aboutbits · stplasim · Feb 19, 2026 · Feb 19, 2026
diff --git a/setup-s3-preview/action.yml b/setup-s3-preview/action.yml
@@ -0,0 +1,62 @@
+name: 'Setup S3 Preview'
+description: 'Creates an S3 preview prefix by copying from the main prefix'
+inputs:
+  deployment-name:
+    description: 'Name of the deployment (used for ConfigMap name)'
+    required: true
+  namespace:
+    description: 'Kubernetes namespace'
+    required: true
+  preview-number:
+    description: 'Preview number (PR number)'
+    required: true
+  secret-name:
+    description: 'Name of the secret containing AWS credentials'
+    required: false
+    default: 'app-secrets'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Prepare setup-s3 job
+      run: |
+        JOB_NAME="prepare-s3-preview-${{ inputs.preview-number }}"
+        CONFIGMAP_NAME="${{ inputs.deployment-name }}-environments"
+
+        # Create a temporary file for the manifest
+        cp ${{ github.action_path }}/job-template.yml job-setup-s3.yml
+
+        # Replace placeholders
+        sed -i "s/JOB_NAME_PLACEHOLDER/$JOB_NAME/g" job-setup-s3.yml
+        sed -i "s/CONFIGMAP_NAME_PLACEHOLDER/$CONFIGMAP_NAME/g" job-setup-s3.yml
+        sed -i "s/SECRET_NAME_PLACEHOLDER/${{ inputs.secret-name }}/g" job-setup-s3.yml
+        sed -i "s/PREVIEW_NUMBER_PLACEHOLDER/${{ inputs.preview-number }}/g" job-setup-s3.yml
+
+        echo "Prepared job manifest: job-setup-s3.yml"
+      shell: bash
+
+    - name: Create setup-s3 job
+      run: |
+        kubectl apply --namespace ${{ inputs.namespace }} -f job-setup-s3.yml
+      shell: bash
+
+    - name: Wait for setup-s3 job to complete
+      run: |
+        JOB_NAME="prepare-s3-preview-${{ inputs.preview-number }}"
+        NAMESPACE="${{ inputs.namespace }}"
+
+        echo "Waiting for job $JOB_NAME in namespace $NAMESPACE..."
+
+        if kubectl wait --namespace $NAMESPACE --for=condition=complete --timeout=10m job/$JOB_NAME; then
+          echo "Job finished with status: Complete"
+          kubectl logs job/$JOB_NAME --namespace $NAMESPACE
+        elif kubectl wait --namespace $NAMESPACE --for=condition=failed --timeout=1s job/$JOB_NAME; then
+          echo "Job finished with status: Failed"
+          kubectl logs job/$JOB_NAME --namespace $NAMESPACE
+          exit 1
+        else
+          echo "Timeout waiting for job to complete."
+          kubectl logs job/$JOB_NAME --namespace $NAMESPACE || true
+          exit 1
+        fi
+      shell: bash
diff --git a/setup-s3-preview/job-template.yml b/setup-s3-preview/job-template.yml
@@ -0,0 +1,80 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: JOB_NAME_PLACEHOLDER
+spec:
+  ttlSecondsAfterFinished: 60
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+        - name: prepare-s3-preview
+          image: amazon/aws-cli:2
+          command: [ "bash", "-c" ]
+          args:
+            - |
+              set -e
+
+              echo "### START $(date --iso-8601=seconds) ###"
+
+              S3_ARGS=""
+              if [ -n "$S3_ENDPOINT" ]; then
+                S3_ARGS="--endpoint-url $S3_ENDPOINT"
+              fi
+
+              S3_MAIN_PREFIX="s3://$S3_BUCKET/main/"
+              S3_PREVIEW_PREFIX="s3://$S3_BUCKET/preview-$PREVIEW_NUMBER/"
+
+              echo "Checking if $S3_PREVIEW_PREFIX already exists..."
+              if [ "$(aws s3 $S3_ARGS ls "$S3_PREVIEW_PREFIX" | wc -l)" -gt 0 ]; then
+                echo "$S3_PREVIEW_PREFIX already exists. Skipping setup."
+                echo "Script finished successfully!"
+                echo "### END $(date --iso-8601=seconds) ###"
+                exit 0
+              fi
+
+              echo "Syncing from $S3_MAIN_PREFIX to $S3_PREVIEW_PREFIX ..."
+              aws s3 $S3_ARGS sync "$S3_MAIN_PREFIX" "$S3_PREVIEW_PREFIX"
+
+              echo "Script finished successfully!"
+              echo "### END $(date --iso-8601=seconds) ###"
+          env:
+            - name: S3_BUCKET
+              valueFrom:
+                configMapKeyRef:
+                  name: CONFIGMAP_NAME_PLACEHOLDER
+                  key: S3_BUCKET
+            - name: S3_ENDPOINT
+              valueFrom:
+                configMapKeyRef:
+                  name: CONFIGMAP_NAME_PLACEHOLDER
+                  key: S3_ENDPOINT
+                  optional: true
+            - name: AWS_REGION
+              valueFrom:
+                configMapKeyRef:
+                  name: CONFIGMAP_NAME_PLACEHOLDER
+                  key: AWS_REGION
+            - name: AWS_DEFAULT_REGION
+              valueFrom:
+                configMapKeyRef:
+                  name: CONFIGMAP_NAME_PLACEHOLDER
+                  key: AWS_REGION
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: SECRET_NAME_PLACEHOLDER
+                  key: AWS_ACCESS_KEY_ID
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: SECRET_NAME_PLACEHOLDER
+                  key: AWS_SECRET_ACCESS_KEY
+            - name: AWS_SESSION_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: SECRET_NAME_PLACEHOLDER
+                  key: AWS_SESSION_TOKEN
+                  optional: true
+            - name: PREVIEW_NUMBER
+              value: "PREVIEW_NUMBER_PLACEHOLDER"
diff --git a/teardown-s3-preview/action.yml b/teardown-s3-preview/action.yml
@@ -0,0 +1,62 @@
+name: 'Teardown S3 Preview'
+description: 'Deletes the S3 preview prefix'
+inputs:
+  deployment-name:
+    description: 'Name of the deployment (used for ConfigMap name)'
+    required: true
+  namespace:
+    description: 'Kubernetes namespace'
+    required: true
+  preview-number:
+    description: 'Preview number (PR number)'
+    required: true
+  secret-name:
+    description: 'Name of the secret containing AWS credentials'
+    required: false
+    default: 'app-secrets'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Prepare teardown-s3 job
+      run: |
+        JOB_NAME="teardown-s3-preview-${{ inputs.preview-number }}"
+        CONFIGMAP_NAME="${{ inputs.deployment-name }}-environments"
+
+        # Create a temporary file for the manifest
+        cp ${{ github.action_path }}/job-template.yml job-teardown-s3.yml
+
+        # Replace placeholders
+        sed -i "s/JOB_NAME_PLACEHOLDER/$JOB_NAME/g" job-teardown-s3.yml
+        sed -i "s/CONFIGMAP_NAME_PLACEHOLDER/$CONFIGMAP_NAME/g" job-teardown-s3.yml
+        sed -i "s/SECRET_NAME_PLACEHOLDER/${{ inputs.secret-name }}/g" job-teardown-s3.yml
+        sed -i "s/PREVIEW_NUMBER_PLACEHOLDER/${{ inputs.preview-number }}/g" job-teardown-s3.yml
+
+        echo "Prepared job manifest: job-teardown-s3.yml"
+      shell: bash
+
+    - name: Create teardown-s3 job
+      run: |
+        kubectl apply --namespace ${{ inputs.namespace }} -f job-teardown-s3.yml
+      shell: bash
+
+    - name: Wait for teardown-s3 job to complete
+      run: |
+        JOB_NAME="teardown-s3-preview-${{ inputs.preview-number }}"
+        NAMESPACE="${{ inputs.namespace }}"
+
+        echo "Waiting for job $JOB_NAME in namespace $NAMESPACE..."
+
+        if kubectl wait --namespace $NAMESPACE --for=condition=complete --timeout=5m job/$JOB_NAME; then
+          echo "Job finished with status: Complete"
+          kubectl logs job/$JOB_NAME --namespace $NAMESPACE
+        elif kubectl wait --namespace $NAMESPACE --for=condition=failed --timeout=1s job/$JOB_NAME; then
+          echo "Job finished with status: Failed"
+          kubectl logs job/$JOB_NAME --namespace $NAMESPACE
+          exit 1
+        else
+          echo "Timeout waiting for job to complete."
+          kubectl logs job/$JOB_NAME --namespace $NAMESPACE || true
+          exit 1
+        fi
+      shell: bash
diff --git a/teardown-s3-preview/job-template.yml b/teardown-s3-preview/job-template.yml
@@ -0,0 +1,79 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: JOB_NAME_PLACEHOLDER
+spec:
+  ttlSecondsAfterFinished: 60
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+        - name: teardown-s3-preview
+          image: amazon/aws-cli:2
+          command: [ "bash", "-c" ]
+          args:
+            - |
+              set -e
+
+              echo "### START $(date --iso-8601=seconds) ###"
+
+              S3_ARGS=""
+              if [ -n "$S3_ENDPOINT" ]; then
+                S3_ARGS="--endpoint-url $S3_ENDPOINT"
+              fi
+
+              S3_PREVIEW_PREFIX="s3://$S3_BUCKET/preview-$PREVIEW_NUMBER/"
+
+              echo "Checking if $S3_PREVIEW_PREFIX exists..."
+              if [ "$(aws s3 $S3_ARGS ls "$S3_PREVIEW_PREFIX" | wc -l)" -eq 0 ]; then
+                echo "$S3_PREVIEW_PREFIX does not exist or is empty. Skipping teardown."
+                echo "Script finished successfully!"
+                echo "### END $(date --iso-8601=seconds) ###"
+                exit 0
+              fi
+
+              echo "Removing $S3_PREVIEW_PREFIX recursively..."
+              aws s3 $S3_ARGS rm "$S3_PREVIEW_PREFIX" --recursive
+
+              echo "Script finished successfully!"
+              echo "### END $(date --iso-8601=seconds) ###"
+          env:
+            - name: S3_BUCKET
+              valueFrom:
+                configMapKeyRef:
+                  name: CONFIGMAP_NAME_PLACEHOLDER
+                  key: S3_BUCKET
+            - name: S3_ENDPOINT
+              valueFrom:
+                configMapKeyRef:
+                  name: CONFIGMAP_NAME_PLACEHOLDER
+                  key: S3_ENDPOINT
+                  optional: true
+            - name: AWS_REGION
+              valueFrom:
+                configMapKeyRef:
+                  name: CONFIGMAP_NAME_PLACEHOLDER
+                  key: AWS_REGION
+            - name: AWS_DEFAULT_REGION
+              valueFrom:
+                configMapKeyRef:
+                  name: CONFIGMAP_NAME_PLACEHOLDER
+                  key: AWS_REGION
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: SECRET_NAME_PLACEHOLDER
+                  key: AWS_ACCESS_KEY_ID
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: SECRET_NAME_PLACEHOLDER
+                  key: AWS_SECRET_ACCESS_KEY
+            - name: AWS_SESSION_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: SECRET_NAME_PLACEHOLDER
+                  key: AWS_SESSION_TOKEN
+                  optional: true
+            - name: PREVIEW_NUMBER
+              value: "PREVIEW_NUMBER_PLACEHOLDER"