ci: migrate staging secrets to GitHub Environment by tyler-dane · Pull Request #1768 · SwitchbackTech/compass

tyler-dane · 2026-05-16T18:40:14Z

Summary

Adds environment: Staging to the deploy job in deploy-staging.yml
Removes all STAGING_ prefixes from 8 secrets and 5 variables — environment scoping replaces the naming convention
Updates docs/CI-CD/workflows.md to document the repository-level vs environment-level secret split

Pre-merge validation

Before merging, manually trigger the Deploy staging workflow from this branch to confirm secrets resolve correctly:

Go to Actions → Deploy staging → Run workflow
Select branch ci/migrate-staging-secrets-to-environment
Enter an existing tag (e.g. the latest release)
Confirm the run succeeds end-to-end (SSH connects, ./compass update runs)

Post-merge cleanup

Once the deploy is confirmed working, delete the old STAGING_-prefixed secrets and variables from repository-level Actions secrets.

Closes #1767

Adds `environment: Staging` to the deploy job and removes all `STAGING_` prefixes from secrets and variables, relying on environment-level scoping instead of naming conventions. Also updates docs/CI-CD/workflows.md to document the split between repository-level secrets (DockerHub) and Staging environment secrets. Closes #1767 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

tyler-dane temporarily deployed to Staging May 16, 2026 18:41 — with GitHub Actions Inactive

tyler-dane temporarily deployed to Staging May 16, 2026 18:44 — with GitHub Actions Inactive

debug: add SSH auth diagnostics to staging deploy

5c1e4ac

tyler-dane temporarily deployed to Staging May 16, 2026 18:46 — with GitHub Actions Inactive

debug: print derived public key for authorized_keys comparison

90a6dda

tyler-dane temporarily deployed to Staging May 16, 2026 18:47 — with GitHub Actions Inactive

tyler-dane temporarily deployed to Staging May 16, 2026 18:48 — with GitHub Actions Inactive

tyler-dane added 2 commits May 16, 2026 13:49

debug: remove SSH diagnostics

bdf5065

debug: capture supertokens container logs on deploy failure

a5a1ae1

tyler-dane temporarily deployed to Staging May 16, 2026 18:51 — with GitHub Actions Inactive

tyler-dane temporarily deployed to Staging May 16, 2026 18:54 — with GitHub Actions Inactive

tyler-dane temporarily deployed to Staging May 16, 2026 18:59 — with GitHub Actions Inactive

tyler-dane temporarily deployed to Staging May 16, 2026 19:02 — with GitHub Actions Inactive

debug: add mongo log capture on failure

1415c6d

tyler-dane temporarily deployed to Staging May 16, 2026 19:04 — with GitHub Actions Inactive

tyler-dane temporarily deployed to Staging May 16, 2026 19:05 — with GitHub Actions Inactive

debug: add backend log capture on failure

d398939

tyler-dane temporarily deployed to Staging May 16, 2026 19:07 — with GitHub Actions Inactive

fix: chmod 644 compass.yaml so backend container can read it

c1d13ae

tyler-dane temporarily deployed to Staging May 16, 2026 19:08 — with GitHub Actions Inactive

debug: verify compass.yaml permissions and backend volume mount

a4f29f9

tyler-dane temporarily deployed to Staging May 16, 2026 19:10 — with GitHub Actions Inactive

debug: remove all diagnostic steps

5374581

tyler-dane force-pushed the ci/migrate-staging-secrets-to-environment branch from b798d85 to 5374581 Compare May 16, 2026 19:13

tyler-dane merged commit 09348aa into main May 16, 2026
8 checks passed

tyler-dane deleted the ci/migrate-staging-secrets-to-environment branch May 16, 2026 19:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: migrate staging secrets to GitHub Environment#1768

ci: migrate staging secrets to GitHub Environment#1768
tyler-dane merged 10 commits into
mainfrom
ci/migrate-staging-secrets-to-environment

tyler-dane commented May 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

tyler-dane commented May 16, 2026

Summary

Pre-merge validation

Post-merge cleanup

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant