ci(cd): remove AWS build+deploy jobs (kops decommissioned)#85
Merged
Conversation
Mirrors AWS deploy; reuses rfcx/cicd/.github/workflows/rfcx-local-cd.yaml@master. See rfcx/rfcx-api commit fc1b78ff for the pattern + initial rollout proof.
The kops production cluster has been declared dead by the operator (2026-05-18 18:55 EDT). The AWS-targeted `build:` (ECR push) and `deploy:` (kubectl against KUBE_CONFIG_SUPER) jobs have been failing-or-soon-to-fail since, and rfcx-local has been the authoritative production deploy target. This commit: - Drops the `build:` job (uses `rfcx/cicd/ecr-build-push.yaml`) - Drops the `deploy:` job (uses `rfcx/cicd/k8s-deploy.yaml`) - Updates `notify.needs` to depend only on `deploy-rfcx-local` - Updates notify status/footer to surface the rfcx-local result `deploy-rfcx-local` is unchanged: it does its own in-cluster arm64 build via the self-hosted runner in the `cicd` namespace, pushes to the in-cluster registry at 192.168.5.1:30500, and rolls `apps-prod` Deployments via the runner's RBAC. It has no dependency on the AWS `build:`/`deploy:` jobs. `prepare:` and `configure:` are kept (still needed for the branch-name gate on `deploy-rfcx-local` and for notify metadata). `staging` is left in the on.push.branches trigger; with AWS gone it's a no-op on staging push (deploy-rfcx-local gates on namespace==production), which preserves the staging-promotion-PR workflow. See https://github.com/evity-squibbon/rfcx-local STATE.md "AWS / kops decommission status" block for context.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Removes the AWS-targeted
build:(ECR push) anddeploy:(kopskubectl apply) jobs from this repo'scd.yaml. The kops production cluster has been declared dead by the operator (2026-05-18 18:55 EDT), and rfcx-local is now the sole production deploy target.Background
evity-squibbon/rfcx-local'sSTATE.md"Phase 3 Status" + "AWS / kops decommission status" blocks.build:anddeploy:jobs in this workflow either fail noisily (most recent run on rfcx-api) or, onceKUBE_CONFIG_SUPERrotates / kops gets torn down, will fail uniformly. They have no useful behaviour going forward.deploy-rfcx-local:job (added 2026-05-16) does its own in-cluster arm64 build via the self-hosted runner in the rfcx-local cluster'scicdnamespace, pushes to the in-cluster registry at192.168.5.1:30500, and rollsapps-prodDeployments via the runner's RBAC. It has zero dependency on the AWS jobs.What changes
In
.github/workflows/cd.yaml:build:job (usesrfcx/cicd/.github/workflows/ecr-build-push.yaml@master)deploy:job (usesrfcx/cicd/.github/workflows/k8s-deploy.yaml@master)notify.needs:to depend only on[prepare, deploy-rfcx-local]statusto reportdeploy-rfcx-local.resultnotification-footerto surface only the rfcx-local resultprepare:andconfigure:are kept (still needed fordeploy-rfcx-local'sif: namespace == 'production'gate and for notify metadata).stagingis left inon.push.branches(no-op on staging push —deploy-rfcx-localis gated to production — but preserves the staging-promotion PR mechanism).What's unchanged
deploy-rfcx-local:is byte-identical. So isconcurrency:. No new secrets, no removed inputs.Validation plan
stagingfirst (via this PR landing): runsprepare → configure, skipsdeploy-rfcx-local(namespace=staging). Should complete successfully with no AWS calls.mastervia the companionstaging → masterPR: triggers the rfcx-local CD path only. Should match recent successful runs.Rollback
Revert this PR. The AWS jobs come back. Note: this only restores the workflow definition — kops production itself is dead regardless, so the AWS jobs will fail until kops comes back (which is not the plan).
Related
evity-squibbon/rfcx-localPR / branch:agent/ms4-strip-aws-cd-20260519(this same branch name across all 7 rfcx-org repos this week).rfcx/{rfcx-api, ingest-service, guardian-api, guardian-dashboard, arbimon, arbimon-legacy}.