Deploy in CI

[ejfine]

Why is this change necessary?

Want to be able to deploy via CI pipeline instead manually in the console

How does this change address the issue?

Creates a CI job for it

What side effects does this change have?

N/A

How is this change tested?

Downstream repo

Summary by CodeRabbit

• New Features
  • Development environment configuration now supports multiple environments including infrastructure and app frontend.
  • CI/CD pipeline now includes a frontend build step.
  • CI/CD pipeline now includes a production deployment step.
  • Deployment workflows can now download and use build artifacts.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Replaced static dev container configuration with a Jinja2 template to support multiple environments. Enhanced CI workflow to build frontend artifacts and deploy to production via Pulumi. Added artifact download capability to Pulumi workflow for deployment access to built artifacts.

Changes

Cohort / File(s)	Summary
Dev container configuration template/.devcontainer/envs.json, template/.devcontainer/envs.json.jinja	Replaced static infrastructure-only configuration with templated version supporting infrastructure and app-frontend environments; app-frontend directory name interpolated via template variable
CI workflow jobs template/.github/workflows/ci.yaml.jinja	Added build-app-frontend job for frontend build and artifact upload; added pulumi-prod deployment job; updated required-check to depend on both new jobs; expanded plan-to-staging environment with artifact download configuration
Pulumi deployment workflow template/.github/workflows/pulumi-aws.yml	Added DOWNLOAD_ARTIFACT_NAME and DOWNLOAD_ARTIFACT_PATH workflow inputs; introduced Download Artifact step using actions/[email protected] to retrieve built artifacts during deployment

Sequence Diagram

sequenceDiagram
    participant GHA as GitHub Actions
    participant FB as Frontend Build
    participant Artifact Store as Artifact Store
    participant Pulumi as Pulumi Deploy
    
    GHA->>FB: Trigger build-app-frontend job
    FB->>FB: Build frontend app
    FB->>Artifact Store: Upload artifact
    Artifact Store-->>FB: Artifact stored
    
    Note over GHA: Merge/PR/Main detected
    GHA->>Pulumi: Trigger pulumi-prod job
    Pulumi->>Artifact Store: Download artifact<br/>(DOWNLOAD_ARTIFACT_NAME)
    Artifact Store-->>Pulumi: Extract to path<br/>(DOWNLOAD_ARTIFACT_PATH)
    Pulumi->>Pulumi: Deploy to production<br/>with frontend artifact

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Workflow job dependencies: Verify build-app-frontend and pulumi-prod jobs are correctly sequenced and conditionally triggered
• Artifact flow: Confirm artifact upload/download configuration (DOWNLOAD_ARTIFACT_NAME and DOWNLOAD_ARTIFACT_PATH) is consistent across CI and Pulumi workflows
• Template variable interpolation: Validate that app_name variable in envs.json.jinja template renders correctly in both contexts

Pre-merge checks

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Deploy in CI' is vague and generic, using non-specific terminology that doesn't clearly convey what deployment mechanism or component is being added to the CI pipeline.	Consider a more descriptive title such as 'Add Pulumi deployment job to CI workflow' to better explain the specific changes being made.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description addresses all required template sections with sufficient detail about the deployment motivation, implementation approach, and testing method.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 33c91f7 and f85176e.

📒 Files selected for processing (4)

• template/.devcontainer/envs.json (0 hunks)
• template/.devcontainer/envs.json.jinja (1 hunks)
• template/.github/workflows/ci.yaml.jinja (4 hunks)
• template/.github/workflows/pulumi-aws.yml (2 hunks)

💤 Files with no reviewable changes (1)

• template/.devcontainer/envs.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: lint-matrix (ubuntu-24.04, 3.13.2, --data-file tests/copier_data/data2.yaml)
• GitHub Check: lint-matrix (ubuntu-24.04, 3.13.2, --data-file tests/copier_data/data1.yaml)
• GitHub Check: lint-matrix (ubuntu-24.04, 3.12.7, --data-file tests/copier_data/data2.yaml)
• GitHub Check: lint-matrix (ubuntu-24.04, 3.12.7, --data-file tests/copier_data/data1.yaml)

🔇 Additional comments (4)

template/.devcontainer/envs.json.jinja (1)

1-12: Env template JSON and Jinja interpolation look correct

The raw/endraw usage produces valid JSON and correctly parameterizes the app-frontend directory as {{ app_name }}_app alongside the existing infrastructure env; no issues from a devcontainer tooling perspective.

template/.github/workflows/pulumi-aws.yml (1)

79-88: Optional artifact download wiring is clean and backwards-compatible

The new DOWNLOAD_ARTIFACT_NAME/DOWNLOAD_ARTIFACT_PATH inputs and the conditional Download Artifact step integrate cleanly: existing callers remain unaffected (empty default + if guard), and consumers that set these inputs will see artifacts available before Pulumi runs.

Also applies to: 120-125

template/.github/workflows/ci.yaml.jinja (2)

3-9: CI trigger and frontend build job are well-integrated

Adding pull_request to the triggers plus the build-app-frontend job (lint dependency, shared version vars, artifact upload path) lines up with the new Pulumi deployment flow and produces a clearly named static-asset artifact for downstream jobs.

Also applies to: 34-58

---

80-101: Production Pulumi job and required-check gating align with the new build flow

The pulumi-prod job correctly consumes the frontend artifact (depends on build-app-frontend, uses the same artifact name/path) and only promotes via PULUMI_UP on main. The required-check job’s updated needs and failure condition ensure that lint, frontend build, and Pulumi (plus optional staging) all gate the overall CI result appropriately, while tolerating pulumi-prod being skipped on non-PR/non-main events.

Also applies to: 102-115

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR enables automated deployment through the CI pipeline by adding frontend build capabilities and production deployment workflow. The changes introduce a build step for the app frontend, artifact management for deployment, and a production deployment job that triggers on pull requests (for preview) and automatically deploys on merges to main.

Key changes:

• Added build-app-frontend job to build and upload frontend static assets
• Added pulumi-prod job for production infrastructure preview and deployment
• Extended pulumi-aws.yml workflow to support downloading build artifacts

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
template/.github/workflows/pulumi-aws.yml	Added inputs and step for downloading build artifacts from upstream jobs
template/.github/workflows/ci.yaml.jinja	Added frontend build job, production deployment job, pull_request trigger, and updated required-check dependencies
template/.devcontainer/envs.json.jinja	Converted envs.json to Jinja template and added app-frontend environment configuration
template/.devcontainer/envs.json	Removed in favor of Jinja template version

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The plan-to-staging job references the app-frontend-static-assets artifact here but is missing a dependency on the build-app-frontend job that creates this artifact. The job currently only depends on lint (line 64), but it should also depend on build-app-frontend. Without this dependency, the artifact download will fail because the artifact won't be available yet.

The needs array at line 64 should be changed to: needs: [ lint, build-app-frontend ]

[Copilot]

The hardcoded version v6.0.0 for actions/download-artifact is inconsistent with the pattern used in the codebase. The actions/upload-artifact in ci.yaml.jinja uses a template variable {{ gha_upload_artifact }} for version management. Consider creating a similar variable (e.g., {{ gha_download_artifact }}) and using it here for consistency and easier version management.

Example: uses: actions/download-artifact@{{ gha_download_artifact }}

Suggested change

	uses: actions/download-artifact@v6.0.0
	uses: actions/download-artifact@{{ gha_download_artifact }}