Reaper runs on interval, so TTL expiry timing is non-deterministic.
Keep just the push/pull validation for now.
Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>
After deploy, tests:
1. Push busybox with 5m TTL (uses commit SHA for unique name)
2. Pull back to verify registry works
3. Wait 7 minutes for TTL to expire
4. Verify pull fails (image correctly deleted)
Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>
- Update docker-compose.yaml to use ghcr.io/replicatedhq/ttlsh-* images
- Simplify CI auth using GITHUB_TOKEN (no GCP credentials needed)
- Update ansible to use docker login for GHCR instead of gcloud
- Remove google.cloud ansible collection (no longer needed for registry)
GHCR is simpler: automatic auth via GITHUB_TOKEN in Actions,
and packages can be made public for pull access on servers.
Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>
docker-compose.yaml references env_file: .env which is created by
Ansible on the server but doesn't exist in the repo. Create an empty
file during CI build to satisfy the reference.
Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>
Temporarily deploy on merge to prerelease branch instead of main.
This allows testing the deploy workflow without requiring PR approval.
TODO: Switch back to main after testing is complete.
Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>
- Remove dry run flags
- Build and push images to Artifact Registry
- Run Ansible without --check flag
Deploys will now happen automatically on merge to main.
Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>
- Build images but skip push
- Run Ansible with --check flag (no changes made)
- Renamed workflow to indicate dry run mode
This lets us verify credentials and workflow before enabling real deploys.
Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>
- Triggers on merge to main
- Uses Doppler for secrets management
- Builds and pushes Docker images to GCP Artifact Registry
- Runs Ansible playbook to deploy to production
Required GitHub secrets:
- DOPPLER_TOKEN: Service token for Doppler ttl-sh project
- SSH_PRIVATE_KEY: Private key for SSH access to production server
Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>
