[codex] Regenerate cpflow review app flow

[justin808]

Summary

• Regenerate the generated cpflow GitHub Actions review-app/staging/promotion flow using cpflow 5.0.0.rc.1 from a clean origin/master branch.
• Align review-app docs and homepage command snippets with the rc.1 +review-app-* commands.
• Add the aarch64-linux Bundler platform so the Control Plane Docker image validates locally on Apple Silicon.

Validation

• bin/conductor-exec cpflow ai-github-flow-prompt
• bin/conductor-exec cpflow github-flow-readiness (no blockers; registry verification warnings for existing exact-pinned private/beta packages)
• actionlint .github/workflows/cpflow-*.yml
• bin/conductor-exec ruby -e 'require "yaml"; Dir[".github/workflows/cpflow-*.yml", ".github/actions/cpflow-*/action.yml", ".controlplane/**/*.yml"].sort.each { |path| YAML.load_file(path, aliases: true) }; puts "YAML ok"'
• git diff --check --cached
• docker build -f .controlplane/Dockerfile --build-arg GIT_COMMIT=b75a6ac31d3c7a94202fc3f757034cf7931a908f -t react-webpack-rails-tutorial:cpflow-rc1-validation .

Notes

• gh auth status reports the local justin808 token is invalid, so this PR was opened via the GitHub connector after pushing with git.

---

Note

Medium Risk
Updates generated GitHub Actions that control review-app, staging, and production promotion deployments; mistakes could break deployments or cleanup behavior. Changes are mostly generator-driven plus documentation updates, but touch CI/CD and secrets handling paths.

Overview
Regenerates the cpflow-* GitHub Actions flow to cpflow 5.0.0.rc.1, including switching PR comment triggers from slash commands to +review-app-deploy / +review-app-delete / +review-app-help (with tolerant newline matching) and updating the help text/quick-reference workflow.

Adjusts CI/CD workflow behavior by broadening staging deploy triggers to main + master, simplifying some gating/checkout behavior, and removing several explicit CPLN_TOKEN env pass-throughs in favor of the shared setup action; production promotion also hard-codes default retry/interval values instead of using ${{ vars.* || default }}.

Updates docs and homepage snippets to reflect the new review-app commands, and updates Gemfile.lock to add the aarch64-linux platform (plus corresponding platform gem entries) for Apple Silicon compatibility.

^{Reviewed by Cursor Bugbot for commit 9d3b37e. Bugbot is set up for automated code reviews on this repo. Configure here.}

Summary by CodeRabbit

Release Notes

• Documentation

  • Updated review app command syntax from /deploy-review-app and /delete-review-app to +review-app-deploy and +review-app-delete.
  • Revised help documentation and on-page guidance to reflect the new command patterns.

• Chores

  • Updated GitHub workflows and configurations to support new command syntax.
  • Bumped cpflow dependency version.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ca6fc9bf-f986-4590-b8f8-32635433d88e

📥 Commits

Reviewing files that changed from the base of the PR and between 5c94c36 and 9d3b37e.

⛔ Files ignored due to path filters (1)

• Gemfile.lock is excluded by !**/*.lock

📒 Files selected for processing (13)

• .controlplane/readme.md
• .controlplane/shakacode-team.md
• .github/actions/cpflow-setup-environment/action.yml
• .github/cpflow-help.md
• .github/workflows/cpflow-cleanup-stale-review-apps.yml
• .github/workflows/cpflow-delete-review-app.yml
• .github/workflows/cpflow-deploy-review-app.yml
• .github/workflows/cpflow-deploy-staging.yml
• .github/workflows/cpflow-help-command.yml
• .github/workflows/cpflow-promote-staging-to-production.yml
• .github/workflows/cpflow-review-app-help.yml
• app/views/pages/_header.html.erb
• app/views/pages/index.html.erb

---

Walkthrough

This PR migrates review app command syntax from slash-style (/deploy-review-app, /delete-review-app, /help) to plus-style (+review-app-deploy, +review-app-delete, +review-app-help), updates workflow trigger conditions to accept multiple comment variants, refactors token environment variable handling across workflows, and adjusts configuration defaults.

Changes

cpflow command syntax and token environment refactoring

Layer / File(s)	Summary
Command syntax documentation and UI updates .controlplane/readme.md, .controlplane/shakacode-team.md, .github/cpflow-help.md, .github/workflows/cpflow-review-app-help.yml, app/views/pages/_header.html.erb, app/views/pages/index.html.erb	Updated documentation, help files, and user-facing UI to display and reference the new plus-style command format (+review-app-deploy, +review-app-delete, +review-app-help) instead of the previous slash-style commands. Added advanced testing guidance explaining how to invoke PR-branch workflow changes using gh workflow run with explicit branch and PR number flags.
Workflow trigger condition updates .github/workflows/cpflow-delete-review-app.yml, .github/workflows/cpflow-deploy-review-app.yml, .github/workflows/cpflow-help-command.yml	Changed issue-comment trigger conditions from exact string equality to flexible contains() checks against allowlists of accepted comment bodies, supporting multiple variants including newline-terminated forms. Added author-association gating for help command triggers while preserving manual workflow_dispatch dispatch paths.
Token environment variable refactoring .github/workflows/cpflow-cleanup-stale-review-apps.yml, .github/workflows/cpflow-delete-review-app.yml, .github/workflows/cpflow-deploy-review-app.yml, .github/workflows/cpflow-deploy-staging.yml, .github/workflows/cpflow-promote-staging-to-production.yml	Removed explicit CPLN_TOKEN environment variable declarations from sixteen workflow steps across five workflows, changing how credentials are sourced from per-step env blocks to parent job or action setup. Affected steps include app existence checks, Docker image builds, control-plane deployments, staging rollouts, and production promotion operations.
Configuration, version, and permissions updates .github/actions/cpflow-setup-environment/action.yml, .github/workflows/cpflow-delete-review-app.yml, .github/workflows/cpflow-deploy-staging.yml, .github/workflows/cpflow-promote-staging-to-production.yml	Bumped cpflow gem version fallback from 5.0.0.rc.0 to 5.0.0.rc.1, refined GitHub Action input descriptions to support unconditional repo variable passthrough, tightened workflow permissions by removing deployments: write, expanded staging push triggers to include main branch, hardcoded health check and rollback readiness retry/interval values from variable expressions, and adjusted environment variable sourcing for STAGING_APP_BRANCH.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 Commands migrate from slashes to plus,
Plus-deployed apps cause much less fuss.
Tokens now hidden in workflow's air,
Configuration hardened—deploy with care!
A refactor complete, branch and prod both shining bright.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch jg-codex/cpflow-rc1-review-app

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Control Plane review app commands

/deploy-review-app
Create the review app or redeploy the PR branch to it.

/delete-review-app
Delete the review app and its temporary resources.

/help
Show the required GitHub variables, secrets, and workflow behavior.

[cursor]

Delete workflow lost config readiness guards

Medium Severity

The validate-config step lost its id: config and all subsequent steps lost their if: steps.config.outputs.ready == 'true' guards. The cpflow-validate-config action with pull_request_friendly: "true" exits 0 with ready=false on pull_request_target events when secrets are missing. Without guards, the workflow proceeds to setup and delete steps that fail noisily, instead of skipping gracefully. The deploy workflow still correctly uses these guards, making this an inconsistency.

Additional Locations (1)

• .github/workflows/cpflow-delete-review-app.yml#L71-L78

 

^{Reviewed by Cursor Bugbot for commit 56a8bf3. Configure here.}

[cursor]

Removed carriage-return stripping from SSH secret files

Low Severity

The tr -d '\r' pipe was removed when writing DOCKER_BUILD_SSH_KNOWN_HOSTS and DOCKER_BUILD_SSH_KEY to disk. If a user sets these secrets with Windows-style \r\n line endings (e.g., via the GitHub API, gh secret set from Windows, or copy-paste from a Windows editor), the resulting files will contain embedded \r characters. SSH is strict about key format — ssh-add will reject the key with a cryptic "invalid format" error, and known_hosts matching may silently fail, both causing the Docker build to break.

Additional Locations (1)

• .github/actions/cpflow-build-docker-image/action.yml#L64-L65

 

^{Reviewed by Cursor Bugbot for commit 56a8bf3. Configure here.}

[claude]

Code Review — PR #735: Regenerate cpflow review app flow (rc.1)

Overview

This PR regenerates the cpflow GitHub Actions CI/CD flow to 5.0.0.rc.1, migrating PR commands from slash-command syntax (/deploy-review-app) to +review-app-* prefix syntax, plus adds aarch64-linux to Gemfile.lock for Apple Silicon Docker builds.

---

Strengths

• Tolerant newline matching — the contains(fromJson('["+review-app-deploy","+review-app-deploy\n","+review-app-deploy\r\n"]'), ...) pattern is a clean way to accept the trailing newline GitHub's comment editor injects, while still blocking please +review-app-deploy now-style typos.
• Centralized token handling — removing CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_STAGING }} from individual steps in favour of the setup action reduces repeated secret references across workflows.
• Improved help docs — collapsing the advanced tables into <details> keeps the day-to-day reference lean.
• break-all CSS — practical addition since +review-app-deploy is noticeably wider than /deploy-review-app.
• Removed bootstrap self-repair step — the ~20-line "bootstrap generated cpflow actions" block in the deploy workflow was fragile; removing it simplifies the workflow considerably.

---

Issues

1. Hardcoded health check retries/intervals break per-repo tunability (promote workflow)

HEALTH_CHECK_RETRIES, HEALTH_CHECK_INTERVAL, ROLLBACK_READINESS_RETRIES, and ROLLBACK_READINESS_INTERVAL are now hardcoded to 24 / 15. HEALTH_CHECK_ACCEPTED_STATUSES on the very next line still uses ${{ vars.HEALTH_CHECK_ACCEPTED_STATUSES || '200 301 302' }}. The inconsistency is jarring and the hardcoded values remove the ability to tune production promotion timing without editing the generated workflow file. See inline comment.

2. Removed GitHub Deployments tracking is a silent regression

The "Mark GitHub deployment inactive" step and deployments: write permission were dropped from cpflow-delete-review-app.yml. After this change, deleting a review app no longer marks the GitHub Deployment entry as inactive, so the Environments tab will show stale/active records for apps that have already been torn down. If the GitHub Deployments UI is used at all, this will create noise over time.

3. CPLN_TOKEN propagation is now implicit and untested in this diff

All workflows now rely on cpflow-setup-environment to export CPLN_TOKEN into subsequent steps rather than passing it explicitly. This is a reasonable design, but the diff doesn't show the action exporting the token to $GITHUB_ENV. The PR description says cpflow ai-github-flow-prompt and cpflow github-flow-readiness passed, but confirming the actual cpflow-setup-environment/action.yml exports CPLN_TOKEN would add confidence that production deployments won't silently fail on token auth.

4. Minor: redundant self-referential instruction in PR-open comment

cpflow-review-app-help.yml posts a comment on PR open that ends with "For setup details, repo owners, members, and collaborators can comment +review-app-help." — but this exact message is also what appears when you run +review-app-help. The instruction makes sense only in the PR-open context; the +review-app-help response (.github/cpflow-help.md) already has the full details inline. See inline comment.

---

Minor Notes

• cpflow-deploy-staging.yml — the deploy job's if no longer includes && needs.build.result == 'success'. This is functionally fine (GitHub skips dependent jobs when a needs job fails), but the explicit guard was a readable safety net; worth keeping if you want the intent to be self-documenting.
• The validate-branch job's checkout lost persist-credentials: false (the build and deploy job checkouts keep it). For a job that only validates config this is low-risk, but inconsistent.

[claude]

These four values are now hardcoded while HEALTH_CHECK_ACCEPTED_STATUSES immediately below still honours a repo variable override. The inconsistency means operators can tune which status codes count as healthy but can no longer tune how long to wait — which is often the more critical knob for slow Rails cold boots or large DB migrations.

Consider restoring the ${{ vars.* || 'default' }} pattern for consistency:

Suggested change

	HEALTH_CHECK_RETRIES: ${{ vars.HEALTH_CHECK_RETRIES || '24' }}
	HEALTH_CHECK_INTERVAL: ${{ vars.HEALTH_CHECK_INTERVAL || '15' }}
	# Space-separated list of HTTP statuses considered healthy. The default accepts 301/302
	# because `curl` is invoked without `-L`, so a root `/` that redirects to a login page
	# (common for Rails apps that auth-gate `/`) would otherwise be reported as unhealthy
	# despite the workload itself being up.
	#
	# Strongly recommended: expose a dedicated `/health` endpoint that returns `200` and set
	# HEALTH_CHECK_ACCEPTED_STATUSES to `"200"` in repository variables. The 301/302 default
	# trades correctness for ergonomics — a maintenance-mode redirect or an auth-gate redirect
	# to a login page can pass this check even when the underlying app is broken. Override
	# via the HEALTH_CHECK_ACCEPTED_STATUSES repo variable to tighten this for apps that
	# expose a dedicated health endpoint (e.g. "200" for a plain /health, or "200 401 403"
	# for apps that auth-gate / without redirecting).
	HEALTH_CHECK_ACCEPTED_STATUSES: ${{ vars.HEALTH_CHECK_ACCEPTED_STATUSES || '200 301 302' }}
	ROLLBACK_READINESS_RETRIES: ${{ vars.ROLLBACK_READINESS_RETRIES || '24' }}
	ROLLBACK_READINESS_INTERVAL: ${{ vars.ROLLBACK_READINESS_INTERVAL || '15' }}

[claude]

This line makes sense in the PR-open welcome comment (where it nudges users toward +review-app-help), but this workflow is the +review-app-help response — the user already knows the command. The instruction is redundant here and slightly confusing. Consider removing it from this workflow's response, or replacing it with a pointer to the repo docs instead.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 3 total unresolved issues (including 2 from previous reviews).

^{Bugbot Autofix is ON, but it could not run because on-demand usage is turned off. To enable Bugbot Autofix, turn on on-demand usage and set a spend limit in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 9d3b37e. Configure here.}

[cursor]

Deploy creates GitHub deployments but delete never cleans them

Low Severity

The deploy workflow still creates GitHub deployment records (via createDeployment and createDeploymentStatus) and retains the deployments: write permission, but the delete workflow removed both the deployments: write permission and the "Mark GitHub deployment inactive" step. This asymmetry means deployment records are created on every review-app deploy but never marked inactive when the review app is deleted or the PR is closed, causing stale environment entries to accumulate on the repository's GitHub Environments page.

Additional Locations (1)

• .github/workflows/cpflow-deploy-review-app.yml#L278-L303

 

^{Reviewed by Cursor Bugbot for commit 9d3b37e. Configure here.}

[claude]

Code Review — PR #735: Regenerate cpflow review-app flow (cpflow 5.0.0.rc.1)

Overview

This PR regenerates the cpflow GitHub Actions CI/CD workflows for Control Plane, switching PR comment commands from the old slash-command style (/deploy-review-app) to a namespaced +review-app-* prefix, removing redundant CPLN_TOKEN env pass-throughs that are now handled by the shared setup action, and adding aarch64-linux to the Gemfile platform list for Apple Silicon Docker builds.

The changes are mostly generator-driven and the validation steps in the PR description are thorough. A few issues are worth flagging.

---

Issues

Stale comment in cpflow-promote-staging-to-production.yml

The env: block comment at the top of the file still reads:

"Override these by editing this file or by setting the matching repository variable."

But the PR removed the ${{ vars.HEALTH_CHECK_RETRIES || '24' }} pattern that made the repository-variable override path work. The HEALTH_CHECK_RETRIES, HEALTH_CHECK_INTERVAL, ROLLBACK_READINESS_RETRIES, and ROLLBACK_READINESS_INTERVAL values are now hard-coded integers, and the matching variables were also dropped from the help doc table. The comment's "or by setting the matching repository variable" clause is now inaccurate and will mislead anyone trying to tune health-check timing at incident time.

Suggestion: Update the comment to remove the repository-variable override claim, or restore the ${{ vars.* || 'default' }} pattern if runtime tunability is desired.

Missing persist-credentials: false on the validate-branch job checkout

The build job (line 82) and deploy job (line 111) in cpflow-deploy-staging.yml both pass persist-credentials: false, but the validate-branch job's checkout@v4 step (line 58) does not. The inconsistency is low-risk because the validate-branch job doesn't push or call external authenticated endpoints after checkout, but it's worth aligning for defense-in-depth.

Dual staging-branch trigger

The branches: push filter now lists both "main" and "master". If this repository ever ends up with both branches active simultaneously (e.g., during a rename in-flight or a fork configuration error), a push to either branch will queue a staging deploy, and they will contend on the cancel-in-progress: false concurrency group — serializing rather than cancelling, which is correct behavior, but worth noting as a future footgun.

A short inline comment in the workflow (or a note in the readme) explaining that only one of the two should be active at any time would help future maintainers.

---

Removed features worth confirming as intentional

• "Mark GitHub deployment inactive" step: The delete workflow previously paginated GitHub's Deployments API and set all matching deployments to inactive after a review app was deleted. This step (and the deployments: write permission) was removed. GitHub's Environments/Deployments UI will no longer reflect deletions. If the team wasn't using the Deployments UI, this is fine; otherwise it's a minor UX regression.

• Bootstrap step: The deploy-review-app workflow had a step that ran cpflow generate-github-actions if the cpflow actions were missing from the repo. This safety net was removed, which is appropriate now that the actions are checked in, but means the workflow will fail earlier (at "Validate required secrets") rather than self-healing. Acceptable trade-off.

---

What looks good

• The contains(fromJson([...]), github.event.comment.body) pattern for tolerant newline matching is well-reasoned and the three variants (\n / \r\n / bare) cover GitHub's editor behavior correctly.
• The STAGING_APP_BRANCH env variable correctly drops the || 'master' fallback because the check-branch script (lines 49–53) already has an inline main/master fallback — removing the expression-level default avoids a confusing double-default.
• The deploy job condition simplification (needs.build.result == 'success' removed) is correct: GitHub Actions skips dependent jobs when any needs job fails, so the explicit result check was redundant.
• The aarch64-linux Gemfile.lock platform addition is the right way to support Apple Silicon Docker builds without changing the Gemfile itself.

[claude]

The build (line 82) and deploy (line 111) checkouts both pass persist-credentials: false, but this validate-branch checkout does not. Low-risk since nothing authenticated happens after checkout in this job, but worth aligning for consistency.

Suggested change

	uses: actions/checkout@v4
	uses: actions/checkout@v4
	with:
	persist-credentials: false

[claude]

Listing both "main" and "master" means a push to either branch triggers a staging deploy. If only one should ever be active, a short note here (or in the readme) would help future maintainers avoid accidentally running concurrent staging deploys during a branch rename. The cancel-in-progress: false concurrency guard serializes rather than drops them, so correctness is preserved — but the extra deploy run wastes CI minutes.

If this repo will always use master and main is there only for forward-compatibility, consider documenting that expectation inline.

[claude]

The workflow comment above this block (line 15) still says "Override these by editing this file or by setting the matching repository variable," but this PR removed the ${{ vars.HEALTH_CHECK_RETRIES || '24' }} expressions that enabled the repo-variable override path. These are now plain integers with no runtime-override mechanism, and the matching variables (HEALTH_CHECK_RETRIES, HEALTH_CHECK_INTERVAL, ROLLBACK_READINESS_RETRIES, ROLLBACK_READINESS_INTERVAL) were also dropped from the help-doc table.

The "or by setting the matching repository variable" clause in that comment is now stale and will mislead anyone trying to tune health-check timing at incident time without landing a new commit.

Suggestion: Update the nearby comment, or restore the override expression if runtime tunability is desired:

Suggested change

	HEALTH_CHECK_RETRIES: 24
	HEALTH_CHECK_RETRIES: ${{ vars.HEALTH_CHECK_RETRIES || '24' }}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9d3b37e5ed

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Keep health-check timeouts configurable via repo variables

Hard-coding HEALTH_CHECK_RETRIES and HEALTH_CHECK_INTERVAL here removes the previous ${{ vars.* || default }} override path, so repos that tuned promotion timing for slower startups will now be silently forced back to 24/15. Because these envs are still passed into the later health-check and rollback polling steps, production promotions can now fail and roll back purely due to longer boot times that were previously accommodated by repository variables.

Useful? React with 👍 / 👎.

[greptile-apps]

Greptile Summary

This PR regenerates the cpflow GitHub Actions CI/CD flow to cpflow 5.0.0.rc.1, switching PR comment triggers from slash commands (/deploy-review-app) to +review-app-* prefixed commands with tolerant newline matching, and adds the aarch64-linux Bundler platform for Apple Silicon Docker builds.

• Command rename: All issue_comment triggers updated to +review-app-deploy, +review-app-delete, and +review-app-help; a new +review-app-help workflow is added and docs are aligned throughout.
• CPLN_TOKEN consolidation: Explicit CPLN_TOKEN env pass-throughs removed from individual steps across all workflows; authentication is now handled centrally by the cpflow-setup-environment action.
• Staging trigger broadened: cpflow-deploy-staging.yml now triggers on both main and master branches, and the deploy job condition no longer explicitly guards on needs.build.result == 'success'.

Confidence Score: 3/5

The workflow changes are mostly safe generator output, but the staging deploy job can now attempt a deployment even when the Docker image build failed.

The deploy job in cpflow-deploy-staging.yml now only conditions on validate-branch.outputs.is_deployable == 'true'. Because an explicit if expression in GitHub Actions overrides the default skip-when-needed-job-fails behaviour, a failed build job will no longer prevent deploy from running. The downstream cpflow deploy-image call would then either fail against a missing image tag or silently push a stale image to staging.

cpflow-deploy-staging.yml for the deploy job condition change; cpflow-promote-staging-to-production.yml for hardcoded retry values that silently ignore previously set repo variables.

Important Files Changed

Filename	Overview
.github/workflows/cpflow-deploy-staging.yml	Triggers broadened to main+master, STAGING_APP_BRANCH fallback removed (check-branch script handles empty case), and CPLN_TOKEN pass-through dropped; but deploy job condition no longer gates on build.result == 'success', allowing a failed build to be followed by a deployment attempt.
.github/workflows/cpflow-promote-staging-to-production.yml	CPLN_TOKEN removed from individual steps (now handled by setup action); health-check and rollback retry/interval values hardcoded, silently ignoring any existing HEALTH_CHECK_RETRIES / ROLLBACK_READINESS_* repo variables.
.github/workflows/cpflow-deploy-review-app.yml	Command trigger updated from exact /deploy-review-app to tolerant +review-app-deploy match; bootstrap steps removed; CPLN_TOKEN env pass-through removed from individual steps.
.github/workflows/cpflow-delete-review-app.yml	Command trigger updated to +review-app-delete; deployments: write permission dropped; GitHub deployment inactive marking step removed; CPLN_TOKEN env pass-through removed.
.github/workflows/cpflow-help-command.yml	Trigger updated from /help to +review-app-help with tolerant newline matching; author_association gate clarified with a comment about workflow_dispatch security.
.github/actions/cpflow-setup-environment/action.yml	Default cpflow version bumped from 5.0.0.rc.0 to 5.0.0.rc.1; input descriptions updated to show example variable syntax.
Gemfile.lock	Added aarch64-linux platform and corresponding platform gem variants (ffi, nokogiri, thruster) for Apple Silicon Docker build compatibility.
app/views/pages/_header.html.erb	Quick-reference command snippets updated to new +review-app-* names; break-all CSS added to prevent overflow on small viewports.
app/views/pages/index.html.erb	Homepage command cards updated to +review-app-deploy, +review-app-delete, +review-app-help; break-all and text-sm classes added.

Sequence Diagram

sequenceDiagram
    participant Reviewer
    participant GitHub
    participant DeployWorkflow as cpflow-deploy-review-app
    participant DeleteWorkflow as cpflow-delete-review-app
    participant HelpWorkflow as cpflow-review-app-help
    participant SetupAction as cpflow-setup-environment
    participant ControlPlane

    Reviewer->>GitHub: Comment "+review-app-deploy"
    GitHub->>DeployWorkflow: issue_comment trigger
    DeployWorkflow->>SetupAction: token + org (CPLN_TOKEN centralized)
    SetupAction-->>DeployWorkflow: cpflow + cpln CLI ready
    DeployWorkflow->>ControlPlane: build image + deploy
    ControlPlane-->>DeployWorkflow: review app URL
    DeployWorkflow->>GitHub: PR comment with URL

    Reviewer->>GitHub: Comment "+review-app-delete"
    GitHub->>DeleteWorkflow: issue_comment trigger
    DeleteWorkflow->>SetupAction: token + org
    DeleteWorkflow->>ControlPlane: delete review app
    DeleteWorkflow->>GitHub: status comment

    Reviewer->>GitHub: Comment "+review-app-help"
    GitHub->>HelpWorkflow: issue_comment trigger
    HelpWorkflow->>GitHub: Post help comment on PR

    Note over GitHub,DeployWorkflow: push to main/master
    GitHub->>DeployWorkflow: "push trigger -> validate-branch -> build -> deploy"

Loading

_{Reviews (1): Last reviewed commit: "Regenerate cpflow review app flow" | Re-trigger Greptile}

[greptile-apps]

Deploy runs even when build fails

GitHub Actions documents that when a job with needs: [A, B] carries an explicit if condition, that condition overrides the default "skip when any needed job fails" behaviour. With the old guard && needs.build.result == 'success' the condition was false on build failure, so deploy skipped. With the new condition it evaluates to true whenever validate-branch sets is_deployable=true, so a failed Docker build will be followed by a cpflow deploy-image call that either errors out on a missing image tag or, worse, promotes a previously-pushed stale image to staging.

[greptile-apps]

Hardcoded values silently ignore existing repo-variable overrides

HEALTH_CHECK_RETRIES, HEALTH_CHECK_INTERVAL, ROLLBACK_READINESS_RETRIES, and ROLLBACK_READINESS_INTERVAL are now hardcoded to 24/15. Any repo that previously set these variables (e.g., a slower deployment with HEALTH_CHECK_RETRIES=48) will have those configurations silently ignored with no error. HEALTH_CHECK_ACCEPTED_STATUSES next to them still uses the variable pattern, which makes the inconsistency easy to miss.

Suggested change

	HEALTH_CHECK_RETRIES: 24
	HEALTH_CHECK_INTERVAL: 15
	HEALTH_CHECK_RETRIES: ${{ vars.HEALTH_CHECK_RETRIES || '24' }}
	HEALTH_CHECK_INTERVAL: ${{ vars.HEALTH_CHECK_INTERVAL || '15' }}

[greptile-apps]

Rollback readiness variables similarly hardcoded

Same issue as the health-check retries above — ROLLBACK_READINESS_RETRIES and ROLLBACK_READINESS_INTERVAL are no longer user-configurable via repository variables. A repo that tuned these for a slow workload will silently get the defaults.

Suggested change

	ROLLBACK_READINESS_RETRIES: 24
	ROLLBACK_READINESS_INTERVAL: 15
	ROLLBACK_READINESS_RETRIES: ${{ vars.ROLLBACK_READINESS_RETRIES || '24' }}
	ROLLBACK_READINESS_INTERVAL: ${{ vars.ROLLBACK_READINESS_INTERVAL || '15' }}