Add GitHub Actions deploy workflow to 4 agent templates#202
Open
Add GitHub Actions deploy workflow to 4 agent templates#202
Conversation
Ship `.github/workflows/deploy.yml` inside agent-langgraph, agent-langgraph-advanced, agent-openai-agents-sdk, and agent-openai-advanced. The workflow authenticates via GitHub OIDC federation (no long-lived secrets), validates the bundle, deploys, and runs `bundle run <app-key>` so the app actually restarts with the new code. The two advanced templates include an inline note about the one-time autoscaling Lakebase postgres wiring needed before CI can take over (documented in .claude/skills/deploy/SKILL.md). Each template's AGENTS.md now lists the workflow under Key Files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.github/workflows/deploy.ymlinagent-langgraph,agent-langgraph-advanced,agent-openai-agents-sdk, andagent-openai-advanced. Authenticates via GitHub OIDC workload identity federation, validates the bundle, deploys, and runsbundle run <app-key>so the app actually restarts with the new code.AGENTS.md..claude/skills/deploy/SKILL.md).Why
End users of these templates have no paved path for deploying from CI today. The generic
dev-tools/ci-cd/github.mddocs do not cover Apps (they miss the mandatorybundle runstep), and nothing in this repo ships a starter workflow. This adds the shortest viable shipping path: a working, commented workflow file plus a pointer fromAGENTS.md.Accompanying internal docs (canonical Apps CI/CD page + agent-specific page + Productionize overview) will land in a follow-up universe PR once the in-flight AI Gateway (#1831872) and load-testing (#1816018) docs merge, so all three production-concern pages can nest under a new Productionize your agent parent.
Design notes
workflow_dispatchonly, withpush: branches: [main]commented out. Safer default — users opt-in once they have secrets configured.DATABRICKS_AUTH_TYPE: github-oidc,DATABRICKS_HOST,DATABRICKS_CLIENT_ID) — no long-lived secrets. The workflow's header comment links todev-tools/auth/provider-githubfor the one-time federation policy setup.prodtarget with explicit--target prod. Users must configuretargets.prod.workspace.hostorworkspace.root_pathindatabricks.ymlbefore the workflow will succeed; this is noted in the workflow's header comment.bundle runis a separate step, not chained. Makes it easy to see whetherdeployorrunfailed.agent-non-conversational,agent-migration-from-model-serving,agent-openai-agents-sdk-multiagent, andagent-langchain-tsare deliberately skipped..scripts/sync-*— the workflow file is not a shared source. If it starts to drift across templates, we can promote it to a sync source later.Test plan
deploy.ymlis at<template>/.github/workflows/deploy.yml(nested, not at the monorepo root — GH Actions only scans the repo-root.github/workflows/, so these files don't run in this repo; they run only once a user makes a template their repo root).agent-langgraphas a new repo, set up an SP + federation policy + GH environment, trigger the workflow, confirm it deploys and the app restarts.agent-langgraph-advanced: confirm that the one-time Lakebase postgres wiring is done before the workflow is triggered, then verify workflow succeeds.AGENTS.mdrendering: workflow row in Key Files table.