Support for deploying helm charts

.github/workflows/pullpreview-helm.yml

@@ -0,0 +1,149 @@
+name: pullpreview_helm
+
+on:
+  schedule:
+    - cron: "15 4 * * *"
+  pull_request:
+    types: [labeled, unlabeled, synchronize, closed, reopened, opened]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  deploy_smoke_1:
+    runs-on: ubuntu-slim
+    if: >-
+      github.event_name == 'schedule' ||
+      github.event.label.name == 'pullpreview-helm' ||
+      ((github.event.action == 'opened' ||
+        github.event.action == 'reopened' ||
+        github.event.action == 'synchronize' ||
+        github.event.action == 'closed') &&
+       contains(github.event.pull_request.labels.*.name, 'pullpreview-helm'))
+    outputs:
+      live: ${{ steps.pullpreview.outputs.live }}
+    timeout-minutes: 40
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Deploy Helm smoke app (v1)
+        id: pullpreview
+        uses: "./"
+        with:
+          label: pullpreview-helm
+          admins: "@collaborators/push"
+          app_path: .
+          provider: hetzner
+          region: ash
+          image: ubuntu-24.04
+          dns: rev2.click
+          instance_type: cpx21
+          max_domain_length: 40
+          deployment_target: helm
+          chart: wordpress
+          chart_repository: https://charts.bitnami.com/bitnami
+          chart_set: service.type=ClusterIP
+          proxy_tls: '{{ release_name }}-wordpress:80'
+          ttl: 1h
+        env:
+          HCLOUD_TOKEN: "${{ secrets.HCLOUD_TOKEN }}"
+          HETZNER_CA_KEY: "${{ secrets.HETZNER_CA_KEY }}"
+
+      - name: Assert deploy v1
+        if: steps.pullpreview.outputs.live == 'true'
+        shell: bash
+        env:
+          PREVIEW_URL: ${{ steps.pullpreview.outputs.url }}
+        run: |
+          set -euo pipefail
+
+          if [[ "${PREVIEW_URL}" != https://* ]]; then
+            echo "::error::Expected https preview URL when proxy_tls is enabled, got ${PREVIEW_URL}"
+            exit 1
+          fi
+
+          status_code=""
+          body=""
+          for attempt in $(seq 1 60); do
+            status_code="$(curl -fsSIL -o /dev/null -w '%{http_code}' --max-time 20 "${PREVIEW_URL}" || true)"
+            body="$(curl -fsSL --max-time 20 "${PREVIEW_URL}" || true)"
+            if [[ "${status_code}" == "200" ]] && \
+              grep -Eqi 'wp-content|wp-includes|User&#039;s Blog' <<<"${body}"; then
+              echo "Helm smoke v1 checks passed for ${PREVIEW_URL}"
+              exit 0
+            fi
+
+            echo "Attempt ${attempt}/60: waiting for Helm v1 response from ${PREVIEW_URL} (http_status=${status_code:-n/a})"
+            sleep 5
+          done
+
+          echo "::error::Unexpected Helm response from ${PREVIEW_URL}"
+          printf '%s\n' "${body}"
+          exit 1
+
+  deploy_smoke_2:
+    runs-on: ubuntu-slim
+    needs: deploy_smoke_1
+    if: needs.deploy_smoke_1.result == 'success' && needs.deploy_smoke_1.outputs.live == 'true'
+    timeout-minutes: 40
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Redeploy Helm smoke app (v2)
+        id: pullpreview
+        uses: "./"
+        with:
+          label: pullpreview-helm
+          admins: "@collaborators/push"
+          app_path: .
+          provider: hetzner
+          region: ash
+          image: ubuntu-24.04
+          dns: rev2.click
+          instance_type: cpx21
+          max_domain_length: 40
+          deployment_target: helm
+          chart: wordpress
+          chart_repository: https://charts.bitnami.com/bitnami
+          chart_set: service.type=ClusterIP
+          proxy_tls: '{{ release_name }}-wordpress:80'
+          ttl: 1h
+        env:
+          HCLOUD_TOKEN: "${{ secrets.HCLOUD_TOKEN }}"
+          HETZNER_CA_KEY: "${{ secrets.HETZNER_CA_KEY }}"
+
+      - name: Assert deploy v2
+        if: steps.pullpreview.outputs.live == 'true'
+        shell: bash
+        env:
+          PREVIEW_URL: ${{ steps.pullpreview.outputs.url }}
+        run: |
+          set -euo pipefail
+
+          if [[ "${PREVIEW_URL}" != https://* ]]; then
+            echo "::error::Expected https preview URL when proxy_tls is enabled, got ${PREVIEW_URL}"
+            exit 1
+          fi
+
+          status_code=""
+          body=""
+          for attempt in $(seq 1 60); do
+            status_code="$(curl -fsSIL -o /dev/null -w '%{http_code}' --max-time 20 "${PREVIEW_URL}" || true)"
+            body="$(curl -fsSL --max-time 20 "${PREVIEW_URL}" || true)"
+            if [[ "${status_code}" == "200" ]] && \
+              grep -Eqi 'wp-content|wp-includes|User&#039;s Blog' <<<"${body}"; then
+              echo "Helm smoke v2 checks passed for ${PREVIEW_URL}"
+              exit 0
+            fi
+
+            echo "Attempt ${attempt}/60: waiting for Helm v2 response from ${PREVIEW_URL} (http_status=${status_code:-n/a})"
+            sleep 5
+          done
+
+          echo "::error::Unexpected Helm response from ${PREVIEW_URL}"
+          printf '%s\n' "${body}"
+          exit 1

.github/workflows/pullpreview-lightsail-helm.yml

@@ -0,0 +1,147 @@
+name: pullpreview_lightsail_helm
+
+on:
+  schedule:
+    - cron: "30 6 * * *"
+  pull_request:
+    types: [labeled, unlabeled, synchronize, closed, reopened, opened]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  deploy_smoke_1:
+    runs-on: ubuntu-slim
+    if: >-
+      github.event_name == 'schedule' ||
+      github.event.label.name == 'pullpreview-lightsail-helm' ||
+      ((github.event.action == 'opened' ||
+        github.event.action == 'reopened' ||
+        github.event.action == 'synchronize' ||
+        github.event.action == 'closed') &&
+       contains(github.event.pull_request.labels.*.name, 'pullpreview-lightsail-helm'))
+    outputs:
+      live: ${{ steps.pullpreview.outputs.live }}
+    timeout-minutes: 50
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Deploy Lightsail Helm smoke app (v1)
+        id: pullpreview
+        uses: "./"
+        with:
+          label: pullpreview-lightsail-helm
+          admins: "@collaborators/push"
+          app_path: .
+          provider: lightsail
+          region: us-east-1
+          dns: rev3.click
+          instance_type: medium
+          max_domain_length: 40
+          deployment_target: helm
+          chart: wordpress
+          chart_repository: https://charts.bitnami.com/bitnami
+          chart_set: service.type=ClusterIP
+          proxy_tls: '{{ release_name }}-wordpress:80'
+          ttl: 1h
+        env:
+          AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
+          AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
+
+      - name: Assert deploy v1
+        if: steps.pullpreview.outputs.live == 'true'
+        shell: bash
+        env:
+          PREVIEW_URL: ${{ steps.pullpreview.outputs.url }}
+        run: |
+          set -euo pipefail
+
+          if [[ "${PREVIEW_URL}" != https://* ]]; then
+            echo "::error::Expected https preview URL when proxy_tls is enabled, got ${PREVIEW_URL}"
+            exit 1
+          fi
+
+          status_code=""
+          body=""
+          for attempt in $(seq 1 60); do
+            status_code="$(curl -fsSIL -o /dev/null -w '%{http_code}' --max-time 20 "${PREVIEW_URL}" || true)"
+            body="$(curl -fsSL --max-time 20 "${PREVIEW_URL}" || true)"
+            if [[ "${status_code}" == "200" ]] && \
+              grep -Eqi 'wp-content|wp-includes|User&#039;s Blog' <<<"${body}"; then
+              echo "Lightsail Helm smoke v1 checks passed for ${PREVIEW_URL}"
+              exit 0
+            fi
+
+            echo "Attempt ${attempt}/60: waiting for Lightsail Helm v1 response from ${PREVIEW_URL} (http_status=${status_code:-n/a})"
+            sleep 5
+          done
+
+          echo "::error::Unexpected Lightsail Helm response from ${PREVIEW_URL}"
+          printf '%s\n' "${body}"
+          exit 1
+
+  deploy_smoke_2:
+    runs-on: ubuntu-slim
+    needs: deploy_smoke_1
+    if: needs.deploy_smoke_1.result == 'success' && needs.deploy_smoke_1.outputs.live == 'true'
+    timeout-minutes: 50
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Redeploy Lightsail Helm smoke app (v2)
+        id: pullpreview
+        uses: "./"
+        with:
+          label: pullpreview-lightsail-helm
+          admins: "@collaborators/push"
+          app_path: .
+          provider: lightsail
+          region: us-east-1
+          dns: rev3.click
+          instance_type: medium
+          max_domain_length: 40
+          deployment_target: helm
+          chart: wordpress
+          chart_repository: https://charts.bitnami.com/bitnami
+          chart_set: service.type=ClusterIP
+          proxy_tls: '{{ release_name }}-wordpress:80'
+          ttl: 1h
+        env:
+          AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
+          AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
+
+      - name: Assert deploy v2
+        if: steps.pullpreview.outputs.live == 'true'
+        shell: bash
+        env:
+          PREVIEW_URL: ${{ steps.pullpreview.outputs.url }}
+        run: |
+          set -euo pipefail
+
+          if [[ "${PREVIEW_URL}" != https://* ]]; then
+            echo "::error::Expected https preview URL when proxy_tls is enabled, got ${PREVIEW_URL}"
+            exit 1
+          fi
+
+          status_code=""
+          body=""
+          for attempt in $(seq 1 60); do
+            status_code="$(curl -fsSIL -o /dev/null -w '%{http_code}' --max-time 20 "${PREVIEW_URL}" || true)"
+            body="$(curl -fsSL --max-time 20 "${PREVIEW_URL}" || true)"
+            if [[ "${status_code}" == "200" ]] && \
+              grep -Eqi 'wp-content|wp-includes|User&#039;s Blog' <<<"${body}"; then
+              echo "Lightsail Helm smoke v2 checks passed for ${PREVIEW_URL}"
+              exit 0
+            fi
+
+            echo "Attempt ${attempt}/60: waiting for Lightsail Helm v2 response from ${PREVIEW_URL} (http_status=${status_code:-n/a})"
+            sleep 5
+          done
+
+          echo "::error::Unexpected Lightsail Helm response from ${PREVIEW_URL}"
+          printf '%s\n' "${body}"
+          exit 1

.github/workflows/pullpreview-multi-env.yml

@@ -8,7 +8,14 @@ on:
 jobs:
   deploy_env1:
     runs-on: ubuntu-slim
-    if: github.event_name == 'schedule' || github.event.label.name == 'pullpreview-multi-env' || contains(github.event.pull_request.labels.*.name, 'pullpreview-multi-env')
+    if: >-
+      github.event_name == 'schedule' ||
+      github.event.label.name == 'pullpreview-multi-env' ||
+      ((github.event.action == 'opened' ||
+        github.event.action == 'reopened' ||
+        github.event.action == 'synchronize' ||
+        github.event.action == 'closed') &&
+       contains(github.event.pull_request.labels.*.name, 'pullpreview-multi-env'))
     timeout-minutes: 30
     steps:
       - uses: actions/checkout@v5
@@ -26,7 +33,14 @@ jobs:
 
   deploy_env2:
     runs-on: ubuntu-slim
-    if: github.event_name == 'schedule' || github.event.label.name == 'pullpreview-multi-env' || contains(github.event.pull_request.labels.*.name, 'pullpreview-multi-env')
+    if: >-
+      github.event_name == 'schedule' ||
+      github.event.label.name == 'pullpreview-multi-env' ||
+      ((github.event.action == 'opened' ||
+        github.event.action == 'reopened' ||
+        github.event.action == 'synchronize' ||
+        github.event.action == 'closed') &&
+       contains(github.event.pull_request.labels.*.name, 'pullpreview-multi-env'))
     timeout-minutes: 30
     steps:
       - uses: actions/checkout@v5