Add deploy workflow#12250
Conversation
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF Scorecard
Scanned Files
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #12250 +/- ##
==========================================
+ Coverage 52.87% 52.98% +0.10%
==========================================
Files 751 754 +3
Lines 48353 48686 +333
==========================================
+ Hits 25566 25795 +229
- Misses 20387 20467 +80
- Partials 2400 2424 +24 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Signed-off-by: sk593 <[email protected]>
Signed-off-by: sk593 <[email protected]>
Signed-off-by: Shruthi Kumar <[email protected]>
Signed-off-by: sk593 <[email protected]>
7edf7a1 to
1974957
Compare
Review: PR #12250 — Add deploy workflowReviewer: @sylvainsf · Against: Repo Radius feature spec (#12078, Investments 3 & 4) and issue #12118 SummaryStrong real-world deploy workflow — the recipe-pack/environment model, the What’s good (keep as-is)
Blocking1. Hardcoded personal recipe ref
Pinned to a personal in-flight branch — it will break once that branch Spec gaps (Investment 3 contract)2. Dispatch contract:
|
…12264) # Description Adds onto #12250 the two items the Repo Radius feature spec requires for Investment 3 that aren't in the deploy workflow yet: the **`radius_commands` dispatch contract** and a **technical design note**. Targets the `add-deploy-workflow` branch so it folds into #12250. ## What this adds ### `radius_commands` dispatch input (additive — `image` unchanged) The feature spec (Step 3, Investment 3) defines the workflow's dispatch contract as `environment` + `radius_commands`: a single `rad` command string, or a JSON array of command strings run in order (the `rad` prefix omitted), so a frontend can drive arbitrary `rad` commands — not only a single deploy. This adds `radius_commands` as an **optional** input alongside the existing `image`: - When `radius_commands` is set, the workflow runs each command in order, stops on the first failure, and uploads each command's output as the `radius-output` artifact for incremental frontend polling (spec Step 5). - When it's empty, the workflow runs its existing default `rad deploy` of `.radius/app.bicep` with the `image`/`password` parameters — **current behavior is unchanged**. This keeps the convenient single-deploy path while making the documented multi-command contract available to frontends (Copilot app, CLI, etc.). ### Technical design note `eng/design-notes/environments/2026-06-repo-radius-deploy-workflow.md` — the design doc Nicole requires for this feature. It documents Investments 3 & 4: the dispatch contract, the `RADIUS_TARGET_KUBECONFIG` seam, the UCP-credential + projected-OIDC- token model (AWS IRSA / Azure WI), state persistence, and the recipe-pack / image-build flow as implemented in #12250. ## Notes - Co-authored design note (sk593 + sylvainsf) reflecting the #12250 implementation, not the earlier prototype. - The `radius-output` artifact uses the same SHA-pinned `upload-artifact` already in the workflow. ## Type of change - This pull request adds or changes features of Radius and has an approved issue (issue link required). Related: #12118 Builds on: #12250 ## Contributor checklist - An overview of proposed schema changes is included in a linked GitHub issue. - [ ] Yes - [x] Not applicable - A design document is added or updated under `eng/design-notes/` in this repository, if new APIs are being introduced. - [x] Yes - [ ] Not applicable - The design document has been reviewed and approved by Radius maintainers/approvers. - [ ] Yes - [x] Not applicable - A PR for [resource-types-contrib](https://github.com/radius-project/resource-types-contrib/) is created, if resource types or recipes are affected by the changes in this PR. - [ ] Yes - [x] Not applicable - A PR for [dashboard](https://github.com/radius-project/dashboard/) is created, if the Radius Dashboard is affected by the changes in this PR. - [ ] Yes - [x] Not applicable - A PR for the [documentation repository](https://github.com/radius-project/docs) is created, if the changes in this PR affect the documentation or any user facing updates are made. - [ ] Yes - [x] Not applicable --------- Signed-off-by: Sylvain Niles <[email protected]>
Radius functional test overviewClick here to see the test run details
Test Status⌛ Building Radius and pushing container images for functional tests... |
Description
Adds the Repo Radius deploy workflow — an auto-generated GitHub Actions workflow that deploys a Radius application against a user's existing AKS/EKS cluster, plus its contract documentation and the
radius-deployskill that drives it.The workflow stands up an ephemeral k3d Radius control plane on the runner, points it at the user's external target cluster via the chart's
targetClusterseam, restores persisted state, runsrad deployon.radius/app.bicep, then persists state again and tears the ephemeral cluster down.How the workflow works
azure/loginand/oraws-actions/configure-aws-credentials; no long-lived cloud secrets are stored.RADIUS_TARGET_KUBECONFIG(EKS uses a static bearer-token kubeconfig).radCLI (edge), and Terraform, then installs Radius with--set global.targetCluster.enabled=true,--set database.enabled=true(durable state), and--set dynamicrp.buildkit.enabled=true(in-pod image builds).rad credential register.rad startup) — restores the control-plane PostgreSQL databases and Terraform recipe-state Secrets from theradius-stategit orphan branch (no-op on first run).resource-types-contrib, registersRadius.Compute/containerImages, and creates the environment with a provider-specific Terraform recipe pack.rad deploy .radius/app.bicepwith theimageparameter (defaults to the commit SHA) and the optionalpasswordparameter fromRADIUS_DB_PASSWORD.rad shutdown,if: always()) — backs the databases and Terraform state up to theradius-statebranch even on failure.radius-cpcluster; on failure, logs are uploaded as theradius-logsartifact.Type of change
Fixes: #12118
Contributor checklist
Please verify that the PR meets the following requirements, where applicable:
eng/design-notes/in this repository, if new APIs are being introduced.