Fix Universe CI/CD pipeline test and deploy handoff#18
Fix Universe CI/CD pipeline test and deploy handoff#18businesscurry123 wants to merge 4 commits into
Conversation
📝 WalkthroughWalkthroughThis PR configures GitHub Actions workflows and documentation for the Universe branch. Build triggers are extended to respond to compose and script changes. Test workflow is constrained to the universe branch with aligned checkouts, and a new deployment job posts to a webhook after tests pass. Complete CI/CD documentation includes workflow descriptions, deployment contract, and operational procedures. ChangesUniverse CI/CD Pipeline
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Possibly related issues
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (3)
docs/cicd.md (1)
83-87: ⚡ Quick winClarify why
discord-bot-universeandbot-server-universeare excluded from the deployment contract.This section defines the production contract but omits two images that are explicitly built earlier (Line 53-55). Add a short note that they are intentionally non-production here, or include them if they are part of the Universe runtime set.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/cicd.md` around lines 83 - 87, The docs list production images (play-universe, back-universe, map-storage-universe, uploader-universe) but omits discord-bot-universe and bot-server-universe; update the cicd.md section around the image list to either include those two images if they belong in the production Universe runtime, or add a concise clarifying sentence stating that discord-bot-universe and bot-server-universe are intentionally excluded from the production contract (they are built earlier but are non-production/runtime-only). Reference the image names (discord-bot-universe, bot-server-universe, play-universe, back-universe, map-storage-universe, uploader-universe) so the change is clear..github/workflows/test-universe-images.yml (2)
189-193: ⚡ Quick winConsider gating the deploy on a GitHub Environment and a concurrency group.
Two operational nits for a production handoff job:
environment: production— promotes this from a free-running job to one that can carry environment-scoped secrets (soUNIVERSE_DEPLOY_WEBHOOKdoesn't have to be repo-wide), optional required reviewers, and surfaces a deployment URL on the run summary. Especially useful given workflow_dispatch can be invoked from any branch.concurrency: { group: deploy-universe, cancel-in-progress: false }— serializes overlapping deploys when several universe pushes land close together, so the webhook receiver isn't asked to interleave deployments.♻️ Sketch
deploy-universe: name: "Deploy Universe" needs: test-universe-images runs-on: ubuntu-latest if: ${{ github.event_name == 'workflow_run' || github.event_name == 'workflow_dispatch' }} + environment: production + concurrency: + group: deploy-universe + cancel-in-progress: false steps:🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/test-universe-images.yml around lines 189 - 193, The deploy-universe job is missing environment and concurrency controls; update the deploy-universe job definition to add an environment (e.g., environment: production) so it can use environment-scoped secrets and required reviewers, and add a concurrency block (e.g., concurrency: { group: "deploy-universe", cancel-in-progress: false }) to serialize overlapping runs; locate the job named deploy-universe in the workflow and insert those two fields at the job level.
189-205: ⚡ Quick winHarden the webhook call: add a timeout (and consider retry/observability).
The deploy handoff is the single externally-visible action in this pipeline and has no timeout. If
UNIVERSE_DEPLOY_WEBHOOKis slow, returns no response, or stalls TCP, the runner sits idle up to the default 360-minute job timeout, blocking subsequent deploys from being queued cleanly. Adding--max-time(and ideally a bounded retry with backoff) keeps the handoff predictable.Also consider
--silent --show-errorso success runs stay quiet but a failure surfaces the response body with status —--fail-with-bodyalready gives non‑zero on 4xx/5xx, but pairing it with-Skeeps stderr useful on actual failures.♻️ Suggested hardening for the curl call
- curl --fail-with-body --request POST "$UNIVERSE_DEPLOY_WEBHOOK" + curl \ + --fail-with-body \ + --silent --show-error \ + --request POST \ + --max-time 30 \ + --retry 3 --retry-delay 5 --retry-connrefused \ + "$UNIVERSE_DEPLOY_WEBHOOK"Tune
--max-time/--retry*to match your production webhook's expected SLA (and ensure the receiver is idempotent if retries are enabled).🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/test-universe-images.yml around lines 189 - 205, The deploy-universe job's curl invocation lacks timeouts and observability; update the curl command that posts to the UNIVERSE_DEPLOY_WEBHOOK (the line containing curl --fail-with-body --request POST "$UNIVERSE_DEPLOY_WEBHOOK") to include a total timeout (e.g. --max-time 30), make failures visible but keep successful runs quiet (e.g. --silent --show-error / -sS), and add a bounded retry policy (e.g. --retry 2 --retry-delay 5 --retry-connrefused) so the job won't hang indefinitely and transient errors are retried in a controlled way.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/test-universe-images.yml:
- Around line 189-205: Add a boolean "deploy" workflow_dispatch input (default
false) so manual runs must opt-in to production deploys, and update the
deploy-universe job's conditional (the if for the deploy-universe job) to only
trigger on workflow_run OR on workflow_dispatch when github.event.inputs.deploy
is true; specifically add the deploy input under workflow_dispatch inputs and
change the existing if expression on the deploy-universe job (the job named
deploy-universe) to check (github.event_name == 'workflow_run') ||
(github.event_name == 'workflow_dispatch' && github.event.inputs.deploy ==
'true').
---
Nitpick comments:
In @.github/workflows/test-universe-images.yml:
- Around line 189-193: The deploy-universe job is missing environment and
concurrency controls; update the deploy-universe job definition to add an
environment (e.g., environment: production) so it can use environment-scoped
secrets and required reviewers, and add a concurrency block (e.g., concurrency:
{ group: "deploy-universe", cancel-in-progress: false }) to serialize
overlapping runs; locate the job named deploy-universe in the workflow and
insert those two fields at the job level.
- Around line 189-205: The deploy-universe job's curl invocation lacks timeouts
and observability; update the curl command that posts to the
UNIVERSE_DEPLOY_WEBHOOK (the line containing curl --fail-with-body --request
POST "$UNIVERSE_DEPLOY_WEBHOOK") to include a total timeout (e.g. --max-time
30), make failures visible but keep successful runs quiet (e.g. --silent
--show-error / -sS), and add a bounded retry policy (e.g. --retry 2
--retry-delay 5 --retry-connrefused) so the job won't hang indefinitely and
transient errors are retried in a controlled way.
In `@docs/cicd.md`:
- Around line 83-87: The docs list production images (play-universe,
back-universe, map-storage-universe, uploader-universe) but omits
discord-bot-universe and bot-server-universe; update the cicd.md section around
the image list to either include those two images if they belong in the
production Universe runtime, or add a concise clarifying sentence stating that
discord-bot-universe and bot-server-universe are intentionally excluded from the
production contract (they are built earlier but are
non-production/runtime-only). Reference the image names (discord-bot-universe,
bot-server-universe, play-universe, back-universe, map-storage-universe,
uploader-universe) so the change is clear.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: a78b6a03-4002-4eb4-b199-2d23bb093274
📒 Files selected for processing (3)
.github/workflows/build-universe-images.yml.github/workflows/test-universe-images.ymldocs/cicd.md
Issue
Addresses #10
/claim #1
Summary
This PR tightens the Universe CI/CD path without adding unconfigured production SSH secrets.
test-universe-images.ymlnow checks out the exact commit that triggered the build workflow, so the production-image tests use compose files from the same revision as the images being tested.universetag instead oflatest, becauselatestis only emitted whenuniverseis the default branch.build-universe-images.ymlnow also runs when Universe compose overrides or Universe helper scripts change.deploy-universejob runs after all image-test shards pass and callsUNIVERSE_DEPLOY_WEBHOOKwhen configured.docs/cicd.mddocuments the PR validation, image build, image test, and production webhook deployment contract foruniverse.bawes.net.docs/dev-workflow.mddocuments the day-to-day Universe branch flow, local compose smoke test, deploy status checks, and host-side rollback path.Acceptance criteria
build-universe-images.ymland documented the image build coverage.test-universe-images.ymland fixed the workflow/test revision alignment.continuous_integration.ymland documented the PR validation coverage.docs/cicd.md.docs/dev-workflow.mdfor the daily PR-to-merge-to-deploy loop.universe-<sha>image tags without inventing unconfigured SSH secrets..github/workflows/build-*, Universe test/deploy workflow behavior,cd/documentation, and CI/CD docs.Verification
git diff --check.github/workflows/build-universe-images.ymlwith Python YAML..github/workflows/test-universe-images.ymlwith Python YAML.