Add PR preview cleanup workflow for frontend#226
Open
lmcdonough wants to merge 25 commits intomainfrom
Open
Conversation
Implement frontend PR preview overlay workflow that calls the reusable deployment workflow from the backend repository. **New File:** - pr-preview-frontend.yml: Frontend PR overlay workflow - Triggers on frontend PR events (opened, synchronize, reopened) - Calls refactor-platform-rs reusable workflow - Builds frontend from PR branch, uses main-arm64 backend - Uses repository-level secrets (no pr-preview environment) - Passes all required secrets for deployment to RPi5 **Workflow Strategy:** - repo_type: 'frontend' - builds frontend from PR, backend from main - Automatic main-arm64 backend build if image doesn't exist - Isolated PR environment with unique ports - Full stack deployment (postgres, backend, frontend) on Neo/RPi5 **Secret Requirements:** All secrets must be configured at repository level in frontend repo: - RPi5 SSH/Tailscale connection details - Database configuration (postgres user, password, db, schema) - Third-party service credentials (TipTap, MailerSend) - Frontend build configuration (backend service connection) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Remove all secret passing from frontend PR preview workflow. Secrets are now automatically accessed from backend repo's pr-preview environment. **Workflow Changes:** - Remove entire `secrets:` section (45+ lines removed) - No secrets needed in frontend repo for PR previews - Workflow now only passes configuration inputs - Uses backend repo's pr-preview environment automatically **Documentation:** - Add comprehensive PR preview runbook - Links to backend runbook for complete details - Add PR preview section to README - Quick reference for developers **Result:** - Frontend repo needs ZERO PR preview secrets - All secrets managed centrally in backend repo - Single source of truth for configuration - Simpler onboarding for new developers 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Add automatic cleanup workflow that triggers when frontend PRs are closed or merged, calling the backend repo's reusable cleanup workflow. **Frontend Caller (cleanup-pr-preview-frontend.yml):** - Triggers on pull_request types: [closed] - Calls backend repo's reusable cleanup workflow - Passes only repo_type, pr_number, branch_name - No secrets needed (uses backend pr-preview environment) **What Gets Cleaned:** - Docker containers (postgres, backend, frontend, migrator) - Docker volumes (database data) - Compose and environment files - PR-specific images from RPi5 and GHCR **What Gets Kept:** - PostgreSQL base images (shared across PRs) - main-arm64 images (for Docker layer caching) **Benefits:** - Automatic cleanup on PR close/merge - Zero secrets required in frontend repo - Prevents resource accumulation - Follows same pattern as deploy workflow 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Add 'secrets: inherit' to pass GITHUB_TOKEN to the reusable workflow in the backend repository. This is required when calling workflows across repository boundaries. The reusable workflow (in refactor-platform-rs) uses its own pr-preview environment for all secrets, but needs the GITHUB_TOKEN from the calling repository for authentication. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…se specific commit for staging environment
lmcdonough
had a problem deploying
to
pr-preview
GitHub Actions
Failure
lmcdonough
had a problem deploying
to
pr-preview
GitHub Actions
Failure
…TODO Changes: 1. Add TODO comment to update workflow reference to @main once backend PR #201 merges 2. Clarify that environment resolution uses backend repo's pr-preview environment 3. Add cleanup workflow to paths-ignore for consistency with backend The frontend workflow now correctly documents that when calling the backend's reusable workflow, the 'environment: pr-preview' references in that workflow resolve to the BACKEND repo's environment, not the frontend's. This allows centralizing all secrets in the backend repo's pr-preview environment. The workflow inherits the fix from backend PR #201 (removal of problematic 'if: needs.build-arm64-image.result == success' condition) and will deploy the full stack (backend + frontend + postgres) to neo when frontend PRs are opened or updated. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
lmcdonough
had a problem deploying
to
pr-preview
GitHub Actions
Failure
lmcdonough
had a problem deploying
to
pr-preview
GitHub Actions
Failure
This empty commit tests the frontend PR preview workflow to verify: - Secrets are now accessible from backend repo's pr-preview environment - Frontend lint and test jobs succeed - Full stack deploys to neo (postgres + backend + frontend) - PR comment posts with access URLs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
lmcdonough
requested a deployment
to
pr-preview
GitHub Actions
In progress
Before merge: The docker-compose.pr-preview.yaml file only exists on the backend PR branch (190-add-a-staging-environment...), not on main yet. To allow frontend PR testing now, temporarily use the backend PR branch. After merge: Both the workflow reference (@main) and backend_branch ('main') should be updated back to stable references. Changes: - backend_branch: Use backend PR branch temporarily (has compose file) - Updated TODO comments to be more specific about post-merge changes This allows frontend workflow to succeed both before and after backend PR #201 merges, following the same paradigm as backend workflow. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…thub-actions-workflows-for-preview-environments-on-pull-requests
lmcdonough
temporarily deployed
to
pr-preview
GitHub Actions
Inactive
lmcdonough
temporarily deployed
to
pr-preview
GitHub Actions
Inactive
lmcdonough
had a problem deploying
to
pr-preview
GitHub Actions
Error
lmcdonough
temporarily deployed
to
pr-preview
GitHub Actions
Inactive
lmcdonough
temporarily deployed
to
pr-preview
GitHub Actions
Inactive
lmcdonough
had a problem deploying
to
pr-preview
GitHub Actions
Error
- Create docs/cicd/README.md with frontend CI/CD overview - Document all 5 GitHub Actions workflows - Explain PR preview environment integration with backend - Point to backend repo for comprehensive CI/CD documentation - Update main README.md with CI/CD & Deployment section - Reorganize PR Preview Environments as subsection of CI/CD
lmcdonough
force-pushed
the
225-feature-create-github-actions-workflows-for-preview-environments-on-pull-requests
branch
from
7358c12 to
f4df06d
Compare
lmcdonough
temporarily deployed
to
pr-preview
GitHub Actions
Inactive
lmcdonough
had a problem deploying
to
pr-preview
GitHub Actions
Failure
… push The frontend PR preview workflow failed because GITHUB_TOKEN lacks write_package permission for the backend repo's GHCR packages. This adds: - check-backend-image job: pre-checks if main-arm64 exists in GHCR and passes it as backend_image override to skip cross-repo build/push - GHCR_PAT/GHCR_USERNAME secrets for cross-repo authentication when the backend image must be built from scratch - report-missing-image job: posts a PR comment with remediation steps when the backend image is missing and the deploy fails Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
lmcdonough
had a problem deploying
to
pr-preview
GitHub Actions
Failure
|
lmcdonough
had a problem deploying
to
pr-preview
GitHub Actions
Failure
lmcdonough
had a problem deploying
to
pr-preview
GitHub Actions
Failure
Update the secrets section comment in the frontend PR preview workflow to accurately describe how org/repo secrets flow through when the reusable workflow conditionally skips the pr-preview environment.
…for-preview-environments-on-pull-requests
Updated comment to reflect that the reusable workflow now always uses its own pr-preview environment (from backend repo), which provides access to all secrets including Tiptap and MailerSend for cross-repo calls.
lmcdonough
had a problem deploying
to
pr-preview
GitHub Actions
Failure
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements automated cleanup for PR preview environments. Triggers on pull_request closed event and calls backend reusable workflow.