Skip to content

Move seed writes to manual import workflow#1064

Merged
cbusillo merged 2 commits into
mainfrom
bound-deploy-seed-authority
May 31, 2026
Merged

Move seed writes to manual import workflow#1064
cbusillo merged 2 commits into
mainfrom
bound-deploy-seed-authority

Conversation

@cbusillo
Copy link
Copy Markdown
Owner

@cbusillo cbusillo commented May 31, 2026

Summary

  • remove product onboarding and runtime key-safety seed writes from normal Launchplane deploy reconciliation
  • add explicit import material under import-material/launchplane/seed-imports
  • add a manual Launchplane Seed Import workflow with dry-run default, apply confirmation, OIDC service calls, and evidence artifacts
  • keep deploy-owned authz grants for the new import workflow and update docs/tests for the new boundary

Part of #1049.

Validation

  • actionlint .github/workflows/launchplane-seed-import.yml .github/workflows/deploy-launchplane.yml
  • uv run --extra dev ruff check --diff scripts/deploy/apply-launchplane-seed-imports.py tests/test_product_onboarding.py
  • uv run --extra dev ruff check scripts/deploy/apply-launchplane-seed-imports.py tests/test_product_onboarding.py
  • uv run python -m unittest tests.test_product_onboarding
  • uv run python -m unittest tests.test_product_onboarding tests.test_service

@cbusillo cbusillo merged commit ea0dd94 into main May 31, 2026
12 checks passed
@cbusillo cbusillo deleted the bound-deploy-seed-authority branch May 31, 2026 18:11
@cbusillo cbusillo mentioned this pull request May 31, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cbusillo