feat: add Octomind integration to GitHub Actions workflows

[aliakbar-deriv]

Summary by Sourcery

Set up deployment to production and preview deployments on pull requests using GitHub Actions. Add CI checks for linting, type checking, unit tests, and end-to-end (E2E) tests. Configure production deployment to be manually triggered and include validation steps. Integrate Octomind for E2E test automation on preview deployments.

CI:

• Set up a CI workflow to lint, type check, run unit tests, and perform E2E tests on preview deployments.
• Add a production deployment workflow that runs validation steps before deploying to production. The production deployment is manually triggered and includes a deployment status check.
• Prevent concurrent production deployments.

Tests:

• Add E2E tests to run against preview deployments using the Octomind platform.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request introduces integration with Octomind for automated E2E testing of preview deployments, adds a new preview deployment workflow, and enhances the production deployment workflow with environment selection, concurrency control, caching, and improved status reporting.

Sequence diagram for PR Preview Deployment and E2E Testing

sequenceDiagram
    participant PR as Pull Request
    participant GH as GitHub Actions
    participant Pages as GitHub Pages
    participant Octomind as Octomind E2E Tests

    PR->>GH: Open/Update PR
    GH->>GH: Run Quality Checks
    GH->>GH: Build Preview
    GH->>Pages: Deploy Preview
    GH->>PR: Comment Preview URL
    GH->>Octomind: Trigger E2E Tests
    Octomind-->>GH: Test Results
    GH->>PR: Comment Test Status

Loading

Sequence diagram for Enhanced Production Deployment

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub Actions
    participant Pages as GitHub Pages

    Dev->>GH: Push to main/Manual trigger
    GH->>GH: Validate Production Build
    GH->>GH: Run Tests
    GH->>GH: Cache Build
    GH->>Pages: Deploy to Production
    alt deployment fails
        GH->>GH: Create Issue
    end
    GH->>GH: Update Deployment Status

Loading

File-Level Changes

Change	Details	Files
Set up a preview deployment workflow that builds and deploys the application to a preview environment on every pull request to the main branch. This workflow also runs code quality checks (linting, type checking, unit tests) before deploying the preview and triggers Octomind E2E tests against the deployed preview.	Added a new workflow file to handle preview deployments. Included steps for linting, type checking, and unit testing. Set up preview environment and deployment using GitHub Pages. Integrated Octomind for automated E2E testing of the preview deployment. Added a comment to the PR with the preview URL. Reports the E2E test status back to the PR via a comment.	.github/workflows/preview-deploy.yml
Modified the production deployment workflow to include environment selection, concurrency control, caching, and detailed status reporting.	Added input to select between production and staging environments. Implemented concurrency control to prevent concurrent production deployments. Added caching for dependencies and build output to speed up the workflow. Added a validation job to run tests before deploying to production. Improved status reporting by creating a deployment status and notifying on failure.	.github/workflows/deploy.yml
No changes were made to application code, only to GitHub Actions workflows.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @aliakbar-deriv - I've reviewed your changes - here's some feedback:

Overall Comments:

• Consider removing continue-on-error: true for lint and type checking steps in preview-deploy.yml to ensure code quality issues are caught early
• For consistency and reliability in CI/CD environments, use npm ci instead of npm install across all workflows

Here's what I looked at during the review

• 🟢 General issues: all looks good
• 🟢 Security: all looks good
• 🟡 Testing: 1 issue found
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[review-deriv]

AI Code Review

⚠️ IMPORTANT: This review is AI-generated and should be validated by human reviewers
🔴 BUGS & LOGICAL ISSUES:

1. Environment URL May Not Resolve Properly
   • Issue Description: The “environment” block in the deploy job references “steps.deployment.outputs.page_url” before the “Deploy to GitHub Pages” step (id: deployment) has actually set that output. In GitHub Actions, environment URLs do not automatically update retroactively if the referenced step fails, is skipped, or does not set the output correctly.
   • Potential Impacts: The environment URL on GitHub may show as empty or stale if the “Deploy to GitHub Pages” step is never invoked or fails before creating its outputs.
   • Reproduction Scenarios:
   – A push triggers the deploy job, but “Deploy to GitHub Pages” is skipped or fails. The environment block tries to set the URL from a step output that does not exist.
   – The job is canceled early but still attempts to assign environment URLs from incomplete steps.
   • Fix Implementation (Example):

   • Option A: Move the environment section’s URL reference after the deploy step, or dynamically update the environment URL using a GitHub CLI or REST call if the deploy step succeeds.
   • Option B: Use safe-guard checks to ensure the step output is available before referencing it:
     ┌─────────────────────────────
     │ - name: Set Environment URL
     │ if: steps.deployment.outcome == 'success'
     │ run: gh api
     │ -X POST
     │ /repos/${{ github.repository }}/environments/${{ github.event.inputs.environment }}
     │ -f environment=url="${{ steps.deployment.outputs.page_url }}"
     └─────────────────────────────

2. createDeploymentStatus References Possibly Nonexistent Deployment
   • Issue Description: In “Create Deployment Status” (actions/github-script@v6), the script uses “context.payload.deployment?.id” and “steps.deployment.outcome.” If the “Deploy to GitHub Pages” step failed or was skipped, these fields may be null/undefined.
   • Potential Impacts: The createDeploymentStatus step may throw errors (or silently fail) if no valid deployment object exists.
   • Reproduction Scenarios:
   – The “Deploy to GitHub Pages” step never runs because a prior step (e.g., the build) fails.
   – The job is canceled mid-deployment, so “steps.deployment” does not produce outputs.
   • Fix Implementation (Example):

   • Add a condition to ensure the deployment step ran successfully:
     ┌─────────────────────────────
     │ - name: Create Deployment Status
     │ if: always() && steps.deployment.outcome == 'success'
     │ uses: actions/github-script@v6
     │ with:
     │ script: |
     │ // only proceed if we have a valid deployment
     │ if (!context.payload.deployment?.id) {
     │ core.warning("No valid deployment to update.");
     │ return;
     │ }
     │ // then create the status
     └─────────────────────────────

3. Potential Parallel Deployment Race Condition
   • Issue Description: The concurrency group is set to “pages” with “cancel-in-progress: false” for production. This means multiple commits pushed in quick succession can trigger parallel deployments, possibly clobbering each other or resulting in out-of-order release artifacts.
   • Potential Impacts: Production systems could receive incomplete or older builds if multiple concurrent workflows finish in an unexpected order.
   • Reproduction Scenarios:
   – Two quick successive pushes to main cause simultaneous deployments. The second deployment finishes first, then the first deployment overwrites it upon completion.
   • Fix Implementation (Example):

   • Re-enable cancel-in-progress for production or assign a dedicated concurrency group:
     ┌─────────────────────────────
     │ concurrency:
     │ group: "production-deploy-${{ github.run_id }}"
     │ cancel-in-progress: true
     └─────────────────────────────
   • Alternatively, if deliberate, document that multiple deployments in parallel are intended and handle the ordering in your environment logic.

🟡 RELIABILITY CONCERNS:

1. Missing Validation on environment Input
   • Edge Cases Identified: Although “environment” is a choice in workflow_dispatch with “production”/“staging,” direct pushes (without a dispatch event) default to “production.” If an invalid environment input somehow sneaks through, it is coerced to “production” by the “|| 'production'” fallback.
   • Potential Failure Scenarios: The job might silently deploy to production when the user intended something else.
   • Mitigation Steps:
   – Rely on the “choice” type to reject invalid inputs when triggered via workflow_dispatch.
   – Add a final validation step in the “validate” job, e.g.:
   ┌─────────────────────────────
   │ - name: Validate environment input
   │ run: |
   │ if [[ "${{ github.event.inputs.environment }}" != "production" &&
   │ "${{ github.event.inputs.environment }}" != "staging" ]]; then
   │ echo "Invalid environment input. Aborting."
   │ exit 1
   │ fi
   └─────────────────────────────

2. Cache Key Collisions
   • Potential Failure Scenarios: Using “${{ runner.os }}-prod-${{ env.cache-name }}-${{ hashFiles('/package-lock.json') }}” could collide if the environment setup or dependencies differ across branches, though it is usually safe. If collisions occur, an outdated cache might cause builds to fail.
   • Mitigation Steps:
   – Include branch or job-specific content in the key: “${{ runner.os }}-deploy-${{ github.ref }}-${{ hashFiles('/package-lock.json') }}”.
   – Validate cache usage in logs to confirm it is restoring the correct resources.

3. “Notify on Failure” May Conflict if concurrency is turned off
   • Potential Failure Scenarios: Multiple parallel runs that fail at different points could each create an issue, leading to spammy or redundant bug reports.
   • Mitigation Steps:
   – Consider using a single channel for failure notifications or grouping them.
   – Add logic to detect if an issue already exists, then append comments rather than creating new issues repeatedly.

💡 ROBUSTNESS IMPROVEMENTS:

1. Add Error Handling for Build & Test Steps
   • Enhancement: Wrap npm run build and npm test commands with clearer exit guidance. Example:
   ┌─────────────────────────────
   │ - name: Production Build Test
   │ run: |
   │ if ! npm run build; then
   │ echo "Build failed, exiting..."
   │ exit 1
   │ fi
   └─────────────────────────────
   • Benefit: Explicitly terminates the workflow if build/test fails in a known way, rather than relying entirely on exit codes.

2. Strengthen Input Validation & Logging
   • Improvement: Log all relevant environment variables and input choices at the start of each job to help debug unexpected behaviors. Example:
   ┌─────────────────────────────
   │ - name: Log environment
   │ run: |
   │ echo "Environment Input: ${{ github.event.inputs.environment }}"
   │ echo "NODE_ENV: ${{ env.NODE_ENV }}"
   └─────────────────────────────

3. Concurrency per Environment
   • Enhancement: Differentiate concurrency groups so that staging and production deployments do not block or overwrite each other, for instance:
   ┌─────────────────────────────
   │ concurrency:
   │ group: "deploy-${{ github.event.inputs.environment }}"
   │ cancel-in-progress: true
   └─────────────────────────────
   • Benefit: Avoids collisions between staging vs. production deployments and ensures each environment handles race conditions correctly.

4. Defensive Create Deployment Status Script
   • Enhancement: Before calling createDeploymentStatus, confirm the deployment object and step outputs exist. Example:
   ┌─────────────────────────────
   │ const deploymentId = context.payload.deployment?.id || null;
   │ if (deploymentId === null) {
   │ core.warning("No deployment ID found; skipping status update.");
   │ return;
   │ }
   │ // proceed with status update
   └─────────────────────────────
   • Benefit: Prevents runtime errors if the deployment is not properly initialized or if the build/deploy step is skipped.