You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Replace hard-coded Launchplane service URL and OIDC audience defaults in reusable/manual workflows with configured inputs or repository/org variables, while preserving thin Launchplane request behavior.
Current Status
Done.
PR #1070 (Configure Launchplane workflow service identity) merged into main at 2026-05-31T19:05:24Z with merge commit 023795577dc675239701078da52448b747102838.
What changed:
Removed hard-coded https://launchplane.shinycomputers.com / launchplane.shinycomputers.com workflow runtime defaults from .github/workflows.
Reusable Odoo workflows now accept optional launchplane_url and launchplane_audience inputs and otherwise use vars.LAUNCHPLANE_PUBLIC_URL; the shared request action derives audience from the service URL host when no audience is supplied.
Manual/direct-curl workflows use vars.LAUNCHPLANE_PUBLIC_URL and optional vars.LAUNCHPLANE_SERVICE_AUDIENCE; when the audience var is absent, they derive the audience from the configured URL host and persist it for later steps.
Docs describe LAUNCHPLANE_PUBLIC_URL and optional LAUNCHPLANE_SERVICE_AUDIENCE as the configured workflow service identity.
Static regression coverage blocks reintroducing the hosted URL/audience literals in workflow files and verifies reusable Odoo workflows expose configurable identity inputs.
Validation:
git diff --check
uv run --extra dev ruff check tests/test_product_onboarding.py --diff
uv run --extra dev ruff check tests/test_product_onboarding.py
uv run python -m unittest tests.test_product_onboarding
docker run --rm -v "${PWD}:/repo" -w /repo rhysd/actionlint:1.7.12 -config-file .github/actionlint.yaml
Local cleanup note: gh pr merge --delete-branch merged server-side but could not complete local branch cleanup because another worktree has main checked out. No product behavior is blocked by that.
Finish Line
Reusable workflows accept or derive service URL and audience from configured inputs/vars rather than hard-coded production values.
Product-facing reusable Odoo workflows preserve caller compatibility where possible, with defaults using vars instead of concrete literals.
Manual operator workflows fail closed when required URL/audience config is absent.
Tests or static checks prevent reintroducing production URL/audience literals outside approved docs/fixtures/import material.
Acceptance Criteria
No reusable workflow hard-codes https://launchplane.shinycomputers.com as the Launchplane request URL.
No reusable/manual workflow hard-codes launchplane.shinycomputers.com as the OIDC audience unless the workflow explicitly documents it as a temporary compatibility fallback.
Existing docs are updated with the configured variable names and migration guidance.
Purpose
Replace hard-coded Launchplane service URL and OIDC audience defaults in reusable/manual workflows with configured inputs or repository/org variables, while preserving thin Launchplane request behavior.
Current Status
Done.
PR #1070 (
Configure Launchplane workflow service identity) merged intomainat 2026-05-31T19:05:24Z with merge commit023795577dc675239701078da52448b747102838.What changed:
https://launchplane.shinycomputers.com/launchplane.shinycomputers.comworkflow runtime defaults from.github/workflows.launchplane_urlandlaunchplane_audienceinputs and otherwise usevars.LAUNCHPLANE_PUBLIC_URL; the shared request action derives audience from the service URL host when no audience is supplied.vars.LAUNCHPLANE_PUBLIC_URLand optionalvars.LAUNCHPLANE_SERVICE_AUDIENCE; when the audience var is absent, they derive the audience from the configured URL host and persist it for later steps.LAUNCHPLANE_PUBLIC_URLand optionalLAUNCHPLANE_SERVICE_AUDIENCEas the configured workflow service identity.Validation:
git diff --checkuv run --extra dev ruff check tests/test_product_onboarding.py --diffuv run --extra dev ruff check tests/test_product_onboarding.pyuv run python -m unittest tests.test_product_onboardingdocker run --rm -v "${PWD}:/repo" -w /repo rhysd/actionlint:1.7.12 -config-file .github/actionlint.yamlLocal cleanup note:
gh pr merge --delete-branchmerged server-side but could not complete local branch cleanup because another worktree hasmainchecked out. No product behavior is blocked by that.Finish Line
varsinstead of concrete literals.Acceptance Criteria
https://launchplane.shinycomputers.comas the Launchplane request URL.launchplane.shinycomputers.comas the OIDC audience unless the workflow explicitly documents it as a temporary compatibility fallback.Recovery Notes
Parent: #1049. Related umbrella: #1041.