fix: Add ICR auth for Trivy scans, improve error handling, optimize disk usage #641
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Added ca-tor -> ca mapping for Toronto region - Fixes 'no such host' error for ca-tor.icr.io - Toronto uses ca.icr.io as the registry endpoint
- Detect soft-deleted project state - Create new project with timestamp suffix - Update PROJECT_NAME env var for subsequent jobs - Prevents 'cannot be selected' error
Contributor
π Development Environment OptionsThis repository supports Dev Containers for a consistent development environment. Option 1: GitHub Codespaces (Recommended)Create a cloud-based development environment:
Option 2: VS Code Dev Containers (Local)Use Dev Containers on your local machine:
Option 3: Traditional Local SetupSet up the development environment manually: # Clone the repository
git clone https://github.com/manavgup/rag_modulo.git
cd rag_modulo
git checkout fix/ca-tor-icr-region
# Initialize development environment
make dev-init
make dev-build
make dev-up
make dev-validateAvailable CommandsOnce in your development environment: make help # Show all available commands
make dev-validate # Validate environment setup
make test-atomic # Run atomic tests
make test-unit # Run unit tests
make lint # Run lintingServices AvailableWhen running
This automated message helps reviewers quickly set up the development environment. |
Contributor
Code Review - PR #641SummaryThis PR addresses deployment workflow issues related to ICR region mapping and soft-deleted Code Engine projects. The changes are focused and targeted, addressing real production failures. β Strengths1. Region Mapping Fix (ca-tor β ca)
2. Soft-Deleted Project Handling
3. Code Quality
|
- Pull Docker images before Trivy scanning (fixes ICR authentication issue) - Add image cleanup after scanning to save disk space - Fix deployment idempotency: try update first, create if not found - Properly handle exit codes with set -e for idempotent operations Fixes: - Trivy scan failures: UNAUTHORIZED errors when accessing ICR images - Deployment failures: 'A resource with this name already exists' errors
- Add TRIVY_USERNAME and TRIVY_PASSWORD env vars for registry auth - Add verification step to confirm image was pulled successfully - Add better error messages for debugging pull failures Fixes Trivy UNAUTHORIZED errors when scanning ICR images
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
- Add comprehensive disk cleanup step at start of build jobs - Remove unnecessary pre-installed packages (.NET, GHC, Boost, Android SDK, Swift) - Clean Docker system before builds to free up space - Reduce cleanup filter from 24h to 1h for more aggressive cleanup - Add disk space reporting before and after cleanup Fixes 'No space left on device' errors in GitHub Actions runners
- Add more aggressive cleanup in Dockerfile builder stage: - Remove test directories, dist-info, static libraries - Clean up pip, poetry, and cargo caches - Improve Docker cleanup in workflow: - Remove all unused images (not just dangling) - Remove stopped containers - More aggressive system prune This should reduce the size of site-packages being copied and free up more space during builds.
- Change cache mode from 'max' to 'min' to use less disk space - Set load: false to prevent storing image locally (push directly) - This should significantly reduce disk usage during builds The 'max' cache mode was creating large cache files that consumed all available disk space during the build process.
- Deploy jobs now check that build-and-push jobs succeeded - Prevents deploying non-existent Docker images - Fixes 404 errors when build fails but deployment runs anyway
- Added outputs to deploy-infrastructure job - Set project_name output in all project creation paths - Use output in smoke-test job instead of env variable - Fixes 'Resource not found' error in smoke tests
- Added continue-on-error to Trivy scan steps - Added continue-on-error to SARIF upload steps - Prevents workflow failure if scan fails or SARIF file missing - Security scans are informational, shouldn't block deployment
- Configure pip to use CPU-only torch index globally - Export Poetry deps to requirements.txt - Remove torch/torchvision from requirements (already installed) - Install remaining deps via pip (bypasses Poetry resolver) - Adds verification that CPU-only torch is installed - Saves ~6GB by avoiding CUDA libraries
- Replace poetry export with poetry install directly - poetry export requires poetry-plugin-export which isn't installed - poetry install works without the plugin and respects pre-installed packages - Fix Dockerfile linting issues (DL3015, DL4006, SC2086) Fixes: 'The requested command export does not exist' error in Docker build
β¦name - Add deploy-infrastructure to smoke-test job's needs list - Use project_name output from deploy-infrastructure with fallback to env.PROJECT_NAME - Add validation to ensure PROJECT_NAME is not empty - Add error handling for project selection Fixes: 'More than one project exists with name' error in smoke-test
Smoke-test improvements: - Add IBM Cloud login/target setup (was missing) - Add wait step to ensure apps are ready before health checks - Add retry logic with exponential backoff for health checks - Add timeout-minutes to prevent hanging - Add proper error handling with set -e - Validate URLs are not null before using - Add step-level timeouts for individual health checks Workflow best practices: - Add timeout-minutes to all critical jobs: - build-and-push-backend: 30 minutes - build-and-push-frontend: 20 minutes - deploy-backend: 15 minutes - deploy-frontend: 15 minutes - smoke-test: 15 minutes - Add permissions to smoke-test job - Improve error messages and logging This follows GitHub Actions best practices for: - Timeout management - Retry strategies - Error handling - Service readiness checks
- Add verification step after build to confirm image was pushed to ICR - Add verification step before deployment to ensure image exists - Use docker manifest inspect to verify image availability - Fail fast with clear error messages if image doesn't exist This will catch the '404 Not Found' error before deployment attempts, making it clear when build/push steps fail silently. Fixes: Image not found in ICR causing deployment failures
Versioning Strategy: - Detect git tags (v*.*.*) and tag images with semantic versions - Always tag with commit SHA (immutable, traceable) - Tag with semantic version when releasing (v1.0.0, etc.) - Tag with 'latest' for convenience (not for production) Image Cleanup: - Add cleanup job to remove old images from registry - Keeps last N images (configurable via IMAGE_RETENTION_COUNT, default: 30) - Only removes commit SHA tags, preserves version tags and 'latest' - Runs on scheduled builds and manual workflow dispatch - Prevents registry bloat from daily builds Workflow Triggers: - Added support for git tags (v*.*.*) to trigger releases - Added release event trigger for GitHub releases This addresses: 1. Versioning: Images tagged with v1.0.0 when releasing version 1.0 2. Space management: Old images automatically cleaned up to prevent registry bloat
Versioning Strategy: - Read PROJECT_VERSION from .env (if exists) -> Makefile -> GitHub Actions - Priority order: 1. Git tag (v1.0.0) - highest priority 2. GitHub variable PROJECT_VERSION 3. Makefile PROJECT_VERSION ?= 1.0.0 4. pyproject.toml version = "1.0.0" 5. Commit SHA (fallback) Changes: - Add step to extract PROJECT_VERSION from Makefile in build jobs - Use extracted version for Docker image tagging - Add PROJECT_VERSION to env.example with documentation - Maintain backward compatibility with existing workflows Benefits: - Single source of truth: .env -> Makefile -> Workflow - Consistent versioning across local dev and CI/CD - Easy to update: change .env, everything picks it up - Supports git tags for releases (overrides PROJECT_VERSION)
β¦vior) Changes: - Update version extraction to check .env file first (before Makefile default) - This matches how Makefile works: .env overrides Makefile default - If .env has PROJECT_VERSION=0.8.0, workflow will use 0.8.0 - Maintains same priority order as Makefile: .env -> Makefile default Priority order: 1. Git tag (v1.0.0) 2. GitHub variable PROJECT_VERSION 3. .env file (PROJECT_VERSION=0.8.0) <- NEW: checked first 4. Makefile default (PROJECT_VERSION ?= 1.0.0) 5. pyproject.toml 6. Commit SHA (fallback) This ensures .env file is the source of truth, just like in local development.
- Both build jobs now check .env file first (before Makefile default) - Matches Makefile behavior: .env overrides Makefile default - If .env has PROJECT_VERSION=0.8.0, both backend and frontend will use 0.8.0 - Ensures consistent versioning across all image builds
New Documentation: - docs/deployment/ci-cd-workflow.md: Complete guide covering: * Versioning strategy (.env β Makefile β GitHub Actions) * Docker image tagging (commit SHA, version, latest) * Image cleanup and retention policies * Workflow jobs and their purposes * Best practices and troubleshooting Updates: - docs/deployment/index.md: Added CI/CD Workflow section - mkdocs.yml: Added CI/CD Workflow to navigation This documents all the improvements made in this PR: - Unified versioning from .env/Makefile - Semantic versioning support - Image tagging strategy - Automatic image cleanup - Idempotent deployments - Security scanning - Health validation
New Documentation: - docs/development/versioning.md: Comprehensive versioning guide covering: * Version flow (.env β Makefile β GitHub Actions) * Setting version (3 methods) * Version priority order (6 levels) * Semantic versioning (SemVer) * Docker image tagging strategy * Release process step-by-step * Best practices and troubleshooting Updates: - docs/development/index.md: Added Versioning Strategy to TOC - mkdocs.yml: Added Versioning Strategy to navigation This provides a focused guide on versioning that complements: - CI/CD workflow documentation (deployment focus) - This guide (development focus) Both documents reference each other for cross-linking.
Problem: - Smoke-test was waiting indefinitely for apps that were in failed state - No detection of failed conditions (RevisionFailed, ContainerMissing, etc.) - No helpful error messages when apps fail to deploy Solution: - Add check_app_status() function that: * Detects ready revisions * Detects failed conditions (RevisionFailed, ContainerMissing, ContainerUnhealthy) * Checks revision status for detailed error messages * Returns appropriate status codes Improvements: - Fail fast when app is in failed state (don't wait 5 minutes) - Show detailed error messages from app/revision conditions - Display debugging information (app status, revision details) - Better error reporting for troubleshooting This will catch issues like: - Image not found (404 errors) - Container startup failures - Configuration errors - Resource limit issues
- Add status check before waiting to detect failed states early - Provides warning if apps are in failed state before waiting - Helps identify issues like missing images before timeout
Improvements: - Verify update actually succeeded (check exit code) - Show error output if update fails - Display new revision name after deployment - Show revision status (Ready/NotReady with reason/message) - Helps identify if deployment created new revision correctly - Provides early feedback on deployment issues This will help catch: - Silent update failures - Revision creation issues - Image pull problems - Configuration errors
- Same fallback logic as backend - Try commit SHA, then version tag, then latest - Prevents deployment failures when specific commit image missing
Problem: - deploy-backend and deploy-frontend were trying to select projects that are soft-deleted, causing failures - They weren't using the project name from deploy-infrastructure which handles soft-deleted projects Solution: - Add deploy-infrastructure as dependency for both jobs - Use project name from deploy-infrastructure outputs - Check for soft-deleted state BEFORE trying to select project - Create new project with timestamp if soft-deleted - Same logic as deploy-infrastructure job This ensures: - All jobs use the same project (or new one if soft-deleted) - No failures when project is soft-deleted - Consistent project handling across all deploy jobs
Problem: - Both deploy-backend and deploy-frontend were trying to select projects before checking if they're soft-deleted - This caused failures when project is soft-deleted Solution: - Check project status BEFORE trying to select - If soft-deleted, create new project with timestamp - If exists, select it - If doesn't exist, create it - Same logic as deploy-infrastructure job This ensures projects are handled correctly regardless of state
Problem: - ibmcloud ce app update command requires --name flag explicitly - Using positional argument '' caused 'Required option name is not set' error Solution: - Change from: ibmcloud ce app update "$APP_NAME" ... - Change to: ibmcloud ce app update --name "$APP_NAME" ... This fixes the frontend deployment failure and ensures backend deployment uses the same correct syntax.
- Same fix as frontend: use --name flag explicitly - Ensures both backend and frontend use correct syntax
Backend Fix: - Add email-validator>=2.1.0 to dependencies - Fixes PackageNotFoundError: No package metadata was found for email-validator - Pydantic[email] extra should include it but explicit dependency ensures it's installed Frontend Fix: - Change nginx config to use BACKEND_URL environment variable instead of hardcoded 'backend:8000' - Use nginx template substitution (envsubst) for runtime configuration - Copy default.conf to /etc/nginx/templates/default.conf.template - nginx:alpine automatically processes templates and substitutes env vars Workflow Fix: - Get backend URL from Code Engine if REACT_APP_API_URL not set - Pass BACKEND_URL environment variable to frontend app - Ensures nginx can proxy to correct backend URL in Code Engine This fixes: - Backend startup failure due to missing email-validator - Frontend nginx error: host not found in upstream 'backend' - Frontend can now proxy API requests to backend in Code Engine
- Fix nginx config: use ${BACKEND_URL} directly (not concatenated)
- Get backend URL from Code Engine if REACT_APP_API_URL not set
- Set BACKEND_URL env var for nginx template substitution
- Ensures frontend can proxy to backend in Code Engine environment
- Get backend URL from Code Engine if REACT_APP_API_URL not set - Set BACKEND_URL environment variable for nginx template substitution - Ensures frontend can proxy to backend in Code Engine environment - Falls back to localhost:8000 if backend URL cannot be determined
- Add BACKEND_URL to app update command - Use BACKEND_URL variable (not REACT_APP_API_URL) for consistency - Ensures nginx template gets the correct backend URL
- Frontend nginx listens on port 8080 (not 3000) - Code Engine needs correct port for health checks - Matches Dockerfile EXPOSE 8080
- Added email-validator>=2.1.0 to fix backend startup error - Updated poetry.lock to reflect dependency changes - Fixes build error: pyproject.toml changed significantly since poetry.lock was last generated
- Use --name flag for app update/get commands - Fix frontend port to 8080 (not 3000) - Get backend URL dynamically for frontend nginx config - Set BACKEND_URL environment variable for nginx - Handle soft-deleted projects correctly (check before select) - Matches deploy_complete_app.yml workflow logic
- Set environment variables (CUDA_VISIBLE_DEVICES, FORCE_CPU) to force CPU-only mode - Install transformers and sentence-transformers BEFORE docling with CPU-only PyTorch index - Add verification step to detect any CUDA/NVIDIA libraries after installation - Prevents docling dependencies from pulling CUDA versions - Reduces image size by ~6GB
- Set CUDA_VISIBLE_DEVICES, FORCE_CPU, TORCH_CUDA_ARCH_LIST at build time - Prevents packages from detecting CUDA and installing CUDA dependencies - Ensures environment variables are available throughout the build process
**Backend Fix (Dockerfile.backend:50)**: - Fixed dependency extraction to handle pydantic[email] syntax - Prevents email-validator import error at runtime - Preserves square brackets in extras dependencies **Frontend Fix (deploy_complete_app.yml:908-909)**: - Add deploy-backend to frontend deployment dependencies - Ensures backend is ready before frontend deploys - Fixes BACKEND_URL resolution in nginx template **Root Cause**: - Backend: Custom pip install was mangling pydantic[email] syntax - Frontend: Deploying before backend was ready, causing invalid BACKEND_URL **Testing**: Both fixes needed for successful Code Engine deployment
- Workflow was using Dockerfile.codeengine which has poetry install - poetry install pulls CUDA PyTorch from poetry.lock (~6-8GB) - backend/Dockerfile.backend has custom pip install for CPU-only PyTorch - Also has email-validator fix for pydantic[email] syntax This should resolve both CUDA libraries and email-validator issues.
- Change default region from us-south to ca-tor (uses ca.icr.io) - Add default value for SKIP_AUTH (false) to prevent Pydantic validation errors - Use backend/Dockerfile.backend instead of Dockerfile.codeengine for CPU-only PyTorch - All deployments now use ca.icr.io (Toronto region) instead of us.icr.io Fixes: - CUDA libraries removed (CPU-only PyTorch) - email-validator properly installed - SKIP_AUTH validation error resolved - Region configured for Toronto (ca-tor) π€ Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Reverted IBM_CLOUD_REGION default back to us-south - User can set IBM_CLOUD_REGION variable to 'ca-tor' to use ca.icr.io - Kept SKIP_AUTH default='false' fix - Kept Dockerfile.backend fix for CPU-only PyTorch The workflow already properly maps ca-tor β ca to use ca.icr.io. To use ca.icr.io: Set GitHub variable IBM_CLOUD_REGION='ca-tor' π€ Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Owner
Author
Deployment Fixes SummaryThis PR includes critical fixes for IBM Cloud Code Engine deployment issues encountered over the past 2 days (~50+ failed deployments). Issues Fixed1. Backend Docker Image - CUDA Libraries Bloat β
2. Missing email-validator Package β
3. SKIP_AUTH Pydantic Validation Error β
4. Region Configuration β
Files Changed
Testing InstructionsBefore merging, please test the deployment workflow: # Option 1: Via GitHub UI
# Go to Actions β Deploy Complete RAG Modulo Application β Run workflow
# - Branch: fix/ca-tor-icr-region
# - Environment: staging
# Option 2: Via CLI
gh workflow run deploy_complete_app.yml \
--ref fix/ca-tor-icr-region \
-f environment=stagingExpected Results:
Related Issues
Ready to test! The workflow is configured and all fixes are in place. Once deployment succeeds, this PR can be merged. |
Problem: Backend crashes with ModuleNotFoundError: AutoModelForImageTextToText Solution: Changed transformers (>=4.46.0) to transformers[vision] (>=4.46.0) to include vision-text model dependencies required by Docling's CodeFormulaModel
Docker cleanup was removing ALL 'tests' directories including numpy._core.tests, which is a required module (not test code) used by numpy.testing. This caused cascading import failures: - numpy.testing imports numpy._core.tests._natype - scipy imports numpy - sklearn imports scipy - transformers imports sklearn - Result: ModuleNotFoundError for AutoModelForImageTextToText Fix: Exclude numpy from tests cleanup using find -path exclusion. Tested locally with ARM64 build - AutoModelForImageTextToText imports successfully.
Owner
Author
π Deployment Fixes Update (Latest Commits)This PR now includes critical fixes for IBM Cloud Code Engine deployment issues encountered over the past 2 days (~50+ failed deployments). Issues Fixed1. Backend Docker Image - CUDA Libraries Bloat β
2. SKIP_AUTH Pydantic Validation Error β
3. Missing transformers[vision] Dependency β
4. numpy._core.tests Cleanup Issue β (NEW - commit 0d69731)
5. Region Configuration β
Expected ResultsAfter these fixes, deployment should:
Testing Status
Files Modified
Ready for deployment testing! All critical fixes are now in place. π |
This commit forces a new GitHub Actions workflow run to build Docker images with the fixed Dockerfile that correctly handles transformers[vision] extras. Previous deployment (run #166) used commit 14633ba which had: - β transformers[vision] in pyproject.toml - β OLD Dockerfile dependency extraction (before commit 9a1c8cb fix) Current deployment will use commit 0d69731 which has: - β transformers[vision] in pyproject.toml - β FIXED Dockerfile dependency extraction (preserves extras syntax) Root cause: AutoModelForImageTextToText import failure due to incomplete transformers[vision] installation from broken dependency extraction.
manavgup
force-pushed
the
fix/ca-tor-icr-region
branch
from
6714f6a to
0732ed7
Compare
manavgup
added a commit
that referenced
this pull request
Nov 17, 2025
β¦tion errors
This PR fixes Pydantic validation errors that were occurring when the SKIP_AUTH secret was empty.
## Problem
When SKIP_AUTH secret is not set or empty, the backend receives an empty string '', causing:
```
Input should be a valid boolean, unable to interpret input
[type=bool_parsing, input_value='', input_type=str]
```
This was causing backend deployments to fail during the Code Engine application startup.
## Solution
Added default value 'false' to SKIP_AUTH environment variable:
**Before**:
```yaml
SKIP_AUTH: ${{ secrets.SKIP_AUTH }}
```
**After**:
```yaml
SKIP_AUTH: ${{ secrets.SKIP_AUTH || 'false' }}
```
Now when the secret is empty, the backend receives 'false' instead of '', which Pydantic can parse as a boolean.
## Testing
This fix will be validated in the next deployment workflow run. Expected behavior:
- If SKIP_AUTH secret is set: uses that value
- If SKIP_AUTH secret is empty/unset: defaults to 'false'
- Backend starts successfully without Pydantic validation errors
## Related
- Part of deployment fixes series (breaking down PR #641)
- Related to PR #642 (backend Docker fixes)
π€ Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
7 tasks
manavgup
added a commit
that referenced
this pull request
Nov 17, 2025
β¦odeengine This PR updates the GitHub Actions workflow to use the correct backend Dockerfile. ## Problem The workflow was using `Dockerfile.codeengine` which: - Used `poetry install` that pulled CUDA PyTorch from poetry.lock (6-8GB NVIDIA libs) - Caused massive Docker image bloat - Led to deployment failures ## Solution Changed the workflow to use `backend/Dockerfile.backend` which: - Parses `pyproject.toml` directly with pip - Uses CPU-only PyTorch index `--extra-index-url https://download.pytorch.org/whl/cpu` - Significantly reduces image size - Works with the fixes from PR #642 (transformers[vision] + numpy cleanup) **Before**: ```yaml file: ./Dockerfile.codeengine ``` **After**: ```yaml file: ./backend/Dockerfile.backend ``` ## Changes - `.github/workflows/deploy_complete_app.yml` (line 215): Updated Dockerfile path ## Testing This fix will be validated in the CI pipeline. Expected behavior: β **Builds use correct Dockerfile**: backend/Dockerfile.backend β **CPU-only PyTorch**: No CUDA libraries in image β **Smaller image size**: ~500MB vs 6-8GB β **Successful deployment**: No import errors ## Type of Change - [x] Bug fix (non-breaking change which fixes an issue) - [x] Deployment fix ## Related PRs This is part of the focused PR strategy to replace PR #641: - **PR #642**: Backend Docker fixes (transformers[vision] + numpy cleanup) - **PR #643**: SKIP_AUTH default value fix - **PR #644** (this PR): Workflow Dockerfile path fix ## Checklist - [x] Code follows the style guidelines of this project - [x] Change is focused and addresses a single issue - [x] Commit message follows conventional commits format - [x] No breaking changes introduced - [x] CI workflows will validate the change --- π€ Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
7 tasks
manavgup
added a commit
that referenced
this pull request
Nov 17, 2025
This commit adds a complete deployment solution for IBM Cloud Code Engine, leveraging the working Makefile targets and existing build scripts. **New Scripts:** 1. cleanup-code-engine.sh - Interactive cleanup of Code Engine resources - Delete projects, apps, or list resources - Safe with confirmation prompts 2. deploy-to-code-engine.sh - Deploy pre-built images to Code Engine - Idempotent (create or update) - Handles soft-deleted projects - Verifies images before deployment - Runs smoke tests 3. deploy-end-to-end.sh - Complete pipeline: Build β Test β Push β Deploy - Optional local testing (--skip-test to skip) - Comprehensive smoke tests - ~10 minutes total (vs 50+ in PR #641) 4. code-engine-logs.sh - View logs from both backend and frontend - Configurable tail count **Makefile Targets:** - make ce-cleanup # Clean up Code Engine resources - make ce-push # Push to IBM Container Registry - make ce-deploy # Deploy to Code Engine - make ce-deploy-full # Full pipeline with testing - make ce-deploy-quick # Quick deploy (skip local test) - make ce-logs # View Code Engine logs - make ce-status # Show app status **Documentation:** - scripts/README-CODE-ENGINE.md: Complete deployment guide * Prerequisites and setup * Quick start (5 minutes) * Step-by-step instructions * Troubleshooting guide * Comparison with PR #641 approach **Key Benefits:** β Build and test locally before deployment β Use proven Dockerfiles (from PR #644) β Simple, reliable deployment (2 failure points vs 8) β Fast iteration (10 min vs 50 min) β Easy debugging (can reproduce locally) **Migration from PR #641:** This replaces the complex GitHub Actions workflow with: 1. Local build/test using make targets 2. Simple push to ICR 3. Direct deployment to Code Engine Total time: ~1.5 hours to deploy vs weeks debugging PR #641 Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
π§ Fixes GitHub Actions Deployment Workflow
This PR fixes multiple issues in the deployment workflow that were causing failures:
Issues Fixed
Security Scan Failures β β β
hashFiles()to check if file existsexit-codefrom"1"to"0"for vulnerability reporting (doesn't block deployment, but still filters by severity)Disk Space Issues β β β
BUILDKIT_INLINE_CACHE=1if: always())Deployment Error Handling β β β
deploy-backendwas failing silently without clear error messagesset -eto exit on errorsPROJECT_NAMEto environment variables (was missing)deploy-frontendChanges Made
Testing
The workflow can be tested by:
Related Issues
Fixes the deployment failures seen in:
Checklist