add cicd testing #4569

haniffaiq · 2025-08-29T11:20:35Z

Add CICD file

Introduce CI/CD Workflows for GCP VM (Docker Compose) and Cloud Run Deployment

This pull request replaces and expands the deployment automation for the project, introducing two comprehensive GitHub Actions workflows: one for deploying via Docker Compose to a GCP VM ('Deploy to GCP VM (Docker Compose)'), and another for building and deploying to GCP Cloud Run ('Deploy Self-Hosted to GCP (Cloud Run)'). The changes remove the existing multi-service Docker Compose file and shift all deployment orchestration to workflow YAML files under the .github/workflows directory. Both workflows provide build, sync, deploy, health-check, and rollback capabilities, using environment variables and deployment secrets.

Key Changes

• Entire removal of the previous docker-compose.yaml file which contained service definitions for local and VM container deployment.
• Addition of a new GitHub Actions workflow for Docker Compose-based deployment to a GCP VM, including steps for file synchronization, environment validation, starting services, external healthchecking, and rollback logic.
• Introduction of another workflow for GCP Cloud Run, supporting manual trigger, environment selection (staging/production), image tagging, build/upload to Artifact Registry, and infrastructure-side healthchecking.
• Centralization of deployment logic into CI/CD pipelines, enabling repeatable, auditable deploy processes and reducing reliance on local/developer-side scripts.
• Adoption of secrets, workflow parameters, and artifact outputs for secure, robust automation and flexibility for future extension.

Affected Areas

• docker-compose.yaml (removed and replaced)
• .github/workflows/new-deployment.yaml (added)
• Overall CI/CD/deployment pipeline
• Deployment and release operations for both GCP VM and GCP Cloud Run

This summary was automatically generated by @propel-code-bot

propel-code-bot · 2025-08-29T11:22:35Z

.github/workflows/new-deployment.yaml

+        with:
+          service: ${{ env.CLOUD_RUN_SERVICE }}
+          region: ${{ env.CLOUD_RUN_REGION }}
+          image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPO }}/nango:${{ github.event.inputs.image_tag || github.sha }}


[CriticalError]

There's an inconsistency in image tag usage between jobs. In the build-and-push job, you compute and use a specific tag (${GITHUB_SHA::12} or manual input), but in the deploy job, you use github.sha directly instead of the computed tag from the previous job.

Suggested change

image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPO }}/nango:${{ github.event.inputs.image_tag || github.sha }}

image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPO }}/nango:${{ github.event.inputs.image_tag || format('{0}', github.sha) }}

This should be:

Suggested change

image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPO }}/nango:${{ github.event.inputs.image_tag || github.sha }}

image: ${{ needs.build-and-push.outputs.image }}

You'll also need to add an output to the build-and-push job:

outputs: image: ${{ steps.vars.outputs.image }}

⚡ Committable suggestion

Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

propel-code-bot · 2025-08-29T11:22:36Z

.github/workflows/new-deployment.yaml

+env:
+  GAR_LOCATION: ${{ vars.GAR_LOCATION }}       
+  GAR_REPO: ${{ vars.GAR_REPO }}                
+  CLOUD_RUN_REGION: ${{ vars.CLOUD_RUN_REGION }}# e.g. asia-southeast2


[NitPick]

Missing space in the comment formatting. This will cause the comment to appear concatenated with the environment variable value.

Suggested change

CLOUD_RUN_REGION: ${{ vars.CLOUD_RUN_REGION }}# e.g. asia-southeast2

CLOUD_RUN_REGION: ${{ vars.CLOUD_RUN_REGION }} # e.g. asia-southeast2

⚡ Committable suggestion

Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

haniffaiq · 2025-08-29T11:34:36Z

sorry i got a wrong commit Pada Jum, 29 Agu 2025 pukul 18.22 propel-code-bot[bot] < ***@***.***> menulis:

…

***@***.***[bot]* commented on this pull request. ------------------------------ In .github/workflows/new-deployment.yaml <#4569 (comment)>: > + type: choice + options: [staging, production] + required: true + default: staging + image_tag: + description: "Image tag (default uses commit SHA)" + required: false + +permissions: + contents: read + id-token: write + +env: + GAR_LOCATION: ${{ vars.GAR_LOCATION }} + GAR_REPO: ${{ vars.GAR_REPO }} + CLOUD_RUN_REGION: ${{ vars.CLOUD_RUN_REGION }}# e.g. asia-southeast2 [*NitPick*] Missing space in the comment formatting. This will cause the comment to appear concatenated with the environment variable value. ⬇️ Suggested change - CLOUD_RUN_REGION: ${{ vars.CLOUD_RUN_REGION }}# e.g. asia-southeast2 + CLOUD_RUN_REGION: ${{ vars.CLOUD_RUN_REGION }} # e.g. asia-southeast2 ⚡ *Committable suggestion* Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. — Reply to this email directly, view it on GitHub <#4569 (review)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AF2K6UMT6E46TRMUBUWVSM33QAZZFAVCNFSM6AAAAACFEIFIPGVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZTCNRYGM4DGNZUGM> . You are receiving this because you authored the thread.Message ID: ***@***.***>

github-actions · 2025-09-28T16:02:17Z

This PR is stale because it has been open for 30 days with no activity.

propel-code-bot · 2025-09-28T16:05:40Z

.github/workflows/new-deployment.yaml

+  GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }}
+
+jobs:
+  build-and-push:


[CriticalError]

Deploy job cannot access the computed image from build job. The IMAGE environment variable is set in the build job but not passed to the deploy job, yet the deploy job tries to reference the computed image tag. This will cause the deploy job to use a potentially different image reference than what was actually built.

Add job outputs to pass the image reference:

Suggested Change

Suggested change

build-and-push:

build-and-push:

name: Build & Push Image to Artifact Registry

runs-on: ubuntu-latest

outputs:

image: ${{ steps.vars.outputs.image }}

Then update the deploy job to use: image: ${{ needs.build-and-push.outputs.image }}

⚡ Committable suggestion

Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Context for Agents

[**CriticalError**] Deploy job cannot access the computed image from build job. The `IMAGE` environment variable is set in the build job but not passed to the deploy job, yet the deploy job tries to reference the computed image tag. This will cause the deploy job to use a potentially different image reference than what was actually built. Add job outputs to pass the image reference: <details> <summary>Suggested Change</summary> ```suggestion build-and-push: name: Build & Push Image to Artifact Registry runs-on: ubuntu-latest outputs: image: ${{ steps.vars.outputs.image }} ``` Then update the deploy job to use: `image: ${{ needs.build-and-push.outputs.image }}` ⚡ **Committable suggestion** Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. </details> File: .github/workflows/new-deployment.yaml Line: 28

propel-code-bot · 2025-09-28T16:05:41Z

docker-compose.yaml

+              docker run -d --name nango-server \
+                --restart=always \
+                --env-file .env \
+                --network $(basename "$(pwd)")_nango \
+                -p ${SERVER_PORT:-3003}:${SERVER_PORT:-3003} \


[CriticalError]

Deployment rollback logic has a critical flaw: the manual docker run command uses environment variables (${SERVER_PORT:-3003}, ${CONNECT_UI_PORT:-3009}) that are not available in the SSH session context. These variables are likely defined in the .env file but won't be expanded in the shell command.

This could cause the rollback container to fail to start or bind to wrong ports. The --env-file .env only passes environment variables to the container, not to the shell executing the command.

Suggested Change

Suggested change

docker run -d --name nango-server \

--restart=always \

--env-file .env \

--network $(basename "$(pwd)")_nango \

-p ${SERVER_PORT:-3003}:${SERVER_PORT:-3003} \

docker run -d --name nango-server \

--restart=always \

--env-file .env \

--network $(basename "$(pwd)")_nango \

-p 3003:3003 \

-p 3009:3009 \

-v "$(pwd)/packages/providers/providers.yaml:/app/nango/packages/providers/providers.yaml" \

"$PREV_IMAGE"

Or source the .env file first:

source .env docker run -d --name nango-server \ --restart=always \ --env-file .env \ --network $(basename "$(pwd)")_nango \ -p ${SERVER_PORT:-3003}:${SERVER_PORT:-3003} \ -p ${CONNECT_UI_PORT:-3009}:${CONNECT_UI_PORT:-3009} \ -v "$(pwd)/packages/providers/providers.yaml:/app/nango/packages/providers/providers.yaml" \ "$PREV_IMAGE"

⚡ Committable suggestion

Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Context for Agents

[**CriticalError**] Deployment rollback logic has a critical flaw: the manual `docker run` command uses environment variables (`${SERVER_PORT:-3003}`, `${CONNECT_UI_PORT:-3009}`) that are not available in the SSH session context. These variables are likely defined in the `.env` file but won't be expanded in the shell command. This could cause the rollback container to fail to start or bind to wrong ports. The `--env-file .env` only passes environment variables to the container, not to the shell executing the command. <details> <summary>Suggested Change</summary> ```suggestion docker run -d --name nango-server \ --restart=always \ --env-file .env \ --network $(basename "$(pwd)")_nango \ -p 3003:3003 \ -p 3009:3009 \ -v "$(pwd)/packages/providers/providers.yaml:/app/nango/packages/providers/providers.yaml" \ "$PREV_IMAGE" ``` Or source the .env file first: ```bash source .env docker run -d --name nango-server \ --restart=always \ --env-file .env \ --network $(basename "$(pwd)")_nango \ -p ${SERVER_PORT:-3003}:${SERVER_PORT:-3003} \ -p ${CONNECT_UI_PORT:-3009}:${CONNECT_UI_PORT:-3009} \ -v "$(pwd)/packages/providers/providers.yaml:/app/nango/packages/providers/providers.yaml" \ "$PREV_IMAGE" ``` ⚡ **Committable suggestion** Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. </details> File: docker-compose.yaml Line: 117

github-actions · 2025-10-29T16:02:54Z

This PR is stale because it has been open for 30 days with no activity.

propel-code-bot · 2025-10-29T16:07:21Z

.github/workflows/new-deployment.yaml

+      - name: Set artifact outputs
+        run: |
+          echo "IMAGE=${{ steps.vars.outputs.image }}" >> $GITHUB_ENV
+


[CriticalError]

Resource leak: The IMAGE environment variable is set but never used, and the build-and-push job doesn't expose outputs for the deploy job to consume the built image information. This breaks the connection between build and deploy phases.

Issues:

$GITHUB_ENV is job-scoped, so the deploy job can't access this IMAGE value

No job outputs defined to pass the built image to the deploy job

Deploy job reconstructs image name instead of using the built image

Fix: Add job outputs to make the built image available to the deploy job:

Suggested Change

Suggested change

- name: Set artifact outputs

run: |

echo "IMAGE=${{ steps.vars.outputs.image }}" >> $GITHUB_ENV

- name: Set artifact outputs

run: |

echo "IMAGE=${{ steps.vars.outputs.image }}" >> $GITHUB_ENV

outputs:

image: ${{ steps.vars.outputs.image }}

tag: ${{ steps.vars.outputs.tag }}

⚡ Committable suggestion

Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Context for Agents

[**CriticalError**] Resource leak: The IMAGE environment variable is set but never used, and the build-and-push job doesn't expose outputs for the deploy job to consume the built image information. This breaks the connection between build and deploy phases. **Issues**: 1. `$GITHUB_ENV` is job-scoped, so the deploy job can't access this IMAGE value 2. No job outputs defined to pass the built image to the deploy job 3. Deploy job reconstructs image name instead of using the built image **Fix**: Add job outputs to make the built image available to the deploy job: <details> <summary>Suggested Change</summary> ```suggestion - name: Set artifact outputs run: | echo "IMAGE=${{ steps.vars.outputs.image }}" >> $GITHUB_ENV outputs: image: ${{ steps.vars.outputs.image }} tag: ${{ steps.vars.outputs.tag }} ``` ⚡ **Committable suggestion** Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. </details> File: .github/workflows/new-deployment.yaml Line: 70

propel-code-bot · 2025-10-29T16:07:22Z

docker-compose.yaml

+    paths:
+      - "docker-compose.yaml"
+      - "packages/providers/providers.yaml"
+      - ".github/workflows/deploy-gcp-compose.yml"


[CriticalError]

Deployment workflow error: The workflow references a non-existent file path in the trigger. The path .github/workflows/deploy-gcp-compose.yml doesn't match the actual filename of the current workflow being created.

Issue: This workflow is named new-deployment.yaml but references deploy-gcp-compose.yml in the push trigger paths, which will never trigger this workflow.

Fix: Update to match the correct filename:

Suggested change

- ".github/workflows/deploy-gcp-compose.yml"

- ".github/workflows/new-deployment.yaml"

⚡ Committable suggestion

Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Context for Agents

[**CriticalError**] Deployment workflow error: The workflow references a non-existent file path in the trigger. The path `.github/workflows/deploy-gcp-compose.yml` doesn't match the actual filename of the current workflow being created. **Issue**: This workflow is named `new-deployment.yaml` but references `deploy-gcp-compose.yml` in the push trigger paths, which will never trigger this workflow. **Fix**: Update to match the correct filename: ```suggestion - ".github/workflows/new-deployment.yaml" ``` ⚡ **Committable suggestion** Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. File: docker-compose.yaml Line: 9

add cicd testing

1451fd3

propel-code-bot bot reviewed Aug 29, 2025

View reviewed changes

github-actions bot added the Stale label Sep 28, 2025

propel-code-bot bot reviewed Sep 28, 2025

View reviewed changes

github-actions bot removed the Stale label Sep 29, 2025

github-actions bot added the Stale label Oct 29, 2025

propel-code-bot bot reviewed Oct 29, 2025

View reviewed changes

github-actions bot removed the Stale label Oct 30, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

add cicd testing #4569

add cicd testing #4569

Uh oh!

haniffaiq commented Aug 29, 2025 •

edited by propel-code-bot bot

Loading

Uh oh!

propel-code-bot bot Aug 29, 2025

Uh oh!

propel-code-bot bot Aug 29, 2025

Uh oh!

haniffaiq commented Aug 29, 2025 via email

Uh oh!

github-actions bot commented Sep 28, 2025

Uh oh!

propel-code-bot bot Sep 28, 2025

Uh oh!

propel-code-bot bot Sep 28, 2025

Uh oh!

github-actions bot commented Oct 29, 2025

Uh oh!

propel-code-bot bot Oct 29, 2025

Uh oh!

propel-code-bot bot Oct 29, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

	image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPO }}/nango:${{ github.event.inputs.image_tag \|\| github.sha }}
	image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPO }}/nango:${{ github.event.inputs.image_tag \|\| format('{0}', github.sha) }}

	image: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPO }}/nango:${{ github.event.inputs.image_tag \|\| github.sha }}
	image: ${{ needs.build-and-push.outputs.image }}

	CLOUD_RUN_REGION: ${{ vars.CLOUD_RUN_REGION }}# e.g. asia-southeast2
	CLOUD_RUN_REGION: ${{ vars.CLOUD_RUN_REGION }} # e.g. asia-southeast2

-  build-and-push:
+  build-and-push:
+    name: Build & Push Image to Artifact Registry
+    runs-on: ubuntu-latest
+    outputs:
+      image: ${{ steps.vars.outputs.image }}

	- ".github/workflows/deploy-gcp-compose.yml"
	- ".github/workflows/new-deployment.yaml"

add cicd testing #4569

Are you sure you want to change the base?

add cicd testing #4569

Uh oh!

Conversation

haniffaiq commented Aug 29, 2025 • edited by propel-code-bot bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

propel-code-bot bot Aug 29, 2025

Choose a reason for hiding this comment

Uh oh!

propel-code-bot bot Aug 29, 2025

Choose a reason for hiding this comment

Uh oh!

haniffaiq commented Aug 29, 2025 via email

Uh oh!

github-actions bot commented Sep 28, 2025

Uh oh!

propel-code-bot bot Sep 28, 2025

Choose a reason for hiding this comment

Uh oh!

propel-code-bot bot Sep 28, 2025

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented Oct 29, 2025

Uh oh!

propel-code-bot bot Oct 29, 2025

Choose a reason for hiding this comment

Uh oh!

propel-code-bot bot Oct 29, 2025

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

haniffaiq commented Aug 29, 2025 •

edited by propel-code-bot bot

Loading