Skip to content

Revise deploy-action design: layered, adapter-independent, app-provided CLI#315

Closed
aram356 wants to merge 2 commits into
feature/edgezero-actionsfrom
feature/edgezero-actions-improve
Closed

Revise deploy-action design: layered, adapter-independent, app-provided CLI#315
aram356 wants to merge 2 commits into
feature/edgezero-actionsfrom
feature/edgezero-actions-improve

Conversation

@aram356

@aram356 aram356 commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Summary

Stacked on top of #303. Revises the GitHub Actions deploy design docs (spec,
implementation plan, adoption guide) — no runtime code yet. Restructures the
Fastly-only v0 design into a layered, adapter-independent one and threads through
six goals plus several review rounds.

What changed

  • Layered, adapter-independent architecture — three composable layers:
    • build-cli — compiles the CLI the application provides (a crate in the
      app's own workspace), from the app checkout, with an isolated
      CARGO_TARGET_DIR and --locked so it never dirties the tree; publishes a
      self-describing tar (cli-meta.json) so the executable bit survives.
    • deploy-core — adapter-independent shared engine scripts sourced by
      wrappers via $GITHUB_ACTION_PATH/../deploy-core; provider names, creds, and
      flags arrive only via provider-env, provider-env-clear, deploy-flags,
      deploy-args.
    • deploy-fastly — minimal wrapper that types Fastly credentials and calls the
      engine.
  • App-owned CLI package — no adapters input; the app's own Cargo.toml
    pins adapters. Guarantees CLI ↔ app schema agreement.
  • Git root vs Cargo workspace root — revision/dirty-check use the Git root;
    target/ + Cargo.lock + caching use the Cargo workspace root, so monorepos
    cache the right artifacts.
  • No Pythonactionlint + zizmor from pinned release binaries;
    third-party actions pinned to readable released tags (@v4).
  • Explicit Fastly build-in-deploy caveat — deploy compiles app code with the
    token in scope, so trusted immutable refs are required.
  • General adoption guide — the Trusted Server migration plan becomes a guide
    for any EdgeZero app repo (same-repo / separate-repo / monorepo examples,
    private-repo token note); Trusted Server is one worked example.

Docs

  • docs/specs/edgezero-deploy-github-action.md — the spec (restructured)
  • docs/specs/edgezero-deploy-action-implementation-plan.md — the plan
  • docs/specs/edgezero-deploy-adoption-guide.md — renamed from the Trusted
    Server migration plan, generalized

Validation

  • cd docs && npx prettier --check specs/… — passes

Notes

Base branch is feature/edgezero-actions (#303). Retarget to main if #303
merges first.

… CLI

Restructure the GitHub Actions deploy design into three composable layers
(build-cli, deploy-core engine scripts, minimal deploy-fastly wrapper) and
generalize the docs beyond Fastly-only / Trusted-Server-only.

Key design changes:
- build-cli compiles the CLI package the *application* provides (a crate in the
  app's own workspace), built from the app checkout with an isolated
  CARGO_TARGET_DIR and --locked so it never dirties the tree; publishes a
  self-describing tar (cli-meta.json) so the executable bit survives.
- deploy-core is adapter-independent shared scripts sourced by wrappers via
  $GITHUB_ACTION_PATH; provider names/creds/flags arrive only via provider-env,
  provider-env-clear, deploy-flags, deploy-args.
- Distinguish Git root (revision + dirty check) from Cargo workspace root
  (target/ + Cargo.lock + cache) for correct monorepo caching.
- No Python in CI; actionlint + zizmor from pinned release binaries; third-party
  actions pinned to readable released tags.
- Make the Fastly build-in-deploy credential caveat explicit (trusted refs).
- Rename the Trusted Server migration plan to a general adoption guide for any
  EdgeZero app repo, with same-repo/separate-repo/monorepo examples and a
  private-repo token note.
@aram356 aram356 force-pushed the feature/edgezero-actions-improve branch from bd1a16e to 5590818 Compare July 9, 2026 06:20
@aram356 aram356 self-assigned this Jul 9, 2026
…wording

- provider-env is now bound only to the deploy step's own env:, never a
  job/engine-global variable, so setup/build never hold the secret-bearing blob
  (unsetting inner names did not remove the outer JSON var). provider-env-clear
  is reframed as defense-in-depth against inherited caller env:.
- Acceptance criteria and adoption guide now reference the Cargo workspace root
  (not the Git root) for target/ caching and Cargo.lock, matching §11.
- Align stale 'caller-selected CLI' wording with the app-provided model.
@aram356

aram356 commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #316, which bases off main (not stacked on #303) and adds the Fastly staging lifecycle. Closing in favor of #316.

@aram356 aram356 closed this Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant