iris-iap-proxy: auto-deploy to cloud run on merge to main#4751
Merged
ravwojdyla merged 6 commits intomainfrom Apr 14, 2026
Merged
iris-iap-proxy: auto-deploy to cloud run on merge to main#4751ravwojdyla merged 6 commits intomainfrom
ravwojdyla merged 6 commits intomainfrom
Conversation
Mirrors the marin-infra-dashboard deploy workflow. Uses a matrix over the marin and marin-dev clusters since deploy.sh takes the cluster as an argument and both services exist. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mirrors the status-page workflow's build-before-deploy gate. The build job runs on PRs too so Dockerfile regressions are caught before merge. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Workflow now has build + deploy jobs, matching the 'Marin - Infra Dashboard' naming pattern. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Outer concurrency used ref-based grouping with cancel-in-progress=true, which would cancel an in-flight deploy job when two merges land in quick succession. The inner deploy-job concurrency with cancel-in-progress=false can't help because the whole workflow run is cancelled from above. Switch push-event grouping to github.sha (unique per commit) and gate cancel-in-progress to pull_request events only. Applied to both iris-iap-proxy and marin-infra-dashboard for consistency. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the changes-job + if-gate pattern with native trigger-level paths filters. Simpler yaml, no runner cost on unrelated pushes, no "skipped" checks cluttering the PR UI. The dorny pattern is needed when a workflow is a required status check in branch protection (native paths skip means the check never reports, blocking merges on unrelated PRs). These two workflows are not marked required, so native filters are the better fit. Applied to both iris-iap-proxy and marin-infra-dashboard. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
.github/workflows/iris-iap-proxy.yamlworkflowchangesjob —dorny/paths-filteroninfra/iris-iap-proxy/**and the workflow file itselfbuildjob —docker buildofinfra/iris-iap-proxy/Dockerfilewith gha cache, runs on PRs too so regressions are caught pre-mergedeployjob — runs only on push tomainafterbuildpassesmarinandmarin-dev, one concurrency group per cluster,cancel-in-progress: falseinfra/iris-iap-proxy/deploy.sh <cluster>(source-basedgcloud beta run deploy)MARIN_CD_CLOUD_RUN_SA_KEYsecret introduced by status-page: add cw ferry, iris.oa.dev links, auto-deploy #4745install_components: betaper status-page: install gcloud beta component in deploy job #4748