cpflow 4.1.1 → 4.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ff0b8272e9a7bff7f8dc1e0b259188726cb2bbd0b7c87cc8c3bc498a984e2023
-  data.tar.gz: 8ee3ebc353a638b11fb2a00b98e1a4ff9347c1f1c3170d26ab5e0f23efae95f1
+  metadata.gz: dc6063b9255b39b0e28fba089bec5fd9ac88d05db3902c4f3f79d89afa6c38f0
+  data.tar.gz: febd4388547d3ed2a25ca0f9c8231d704891f26457c2860bb3586bf9ad75f745
 SHA512:
-  metadata.gz: affaed65cdfe25c9be5ef91f331208153b8755a7e1fa3aeb13309388212168a74b0c6d3e70d5f2907df0d726daa50ab3c624de3139d02a9ee669445a991d0411
-  data.tar.gz: 59db782ffc610191aeec401c77ddd939722c7597fecb13afa708f70e994142a33b81ef4ee2971700b496ca2dc1efb445e36956a35adc57050e3c3d6fb721fd79
+  metadata.gz: ef1a7b52cfd4166056d66e5997b497bee2dadfbaf31185ef276ac5c030937acae95866400edcfe43fece6c9304d5865a811a615632f25f0586b0cf08ced74be9
+  data.tar.gz: 0fe9f702f59c555935d21fbb2fd9eec3285c99ed3f915414ffafa40330e4cc9066a122f577098e7e4f2f162146775c607db516c137464986983dcfbda7318272

data/.github/workflows/claude-code-review.yml

@@ -0,0 +1,44 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, ready_for_review, reopened]
+
+jobs:
+  claude-review:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          prompt: |
+            REPO: ${{ github.repository }}
+            PR NUMBER: ${{ github.event.pull_request.number }}
+
+            Please review this pull request with a focus on:
+            - Code quality and best practices
+            - Potential bugs or issues
+            - Security implications
+            - Performance considerations
+
+            Note: The PR branch is already checked out in the current working directory.
+
+            Use `gh pr comment` for top-level feedback.
+            Use `mcp__github_inline_comment__create_inline_comment` to highlight specific code issues.
+            Only post GitHub comments - don't submit review text as messages.
+
+          claude_args: |
+            --allowedTools "mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)"

data/.github/workflows/claude.yml

@@ -0,0 +1,50 @@
+name: Claude Code
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+
+          # This is an optional setting that allows Claude to read CI results on PRs
+          additional_permissions: |
+            actions: read
+
+          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
+          # prompt: 'Update the pull request description to include a summary of changes.'
+
+          # Optional: Add claude_args to customize behavior and configuration
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://code.claude.com/docs/en/cli-reference for available options
+          # claude_args: '--allowed-tools Bash(gh pr:*)'
+

data/.gitignore

@@ -20,3 +20,5 @@
 # Generated configs
 /terraform/
 /.controlplane/
+
+.qodo

data/CHANGELOG.md

@@ -14,6 +14,17 @@ Changes since the last non-beta release.
 
 _Please add entries here for your pull requests that have not yet been released._
 
+### Fixed
+
+- Fixed issue where `run` command could hang indefinitely when updating runner workload. [PR 260](https://github.com/shakacode/control-plane-flow/pull/260) by [Sergey Tarasov](https://github.com/dzirtusss).
+
+### Changed
+
+- Redact sensitive data (Authorization headers, tokens) from `--trace` output. [PR 261](https://github.com/shakacode/control-plane-flow/pull/261) by [Sergey Tarasov](https://github.com/dzirtusss).
+
+## [4.1.1] - 2025-03-14
+
+
 ### Fixed
 
 - Fixed issue where `ps`, `ps:start`, `ps:stop`, `ps:wait`, and `run` commands fail when trying to fetch replicas with CPLN CLI. [PR 254](https://github.com/shakacode/control-plane-flow/pull/254) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
@@ -280,7 +291,8 @@ Deprecated `cpl` gem. New gem is `cpflow`.
 
 First release.
 
-[Unreleased]: https://github.com/shakacode/control-plane-flow/compare/v4.1.0...HEAD
+[Unreleased]: https://github.com/shakacode/control-plane-flow/compare/v4.1.1...HEAD
+[4.1.1]: https://github.com/shakacode/control-plane-flow/compare/v4.1.0...v4.1.1
 [4.1.0]: https://github.com/shakacode/control-plane-flow/compare/v4.0.0...v4.1.0
 [4.0.0]: https://github.com/shakacode/control-plane-flow/compare/v3.0.1...v4.0.0
 [3.0.1]: https://github.com/shakacode/control-plane-flow/compare/v3.0.0...v3.0.1

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    cpflow (4.1.1)
+    cpflow (4.2.0)
       dotenv (~> 2.8.1)
       jwt (~> 2.8.1)
       psych (~> 5.1.0)
@@ -13,7 +13,7 @@ GEM
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
     ast (2.4.2)
-    base64 (0.2.0)
+    base64 (0.3.0)
     bigdecimal (3.1.8)
     childprocess (4.1.0)
     crack (1.0.0)

data/README.md

@@ -37,7 +37,7 @@ many "Heroku" abstractions and naming conventions.
 
 Control Plane provides access to raw cloud computing power but lacks the simple abstractions of Heroku. The `cpflow` CLI bridges this gap, delivering a streamlined and familiar experience for developers.
 
-While this repository simplifies migration from Heroku, the `cpflow` CLI is versatile and can be used for new applications as well. It follows a **concept mapping** and **helper CLI** approach to streamline deployment workflows and minimize manual effort.
+While this repository simplifies migration from Heroku, the `cpflow` CLI is versatile and can be used for any application. This document contains **concept mapping** and **helper CLI** approach to streamline deployment workflows and minimize manual effort.
 
 Additionally, the documentation includes numerous examples and practical tips for teams transitioning from Heroku to Kubernetes, helping them make the most of Control Plane's advanced features.
 
@@ -82,7 +82,7 @@ On Control Plane, we can map a Heroku app to a GVC (Global Virtual Cloud). Such
 be anything that can run as a container.
 
 | Heroku           | Control Plane                               |
-| ---------------- | ------------------------------------------- |
+|------------------|---------------------------------------------|
 | _app_            | _GVC_ (Global Virtual Cloud)                |
 | _dyno_           | _workload_                                  |
 | _add-on_         | either a _workload_ or an external resource |
@@ -105,7 +105,12 @@ For the typical Rails app, this means:
 | in-memory db    | `redis`, `memcached` | add-on        | external provider or can be set up for development/testing with Docker image (lacks persistence between restarts) |
 | others          | `mailtrap`           | add-on        | external provider or can be set up for development/testing with Docker image (lacks persistence between restarts) |
 
-## Installation
+## Migration Strategy
+See this doc for [detailed migration steps](./docs/migrating-heroku-to-control-plane.md) from Heroku to Control Plane. Even if you are coming from a platform other than Heroku, you can still benefit from the migration steps.
+
+## System Prerequisites
+
+_Note, if you want to use Terraform with cpflow, you will start the same way below._
 
 1. Ensure your [Control Plane](https://shakacode.controlplane.com/) account is set up. Set up an `organization` `<your-org>` for testing in that account and modify the value for `aliases.common.cpln_org` in `.controlplane/controlplane.yml`, or you can also set it with the `CPLN_ORG` environment variable. If you need an organization, please [contact Shakacode](mailto:controlplane@shakacode.com).
 
@@ -130,15 +135,11 @@ npm update -g @controlplane/cli
 
 6. Install Control Plane Flow `cpflow` CLI as a [Ruby gem](https://rubygems.org/gems/cpflow): `gem install cpflow`. If you want to use `cpflow` from Rake tasks in a Rails project, use `Bundler.with_unbundled_env { `cpflow help` } or else you'll get an error that `cpflow` cannot be found. While you can add `cpflow` to your Gemfile, it's not recommended because it might trigger conflicts with other gems.
 
-7. You can use [this Dockerfile](https://github.com/shakacode/react-webpack-rails-tutorial/blob/master/.controlplane/Dockerfile) as an example for your project. Ensure that you have Docker running.
+7. You will need a production-ready Dockerfile. If you're using Rails, consider the default one that ships with Rails 8. You can use [this Dockerfile](https://github.com/shakacode/rails-v8-kamal-v2-terraform-gcp-tutorial/blob/master/Dockerfile) as an example for your project. Ensure that you have Docker running.
 
 **Note:** Do not confuse the `cpflow` CLI with the `cpln` CLI. The `cpflow` CLI is the Control Plane Flow playbook CLI.
 The `cpln` CLI is the Control Plane CLI.
 
-## Steps to Migrate
-
-Click [here](https://www.shakacode.com/control-plane-flow/docs/migrating/) to see the steps to migrate.
-
 ## Configuration Files
 
 The `cpflow` gem is based on several configuration files within a `/.controlplane` top-level directory in your project.
@@ -331,6 +332,8 @@ apps:
 
 For a live example, see the [react-webpack-rails-tutorial](https://github.com/shakacode/react-webpack-rails-tutorial/blob/master/.controlplane/readme.md) repository.
 
+You can use this repository as a reference for setting up your own project.
+
 This example should closely match the below example.
 
 Suppose your app is called `tutorial-app`. You can run the following commands.

data/docs/ci-automation.md

@@ -0,0 +1,28 @@
+# CI Automation, Review Apps, Staging, and Promoting to Production
+
+## Setting up Tokens for CI Automation
+
+This example uses Github Actions. The same applies to Circle CI and other similar CI/CD tools.
+
+1. Ensure that you have two orgs:
+  1. `company-staging` (for staging deployments, developers have access)
+  2. `company-production` (for production deployments, limited access)
+2. Create the token for staging org and set on Github repository secrets and variables:
+  1. Go to the Control Plane UI for your organization's staging org
+  2. Make a new service account called `github-actions-staging`
+  3. Assign to the group `superusers`
+  4. Click "Keys" and create a one with description "Github Actions" and copy the token (or download it).
+  5. Add this key to your Github repository **secrets** as `CPLN_TOKEN_STAGING`
+  6. Add another key to your Github repository **variables** as `CPLN_ORG_STAGING` with the name of the staging org, like `company-staging`
+3. Create the token for production org, and set on Github repository secrets and variables.
+  1. Go to the Control Plane UI for your organization's production org
+  2. Make a new service account called `github-actions-production`
+  3. Assign to the group `superusers`
+  4. Click "Keys" and create a one with description "Github Actions" and copy the token (or download it).
+  5. Add this key to your Github repository **secrets** as `CPLN_TOKEN_PRODUCTION`
+  6. Add another key to your Github repository **variables** as `CPLN_ORG_PRODUCTION` with the name of the production org, like `company-production`
+4. Create a few more ENV **variables** for the app name and the app prefix:
+  1. `STAGING_APP_NAME` - the name of the app in Control Plane for staging, which is the GVC name, like `app-name-staging`
+  2. `PRODUCTION_APP_NAME` - the name of the app in Control Plane for production, which is the GVC name, like `app-name-production`
+  3. `REVIEW_APP_PREFIX` - the prefix for the review apps in Control Plane. The Review apps are named `$REVIEW_APP_PREFIX-pr-$PR_NUMBER`
+5. All in all, you should have 2 secrets and 5 variables set in your Github repository

data/docs/commands.md

@@ -354,13 +354,17 @@ cpflow ps:stop -a $APP_NAME -w $WORKLOAD_NAME -r $REPLICA_NAME
 ### `ps:wait`
 
 - Waits for workloads in app to be ready after re-deployment
+- Use Unix timeout command to set a maximum wait time (e.g., `timeout 300 cpflow ps:wait ...`)
 
 ```sh
 # Waits for all workloads in app.
 cpflow ps:wait -a $APP_NAME
 
 # Waits for a specific workload in app.
-cpflow ps:swait -a $APP_NAME -w $WORKLOAD_NAME
+cpflow ps:wait -a $APP_NAME -w $WORKLOAD_NAME
+
+# Waits for all workloads with a 5-minute timeout.
+timeout 300 cpflow ps:wait -a $APP_NAME
 ```
 
 ### `run`

data/lib/command/ps_wait.rb

@@ -11,6 +11,7 @@ module Command
     DESCRIPTION = "Waits for workloads in app to be ready after re-deployment"
     LONG_DESCRIPTION = <<~DESC
       - Waits for workloads in app to be ready after re-deployment
+      - Use Unix timeout command to set a maximum wait time (e.g., `timeout 300 cpflow ps:wait ...`)
     DESC
     EXAMPLES = <<~EX
       ```sh
@@ -18,7 +19,10 @@ module Command
       cpflow ps:wait -a $APP_NAME
 
       # Waits for a specific workload in app.
-      cpflow ps:swait -a $APP_NAME -w $WORKLOAD_NAME
+      cpflow ps:wait -a $APP_NAME -w $WORKLOAD_NAME
+
+      # Waits for all workloads with a 5-minute timeout.
+      timeout 300 cpflow ps:wait -a $APP_NAME
       ```
     EX
 

data/lib/command/run.rb

@@ -97,7 +97,7 @@ module Command
 
     attr_reader :interactive, :detached, :location, :original_workload, :runner_workload,
                 :default_image, :default_cpu, :default_memory, :job_timeout, :job_history_limit,
-                :container, :expected_deployed_version, :job, :replica, :command
+                :container, :job, :replica, :command
 
     def call # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
       @interactive = config.options[:interactive] || interactive_command?
@@ -126,10 +126,7 @@ module Command
       end
 
       create_runner_workload if cp.fetch_workload(runner_workload).nil?
-      wait_for_runner_workload_deploy
       update_runner_workload
-      wait_for_runner_workload_update if expected_deployed_version
-
       start_job
       wait_for_replica_for_job
 
@@ -191,7 +188,7 @@ module Command
         }
 
         # Create runner workload
-        cp.apply_hash("kind" => "workload", "name" => runner_workload, "spec" => spec)
+        cp.apply_hash({ "kind" => "workload", "name" => runner_workload, "spec" => spec }, wait: true)
       end
     end
 
@@ -242,21 +239,7 @@ module Command
       return unless should_update
 
       step("Updating runner workload '#{runner_workload}'") do
-        # Update runner workload
-        @expected_deployed_version = (cp.cron_workload_deployed_version(runner_workload) || 0) + 1
-        cp.apply_hash("kind" => "workload", "name" => runner_workload, "spec" => spec)
-      end
-    end
-
-    def wait_for_runner_workload_deploy
-      step("Waiting for runner workload '#{runner_workload}' to be deployed", retry_on_failure: true) do
-        !cp.cron_workload_deployed_version(runner_workload).nil?
-      end
-    end
-
-    def wait_for_runner_workload_update
-      step("Waiting for runner workload '#{runner_workload}' to be updated", retry_on_failure: true) do
-        (cp.cron_workload_deployed_version(runner_workload) || 0) >= expected_deployed_version
+        cp.apply_hash({ "kind" => "workload", "name" => runner_workload, "spec" => spec }, wait: true)
       end
     end
 

data/lib/core/config.rb

@@ -25,7 +25,7 @@ class Config # rubocop:disable Metrics/ClassLength
     return unless trace_mode
 
     ControlplaneApiDirect.trace = trace_mode
-    Shell.warn("Trace mode is enabled, this will print sensitive information to the console.")
+    Shell.warn("Trace mode is enabled. Sensitive data is redacted, but please review output before sharing.")
   end
 
   def org

data/lib/core/controlplane.rb

@@ -404,11 +404,12 @@ class Controlplane # rubocop:disable Metrics/ClassLength
   end
 
   # apply
-  def apply_template(data) # rubocop:disable Metrics/MethodLength
+  def apply_template(data, wait: false) # rubocop:disable Metrics/MethodLength, Metrics/PerceivedComplexity
     Tempfile.create do |f|
       f.write(data)
       f.rewind
       cmd = "cpln apply #{gvc_org} --file #{f.path}"
+      cmd += " --ready" if wait && ENV.fetch("DISABLE_APPLY_READY", nil).nil?
       if Shell.tmp_stderr
         cmd += " 2> #{Shell.tmp_stderr.path}" if Shell.should_hide_output?
 
@@ -429,8 +430,8 @@ class Controlplane # rubocop:disable Metrics/ClassLength
     end
   end
 
-  def apply_hash(data)
-    apply_template(data.to_yaml)
+  def apply_hash(data, wait: false)
+    apply_template(data.to_yaml, wait: wait)
   end
 
   def parse_apply_result(result) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity

data/lib/core/controlplane_api_direct.rb

@@ -1,5 +1,27 @@
 # frozen_string_literal: true
 
+class RedactedDebugOutput
+  SAFE_HEADERS = %w[Content-Type Content-Length Accept Host Date Cache-Control Connection].freeze
+  HEADER_REGEX = /^([A-Za-z\-]+): (.+)$/.freeze
+
+  def <<(msg)
+    $stdout << redact(msg)
+  end
+
+  private
+
+  def redact(msg)
+    msg.lines.map { |line| redact_line(line) }.join
+  end
+
+  def redact_line(line)
+    match = line.match(HEADER_REGEX)
+    return line.gsub(/[\w\-._]{50,}/, "[REDACTED]") unless match
+
+    SAFE_HEADERS.any? { |h| h.casecmp(match[1]).zero? } ? line : "#{match[1]}: [REDACTED]\n"
+  end
+end
+
 class ControlplaneApiDirect
   API_METHODS = {
     get: Net::HTTP::Get,
@@ -37,7 +59,7 @@ class ControlplaneApiDirect
 
     http = Net::HTTP.new(uri.hostname, uri.port)
     http.use_ssl = uri.scheme == "https"
-    http.set_debug_output($stdout) if trace
+    http.set_debug_output(RedactedDebugOutput.new) if trace
 
     response = http.start { |ht| ht.request(request) }
 

data/lib/cpflow/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
 module Cpflow
-  VERSION = "4.1.1"
+  VERSION = "4.2.0"
   MIN_CPLN_VERSION = "3.1.0"
 end

data/lib/cpflow.rb

@@ -51,6 +51,7 @@ module Cpflow
 
     def self.start(*args)
       ENV["CPLN_SKIP_UPDATE_CHECK"] = "true"
+      ENV["NODE_NO_WARNINGS"] = "1"
 
       check_cpln_version
       check_cpflow_version

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cpflow
 version: !ruby/object:Gem::Version
-  version: 4.1.1
+  version: 4.2.0
 platform: ruby
 authors:
 - Justin Gordon
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-03-14 00:00:00.000000000 Z
+date: 2026-02-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dotenv
@@ -77,6 +77,8 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/workflows/check_cpln_links.yml"
+- ".github/workflows/claude-code-review.yml"
+- ".github/workflows/claude.yml"
 - ".github/workflows/command_docs.yml"
 - ".github/workflows/rspec-shared.yml"
 - ".github/workflows/rspec-specific.yml"
@@ -100,9 +102,10 @@ files:
 - docs/assets/grafana-alert.png
 - docs/assets/memcached.png
 - docs/assets/sidekiq-pre-stop-hook.png
+- docs/ci-automation.md
 - docs/commands.md
 - docs/dns.md
-- docs/migrating.md
+- docs/migrating-heroku-to-control-plane.md
 - docs/postgres.md
 - docs/redis.md
 - docs/secrets-and-env-values.md