[preview] Fix preview environment workflows (#21237)

* [preview] Add container to GC delete job

The delete job was missing the container specification, causing
'leeway: command not found' errors. Use the same dev-environment
container as the stale job.

Co-authored-by: Ona <no-reply@ona.com>

* [preview] Convert Docker actions to composite actions

Convert preview-create, deploy-gitpod, and deploy-monitoring-satellite
from Docker-based actions to composite actions. This fixes GCP OIDC
authentication failures caused by credential file permission issues
when Docker actions mount the workspace.

Docker actions run in isolated containers where the credentials file
path from the host doesn't match the container's filesystem, and file
permissions prevent access. Composite actions run in the same context
as the job, avoiding these issues.

Changes:
- Convert 3 Docker actions to composite actions
- Add container spec to infrastructure/install/monitoring jobs in:
  - build.yml
  - branch-build.yml
  - ide-integration-tests.yml
  - workspace-integration-tests.yml
  - preview-env-check-regressions.yml
- Remove unused inputs (infrastructure_provider, image_repo_base,
  previewctl_hash) from action calls

Co-authored-by: Ona <no-reply@ona.com>

* [preview] Add container to delete jobs

Add missing container specification to delete jobs in:
- ide-integration-tests.yml
- workspace-integration-tests.yml
- preview-env-check-regressions.yml

The delete-preview action is a composite action that requires leeway,
which is only available in the dev-environment container.

Co-authored-by: Ona <no-reply@ona.com>

* [dev] Align leeway config between CI and workspace/environment

---------

Co-authored-by: Ona <no-reply@ona.com>

Author: geropl

.github/actions/deploy-gitpod/Dockerfile

@@ -0,0 +1,79 @@
+name: "Deploy Gitpod"
+description: "Deploys Gitpod to an existing preview environment"
+inputs:
+  name:
+    description: "The name of the preview environment to deploy Gitpod to"
+    required: false
+  version:
+    description: "The version of Gitpod to install"
+    required: true
+  with_dedicated_emu:
+    description: "Dedicated Config"
+    required: false
+  analytics:
+    description: "With analytics"
+    required: false
+  workspace_feature_flags:
+    description: "Workspace feature flags"
+    required: false
+  image_repo_base:
+    description: "The base repository for image"
+    required: false
+outputs:
+  report:
+    description: "Preview environment report (base64 encoded)"
+    value: ${{ steps.deploy.outputs.report }}
+runs:
+  using: "composite"
+  steps:
+    - name: Install previewctl
+      shell: bash
+      run: |
+        set -euo pipefail
+        leeway run dev/preview/previewctl:install
+
+    - name: Deploy Gitpod
+      id: deploy
+      shell: bash
+      env:
+        INPUT_NAME: ${{ inputs.name }}
+        INPUT_VERSION: ${{ inputs.version }}
+        INPUT_WITH_DEDICATED_EMU: ${{ inputs.with_dedicated_emu }}
+        INPUT_ANALYTICS: ${{ inputs.analytics }}
+        INPUT_WORKSPACE_FEATURE_FLAGS: ${{ inputs.workspace_feature_flags }}
+        INPUT_IMAGE_REPO_BASE: ${{ inputs.image_repo_base }}
+      run: |
+        set -euo pipefail
+
+        export VERSION="${INPUT_VERSION}"
+        export IMAGE_REPO_BASE="${INPUT_IMAGE_REPO_BASE}"
+
+        echo "Downloading installer for ${VERSION}"
+        oci-tool fetch file -o /tmp/installer --platform=linux-amd64 "${IMAGE_REPO_BASE}/installer:${VERSION}" app/installer
+        chmod +x /tmp/installer
+        export PATH="/tmp:$PATH"
+
+        echo "Download versions.yaml"
+        oci-tool fetch file -o /tmp/versions.yaml --platform=linux-amd64 "${IMAGE_REPO_BASE}/versions:${VERSION}" versions.yaml
+
+        PREVIEW_NAME="$(previewctl get-name --branch "${INPUT_NAME}")"
+        export PREVIEW_NAME
+
+        for var in WITH_DEDICATED_EMU ANALYTICS WORKSPACE_FEATURE_FLAGS; do
+          input_var="INPUT_${var}"
+          if [[ -n "${!input_var:-}" ]]; then
+            export "GITPOD_${var}"="${!input_var}"
+          fi
+        done
+
+        previewctl install-context --branch "${PREVIEW_NAME}" --log-level debug --timeout 10m
+        leeway run dev/preview:deploy-gitpod
+        previewctl report --branch "${PREVIEW_NAME}" >> "${GITHUB_STEP_SUMMARY}"
+
+        EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+        report=$(previewctl report --branch "${PREVIEW_NAME}" | base64)
+        {
+          echo "report<<$EOF"
+          echo "$report"
+          echo "$EOF"
+        } >> "$GITHUB_OUTPUT"

.github/actions/deploy-gitpod/action.yml

@@ -0,0 +1,28 @@
+name: "Deploy monitoring satellite"
+description: "Deploys monitoring satellite to an existing preview environment"
+runs:
+  using: "composite"
+  steps:
+    - name: Install previewctl
+      shell: bash
+      run: |
+        set -euo pipefail
+        leeway run dev/preview/previewctl:install
+
+    - name: Deploy monitoring satellite
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        echo "previewctl install-context"
+        previewctl install-context --log-level debug --timeout 10m
+
+        echo "leeway run dev/preview:deploy-monitoring-satellite"
+        leeway run dev/preview:deploy-monitoring-satellite
+
+        {
+            echo '<p>Monitoring satellite has been installed in your preview environment.</p>'
+            echo '<ul>'
+            echo '<li><b>📚 Documentation</b> - See our <a href="https://www.notion.so/gitpod/f2938b2bcb0c4c8c99afe1d2b872380e" target="_blank">internal documentation</a> on how to use it.</li>'
+            echo '</ul>'
+        } >> "${GITHUB_STEP_SUMMARY}"

.github/actions/deploy-gitpod/entrypoint.sh

@@ -0,0 +1,44 @@
+name: "Create preview environment"
+description: "Creates the infrastructure for a preview environment"
+inputs:
+  name:
+    description: "The name of the preview environment to deploy Gitpod to"
+    required: false
+  large_vm:
+    description: "Whether to use a larger VM for the env"
+    required: false
+    default: "false"
+  preemptible:
+    description: "Whether to use preemptible VMs for the env"
+    required: false
+    default: "true"
+  recreate_vm:
+    description: "Whether to recreate the VM"
+    required: false
+    default: "false"
+runs:
+  using: "composite"
+  steps:
+    - name: Install previewctl
+      shell: bash
+      run: |
+        set -euo pipefail
+        leeway run dev/preview/previewctl:install
+
+    - name: Create preview environment
+      shell: bash
+      env:
+        INPUT_NAME: ${{ inputs.name }}
+        INPUT_LARGE_VM: ${{ inputs.large_vm }}
+        INPUT_PREEMPTIBLE: ${{ inputs.preemptible }}
+      run: |
+        set -euo pipefail
+
+        TF_VAR_preview_name="$(previewctl get-name --branch "${INPUT_NAME}")"
+        export TF_VAR_preview_name
+        export TF_VAR_with_large_vm="${INPUT_LARGE_VM}"
+        export TF_VAR_gce_use_spot="${INPUT_PREEMPTIBLE}"
+        export TF_INPUT=0
+        export TF_IN_AUTOMATION=true
+
+        leeway run dev/preview:create-preview