chore(deps): bump shakacode/control-plane-flow/.github/workflows/cpflow-review-app-help.yml from 5.0.4 to 5.1.1

[dependabot]

Bumps shakacode/control-plane-flow/.github/workflows/cpflow-review-app-help.yml from 5.0.4 to 5.1.1.

Release notes

Sourced from shakacode/control-plane-flow/.github/workflows/cpflow-review-app-help.yml's releases.

v5.1.1

Changed

• Changed cpflow maintenance:on and cpflow maintenance:off to confirm the domain route has switched by polling the Control Plane API (bounded retry, 30 attempts, 1 second apart) instead of sleeping a fixed 30 seconds. PR 337 by Justin Gordon. Fixes issue 157. If the route never updates within the poll window, the command aborts before stopping workloads so traffic stays on the current workload, and transient API errors during polling are retried rather than aborting the switch. Because the route switch and the workload stop run as separate steps, re-running the command also finishes a switch whose poll timed out after the route had already updated.
• Reworked generated production-promotion image copy to authenticate directly to the staging and production Docker registries and copy via docker buildx imagetools create, handling digest-pinned, plain numeric, commit-suffixed, and multi-arch image refs. PR 356 by Justin Gordon. Promotion now normalizes Control Plane org variables before each step, preflights environment-variable parity between staging and production at the GVC and app-workload container level (failing before the copy when production is missing names that exist in staging), and requires both status.ready and status.readyLatest before endpoint health checks and rollback polling so a stale ready replica cannot mask a failed latest revision.
• Generated production promotion now emits a workflow warning when a staging image tag lacks a _<commit> suffix, so production tags without commit traceability are visible in logs, and documents the cpflow-promote-staging-to-production concurrency group in the copy step. PR 360 by Justin Gordon.
• Restored review-app security guidance in generated .github/cpflow-help.md (public-repo staging-token scoping, fork-PR deploy limits, secret exposure via cpln://secret/..., and read-only deploy keys for DOCKER_BUILD_SSH_KEY), and simplified the promotion workflow's staging image assignment while preserving digest refs. PR 359 by Justin Gordon.

Fixed

• Fixed cpflow run so short non-interactive runner jobs no longer hang when the Control Plane cron job finishes before a runner replica is visible. PR 361 by Justin Gordon. This prevents generated deploy workflows with release-phase commands from waiting until the GitHub Actions job timeout even though the release job already completed successfully.

v5.1.0

Added

• Added shared_secret_grants configuration so apps can reference org-level Control Plane secrets by name instead of hardcoding them in templates. PR 354 by Justin Gordon. Each grant validates a unique placeholder, a safe Control Plane resource name, and a secret policy that targets exactly that secret; templates gain {{SHARED_SECRET_<NAME>}} substitution, and the shared-policy lifecycle is wired through setup-app, deploy-image, delete, and cleanup-stale-apps. Enables the shared staging-database pattern for cheaper review apps.

Fixed

• Fixed cpflow generate-github-actions so the generated .github/cpflow-help.md version-locking example derives a CPFLOW_VERSION=<major>.<minor>.x placeholder from the installed gem version instead of a hardcoded release that goes stale against the @v<version> wrapper refs in the same file. PR 343 by Justin Gordon. Fixes issue 341.
• Fixed generated production promotion so cpflow-promote-staging-to-production.yml runs as a caller-owned job with environment: production, letting GitHub inject the CPLN_TOKEN_PRODUCTION environment secret after the protected gate instead of failing because a cross-repo reusable workflow cannot receive caller environment secrets. PR 353 by Justin Gordon. The job checks out the pinned control-plane-flow ref into .cpflow, and generated help plus docs/ci-automation.md now explain why a same-named repository or organization secret can mask a missing environment secret.
• Hardened generated production promotion image copy to preflight the staging image, retry the copy via configurable COPY_IMAGE_RETRIES and COPY_IMAGE_RETRY_INTERVAL repo vars, and roll back failed deploys using spec.containers.<name>.image paths instead of unsupported array-index paths. PR 355 by Justin Gordon.

Changelog

Sourced from shakacode/control-plane-flow/.github/workflows/cpflow-review-app-help.yml's changelog.

[5.1.1] - 2026-06-03

Changed

• Changed cpflow maintenance:on and cpflow maintenance:off to confirm the domain route has switched by polling the Control Plane API (bounded retry, 30 attempts, 1 second apart) instead of sleeping a fixed 30 seconds. PR 337 by Justin Gordon. Fixes issue 157. If the route never updates within the poll window, the command aborts before stopping workloads so traffic stays on the current workload, and transient API errors during polling are retried rather than aborting the switch. Because the route switch and the workload stop run as separate steps, re-running the command also finishes a switch whose poll timed out after the route had already updated.
• Reworked generated production-promotion image copy to authenticate directly to the staging and production Docker registries and copy via docker buildx imagetools create, handling digest-pinned, plain numeric, commit-suffixed, and multi-arch image refs. PR 356 by Justin Gordon. Promotion now normalizes Control Plane org variables before each step, preflights environment-variable parity between staging and production at the GVC and app-workload container level (failing before the copy when production is missing names that exist in staging), and requires both status.ready and status.readyLatest before endpoint health checks and rollback polling so a stale ready replica cannot mask a failed latest revision.
• Generated production promotion now emits a workflow warning when a staging image tag lacks a _<commit> suffix, so production tags without commit traceability are visible in logs, and documents the cpflow-promote-staging-to-production concurrency group in the copy step. PR 360 by Justin Gordon.
• Restored review-app security guidance in generated .github/cpflow-help.md (public-repo staging-token scoping, fork-PR deploy limits, secret exposure via cpln://secret/..., and read-only deploy keys for DOCKER_BUILD_SSH_KEY), and simplified the promotion workflow's staging image assignment while preserving digest refs. PR 359 by Justin Gordon.

Fixed

• Fixed cpflow run so short non-interactive runner jobs no longer hang when the Control Plane cron job finishes before a runner replica is visible. PR 361 by Justin Gordon. This prevents generated deploy workflows with release-phase commands from waiting until the GitHub Actions job timeout even though the release job already completed successfully.

[5.1.0] - 2026-06-02

Added

• Added shared_secret_grants configuration so apps can reference org-level Control Plane secrets by name instead of hardcoding them in templates. PR 354 by Justin Gordon. Each grant validates a unique placeholder, a safe Control Plane resource name, and a secret policy that targets exactly that secret; templates gain {{SHARED_SECRET_<NAME>}} substitution, and the shared-policy lifecycle is wired through setup-app, deploy-image, delete, and cleanup-stale-apps. Enables the shared staging-database pattern for cheaper review apps.

Fixed

• Fixed cpflow generate-github-actions so the generated .github/cpflow-help.md version-locking example derives a CPFLOW_VERSION=<major>.<minor>.x placeholder from the installed gem version instead of a hardcoded release that goes stale against the @v<version> wrapper refs in the same file. PR 343 by Justin Gordon. Fixes issue 341.
• Fixed generated production promotion so cpflow-promote-staging-to-production.yml runs as a caller-owned job with environment: production, letting GitHub inject the CPLN_TOKEN_PRODUCTION environment secret after the protected gate instead of failing because a cross-repo reusable workflow cannot receive caller environment secrets. PR 353 by Justin Gordon. The job checks out the pinned control-plane-flow ref into .cpflow, and generated help plus docs/ci-automation.md now explain why a same-named repository or organization secret can mask a missing environment secret.
• Hardened generated production promotion image copy to preflight the staging image, retry the copy via configurable COPY_IMAGE_RETRIES and COPY_IMAGE_RETRY_INTERVAL repo vars, and roll back failed deploys using spec.containers.<name>.image paths instead of unsupported array-index paths. PR 355 by Justin Gordon.

Commits

• 610dd36 Bump version to 5.1.1
• 726872f Update CHANGELOG.md for 5.1.1 (#362)
• fd15467 Replace maintenance mode sleep with domain polling (#337)
• d8877ca Handle completed runner jobs before replicas appear
• 2d82255 Warn when staging image lacks commit suffix
• 01dd1d2 Address production promotion review follow-ups
• 9ef104c Harden production promotion image copy and readiness
• 9443e57 Add Control Plane Flow logo and brand icon assets (#358)
• e46f5dc Bump version to 5.1.0
• b47a963 Update CHANGELOG.md for 5.1.0 (#357)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🚀 Quick Review App Commands

Welcome! Here are the commands you can use in this PR:
They require the repository to have cpflow review apps configured, including the CPLN_TOKEN_STAGING secret.

+review-app-deploy

Deploy your PR branch for testing.

+review-app-delete

Remove the review app when done.

+review-app-help

Show detailed instructions, environment setup, and configuration options.

Comment +review-app-help for full setup details.