Skip to content

feat(cpflow): add ordered renderer workload#777

Merged
justin808 merged 5 commits into
masterfrom
agent/renderer-workload
Jul 13, 2026
Merged

feat(cpflow): add ordered renderer workload#777
justin808 merged 5 commits into
masterfrom
agent/renderer-workload

Conversation

@justin808

@justin808 justin808 commented Jul 11, 2026

Copy link
Copy Markdown
Member

Summary

Control Plane can now roll the React on Rails Pro renderer as a separate workload before Rails. The renderer uses the same app image, runs the rolling-deploy boot seed before yarn node-renderer, and Rails reaches it through same-GVC service DNS.

The bundled cpflow gem and generated cpflow workflows are pinned to v5.2.0, the release that supports ordered deploy groups and per-workload deploy-image -w/--workload deploys.

Upstream prerequisites

Review follow-ups addressed

  • Added set -e so unexpected boot-seed failures block renderer readiness instead of falling through to yarn node-renderer.
  • Added RENDERER_SERVER_BUNDLE_CACHE_PATH=/app/renderer/.node-renderer-bundles and made renderer/node-renderer.js consume it, so the Ruby boot seed and Node renderer use the same cache directory in copy mode.
  • Kept node-renderer on protocol: http2 after checking react-on-rails-pro-node-renderer@17.0.0-rc.9; its worker starts Fastify with cleartext HTTP/2 and listens with { port, host }.
  • Kept the renderer at the minimum starting baseline (50m, 512Mi, one worker) for tutorial cost control, documented that choice, and expanded the startup probe window to 120 seconds for Rails boot plus previous-bundle fetches.
  • Normalized blank ROLLING_DEPLOY_PREVIOUS_URLS with .presence.
  • Added an initializer spec that exercises the rolling-deploy HTTP adapter branch when ROLLING_DEPLOY_TOKEN is present.
  • Updated stale topology docs, including the Dockerfile/workload args distinction and Terraform comparison snippets.

Validation

  • bin/conductor-exec bundle exec cpflow version5.2.0
  • bin/conductor-exec bin/test-cpflow-github-flow bundle exec cpflow
  • bin/conductor-exec ruby -S cpflow doctor
  • bin/conductor-exec bundle exec cpflow config -a react-webpack-rails-tutorial-staging
  • bin/conductor-exec bundle exec cpflow config -a react-webpack-rails-tutorial-production
  • bin/conductor-exec bundle exec cpflow config -a qa-react-webpack-rails-tutorial-1
  • bin/conductor-exec ruby -c config/initializers/react_on_rails_pro.rb
  • bin/conductor-exec node -c renderer/node-renderer.js
  • bin/conductor-exec bundle exec rspec spec/initializers/react_on_rails_pro_spec.rb
  • bin/conductor-exec bundle exec rubocop
  • Custom topology assertion for setup_app_templates, app_workloads, deploy_order, renderer boot-seed ordering, renderer http2, startup probe window, shared renderer cache path, same-GVC RENDERER_URL, RENDERER_HOST, and rolling-deploy env wiring.
  • npm tarball inspection for react-on-rails-pro-node-renderer@17.0.0-rc.9 confirming RENDERER_HOST/host config and h2c listener behavior.

Local note: a full bin/conductor-exec bundle exec rspec run was not green in this checkout because generated SSR assets were absent (ssr-generated/server-bundle.js). The targeted initializer spec above passed; hosted RSpec remains the authoritative full-suite gate for this PR head.

Docs follow-up

No separate reactonrails.com PR appears necessary for the upstream prerequisite: https://reactonrails.com/docs/pro/rolling-deploy-adapters/#deploy-the-renderer-before-rails already documents boot seeding and renderer-before-Rails ordering.

Post-Deploy Monitoring & Validation

Validation window: first review-app deploy after merge, then the next staging deploy and production promotion. Owner: deployment operator running the workflow.

Healthy signals:

  • cpflow deploy-image output shows node-renderer deploy/wait completing before rails.
  • cpflow ps -a <app> shows node-renderer and rails ready/latest-ready.
  • cpflow logs -a <app> -w node-renderer shows react_on_rails_pro:pre_seed_renderer_cache completing before renderer startup.
  • Rails SSR requests continue succeeding without renderer 410 spikes during rollout.

Failure signals:

  • node-renderer startup/readiness probe fails or never reaches ready.
  • Boot seed errors on token/auth or cannot reach /react_on_rails_pro/rolling_deploy.
  • Rails logs show renderer connection failures to node-renderer.<app>.cpln.local:3800.
  • Production promotion rollback triggers or health check fails after Rails rollout.

Rollback/mitigation:

  • Revert this PR or remove node-renderer from app_workloads/deploy_order and restore RENDERER_URL=http://localhost:3800 if separate-workload rollout fails.
  • For token/auth failures, populate ROLLING_DEPLOY_TOKEN in the app secret dictionary with the same value visible to Rails and renderer, then redeploy.

Compound Engineering
Codex

Summary by CodeRabbit

  • New Features

    • Added a dedicated renderer workload with cache warmup, health checks, and coordinated deployment ordering.
    • Enabled rolling deployments using configurable renderer URLs, previous URLs, and deployment tokens.
    • Improved renderer configuration for custom host and bundle-cache settings.
  • Documentation

    • Updated deployment, setup, troubleshooting, and CI guidance for the renderer workload and rolling deployments.
    • Clarified startup behavior, HTTP/2 requirements, secrets, and production configuration.
  • Maintenance

    • Updated Control Plane Flow automation and tooling references to version 5.2.0.

@github-actions

Copy link
Copy Markdown

🚀 Quick Review App Commands

Welcome! Here are the commands you can use in this PR:
They require the repository to have cpflow review apps configured, including the CPLN_TOKEN_STAGING secret.

+review-app-deploy

Deploy your PR branch for testing.

+review-app-delete

Remove the review app when done.

+review-app-help

Show detailed instructions, environment setup, and configuration options.

Comment +review-app-help for full setup details.

@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown

Review Change Stack

Walkthrough

The deployment configuration now separates the React on Rails Pro renderer into its own workload, adds rolling-deploy environment and secret handling, updates Rails startup configuration, pins CPFlow integrations to v5.2.0, and revises related deployment documentation.

Changes

Control Plane renderer rollout

Layer / File(s) Summary
Separate renderer workload
.controlplane/controlplane.yml, .controlplane/templates/*
Adds the node-renderer workload, deploy ordering, renderer DNS configuration, Rails startup arguments, and renderer probes/resources.
Rolling-deploy runtime configuration
config/initializers/react_on_rails_pro.rb, renderer/node-renderer.js, .controlplane/templates/org.yml, .controlplane/docs/cpflow-vs-terraform.md, spec/initializers/*
Configures rolling-deploy credentials and previous URLs, supports renderer host/cache overrides, adds the rolling-deploy secret template, updates Terraform examples, and tests initializer behavior.
CPFlow 5.2.0 integration
Gemfile, .github/workflows/cpflow-*.yml, .github/cpflow-help.md, .controlplane/docs/*, .controlplane/shakacode-team.md
Updates the cpflow dependency, reusable workflow pins, promotion references, and version-locking guidance to v5.2.0.
Deployment and operations guidance
.controlplane/Dockerfile, .controlplane/readme.md, .controlplane/shakacode-team.md, .github/cpflow-help.md
Documents renderer deployment, workload protocols, fallback startup commands, required secrets, rolling-deploy coordination, and production template application.604

Estimated code review effort: 3 (Moderate) | ~25 minutes

Sequence Diagram(s)

sequenceDiagram
  participant ControlPlane
  participant NodeRenderer
  participant Rails
  ControlPlane->>NodeRenderer: Deploy and warm renderer cache
  NodeRenderer->>NodeRenderer: Start renderer on port 3800
  ControlPlane->>Rails: Deploy after node-renderer
  Rails->>NodeRenderer: Connect through same-GVC DNS
Loading

Possibly related PRs

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: adding an ordered renderer workload in cpflow.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch agent/renderer-workload

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 Trivy (0.69.3)

Trivy execution failed: 2026-07-13T09:40:34Z FATAL Fatal error run error: fs scan error: scan error: scan failed: failed analysis: post analysis error: post analysis error: terraformplan-json scan error: fs filter error: fs filter error: walk error range error: stat doctor.config.json: no such file or directory: range error: stat doctor.config.json: no such file or directory


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Comment thread .controlplane/templates/node-renderer.yml
Comment thread .controlplane/controlplane.yml Outdated
@claude

claude Bot commented Jul 11, 2026

Copy link
Copy Markdown

Review: feat(cpflow): add ordered renderer workload

Overview: this PR splits the React on Rails Pro Node Renderer out into its own node-renderer Control Plane workload, ordered to deploy (and become ready) before rails/daily-task via cpflow 5.2.0's new deploy_order, and wires up rolling-deploy cache seeding (ROLLING_DEPLOY_TOKEN/ROLLING_DEPLOY_PREVIOUS_URLS) so the renderer warms its cache from the still-live previous bundle before Rails rolls. Docs and generated GitHub Actions wrappers are repinned from v5.1.1 to v5.2.0 accordingly.

Overall this is a well-scoped, well-documented infra change (nice touch keeping the Dockerfile's combined-process CMD as a local/single-container fallback while workload templates override args for Control Plane). I left 4 comments inline where possible; two doc findings below couldn't be attached inline because they're on lines outside this PR's diff hunks.

Findings

  1. (Correctness — posted inline on .controlplane/templates/node-renderer.yml) The boot-seed script (bundle exec rake react_on_rails_pro:pre_seed_renderer_cache then exec yarn node-renderer) has no set -e/&&, so a failed seed (bad token, unreachable previous-urls endpoint) still falls through to starting the renderer. The tcpSocket probes then report ready and deploy_order proceeds to roll Rails against an unseeded renderer — the exact "410 spikes"/stale-bundle scenario this PR aims to prevent. Suggest bundle exec rake react_on_rails_pro:pre_seed_renderer_cache && exec yarn node-renderer so a failed seed blocks the container from becoming ready.

  2. (Docs gap, not inline — .controlplane/readme.md:130) The production bootstrap command cpflow apply-template app postgres redis daily-task rails ... wasn't updated to include node-renderer. Following this doc literally would leave production without the new renderer workload template.

  3. (Docs gap, not inline — .controlplane/readme.md:136-141) The "required app runtime secrets" list (SECRET_KEY_BASE, RENDERER_PASSWORD, REACT_ON_RAILS_PRO_LICENSE) wasn't updated to include ROLLING_DEPLOY_TOKEN, which app.yml now references unconditionally. Worth adding alongside the openssl rand -hex 32 generation note (matching org.yml).

  4. (Minor/nit — posted inline on .controlplane/controlplane.yml) The qa-react-webpack-rails-tutorial app's setup_app_templates override is now identical to the merged common default, making it redundant and a future drift risk.

Other things I checked, no issues found

  • node-renderer.yml firewall (inboundAllowCIDR: [] + internal.inboundAllowType: same-gvc) correctly restricts the renderer to internal traffic only.
  • Readiness/startup probes correctly gate on the TCP port only opening after exec yarn node-renderer takes over (assuming finding Need to add Capybara Feature tests #1 is fixed) — sequencing is otherwise sound.
  • config/initializers/react_on_rails_pro.rb's conditional rolling-deploy wiring (if ENV["ROLLING_DEPLOY_TOKEN"].present?) is a reasonable opt-in guard.
  • RENDERER_HOST=0.0.0.0 at the app/GVC level correctly propagates via inheritEnv: true to the new renderer workload so it binds externally instead of localhost.

Comment thread .controlplane/templates/node-renderer.yml
@justin808

Copy link
Copy Markdown
Member Author

How do we coordinate the staging and production deploys to the new setup?

Comment thread .controlplane/templates/node-renderer.yml
Comment thread .controlplane/templates/node-renderer.yml
Comment thread config/initializers/react_on_rails_pro.rb
Comment thread .controlplane/Dockerfile
@claude

claude Bot commented Jul 11, 2026

Copy link
Copy Markdown

Review Summary

What this PR does: Splits the React on Rails Pro Node Renderer out of the combined Rails+renderer container into its own node-renderer Control Plane workload, ordered to deploy (and become healthy) before rails/daily-task via cpflow's new deploy_order feature (cpflow v5.2.0). Rails now reaches the renderer over same-GVC DNS instead of localhost, and both sides wire up ROLLING_DEPLOY_TOKEN/ROLLING_DEPLOY_PREVIOUS_URLS so the renderer's boot seed can pull the still-live bundle from the draining revision before a rollout. Generated cpflow GitHub Actions wrappers are repinned v5.1.1v5.2.0, and docs (readme.md, shakacode-team.md, cpflow-help.md) are updated to match.

Overall: This is a well-scoped, carefully documented infra change with a thoughtful rollback/monitoring plan in the PR description. The controlplane.yml DRY-up (moving setup_app_templates into the shared common alias instead of duplicating it on the qa-* app) is a nice cleanup. Config/template changes are internally consistent (secrets, inheritEnv, firewall scoping for the new internal-only renderer workload all line up). Left a few inline notes on things worth double-checking before merge:

  • Protocol mismatch risk (.controlplane/templates/node-renderer.yml): the new workload declares protocol: http2 on port 3800, but rails.yml has an explicit comment warning that this exact setting causes 502s unless the backend genuinely speaks HTTP/2 on that port. Now that Rails reaches the renderer over the network (not localhost in the same container), it's worth confirming react-on-rails-pro-node-renderer actually speaks h2c before this lands, since the PR's validation list is config-lint-only (no live deploy).
  • Stale docs: .controlplane/readme.md's "Dockerfile CMD defines how containers start" / "Procfile is ignored" section and .controlplane/docs/cpflow-vs-terraform.md (still shows RENDERER_URL = "http://localhost:3800" and RENDERER_WORKERS_COUNT = "2") weren't updated and now describe the old single-container topology. Neither is touched by this diff, so easy to miss.
  • Sizing: node-renderer.yml sets cpu: 50m with no rationale comment, paired with dropping RENDERER_WORKERS_COUNT from 21. capacityAI: true should self-correct over time, but worth a short comment (like rails.yml has) so it doesn't read as an oversight, and worth confirming cold-start SSR latency is acceptable.
  • Minor: config/initializers/react_on_rails_pro.rb reads ENV["ROLLING_DEPLOY_PREVIOUS_URLS"] without .presence, unlike the RENDERER_PASSWORD pattern just below it that explicitly guards against a blank (vs. unset) env var — likely harmless but worth a consistency check.

Security: The new node-renderer workload is correctly scoped internal-only (inboundAllowCIDR: [] + internal.inboundAllowType: same-gvc), and ROLLING_DEPLOY_TOKEN follows the same secret-dictionary pattern as RENDERER_PASSWORD. No concerns there.

Tests: No automated test changes — this is Control Plane/infra config, validated manually per the PR description (cpflow doctor, cpflow config, Ruby/JS syntax checks, custom YAML assertions). Given there's no CI gate on the YAML topology itself, the documented manual validation window (first review-app deploy → staging → production) is the right call given the risk profile.

Comment thread renderer/node-renderer.js
Comment thread .controlplane/templates/node-renderer.yml
Comment thread config/initializers/react_on_rails_pro.rb Outdated
@claude

claude Bot commented Jul 12, 2026

Copy link
Copy Markdown

Review Summary

This PR splits the React on Rails Pro Node Renderer out of the combined Rails container into its own Control Plane node-renderer workload, ordered to deploy (and become healthy) before rails/daily-task via deploy_order, and repins the generated cpflow GitHub Actions wrappers from v5.1.1 to v5.2.0. It's almost entirely infrastructure/config + docs, plus a small Rails initializer change and one line in renderer/node-renderer.js.

What looks solid

  • node-renderer.yml's firewallConfig (inboundAllowCIDR: [] + internal.inboundAllowType: same-gvc) matches the existing pattern already used by postgres.yml/redis.yml — no unintended external exposure of the renderer.
  • RENDERER_HOST=0.0.0.0 is set at the GVC level in app.yml and inherited (inheritEnv: true) into the node-renderer container, following the same inheritance pattern already used for RENDERER_PASSWORD, RENDERER_URL, etc.
  • deploy_order: [[node-renderer], [rails, daily-task]] correctly encodes "renderer first, then Rails/cron in parallel," and setup_app_templates was reordered consistently.
  • The ROLLING_DEPLOY_TOKEN/ROLLING_DEPLOY_PREVIOUS_URLS wiring in config/initializers/react_on_rails_pro.rb is conditional on the token being present, so existing apps that haven't populated the new secret yet won't break.
  • Version bump to v5.2.0 is applied consistently across all generated workflow files and docs.

Issues flagged inline

  1. renderer/node-renderer.js (line 32) — The new host: process.env.RENDERER_HOST || 'localhost' is the crux of the whole feature working at all: without binding to 0.0.0.0, Rails (now in a separate container) can't reach the renderer over GVC DNS. The PR's stated validation only ran node -c (a syntax check), which can't confirm the underlying react-on-rails-pro-node-renderer package actually consumes a host config key. Worth a real cross-workload connectivity check (or confirming against the package's config schema) before this goes to production.
  2. .controlplane/templates/node-renderer.yml (startupProbe, lines 32-36) — The boot seed (pre_seed_renderer_cache rake task, which also waits on entrypoint.sh's DB/Redis check) plus yarn node-renderer startup all have to complete within a 60s startup-probe budget. This is the path most likely to be slow on a cold/first deploy — worth padding or measuring in staging before trusting it in production.
  3. config/initializers/react_on_rails_pro.rb (line 18)ROLLING_DEPLOY_PREVIOUS_URLS isn't normalized with .presence the way RENDERER_PASSWORD is a few lines below; minor inconsistency, low risk given the template always sets a non-blank value.

Other observations (not flagged inline)

  • Test coverage: the PR description mentions a "Custom YAML assertion for setup_app_templates, app_workloads, deploy_order, ..." as part of validation, but no spec/test file is part of this diff (28 changed files, all config/docs/one initializer/one JS line). If that YAML assertion was only run locally/ad hoc, future changes to controlplane.yml/templates won't be guarded by CI.
  • PR scope: .agents/** and the AGENTS.md addition (generated agent-workflow scaffolding) are unrelated to the renderer-workload change and could have shipped as a separate PR for a cleaner history — not a blocker, just a cohesion note.
  • RENDERER_WORKERS_COUNT dropping from 2 to 1 alongside a small cpu: 50m allocation for the renderer workload seems like a reasonable tradeoff given capacityAI: true is enabled, but worth keeping an eye on SSR latency under load post-rollout.

Overall this is a well-documented, carefully-scoped infra change with good rollback/monitoring notes already in the PR description. The main open question is functional verification that RENDERER_HOST actually takes effect in the underlying renderer package, since that's the one point where the whole split-workload approach could silently fail despite passing health checks.

Comment thread .controlplane/templates/node-renderer.yml
Comment thread .controlplane/templates/node-renderer.yml
Comment thread config/initializers/react_on_rails_pro.rb
Comment thread .controlplane/templates/app.yml
@claude

claude Bot commented Jul 12, 2026

Copy link
Copy Markdown

Review Summary

What this PR does: Splits the React on Rails Pro Node Renderer out of the shared Rails container into its own Control Plane workload (node-renderer), ordering deploys so the renderer boots (and warms its cache via a rolling-deploy boot seed) before Rails rolls. Repins generated cpflow GitHub Actions wrappers to v5.2.0 to get ordered-deploy-group support, and updates docs accordingly.

Strengths

  • The deploy_order/app_workloads/setup_app_templates changes are consistent and correctly moved into the shared common alias, which also fixes prior QA-app template duplication (QA now inherits node-renderer automatically instead of needing its own copy — nice cleanup).
  • RENDERER_HOST is correctly wired end-to-end: app.yml sets it to 0.0.0.0 (needed now that the renderer is reached over same-GVC DNS instead of localhost), and renderer/node-renderer.js correctly consumes process.env.RENDERER_HOST and passes it into reactOnRailsProNodeRenderer.
  • node-renderer.yml's firewallConfig correctly blocks external inbound (inboundAllowCIDR: []) while allowing same-GVC internal access — the renderer isn't accidentally exposed publicly.
  • The tcpSocket readiness/startup probes correctly gate on the end of the boot sequence (probe passes only once port 3800 is listening, which happens only after the boot-seed rake task completes), so deploy_order genuinely waits for a warm renderer before rolling Rails.
  • config/initializers/react_on_rails_pro.rb's conditional rolling-deploy adapter setup is clean and follows the existing .presence/ENV.fetch conventions already used for RENDERER_PASSWORD.
  • ROLLING_DEPLOY_TOKEN follows the same per-app-secret-dictionary bootstrap pattern already established for RENDERER_PASSWORD (placeholder in org.yml, replaced manually per app) — consistent, not a new secret-sharing risk.

Issues raised inline

  • Resource sizing risk: node-renderer.yml allocates cpu: 50m / memory: 512Mi, but the container's boot path runs bundle exec rake react_on_rails_pro:pre_seed_renderer_cache, which loads the full Rails environment — the same class of work rails.yml budgets 300m CPU for. Combined with a 60s startupProbe window, first-deploy timing could be tight (see inline comments).
  • Test coverage gap: the new rolling_deploy_adapter branch in the initializer is only exercised when ROLLING_DEPLOY_TOKEN is set, which never happens in dev/test/CI — a typo in the adapter constant would only surface on a live staging/production boot.
  • Undocumented capacity change: RENDERER_WORKERS_COUNT drops from 2 to 1 as part of this refactor — likely intentional given the smaller dedicated container, but worth an explicit callout since it halves SSR render concurrency.

Minor / non-blocking

  • The diff includes .agents/* and AGENTS.md scaffolding as "new files," but these are already on master via chore: add agent workflow seam #778 and are byte-identical in this branch (confirmed via git diff against the merge base) — this is just stale-merge-base noise in the three-dot diff, not a real conflict, but a rebase would give reviewers a cleaner, feature-scoped diff.
  • .controlplane/entrypoint.sh (unchanged) waits on DATABASE_URL/REDIS_URL before running the container's main command, which now also gates the node-renderer workload's boot even though the renderer itself doesn't use either — harmless (adds a trivial wait), just worth knowing since it's shared across all workloads via the image's ENTRYPOINT.

Security

No concerns — secrets (ROLLING_DEPLOY_TOKEN, RENDERER_PASSWORD) are handled via Control Plane secret refs, not embedded in the image, and the new workload's firewall config correctly restricts inbound access to same-GVC only.

@justin808
justin808 force-pushed the agent/renderer-workload branch from 6b124b7 to ea63606 Compare July 13, 2026 09:35
@justin808
justin808 marked this pull request as ready for review July 13, 2026 09:39
Comment thread renderer/node-renderer.js
const config = {
serverBundleCachePath: path.resolve(__dirname, '.node-renderer-bundles'),
serverBundleCachePath: process.env.RENDERER_SERVER_BUNDLE_CACHE_PATH || path.resolve(__dirname, '.node-renderer-bundles'),
host: process.env.RENDERER_HOST || 'localhost',

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This host field is the linchpin of the whole separate-workload design — without it binding to 0.0.0.0, Rails could never reach the renderer over the same-GVC DNS name (node-renderer.<app>.cpln.local:3800) and SSR would fail entirely post-deploy. The PR's validation list only shows node -c renderer/node-renderer.js (a syntax check), which wouldn't catch an unsupported/misspelled config key being silently ignored by reactOnRailsProNodeRenderer(config).

Worth confirming host is a real, honored option in react-on-rails-pro-node-renderer@17.0.0-rc.9 (e.g. via the gem's own docs/changelog for the linked upstream PR, or a runtime smoke test hitting the renderer from another container) before this ships to review/staging, since a silent no-op here would break SSR without any obvious error at deploy time.

if ENV["ROLLING_DEPLOY_TOKEN"].present?
config.rolling_deploy_adapter = ReactOnRailsPro::RollingDeployAdapters::Http
config.rolling_deploy_token = ENV.fetch("ROLLING_DEPLOY_TOKEN")
config.rolling_deploy_previous_urls = ENV["ROLLING_DEPLOY_PREVIOUS_URLS"].presence

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: config.rolling_deploy_previous_urls is being fed a single URL string built from {{APP_NAME}} (see .controlplane/templates/app.yml's ROLLING_DEPLOY_PREVIOUS_URLS), but the plural env var/config name suggests the upstream adapter may expect a comma-separated list or an array. Worth double-checking the ReactOnRailsPro::RollingDeployAdapters::Http adapter's expected format for this value so a single-URL string isn't silently mis-parsed (e.g., split on , and treated as one giant malformed URL, or ignored).

@claude

claude Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review

Overview

This PR splits the React on Rails Pro Node Renderer out of the single-container Rails workload into its own Control Plane node-renderer workload, wired up so cpflow deploy-image/promote-app-from-upstream roll it before Rails via deploy_order, and repins the generated cpflow GitHub Actions wrappers to v5.2.0 (needed for ordered deploy groups). It adds rolling-deploy bundle handoff (ROLLING_DEPLOY_TOKEN / ROLLING_DEPLOY_PREVIOUS_URLS) so the new renderer can seed its cache from the still-live bundle before Rails cuts over, and updates same-GVC DNS wiring (RENDERER_URL, RENDERER_HOST) plus a large amount of docs (readme.md, shakacode-team.md, cpflow-help.md, etc.).

Strengths

  • Deploy ordering is well-modeled: deploy_order: [[node-renderer], [rails, daily-task]] plus setup_app_templates ordering (renderer before rails) keeps first-time bootstrap and steady-state deploys consistent.
  • Firewall defaults are tightened correctly: node-renderer.yml sets external.inboundAllowCIDR: [] with internal.inboundAllowType: same-gvc, so the renderer is only reachable from Rails within the same GVC and never directly from the internet — a real security improvement over implicitly relying on it being co-located with Rails.
  • RENDERER_HOST=0.0.0.0 (renderer/node-renderer.js + app.yml) is the correct fix needed for Rails to reach the renderer over the new same-GVC DNS name — previously implicit "localhost" binding worked only because both processes shared a container.
  • Rollback path and post-deploy monitoring plan are documented in the PR description, and the same operational guidance is mirrored into shakacode-team.md/cpflow-help.md for future operators — good practice for infra changes like this.
  • New spec/initializers/react_on_rails_pro_spec.rb covers both the "token present" and "blank previous-urls normalizes to nil" branches of the new initializer logic, with proper env/config restoration in an around block.

Points worth verifying before rollout

  • host config key in renderer/node-renderer.js:32: this is the crux of the whole design — if react-on-rails-pro-node-renderer@17.0.0-rc.9 doesn't actually honor a host option (e.g. it's silently ignored as an unknown key), the renderer keeps binding to localhost and Rails can never reach it via node-renderer.<app>.cpln.local:3800, breaking SSR after this ships. The PR's validation list only runs node -c (syntax-only). Worth a runtime smoke test (or checking the upstream PR/changelog) to confirm this is honored. Left as an inline comment.
  • rolling_deploy_previous_urls format (config/initializers/react_on_rails_pro.rb:18): the env var is plural (ROLLING_DEPLOY_PREVIOUS_URLS) and templated as a single URL. Worth confirming the adapter expects a single string here rather than a comma-separated/array format. Left as an inline comment.
  • Test execution: the PR's validation checklist lists several cpflow/syntax checks but doesn't explicitly show bundle exec rspec (or the new spec file) being run — presumably CI covers this, but worth double-checking the new spec passes given it reloads the initializer file at runtime (a slightly unusual test pattern).
  • Minor: startupProbe.failureThreshold: 60 / periodSeconds: 2 (~120s) for the renderer boot seed — reasonable given it may need to fetch a previous bundle over HTTP, but worth keeping an eye on during the first real rollout in case seeding takes longer under load.

Security

No secrets are hardcoded; ROLLING_DEPLOY_TOKEN and RENDERER_PASSWORD are both sourced via cpln://secret/... references and documented as required additions to review/staging/production secret dictionaries. The renderer's external inbound lockdown is a net security improvement. Since Rails' /react_on_rails_pro/rolling_deploy endpoint is now reachable publicly (Rails firewall allows 0.0.0.0/0 inbound), it's worth confirming that endpoint enforces the bearer token server-side — likely handled upstream, but worth a quick check since review apps expose it to PR code by design.

Overall this is a thorough, well-documented change with sensible defaults; the main follow-up is confirming the two renderer-library config assumptions actually behave as expected at runtime.

@greptile-apps

greptile-apps Bot commented Jul 13, 2026

Copy link
Copy Markdown

Greptile Summary

This PR moves the React on Rails Pro renderer into an ordered Control Plane workload. The main changes are:

  • Adds a separate node-renderer workload and deploys it before Rails.
  • Updates shared app env for renderer DNS, host binding, bundle cache, and rolling-deploy tokens.
  • Changes Rails to run without the bundled renderer process.
  • Pins cpflow workflows and the gem to v5.2.0.
  • Adds initializer coverage for the rolling-deploy HTTP adapter.

Confidence Score: 5/5

This looks safe to merge after checking the secret rollout step for existing apps.

  • The renderer workload, Rails workload, and shared env wiring are aligned.
  • The remaining issue is operational: existing app secret dictionaries must contain the new rolling-deploy token before applying the app template.
  • No blocking issue was found in the changed code.

.controlplane/templates/app.yml

Important Files Changed

Filename Overview
.controlplane/controlplane.yml Adds the renderer workload to setup, deploy, and ordered rollout configuration.
.controlplane/templates/app.yml Adds shared renderer and rolling-deploy environment values, including the new token secret reference.
.controlplane/templates/node-renderer.yml Defines the separate renderer workload, startup command, probes, firewall, and identity binding.
.controlplane/templates/rails.yml Changes Rails to start as a Rails-only workload with explicit server args.
config/initializers/react_on_rails_pro.rb Enables the rolling-deploy HTTP adapter when a token is present.
renderer/node-renderer.js Lets deployment env configure the renderer cache path and host binding.
Gemfile Updates the bundled cpflow gem to v5.2.0.
Gemfile.lock Locks cpflow to v5.2.0.
spec/initializers/react_on_rails_pro_spec.rb Adds tests for the rolling-deploy initializer branch.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
  participant CP as cpflow deploy-image
  participant NR as node-renderer workload
  participant Old as previous app endpoint
  participant Rails as rails workload

  CP->>NR: deploy renderer image
  NR->>Old: pre-seed previous bundles
  NR->>NR: start yarn node-renderer
  CP->>NR: wait for readiness
  CP->>Rails: deploy Rails and daily-task
  Rails->>NR: SSR over same-GVC DNS
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
  participant CP as cpflow deploy-image
  participant NR as node-renderer workload
  participant Old as previous app endpoint
  participant Rails as rails workload

  CP->>NR: deploy renderer image
  NR->>Old: pre-seed previous bundles
  NR->>NR: start yarn node-renderer
  CP->>NR: wait for readiness
  CP->>Rails: deploy Rails and daily-task
  Rails->>NR: SSR over same-GVC DNS
Loading

Reviews (1): Last reviewed commit: "fix(cpflow): align renderer cache and cp..." | Re-trigger Greptile

Comment on lines 57 to 58
- name: RENDERER_PASSWORD
value: cpln://secret/{{APP_SECRETS}}.RENDERER_PASSWORD

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Missing Token Blocks Renderer Boot

When this template is applied to an existing app whose secret dictionary does not yet contain ROLLING_DEPLOY_TOKEN, the new renderer workload inherits an unresolved secret and runs pre_seed_renderer_cache under set -e before opening port 3800. That can keep node-renderer from becoming ready, so deploy_order blocks the Rails rollout until the secret is added.

Comment on lines +3 to +17
require "rails_helper"

RSpec.describe "ReactOnRailsPro initializer" do
around do |example|
original_env = {
"ROLLING_DEPLOY_TOKEN" => ENV.fetch("ROLLING_DEPLOY_TOKEN", nil),
"ROLLING_DEPLOY_PREVIOUS_URLS" => ENV.fetch("ROLLING_DEPLOY_PREVIOUS_URLS", nil)
}
config = ReactOnRailsPro.configuration
original_config = {
rolling_deploy_adapter: config.rolling_deploy_adapter,
rolling_deploy_token: config.rolling_deploy_token,
rolling_deploy_previous_urls: config.rolling_deploy_previous_urls
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

original_config only snapshots/restores rolling_deploy_adapter, rolling_deploy_token, and rolling_deploy_previous_urls. load-ing the initializer inside each example also re-runs every other config.*= assignment in config/initializers/react_on_rails_pro.rb (server_renderer, renderer_use_fallback_exec_js, renderer_url, renderer_password, enable_rsc_support, rsc_bundle_js_file, rsc_payload_generation_url_path). Today that's harmless because none of those depend on env vars this spec mutates, so reloading reassigns the same values — but it's a latent test-isolation trap: if a future edit to the initializer makes any of those depend on mutable env/state, this spec will leak it into global ReactOnRailsPro.configuration for the rest of the suite. Consider snapshotting/restoring the whole config object (e.g. config.dup/clone, or iterating all public config accessors) instead of an explicit allowlist of three keys.

Comment on lines +22 to +30
args:
- bash
- -lc
- |
# The rake task warns and continues on bundle fetch misses so rollout
# does not wedge; unexpected task failures still stop the shell.
set -e
bundle exec rake react_on_rails_pro:pre_seed_renderer_cache
exec yarn node-renderer

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this workload keeps the Dockerfile's ENTRYPOINT ["./.controlplane/entrypoint.sh"] (only args/CMD is overridden), the renderer container will run entrypoint.sh's wait_for_service loop against DATABASE_URL and REDIS_URL before this script ever runs — even though the renderer itself doesn't talk to Postgres/Redis. That's extra startup latency stacked on top of the 120s startupProbe window, and if Postgres/Redis are ever slow to come up during first-time setup-app bootstrap, the renderer (and therefore the rails deploy behind it in deploy_order) stalls waiting on dependencies it doesn't need. Worth confirming this coupling is intentional, or giving node-renderer its own lightweight entrypoint/CMD that skips the DB/Redis wait.

Comment thread renderer/node-renderer.js

const config = {
serverBundleCachePath: path.resolve(__dirname, '.node-renderer-bundles'),
serverBundleCachePath: process.env.RENDERER_SERVER_BUNDLE_CACHE_PATH || path.resolve(__dirname, '.node-renderer-bundles'),

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New host config fallback (RENDERER_HOST'localhost') has no test coverage. Low risk given it's a one-line env passthrough, but since a wrong default here would silently break same-GVC reachability in production (renderer binding to localhost instead of 0.0.0.0 inside the container), a quick unit test asserting the fallback behavior would be cheap insurance.

Comment on lines +34 to +37
# Workloads, like Dyno types on Heroku
- daily-task
- node-renderer
- rails

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor inconsistency worth a one-line clarifying comment: setup_app_templates orders workloads as daily-task, node-renderer, rails, while app_workloads/deploy_order order them node-renderer, rails, daily-task. The comment above only explains "node-renderer before rails" — it'd help future readers to note explicitly that daily-task's position relative to the other two doesn't matter (since it's a cron workload with no startup dependency on the renderer), so there's no drift between the three lists' intents.

Comment on lines +15 to +19
if ENV["ROLLING_DEPLOY_TOKEN"].present?
config.rolling_deploy_adapter = ReactOnRailsPro::RollingDeployAdapters::Http
config.rolling_deploy_token = ENV.fetch("ROLLING_DEPLOY_TOKEN")
config.rolling_deploy_previous_urls = ENV["ROLLING_DEPLOY_PREVIOUS_URLS"].presence
end

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Gemfile still pins react_on_rails_pro at 17.0.0.rc.9 — unchanged by this PR. ReactOnRailsPro::RollingDeployAdapters::Http, config.rolling_deploy_adapter=, config.rolling_deploy_token=, and config.rolling_deploy_previous_urls= are new API surface this PR depends on. Since this is a private gem I can't inspect its source from here to confirm the RC already ships this API.

If it doesn't, this raises NoMethodError at boot in every environment where ROLLING_DEPLOY_TOKEN is populated — staging, production, and every review app — since app.yml wires the secret unconditionally via cpln://secret/{{APP_SECRETS}}.ROLLING_DEPLOY_TOKEN. That's a hard boot crash, not a graceful degradation.

Worth double-checking that 17.0.0.rc.9 (or whatever SHA/tag is actually resolved) includes the rolling-deploy adapter before merging, and considering a version bump/comment pinning the minimum required release if not already covered by CI.

ports:
- number: 3800
# The React on Rails Pro Node Renderer speaks cleartext HTTP/2 (h2c).
# Rails/Thruster stays `http`; this renderer port intentionally differs.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With defaultOptions.autoscaling.maxScale: 1 and a single RENDERER_WORKERS_COUNT (set to 1 in app.yml), this workload has zero redundancy for SSR rendering — one replica, one worker. Combined with config.renderer_use_fallback_exec_js = false in the Rails initializer (fallback to ExecJS is intentionally disabled), any hiccup in this single instance (OOM, crash, slow restart) will make SSR fail hard for the whole app rather than degrade gracefully, and there's no second replica to absorb the outage while it recovers.

This is probably an acceptable tradeoff for a low-traffic tutorial/demo app, but since the same app.yml/node-renderer.yml templates apply to the production alias too (no override in controlplane.yml), it's worth confirming this single-worker/single-replica setup is intentional for the production example as well, not just cost-driven for review apps.

@claude

claude Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review Summary

This PR rolls the React on Rails Pro Node Renderer out as its own Control Plane workload (node-renderer), ordered to deploy and become healthy before rails/daily-task, and pins the bundled cpflow gem + generated workflows to v5.2.0 (which adds the ordered-deploy-group support this depends on). Overall this is a well-scoped, carefully validated infra change — the PR description documents the upstream prerequisites, the validation commands run, and a concrete rollback plan, which is exactly what you want for a deploy-topology change like this.

What's solid

  • deploy_order/app_workloads correctly sequence node-renderer before rails/daily-task, and setup_app_templates is deduplicated into the shared common alias (previously only defined per-app), removing drift risk between apps.
  • New node-renderer workload's firewallConfig blocks external inbound (inboundAllowCIDR: []) while allowing same-GVC internal traffic — tighter than rails' template, which is appropriate since the renderer has no reason to be internet-facing.
  • set -e in the renderer boot sequence correctly turns unexpected boot-seed failures into a startup failure rather than silently falling through to yarn node-renderer with a cold/stale cache.
  • RENDERER_SERVER_BUNDLE_CACHE_PATH/RENDERER_HOST are threaded consistently through app.yml, the initializer, and renderer/node-renderer.js.
  • ROLLING_DEPLOY_PREVIOUS_URLS is normalized with .presence to handle the blank-env-var case, matching the existing RENDERER_PASSWORD convention.
  • Docs (readme.md, shakacode-team.md, cpflow-help.md, Terraform comparison) are updated in lockstep with the config changes, including a concrete staging→production rollout sequence for existing persistent apps.

Points worth a second look (posted as inline comments)

  1. Test isolation in spec/initializers/react_on_rails_pro_spec.rb — the around block only snapshots/restores 3 of the config keys the initializer sets, so load-ing the initializer mid-spec relies on the other assignments being incidentally idempotent. Not a bug today, but a latent trap for later initializer changes.
  2. Entrypoint couplingnode-renderer.yml keeps the Dockerfile's ENTRYPOINT, so the renderer container inherits entrypoint.sh's wait-for-Postgres/Redis loop even though the renderer itself doesn't use either. Worth confirming that's intentional rather than incidental startup latency.
  3. Minor doc gapsetup_app_templates orders daily-task before node-renderer, while app_workloads/deploy_order put node-renderer first; the comment only explains the node-renderer/rails ordering, not why daily-task's position differs.
  4. New RENDERER_HOST fallback in renderer/node-renderer.js has no direct test coverage (low risk, but cheap to add).

Security

No significant concerns. Secrets (ROLLING_DEPLOY_TOKEN) follow the existing cpln://secret/... pattern used for RENDERER_PASSWORD; the new renderer workload is more locked-down than rails on the network side; and the review-app secret-scoping docs were updated to include the new token.

Performance

RENDERER_WORKERS_COUNT drops from 2→1 and cpu/memory are set to a deliberately minimal baseline with capacityAI: true to grow if needed — reasonable for a tutorial app, and documented as such.

Nothing here blocks merging; the flagged items are hardening/clarity suggestions, not correctness bugs.

@claude

claude Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review Summary

This is a well-structured infra change that splits the React on Rails Pro Node Renderer into its own Control Plane workload, ordered ahead of Rails via cpflow's new deploy_order support (v5.2.0), with rolling-deploy bundle handoff wired through a shared ROLLING_DEPLOY_TOKEN. Docs (readme.md, shakacode-team.md, cpflow-help.md) are updated consistently, and the QA app config is nicely deduplicated by moving setup_app_templates into the shared common alias.

What it does

  • New .controlplane/templates/node-renderer.yml workload: runs the boot-seed rake task (react_on_rails_pro:pre_seed_renderer_cache) then yarn node-renderer, listens on h2c (protocol: http2), locked to same-GVC inbound only.
  • controlplane.yml gains deploy_order: [[node-renderer], [rails, daily-task]] so the renderer rolls and becomes ready before Rails.
  • rails.yml drops the combined Rails+renderer container command in favor of an explicit Thruster-only args:; the Dockerfile CMD becomes the local/single-container fallback only.
  • RENDERER_URL now points at the same-GVC DNS name (http://node-renderer.<app>.cpln.local:3800) instead of localhost.
  • renderer/node-renderer.js gains RENDERER_HOST (needed so the renderer binds 0.0.0.0 instead of localhost now that it's a separate workload — good catch) and RENDERER_SERVER_BUNDLE_CACHE_PATH.
  • config/initializers/react_on_rails_pro.rb wires the rolling-deploy HTTP adapter when ROLLING_DEPLOY_TOKEN is present, with a new spec covering both the happy path and blank-URL normalization.
  • cpflow repinned from v5.1.1v5.2.0 across Gemfile, docs, and generated GitHub Actions wrappers.

Findings (posted inline)

  1. Gem version risk (config/initializers/react_on_rails_pro.rb): react_on_rails_pro stays pinned at 17.0.0.rc.9 — unchanged by this PR — but the initializer now calls ReactOnRailsPro::RollingDeployAdapters::Http and new rolling_deploy_* config setters. Since this is a private gem I can't verify locally that this RC already ships that API. If it doesn't, Rails boot will raise NoMethodError in every environment where ROLLING_DEPLOY_TOKEN is set (staging/production/review apps all wire it unconditionally via app.yml). Worth confirming before merge.
  2. No SSR redundancy (.controlplane/templates/node-renderer.yml): maxScale: 1 + RENDERER_WORKERS_COUNT=1 + renderer_use_fallback_exec_js = false means one renderer instance/worker with no fallback — any crash or slow restart takes down SSR for the whole app with nothing to absorb it. Likely fine for a low-traffic tutorial/demo, but the same templates apply to the production alias, so worth confirming that's intentional there too.
  3. Minor doc gap (.env.example): the four new env vars (RENDERER_HOST, RENDERER_SERVER_BUNDLE_CACHE_PATH, ROLLING_DEPLOY_TOKEN, ROLLING_DEPLOY_PREVIOUS_URLS) aren't documented alongside the existing RENDERER_* entries. Not blocking since all have safe defaults, just a discoverability nit.

Nice to see

  • Firewall config on the new node-renderer workload correctly blocks external inbound (inboundAllowCIDR: []) and restricts internal inbound to same-gvc — the renderer isn't publicly reachable.
  • startupProbe gives generous headroom (120s) for the boot-seed rake task before the readiness gate kicks in.
  • The rolling-deploy env var docs (readme.md, shakacode-team.md) are thorough about sequencing the staging/production secret rollout to avoid a broken cutover.

@justin808
justin808 merged commit 4830aa3 into master Jul 13, 2026
45 of 46 checks passed
@justin808
justin808 deleted the agent/renderer-workload branch July 13, 2026 09:50
@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown

✅ Review App Deleted

Review app for PR #777 is deleted

🎮 Control Plane Console
📋 View Workflow Logs

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
spec/initializers/react_on_rails_pro_spec.rb (1)

28-47: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Consider adding a negative test case for absent ROLLING_DEPLOY_TOKEN.

The two tests cover token-present scenarios well. A third test verifying that when ROLLING_DEPLOY_TOKEN is absent (or blank), the rolling-deploy adapter remains unconfigured would guard against future regressions where the guard condition is accidentally removed or weakened.

💡 Suggested additional test
  it "does not configure rolling deploy when the token is absent" do
    ENV.delete("ROLLING_DEPLOY_TOKEN")
    ENV.delete("ROLLING_DEPLOY_PREVIOUS_URLS")

    load Rails.root.join("config/initializers/react_on_rails_pro.rb")

    config = ReactOnRailsPro.configuration
    expect(config.rolling_deploy_adapter).to be_nil
    expect(config.rolling_deploy_token).to be_nil
  end
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@spec/initializers/react_on_rails_pro_spec.rb` around lines 28 - 47, Extend
the initializer specs with a negative case for missing or blank
ROLLING_DEPLOY_TOKEN: clear the token and previous-URL environment variables,
load the initializer, and assert ReactOnRailsPro.configuration leaves
rolling_deploy_adapter and rolling_deploy_token unset. Keep the existing
token-present and blank-URL scenarios unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@spec/initializers/react_on_rails_pro_spec.rb`:
- Around line 28-47: Extend the initializer specs with a negative case for
missing or blank ROLLING_DEPLOY_TOKEN: clear the token and previous-URL
environment variables, load the initializer, and assert
ReactOnRailsPro.configuration leaves rolling_deploy_adapter and
rolling_deploy_token unset. Keep the existing token-present and blank-URL
scenarios unchanged.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ef71d8da-4b4f-4df7-9876-766680a67622

📥 Commits

Reviewing files that changed from the base of the PR and between 0b2d0b4 and 8116e70.

⛔ Files ignored due to path filters (1)
  • Gemfile.lock is excluded by !**/*.lock
📒 Files selected for processing (22)
  • .controlplane/Dockerfile
  • .controlplane/controlplane.yml
  • .controlplane/docs/cpflow-vs-terraform.md
  • .controlplane/docs/testing-cpflow-github-actions.md
  • .controlplane/readme.md
  • .controlplane/shakacode-team.md
  • .controlplane/templates/app.yml
  • .controlplane/templates/node-renderer.yml
  • .controlplane/templates/org.yml
  • .controlplane/templates/rails.yml
  • .github/cpflow-help.md
  • .github/workflows/cpflow-cleanup-stale-review-apps.yml
  • .github/workflows/cpflow-delete-review-app.yml
  • .github/workflows/cpflow-deploy-review-app.yml
  • .github/workflows/cpflow-deploy-staging.yml
  • .github/workflows/cpflow-help-command.yml
  • .github/workflows/cpflow-promote-staging-to-production.yml
  • .github/workflows/cpflow-review-app-help.yml
  • Gemfile
  • config/initializers/react_on_rails_pro.rb
  • renderer/node-renderer.js
  • spec/initializers/react_on_rails_pro_spec.rb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant