Harden cpflow review app workflow

justin808 · justin808 · commit b9095c6ad71c · 2026-04-29T23:21:07.000-10:00
diff --git a/.controlplane/readme.md b/.controlplane/readme.md
@@ -380,6 +380,8 @@ After the review app exists, new pushes to the PR redeploy it automatically.
 Use `/delete-review-app` to delete it manually; closing the PR deletes it
 automatically. Pushes to the staging branch deploy staging, and production
 promotion is manual from the `cpflow-promote-staging-to-production` workflow.
+The production promotion workflow checks that production has all environment
+variable names present in staging; it does not compare secret values.
 
 The repository variables and secrets must match the app names in
 `.controlplane/controlplane.yml`. In particular, `REVIEW_APP_PREFIX` should
diff --git a/.github/workflows/cpflow-deploy-review-app.yml b/.github/workflows/cpflow-deploy-review-app.yml
@@ -72,7 +72,7 @@ jobs:
                 echo "Control Plane review app automation is not configured yet."
                 echo
                 echo "Missing required GitHub configuration:"
-                printf -- '- `%s`\n' "${missing[@]}"
+                printf -- '- %s\n' "${missing[@]}"
                 echo
                 echo "Pushes to this pull request will skip review app deploys until the repository is configured."
               } >> "$GITHUB_STEP_SUMMARY"
@@ -119,9 +119,11 @@ jobs:
             same_repo="true"
           fi
 
-          echo "PR_NUMBER=$pr_number" >> "$GITHUB_ENV"
-          echo "APP_NAME=${{ vars.REVIEW_APP_PREFIX }}-$pr_number" >> "$GITHUB_ENV"
-          echo "PR_SHA=$pr_sha" >> "$GITHUB_ENV"
+          {
+            echo "PR_NUMBER=$pr_number"
+            echo "APP_NAME=${{ vars.REVIEW_APP_PREFIX }}-$pr_number"
+            echo "PR_SHA=$pr_sha"
+          } >> "$GITHUB_ENV"
           echo "same_repo=${same_repo}" >> "$GITHUB_OUTPUT"
 
       - name: Validate review app deployment source
@@ -182,9 +184,26 @@ jobs:
         run: |
           set -euo pipefail
 
-          if cpflow exists -a "${APP_NAME}" --org "${CPLN_ORG}"; then
+          exists_output=""
+          if exists_output="$(cpflow exists -a "${APP_NAME}" --org "${CPLN_ORG}" 2>&1)"; then
+            if [[ -n "${exists_output}" ]]; then
+              printf '%s\n' "${exists_output}"
+            fi
+
             echo "exists=true" >> "$GITHUB_OUTPUT"
           else
+            case "${exists_output}" in
+              *"Double check your org"*|*"Unknown API token format"*|*"ERROR"*|*"Error:"*|*"Traceback"*|*"Net::"*)
+                echo "Failed to determine whether review app exists: ${APP_NAME}" >&2
+                printf '%s\n' "${exists_output}" >&2
+                exit 1
+                ;;
+            esac
+
+            if [[ -n "${exists_output}" ]]; then
+              printf '%s\n' "${exists_output}"
+            fi
+
             echo "exists=false" >> "$GITHUB_OUTPUT"
           fi
 
