cleanup-pr-preview-frontend.yml | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/cleanup-pr-preview-frontend.yml diff --git a/.github/workflows/cleanup-pr-preview-frontend.yml b/.github/workflows/cleanup-pr-preview-frontend.yml new file mode 100644 index 0000000..a125525 --- /dev/null +++ b/.github/workflows/cleanup-pr-preview-frontend.yml @@ -0,0 +1,39 @@ +# ============================================================================= +# Frontend PR Preview Cleanup Overlay Workflow +# ============================================================================= +# Purpose: Trigger cleanup when frontend PRs are closed/merged +# Calls: refactor-platform-rs/cleanup-pr-preview.yml (reusable workflow) +# ============================================================================= + +name: Cleanup PR Preview (Frontend) + +on: + pull_request: + # Trigger on PR close (includes merge) + types: [closed] + +permissions: + contents: read + packages: write + pull-requests: write + +jobs: + # =========================================================================== + # JOB: Call reusable cleanup workflow from backend repo + # =========================================================================== + cleanup-frontend-pr: + name: Cleanup Frontend PR Preview + # Call the reusable workflow from backend repository + uses: refactor-group/refactor-platform-rs/.github/workflows/cleanup-pr-preview.yml@main + with: + # This is a frontend PR cleanup + repo_type: 'frontend' + # PR number to cleanup + pr_number: ${{ github.event.pull_request.number }} + # Branch name for image identification + branch_name: ${{ github.head_ref }} + # ========================================================================= + # NO SECRETS NEEDED! + # ========================================================================= + # The reusable workflow uses the backend repo's pr-preview environment + # which contains all necessary secrets for cleanup. From b953e024804eb21f4f1c69bdcf8177e4dcee5394 Mon Sep 17 00:00:00 2001 From: Levi McDonough Date: Thu, 6 Nov 2025 21:09:36 -0500 Subject: [PATCH 4/9] cleaning up workflow_call parameters for cleaning up preview envs. --- .github/workflows/cleanup-pr-preview-frontend.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cleanup-pr-preview-frontend.yml b/.github/workflows/cleanup-pr-preview-frontend.yml index a125525..ff16db2 100644 --- a/.github/workflows/cleanup-pr-preview-frontend.yml +++ b/.github/workflows/cleanup-pr-preview-frontend.yml @@ -32,6 +32,7 @@ jobs: pr_number: ${{ github.event.pull_request.number }} # Branch name for image identification branch_name: ${{ github.head_ref }} + secrets: inherit # ========================================================================= # NO SECRETS NEEDED! # ========================================================================= From 66d14b89800cc780042bf93caa8e36a850bd40af Mon Sep 17 00:00:00 2001 From: Levi McDonough Date: Fri, 7 Nov 2025 10:29:33 -0500 Subject: [PATCH 5/9] Fix PR preview workflow - add secrets inheritance MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add 'secrets: inherit' to pass GITHUB_TOKEN to the reusable workflow in the backend repository. This is required when calling workflows across repository boundaries. The reusable workflow (in refactor-platform-rs) uses its own pr-preview environment for all secrets, but needs the GITHUB_TOKEN from the calling repository for authentication. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .github/workflows/pr-preview-frontend.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr-preview-frontend.yml b/.github/workflows/pr-preview-frontend.yml index ac49c42..c443a2a 100644 --- a/.github/workflows/pr-preview-frontend.yml +++ b/.github/workflows/pr-preview-frontend.yml @@ -54,8 +54,12 @@ jobs: # Optional: force complete rebuild force_rebuild: false # ========================================================================= - # NO SECRETS NEEDED! + # SECRETS - Inherited from backend repo's pr-preview environment # ========================================================================= - # The reusable workflow uses the backend repo's pr-preview environment - # which contains all necessary secrets and variables for deployment. - # This eliminates the need to duplicate secrets in the frontend repo! + # The reusable workflow is located in the backend repo and uses its + # pr-preview environment for all secrets and variables. However, when + # calling from the frontend repo, we must explicitly pass secrets. + # Since this crosses repository boundaries, we use 'secrets: inherit' + # which makes the GITHUB_TOKEN from this repo available to the called workflow. + # The called workflow then uses its own environment's secrets. + secrets: inherit From 793ecfffd52e74bbb1891fb9edf372cd85a943e8 Mon Sep 17 00:00:00 2001 From: Levi McDonough Date: Fri, 7 Nov 2025 11:17:42 -0500 Subject: [PATCH 6/9] Update reusable workflows for frontend PR cleanup and deployment to use specific commit for staging environment --- .github/workflows/cleanup-pr-preview-frontend.yml | 2 +- .github/workflows/pr-preview-frontend.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cleanup-pr-preview-frontend.yml b/.github/workflows/cleanup-pr-preview-frontend.yml index ff16db2..51c7068 100644 --- a/.github/workflows/cleanup-pr-preview-frontend.yml +++ b/.github/workflows/cleanup-pr-preview-frontend.yml @@ -24,7 +24,7 @@ jobs: cleanup-frontend-pr: name: Cleanup Frontend PR Preview # Call the reusable workflow from backend repository - uses: refactor-group/refactor-platform-rs/.github/workflows/cleanup-pr-preview.yml@main + uses: refactor-group/refactor-platform-rs/.github/workflows/cleanup-pr-preview.yml@190-add-a-staging-environment-for-previewing-and-testing-ahead-of-a-new-deployment with: # This is a frontend PR cleanup repo_type: 'frontend' diff --git a/.github/workflows/pr-preview-frontend.yml b/.github/workflows/pr-preview-frontend.yml index c443a2a..4a28b41 100644 --- a/.github/workflows/pr-preview-frontend.yml +++ b/.github/workflows/pr-preview-frontend.yml @@ -38,7 +38,7 @@ jobs: deploy-frontend-pr: name: Deploy Frontend PR Preview # Call the reusable workflow from backend repository - uses: refactor-group/refactor-platform-rs/.github/workflows/ci-deploy-pr-preview.yml@main + uses: refactor-group/refactor-platform-rs/.github/workflows/ci-deploy-pr-preview.yml@190-add-a-staging-environment-for-previewing-and-testing-ahead-of-a-new-deployment with: # This is a frontend PR deployment repo_type: 'frontend' From 07001342238bb4df7264185e2a14f9bdc5d61126 Mon Sep 17 00:00:00 2001 From: Levi McDonough Date: Fri, 7 Nov 2025 12:24:42 -0500 Subject: [PATCH 7/9] Update frontend PR preview workflow - clarify env resolution and add TODO MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changes: 1. Add TODO comment to update workflow reference to @main once backend PR #201 merges 2. Clarify that environment resolution uses backend repo's pr-preview environment 3. Add cleanup workflow to paths-ignore for consistency with backend The frontend workflow now correctly documents that when calling the backend's reusable workflow, the 'environment: pr-preview' references in that workflow resolve to the BACKEND repo's environment, not the frontend's. This allows centralizing all secrets in the backend repo's pr-preview environment. The workflow inherits the fix from backend PR #201 (removal of problematic 'if: needs.build-arm64-image.result == success' condition) and will deploy the full stack (backend + frontend + postgres) to neo when frontend PRs are opened or updated. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .github/workflows/pr-preview-frontend.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pr-preview-frontend.yml b/.github/workflows/pr-preview-frontend.yml index 4a28b41..ec60aa3 100644 --- a/.github/workflows/pr-preview-frontend.yml +++ b/.github/workflows/pr-preview-frontend.yml @@ -18,6 +18,7 @@ on: - 'docs/**' - '.github/**' - '!.github/workflows/pr-preview-frontend.yml' + - '!.github/workflows/cleanup-pr-preview-frontend.yml' # Prevent multiple deployments for the same PR concurrency: @@ -38,6 +39,7 @@ jobs: deploy-frontend-pr: name: Deploy Frontend PR Preview # Call the reusable workflow from backend repository + # TODO: Update to @main once backend PR #201 is merged uses: refactor-group/refactor-platform-rs/.github/workflows/ci-deploy-pr-preview.yml@190-add-a-staging-environment-for-previewing-and-testing-ahead-of-a-new-deployment with: # This is a frontend PR deployment @@ -54,12 +56,10 @@ jobs: # Optional: force complete rebuild force_rebuild: false # ========================================================================= - # SECRETS - Inherited from backend repo's pr-preview environment + # SECRETS - Resolved from backend repo's pr-preview environment # ========================================================================= - # The reusable workflow is located in the backend repo and uses its - # pr-preview environment for all secrets and variables. However, when - # calling from the frontend repo, we must explicitly pass secrets. - # Since this crosses repository boundaries, we use 'secrets: inherit' - # which makes the GITHUB_TOKEN from this repo available to the called workflow. - # The called workflow then uses its own environment's secrets. + # The reusable workflow (defined in backend repo) uses 'environment: pr-preview' + # which resolves to the BACKEND repo's pr-preview environment, not the frontend's. + # All secrets are consolidated in the backend repo's pr-preview environment. + # We use 'secrets: inherit' to pass GITHUB_TOKEN for cross-repo operations. secrets: inherit From 91222f8395013b5e1522a163a619335da488da03 Mon Sep 17 00:00:00 2001 From: Levi McDonough Date: Fri, 7 Nov 2025 12:33:53 -0500 Subject: [PATCH 8/9] Test frontend PR preview workflow - trigger deployment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This empty commit tests the frontend PR preview workflow to verify: - Secrets are now accessible from backend repo's pr-preview environment - Frontend lint and test jobs succeed - Full stack deploys to neo (postgres + backend + frontend) - PR comment posts with access URLs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude From 0752228f17a1919ecbec5a350d7b4e3ccbbdebb9 Mon Sep 17 00:00:00 2001 From: Levi McDonough Date: Fri, 7 Nov 2025 12:59:28 -0500 Subject: [PATCH 9/9] Temporarily use backend PR branch for compose file access MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Before merge: The docker-compose.pr-preview.yaml file only exists on the backend PR branch (190-add-a-staging-environment...), not on main yet. To allow frontend PR testing now, temporarily use the backend PR branch. After merge: Both the workflow reference (@main) and backend_branch ('main') should be updated back to stable references. Changes: - backend_branch: Use backend PR branch temporarily (has compose file) - Updated TODO comments to be more specific about post-merge changes This allows frontend workflow to succeed both before and after backend PR #201 merges, following the same paradigm as backend workflow. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .github/workflows/pr-preview-frontend.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-preview-frontend.yml b/.github/workflows/pr-preview-frontend.yml index ec60aa3..e13c322 100644 --- a/.github/workflows/pr-preview-frontend.yml +++ b/.github/workflows/pr-preview-frontend.yml @@ -39,7 +39,9 @@ jobs: deploy-frontend-pr: name: Deploy Frontend PR Preview # Call the reusable workflow from backend repository - # TODO: Update to @main once backend PR #201 is merged + # TODO: After backend PR #201 merges, update both: + # - uses: line to @main (instead of branch name) + # - backend_branch: to 'main' (instead of PR branch) uses: refactor-group/refactor-platform-rs/.github/workflows/ci-deploy-pr-preview.yml@190-add-a-staging-environment-for-previewing-and-testing-ahead-of-a-new-deployment with: # This is a frontend PR deployment @@ -48,8 +50,9 @@ jobs: pr_number: ${{ github.event.pull_request.number }} # Build frontend from this PR's branch branch_name: ${{ github.head_ref }} - # Use main branch for backend (will use main-arm64 image) - backend_branch: 'main' + # TEMPORARY: Use backend PR branch until #201 merges (compose file exists there) + # After merge: Change back to 'main' + backend_branch: '190-add-a-staging-environment-for-previewing-and-testing-ahead-of-a-new-deployment' # Optional: override with specific image tags if needed # backend_image: '' # Leave empty to use main-arm64 # frontend_image: '' # Leave empty to build from PR branch