feat: add AMI-based PR validation workflow#116
Open
bnsoni wants to merge 4 commits into
Open
Conversation
New spa-pr-validation-new.yml that launches fresh EC2 from pre-built AMI per PR run instead of deploying to shared OCI VMs. Flow: acquire stg slot (1-4) via domain-lock → launch EC2 from AMI → deploy PR mentor image + prod auth → run 4 browser tests in parallel → save status → release slot → terminate EC2 Key differences from existing workflow: - Isolated environment per PR (not shared VMs) - All 4 browsers always parallel (no sequential mode) - EC2 terminated after tests (clean slate every run) - Uses reusable-service-update.yml for infra launch - Domain-number maps to stg1-4 infrastructure Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
GitHub Actions doesn't allow dynamic secret selection in reusable workflow secrets: blocks. Replaced reusable-service-update.yml + reusable-spa-deployment.yml calls with a single inline launch-and-deploy job that: 1. Resolves stg config based on domain-lock slot (1-4) 2. Selects the correct SSH key (STG1-4_SSH_KEY) via case statement 3. Opens SSH SG rule for runner IP 4. Launches EC2 from AMI (boto3) 5. Waits for SSH + runs service-update (Ansible) 6. Registers in ALB target group 7. Deploys PR mentor image + prod auth image 8. Waits for mentor health (with auto-restart on empty reply) 9. Revokes SSH SG rule Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Allows running the workflow from the Actions tab with a stg-slot input (1-4). Skips domain-lock and code quality checks for dispatch. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prevents split-brain routing where ALB sends some requests to old instance with stale OAuth creds. Now deregisters all existing targets from the target group before registering the new instance. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
New
spa-pr-validation-new.ymlworkflow that launches isolated EC2 instances from pre-built AMIs for PR testing instead of deploying to shared OCI VMs.Flow
reusable-service-update.ymlKey differences from existing workflow
Prerequisites
SERVICE_UPDATE_ACCESS_KEYandSERVICE_UPDATE_SECRET_KEYsecrets needed on mentoraiTest plan
run-testslabel🤖 Generated with Claude Code