Create CD workflow

[aleguy02]

@coderabbitai ignore

Summary by CodeRabbit

• Chores
  • Introduced an automated deployment workflow with manual trigger and post-test execution, enabling quicker, more reliable releases.
  • Added a health-checked redeploy process that rebuilds services, verifies uptime, and reduces potential downtime during updates.
  • Removed an obsolete data-counting script with no user-facing impact.

[coderabbitai]

Walkthrough

Introduces a GitHub Actions deployment workflow that connects via SSH to a VPS to run a redeploy script. Adds a server-side redeploy script that pulls latest main, rebuilds Docker services, and performs a health check with retries. Removes an obsolete local data-counting script.

Changes

Cohort / File(s)	Summary of Changes
CI/CD Workflow .github/workflows/deploy.yml	Added a Deploy workflow triggered by successful "Run Tests" completion or manual dispatch; limits branch scope; sets up SSH using secrets; runs remote redeploy commands on the VPS.
Deployment Script scripts/redeploy-site.sh	Added Bash script to fetch/reset to origin/main, rebuild via Docker Compose, verify container running, and perform retrying HTTP health check before exiting success/failure.
Cleanup scripts/count_data_points_before_cleaning copy.sh	Deleted Bash script that summed course counts across JSON files using jq and awk.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant GA as GitHub Actions (Deploy)
  participant VPS as VPS (SSH)
  participant RS as redeploy-site.sh
  participant DC as Docker Compose
  participant APP as graphuf container
  participant HL as /health endpoint

  Dev->>GA: Manual dispatch (or Run Tests success)
  GA->>VPS: SSH connect using secrets
  GA->>VPS: Execute ~/redeploy-site.sh
  VPS->>RS: Start script
  RS->>RS: git fetch && reset --hard origin/main
  RS->>DC: down
  RS->>DC: up -d --build
  DC->>APP: (re)create containers
  RS->>HL: HEAD https://www.aleguy02.dev/health (retry up to 5)
  alt 200 OK
    HL-->>RS: 200
    RS-->>GA: Success
  else Non-200 / timeout
    RS-->>GA: Failure (non-zero exit)
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

A whisk of ears, deploy I spy—
Tests pass, I tap the sky!
Hop through SSH, compose sails bright,
Health check hums, all green tonight.
Old crumbs swept, new trails in sight—
Carrots up, the site’s alight! 🥕✨

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch github-actions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/deploy.yml (1)

36-40: Broken SSH step, wrong order, and tilde won’t expand; also copying from the wrong path

• The two ssh commands are concatenated via backslash (no separator) → invalid shell.
• You run the script before copying it.
• '~' is single-quoted (no expansion on remote).
• Path references a different repo (~/PE-portfolio). Use this repo’s scripts via checkout + scp.

Apply this diff to fix all of the above:

     steps:
       - name: Configure SSH
         run: |
@@
         env:
           SSH_USER: ${{ secrets.SSH_USER }}
           SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
           SSH_IP: ${{ secrets.SSH_IP }}
 
-      - name: Redeploy Site
-        run: |
-          ssh my-vps '~/redeploy-site.sh' \
-          ssh my-vps 'yes | cp ~/PE-portfolio/scripts/redeploy-site.sh ~/redeploy-site.sh'
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Upload and run redeploy script
+        run: |
+          scp ./scripts/redeploy-site.sh my-vps:~/redeploy-site.sh
+          ssh my-vps 'bash -lc "chmod +x $HOME/redeploy-site.sh && $HOME/redeploy-site.sh"'

🧹 Nitpick comments (8)

scripts/redeploy-site.sh (6)

2-2: Drop unrelated virtualenv note

This script doesn’t use Python; the comment is misleading. Remove or move to README.

-# Set up a virtual environment "python3-virtualenv" before executing this script

---

4-4: Harden shell options

Enable -u and ERR trapping to catch unset vars and propagate errors from subshells.

-set -eo pipefail
+set -Eeuo pipefail
+trap 'echo "error on line $LINENO" >&2' ERR

---

6-14: Quote paths and parameterize retry sleep

• Quote PROJECT_DIR in cd.
• Add SLEEP_SECONDS for reuse.

 PROJECT_DIR="$HOME/graph-uf/"
 URL="https://www.aleguy02.dev"
 MAX_RETRIES=5
+SLEEP_SECONDS=7
 
-echo "=== pulling in latest changes ==="
+echo "=== pulling in latest changes ==="
 
-cd $PROJECT_DIR
+cd "$PROJECT_DIR"
 git fetch && git reset origin/main --hard > /dev/null

---

19-25: Compose flags: remove orphans and always pull base images

Prevents stale containers and ensures base images are refreshed.

-docker compose -f compose.yaml down > /dev/null
+docker compose -f compose.yaml down --remove-orphans > /dev/null
@@
-docker compose -f compose.yaml up -d --build > /dev/null
+docker compose -f compose.yaml up -d --build --pull always > /dev/null

---

31-36: Container name check may be brittle

This assumes the container is named exactly “graphuf”. If compose doesn’t set container_name, names are usually project_service_1. Consider checking by service label or via compose ps.

Example (more robust by label):

docker ps --filter "label=com.docker.compose.service=$container" --filter "status=running" --format '{{.Names}}' | grep -qx ".\+"

Or:

docker compose -f compose.yaml ps --services --status running | grep -qx "$container"

Please confirm the actual container/service name in compose.yaml.

---

39-57: Make health check resilient and faster to fail

Use curl’s status-code formatter, follow redirects, and add a per-try timeout. Also reuse SLEEP_SECONDS and log status.

-# Health check with retries
-retry_count=0
-while [ $retry_count -lt $MAX_RETRIES ]; do
-        if [ "$(curl --head $URL/health | awk '/^HTTP/{print $2}')" = "200" ]; then
-                echo "Health check passed"
-                break
-        fi
-
-        retry_count=$((retry_count + 1))
-        echo "Health check attempt $retry_count/$MAX_RETRIES failed"
-
-        if [ $retry_count -lt $MAX_RETRIES ]; then
-                echo "Retrying in 7 seconds..."
-                sleep 7
-        fi
-done
-if [ $retry_count -eq $MAX_RETRIES ]; then
-        echo "!! Could not reach the site at $URL/health or received a non-200 HTTP response. !!"
-        exit 1
-fi
+# Health check with retries
+retry_count=0
+while [ "$retry_count" -lt "$MAX_RETRIES" ]; do
+        status="$(curl -fsSLI -o /dev/null -w '%{http_code}' -L --max-time 5 "$URL/health" || true)"
+        if [ "$status" = "200" ]; then
+                echo "Health check passed"
+                break
+        fi
+
+        retry_count=$((retry_count + 1))
+        echo "Health check attempt $retry_count/$MAX_RETRIES failed (status: ${status:-curl-error})"
+
+        if [ "$retry_count" -lt "$MAX_RETRIES" ]; then
+                echo "Retrying in ${SLEEP_SECONDS}s..."
+                sleep "$SLEEP_SECONDS"
+        fi
+done
+if [ "$retry_count" -eq "$MAX_RETRIES" ]; then
+        echo "!! Could not reach $URL/health or received a non-200 response. !!"
+        exit 1
+fi

.github/workflows/deploy.yml (2)

25-30: Avoid disabling StrictHostKeyChecking in production

Prefer pinning the host key to mitigate MITM risk.

Minimal change:

-            StrictHostKeyChecking no
+            StrictHostKeyChecking yes
+            UserKnownHostsFile ~/.ssh/known_hosts

Then add a one-time key scan in Configure SSH:

 run: |
   mkdir -p ~/.ssh/
   echo "$SSH_PRIVATE_KEY" > ~/.ssh/deploy-key.pem
   chmod 600 ~/.ssh/deploy-key.pem
+  ssh-keyscan -H "$SSH_IP" >> ~/.ssh/known_hosts

---

11-16: Optional: add job-level concurrency to prevent overlapping deploys

Prevents race conditions when multiple runs target the same host.

   deploy:
+    concurrency:
+      group: deploy-${{ github.ref_name }}
+      cancel-in-progress: true

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f69a447 and fdf9b49.

📒 Files selected for processing (3)

• .github/workflows/deploy.yml (1 hunks)
• scripts/count_data_points_before_cleaning copy.sh (0 hunks)
• scripts/redeploy-site.sh (1 hunks)

💤 Files with no reviewable changes (1)

• scripts/count_data_points_before_cleaning copy.sh

🧰 Additional context used

🪛 actionlint (1.7.7)

.github/workflows/deploy.yml

37-37: shellcheck reported issue in this script: SC2088:warning:1:12: Tilde does not expand in quotes. Use $HOME

(shellcheck)