From 1974d8fee94eeccbd6f8376160801f169e2fc637 Mon Sep 17 00:00:00 2001 From: Eddie Mattia Date: Mon, 13 Apr 2026 12:23:58 -0700 Subject: [PATCH 1/3] close on PR correctly --- .github/workflows/deploy.yml | 47 +++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 0720e0e..46721ac 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -2,8 +2,10 @@ name: Deploy Project on: push: pull_request: - types: [closed] + types: [opened, synchronize, reopened, closed] branches: [main] + delete: + branches-ignore: [main] permissions: id-token: write @@ -11,10 +13,13 @@ permissions: jobs: deploy: + if: github.event_name != 'delete' && !(github.event_name == 'pull_request' && github.event.action == 'closed') + name: Deploy Project runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: + ref: ${{ github.event.pull_request.head.sha || github.sha }} fetch-depth: 0 - name: Set up Python @@ -38,3 +43,43 @@ jobs: - name: Deploy Project run: obproject-deploy + env: + PYTHONUNBUFFERED: "1" + + teardown: + if: > + (github.event_name == 'delete') || + (github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true) + name: Teardown Branch + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.12" + + - name: Install dependencies + run: pip install outerbounds ob-project-utils pyyaml + + - name: Configure Outerbounds + run: | + PROJECT_NAME=$(yq .project obproject.toml) + PLATFORM=$(yq .platform obproject.toml) + CICD_USER="${PROJECT_NAME//_/-}-cicd" + outerbounds service-principal-configure \ + --name $CICD_USER \ + --deployment-domain $PLATFORM \ + --perimeter default \ + --github-actions + + - name: Teardown branch resources + run: | + BRANCH=${{ github.head_ref || github.event.ref }} + PROJECT=$(yq .project obproject.toml) + echo "Tearing down $PROJECT/$BRANCH" + outerbounds flowproject teardown-branch \ + --id "$PROJECT/$BRANCH" --yes -o json From 75dc4c9c6a1eb3dec77ba1c1cf58b3eb0ad9ab75 Mon Sep 17 00:00:00 2001 From: Eddie Mattia Date: Mon, 13 Apr 2026 12:31:50 -0700 Subject: [PATCH 2/3] fix detached HEAD branch resolution in CI --- .github/workflows/deploy.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 46721ac..6daaa97 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -7,6 +7,10 @@ on: delete: branches-ignore: [main] +env: + GH_HEAD_REF: ${{ github.head_ref }} + GH_REF: ${{ github.ref_name }} + permissions: id-token: write contents: read @@ -19,7 +23,7 @@ jobs: steps: - uses: actions/checkout@v4 with: - ref: ${{ github.event.pull_request.head.sha || github.sha }} + ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - name: Set up Python From 7eae4630dfcb8a177db51d0d6be65b41a5564ce5 Mon Sep 17 00:00:00 2001 From: Eddie Mattia Date: Mon, 13 Apr 2026 12:36:16 -0700 Subject: [PATCH 3/3] only PR event is close --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 6daaa97..c7d1178 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -2,7 +2,7 @@ name: Deploy Project on: push: pull_request: - types: [opened, synchronize, reopened, closed] + types: [closed] branches: [main] delete: branches-ignore: [main]