ci(cdn): add workflow_dispatch trigger and PR dry-run for widget upload#45
Merged
Conversation
Two pieces of validation tooling for the CDN publish pipeline: 1. workflow_dispatch on npm-publish.yml so the publish-cdn-widget job can be fired manually for ad-hoc validation. On dispatch the widget version is read from packages/widget/package.json (so re-upload of the current published version is the default behaviour). On release-please push the version still comes from the release-please output as before. 2. New cdn-dryrun.yml workflow that runs on PRs touching the widget, sdk, or either of the publish workflows. Authenticates via OIDC to the read-only github-actions-cdn-reader role, lists what is currently at s3://$BUCKET/widgets/, and performs aws s3 sync --dryrun against both the versioned and latest paths. No writes. Catches broken builds, missing dist artifacts, role mis-assumptions, and bucket-path drift before they hit a release. Both wired against the existing org-level secrets: CDN_AWS_ROLE_DEPLOYER (writes), CDN_AWS_ROLE_READER (reads), CDN_AWS_REGION, CDN_S3_BUCKET, CDN_CLOUDFRONT_DISTRIBUTION_ID.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two pieces of validation tooling for the CDN publish pipeline added in #44:
workflow_dispatchonnpm-publish.ymlsopublish-cdn-widgetcan be fired manually for ad-hoc validation without waiting for a release.cdn-dryrun.ymlworkflow that runs on PRs touching widget/sdk/publish workflows. Uses the read-onlyCDN_AWS_ROLE_READERto list bucket state andaws s3 sync --dryrunagainst both versioned and latest paths. No writes.Why
Validating the CDN pipeline shouldn't require cutting a real release. After this lands:
npm Publishmanually from the Actions UI (orgh workflow run npm-publish.yml --repo deepgram/agent). It re-uploads the currentpackages/widget/package.jsonversion +latest/, and invalidates/widgets/latest/*.Dispatch behaviour
On
workflow_dispatch:release-pleaseruns but produces no release (no commits to release).publish-sdk/publish-widgetskip (gated on*--release_created).publish-cdn-widgetruns because the `if:` now also accepts `github.event_name == 'workflow_dispatch'`.Dry-run behaviour
PRs that touch `packages/widget/`, `packages/sdk/`, `.github/workflows/cdn-dryrun.yml`, or `.github/workflows/npm-publish.yml` get a `dryrun-widget` job that:
No `--delete` on the dryrun (the live job keeps it). No CloudFront invalidation either (read-only role can't invalidate, and there's no actual upload to invalidate for).
Risk
Both changes are additive. Existing release flow is untouched aside from the new `if:` that adds the dispatch path; the original release-created path still works exactly as it did.
Follow-up
A matching change for ui in deepgram/ui#TBD lands the same shape for the registry upload.