feat(ci): add Aurora PR preview workflow with label-based deployment

[ArtieReus]

Summary

Adds a new GitHub Actions workflow for automated PR preview deployments of the Aurora Dashboard. The workflow builds Docker images when a PR is labeled with pr-build, pushes them to GitHub Container Registry and manages ArgoCD deployment via label-based triggers.

Changes Made

• Added .github/workflows/build-push-aurora-pr-preview.yaml workflow with comprehensive documentation
• Implements label-based build and deployment system using pr-build and pr-preview labels
• Builds Docker images with version tag format: pr-{NUMBER}-{SHA} (e.g., pr-123-a1b2c3d)
• Pushes images to ghcr.io/{org}/aurora-pr-preview
• Automatically manages pr-preview label lifecycle (add after build, remove on new commits)
• Implements cleanup jobs to remove old PR images and images from closed PRs
• Includes concurrency control to prevent multiple workflow runs per PR

Related Issues

Screenshots (if applicable)

N/A - This is a CI/CD workflow addition with no visual changes.

Testing Instructions

1. Create a test PR in this repository
2. Add the pr-build label to the PR
3. Verify the workflow runs and builds a Docker image
4. Check that the pr-preview label is added automatically after successful build
5. Push a new commit to the PR
6. Verify the pr-preview label is removed and then re-added after rebuild
7. Check GHCR to ensure image exists with tag pr-{NUMBER}-{SHA}
8. Close the PR and verify all images for that PR are cleaned up

Checklist

• I have performed a self-review of my code.
• I have commented my code, particularly in hard-to-understand areas.
• I have added tests that prove my fix is effective or that my feature works.
• New and existing unit tests pass locally with my changes.
• I have made corresponding changes to the documentation (if applicable).
• My changes generate no new warnings or errors.

Summary by CodeRabbit

• Chores
  • Enhanced continuous integration workflows for improved preview deployment automation
  • Updated development environment configuration

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e4fab323-cdcd-4863-b76a-7e37c501a4e0

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR introduces a new GitHub Actions workflow for building and publishing Docker images on pull requests, triggered by the pr-build label. The workflow generates tagged images with PR number and commit SHA, manages GHCR registry entries with automatic cleanup of older tags, and removes images when PRs close. It also adds one line to .gitignore.

Changes

PR Docker Image Build Workflow

Layer / File(s)	Summary
Workflow triggers and configuration .github/workflows/build-push-aurora-pr-preview.yaml	Defines the new Build Aurora PR Preview 🔬 workflow triggered on PR labeled, synchronize, opened, reopened, and closed events; configures per-PR concurrency and shared environment variables for label and registry names.
Build and push implementation .github/workflows/build-push-aurora-pr-preview.yaml	Main build-and-push job conditionally executes when pr-build label is present; checks out PR at head SHA, generates pr-{number}-{sha} version tag, logs into GHCR, builds and pushes the Docker image, and applies pr-preview label on success; removes pr-preview label on new commits to force redeployment.
Cleanup and maintenance operations .github/workflows/build-push-aurora-pr-preview.yaml	Post-build job cleans up older GHCR tags for the PR while keeping the newly built image; PR-close job deletes all GHCR tags associated with the PR number; label-removal job removes pr-preview label when the PR closes, with error tolerance for missing labels.
Future enhancement placeholder .github/workflows/build-push-aurora-pr-preview.yaml	Commented-out documentation stub for planned "notify on failure" feature.

Gitignore Configuration

Layer / File(s)	Summary
Ignore patterns update .gitignore	Adds .out-of-code-insights to the gitignore patterns to prevent local insights directory from being tracked.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A workflow so neat, with Docker so bright,
Builds PR previews day and night,
Cleanup jobs dance when tags grow old,
And .out-of-code insights rest untold,
Aurora's preview builds with all our might! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding a new GitHub Actions workflow for Aurora PR preview deployments with label-based deployment control.
Description check	✅ Passed	The PR description comprehensively covers all essential template sections including summary, detailed changes, testing instructions, and a completed checklist. It provides clear context about the new workflow's functionality, build process, and deployment management.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch artie-build-pr-preview-image

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/build-push-aurora-pr-preview.yaml:
- Around line 124-128: The "Checkout repository" GitHub Actions step (uses:
actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd) should explicitly
disable credential persistence to avoid leaking GitHub credentials; update that
step to include the input persist-credentials: false so the action does not
write credentials to the local git config during the run.
- Line 6: The workflow header comment references a missing
docs/aurora-pr-preview-workflow.md; update the reference in
.github/workflows/build-push-aurora-pr-preview.yaml to point to an existing
documentation file (for example docs/aurora_architecture_overview.md or
docs/semantic_release.md) or add a new docs/aurora-pr-preview-workflow.md file
with the workflow documentation; locate the reference string
"docs/aurora-pr-preview-workflow.md" in the workflow file and either replace it
with the chosen existing doc path or create the new markdown file with the
appropriate content.
- Around line 60-66: Replace the hardcoded label string 'pr-build' used in the
if condition that checks github.event.label.name with the environment variable
reference ${{ env.PR_BUILD_LABEL }} so the label comparison uses the
PR_BUILD_LABEL env var consistently (mirror the same pattern used elsewhere in
the workflow); update the expression where github.event.label.name == 'pr-build'
to compare against ${{ env.PR_BUILD_LABEL }} to avoid manual updates when the
label changes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3a7ff6e8-1ca3-487d-9fd8-a7d35d5ef84f

📥 Commits

Reviewing files that changed from the base of the PR and between 6eaafea and 3ff7319.

📒 Files selected for processing (2)

• .github/workflows/build-push-aurora-pr-preview.yaml
• .gitignore

[Copilot]

Pull request overview

Adds a new GitHub Actions workflow to build/push PR-scoped Docker images to GHCR and trigger/cleanup PR preview deployments using pr-build / pr-preview labels.

Changes:

• Introduces a PR-preview build/push workflow gated by PR labels and PR event types.
• Adds GHCR cleanup jobs to delete outdated PR image tags and cleanup on PR close.
• Updates .gitignore to exclude a new local/tooling directory.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 3 comments.

File	Description
.github/workflows/build-push-aurora-pr-preview.yaml	New label-driven PR preview build/push workflow plus image cleanup and label lifecycle handling.
.gitignore	Ignores .out-of-code-insights.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.