For description see https://github.com/UffizziCloud/uffizzi_platform/issues/835

Currently all health checks done with healthcheck url paths fail because of https://github.com/UffizziCloud/uffizzi_platform/issues/424 Till this works, this workaround would have to be used to do the healthchecks

Currently, we are using the GitHub pull request issue as a source of truth for the deployment status. This is a brittle design since the real source of truth should be the Uffizzi database.

Update the preview action reusable work to use Uffizzi labels instead.

At this moment the preview action supports connecting DockerHub and GHCR credentials. It must support credentials for other types of registries too (Google, Amazon, Azure, custom docker registries).

Hi there,

I'm just getting started with uffizzi so sorry in advance if I missed something obvious.

I'm using a selfhosted install of uffizzi, although not using the official helm chart for bogus personal reasons¹.
Creating manual preview environments via uffizzi preview create docker-compose.yaml works, so the server setup itself feels okay.
However, using the github action based on this repo's readme like this...

  deploy-uffizzi-preview:
    name: Use Remote Workflow to Preview on Uffizzi
    needs: render-compose-file
    uses: jemand771/preview-action/.github/workflows/reusable.yaml@no-creation-source
    with:
      compose-file-cache-key: ${{ needs.render-compose-file.outputs.compose-file-cache-key }}
      compose-file-cache-path: ${{ needs.render-compose-file.outputs.compose-file-cache-path }}
      server: https://my-uffizzi-host.example.com
      username: some-user
      project: test-project
    secrets:
      password: ${{ secrets.uffizzi_pass }}
    permissions:
      contents: read
      pull-requests: write
      id-token: write

...results in an error. I've tried to investigate it but got stuck unsure if I'm doing something wrong or if this is just broken.

starting with #55, --creation-source=github_actions gets passed to the CLI here:

However, the server doesn't seem to support that. I'm getting this error...

Server Error:
is not included in the list

...which I'm assuming comes from here:
https://github.com/UffizziCloud/uffizzi/blob/a4b1356695c5e89f905585c649ee07ca33c4489f/core/app/lib/uffizzi_core/concerns/models/deployment.rb#L30

    enumerize :creation_source, in: [:manual, :demo, :continuous_preview, :compose_file_manual, :compose_file_continuous_preview],
                                predicates: true, scope: true, default: :manual

This was actually almost implemented in UffizziCloud/uffizzi#346, UffizziCloud/uffizzi@1204d83#diff-7eaf3aeada9f27cbf1c93ca78682ca4bda47e215fb0f2c941e6b38a31ff4e346R30 to be precise...

- enumerize :creation_source, in: [:manual, :continuous_preview, :compose_file_manual, :compose_file_continuous_preview],
+ enumerize :creation_source, in: [:manual, :continuous_preview, :compose_file_manual, :compose_file_continuous_preview, :github_actions],

...but got reverted in UffizziCloud/uffizzi@9be671c after UffizziCloud/uffizzi#346 (comment)

Now, it's possible that I'm just unlucky and caught this feature mid-development where one side is already updated but the other one hasn't been adjusted yet. But since this was in january and the change has been explicitly declined, I'm afraid this is "working" as intended. (just not for me)

I see a couple of possible solutions here:

1. pass a different --creation-source
2. support :github_actions in https://github.com/UffizziCloud/uffizzib)
3. add an option that lets users specify a creation source, defaulting to the saas-supported one
4. automatically detect whether a selfhosted server url is passed and if so, pass a different creation source

This might be related to UffizziCloud/uffizzi#230, but I don't really have a full picture there (again, new to uffizzi). It's worth noting that the preview URL posted by github actions is in the format example.com/github.com/REPO_OWNER/REPO_NAME/pull/NUMBER while the actual preview url as returned by the server and posted to the github deployment status is deployment-INDEX-PROJECT_NAME.example.com. (index unrelated to pr number)

Again, that might be a separate issue but feels related anyway.

Again, sorry if this is just an issue with how I'm using the action. If it turns out that this is a bug, let me know if you need me to test anything; I'd be happy to help.

We need to pass creation_source = github_actions to CLI
Related platform issue https://github.com/UffizziCloud/uffizzi_platform/issues/671

Our reusable workflow assumes it will always be triggered by a pull_request event or at least have the pr-number value passed to it. Some customers may want to trigger this in other cases not associated with a Pull Request.

At the very least there should be a helpful error message if this cannot be supported.

Replace period with + so the predictable url is parsed correctly on the backend

EXPECTED_URL=${{ inputs.server }}/github.com/${{ github.repository }}/pull/$PR_NUMBER"

enable-healtcheck will be set to true by default but we should be able to disable these if required. This would be very helpful in testing.

Uffizzi https://github.com/UffizziCloud/uffizzi_platform/issues/281, of the format:

https://app.uffizzi.com/github.com/waveywaves/backstage/pull/4

This URL will redirect to a URL such as:
deployment-6562-foo-bar-x0vlpg.app.uffizzi.com

We should update the comment that gets posted to the PR with the predictable URL format.

One of the action's jobs fetches the token from the pipeline and this action requires the id-token: write permission that has to be provided in the user's workflow

Current behavior:
If a user provides username/password for login and does not provide the id-token permissions the pipeline fails with the following error:

The workflow 'UffizziCloud/preview-action/.github/workflows/reusable.yaml@v2' is requesting 'id_token: write', but is only allowed 'id_token: none'

Desired behavior:
If a user provides username/password for login, he does not need to give the reusable workflow id-token permissions.

👋🏻 the reusable workflow seems to fail consistently on PRs from a fork. Is this a known issue?

https://github.com/flipt-io/flipt/actions/runs/6962697989/job/18947118820

^This PR is from a user who forked our OSS project.

Run actions/github-script@v6
  with:
    debug: true
    script: const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN']
  const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
  core.setOutput('request-token', token.trim())
  core.setOutput('request-token-url', runtimeUrl.trim())
  
    github-token: ***
    user-agent: actions/github-script
    result-encoding: json
    retries: 0
    retry-exempt-status-codes: 400,401,403,404,422
  env:
    LOGGER_KEY: aHR0cHM6Ly80NGI3Zjk5MTFiODU0NWI5YTMzMDY4NzRhY2ZjYjJjOUBvMzI0MzExLmluZ2VzdC5zZW50cnkuaW8vNDUwNDM2MTIxMjI0ODA2NA==
    PR_NUMBER: 2438
    EXPECTED_URL: https://app.uffizzi.com/github.com/flipt-io/flipt/pull/2438
TypeError: Cannot read properties of undefined (reading 'trim')
    at eval (eval at callAsyncFunction (/home/runner/work/_actions/actions/github-script/v6/dist/index.js:15143:16), <anonymous>:5:39)
    at callAsyncFunction (/home/runner/work/_actions/actions/github-script/v6/dist/index.js:15144:12)
    at main (/home/runner/work/_actions/actions/github-script/v6/dist/index.js:15236:26)
    at /home/runner/work/_actions/actions/github-script/v6/dist/index.js:15217:1
    at /home/runner/work/_actions/actions/github-script/v6/dist/index.js:15268:3
    at Object.<anonymous> (/home/runner/work/_actions/actions/github-script/v6/dist/index.js:15271:12)
    at Module._compile (node:internal/modules/cjs/loader:1198:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1252:10)
    at Module.load (node:internal/modules/cjs/loader:1076:32)
    at Function.Module._load (node:internal/modules/cjs/loader:911:12)
Error: Unhandled error: TypeError: Cannot read properties of undefined (reading 'trim')

Add a makefile command for release. It should merge the changes into master and set the major version branch to the last commit from master.

Currently we return the deployment URL (e.g. https://app.uffizzi.com/projects/5204/deployments/18012/containers) in the "Deploy New Preview" step of the reusable workflow. However, if someone visits this URL while the preview is i progress or after it's been deleted, they will see a 503 or 404.

If we return the predictable preview URL instead, they will be served a custom "Preview in progress..." or "Preview was deleted" page. This makes for a better UX

At the action, the input git-ref is not used at all.

https://github.com/UffizziCloud/preview-action/blob/master/.github/workflows/reusable.yaml#L258
The "Checkout commit" step will use the commit from the PR event or HEAD of the default branch.

Changes to preview action for automatic account creation

We should send an email if a pipeline fails because of a bug in the Uffizzi CLI or platform API. We should do this within the preview action reusable workflow if possible or at least create an example workflow job that we can include in PRs to projects. See this example.

We should only send emails if the failure occurred in one of the Uffizzi jobs/steps. Send the email to [email protected].

Uffizzi Cloud platform now allows users to set up a username and password for preview URLs; however, this breaks the current reusable workflow because the curl command that confirms successful deployment cannot access the URL.

We should add support for passing username and password to the curl command here and here.

Inputs should be non-interactive. Username can probably be passed via flag (-u), but password should probably be passed via environment variable (e.g. URL_PASSWORD).

Some potential users have requested that the images be deleted from GHCR once the preview is destroyed to save storage cost on GitHub.

A workaround to avoid hitting the public API requests rate limits set by Github.

Related platform issue https://github.com/UffizziCloud/uffizzi_platform/issues/639

Currently in our GHA reusable workflow we have the parameter project which takes as input the Uffizzi project slug. We should change our GHA to use the repo name as the value of project. This reduces the number of inputs required by the end user when setting up the Uffizzi GHA.

Once the deployment is created for Uffizzi using github actions, the curl command checks if the deployment is healthy. It should be possible for the user to specify the extension for the preview URL where the healthcheck can be done.

Need the following improvements:

• Add a link to deployment details (#7)
• Support username and password with curl (#4)
• Use labels to find the existing deployment id (UffizziCloud/uffizzi_cli#136)

Related to:

Platform #351
CLI #180

Update cli image in:

• reusable.yaml
• action.yaml

Related issue UffizziCloud/uffizzi_cli#196

We can enhance our customers' experiences on GitHub by specifying Environments and Deployments on GitHub from within our reusable workflow and/or GitHub Actions. Read about them here https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment

Because we want to provision these dynamically, we probably cannot use the easy YAML syntax within GitHub Actions. We can talk to GitHub's REST API directly, either using curl or the gh CLI api command. I wasn't able to find an action in the Marketplace for this, but search for one before implementing!

Design:
We should consider whether we want to create a single "Uffizzi" Environment and separate Deployments within it, or create Environments for each Uffizzi Deployment. Test both cases and explore the UX within GitHub.

GitHub Environments and Deployments should broadly follow the lifecycle of the Uffizzi Environments and Deployments they represent. Status updates should be posted before and after each uffizzi CLI invocation action. It's very important to include the URL of each environment everywhere possible.

Slack thread: https://uffizzi-internal.slack.com/archives/C85U32F3M/p1660238762177499

When the reusable workflow is called, it posts the preview URL (

We should also post a link to the deployment details in the Uffizzi UI. For example:

View deployment details: https://app.uffizzi.com/projects/16/deployments/4724/containers

We'd like to support compose files with secrets. While GitHub's cache access model is decent, it's not intended to keep secrets.

Compose files are often larger than most GHA workflow inputs and may have special characters, so we should first see if they'll need special handling such as base64 encoding.