canonical · britneywwc · Mar 24, 2026 · Mar 25, 2026 · Mar 26, 2026 · Mar 27, 2026
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -1,10 +1,11 @@
 name: Deploy
 
-on:
-  push:
-    branches:
-      - charming
-      - main
+# on:
+#   push:
+#     branches:
+#       - charming
+#       - main
+on: pull_request
 
 env:
   CHARMCRAFT_ENABLE_EXPERIMENTAL_EXTENSIONS: true
@@ -73,6 +74,48 @@ jobs:
       - name: Push to GHCR
         run: skopeo --insecure-policy copy oci-archive:$(ls *.rock) docker://${{ steps.set_image_url.outputs.image_url }} --dest-creds "canonical:${{ secrets.GITHUB_TOKEN }}"
 
+  # publish-charm:
+  #   runs-on: ubuntu-latest
+  #   needs: pack-charm
+  #   environment:
+  #     name: staging
+  #     url: https://staging.ubuntu.com/security/api/docs
+  #   outputs:
+  #     charm_url: ${{ steps.publish.outputs.charm_url }}
+  #     charm_revision: ${{ steps.publish.outputs.charm_revision }}
+  #   env:
+  #     CHARMCRAFT_AUTH: ${{ secrets.CHARMCRAFT_AUTH_TOKEN }}
+  #   steps:
+  #     - name: Checkout Code
+  #       uses: actions/checkout@v3
+
+  #     - name: Setup Charmcraft
+  #       run: sudo snap install charmcraft --classic --channel=latest/edge
+
+  #     - name: Download Charm Artifact
+  #       uses: actions/download-artifact@v4
+  #       with:
+  #         name: ubuntu-security-api-charm
+
+  #     - name: Publish charm to CharmHub
+  #       id: publish        
+  #       working-directory: charm/
+  #       run: |
+  #         set -e
+  #         cp ../*.charm .
+  #         CHARM_FILE=$(ls *.charm)
+  #         OUTPUT=$(charmcraft upload "$CHARM_FILE" -v)
+  #         CHARM_URL=$(echo "$OUTPUT" | jq -r '.charm_url')
+  #         CHARM_REVISION=$(echo "$OUTPUT" | jq -r '.revision')
+  #         echo "charm_url=$CHARM_URL" >> $GITHUB_OUTPUT
+  #         echo "charm_revision=$CHARM_REVISION" >> $GITHUB_OUTPUT
+  #         echo "Published charm: $CHARM_URL (revision: $CHARM_REVISION)"
+
+  #     - name: Release charm to latest/beta
+  #       run: |
+  #         charmcraft release ubuntu-security-api --revision=${{ steps.publish.outputs.charm_revision }} --channel=beta
+  #         echo "Released ubuntu-security-api, revision ${{ steps.publish.outputs.charm_revision }} to beta channel"
+
   deploy-staging:
     runs-on:
       [self-hosted, self-hosted-linux-amd64-jammy-private-endpoint-medium]
@@ -86,11 +129,6 @@ jobs:
           sudo snap install juju --classic
           sudo snap install vault --classic
 
-      - name: Download Charm Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: ubuntu-security-api-charm
-
       - name: Configure Vault and Juju
         env:
           VAULT_ADDR: "https://vault.admin.canonical.com:8200"
@@ -103,6 +141,7 @@ jobs:
           export VAULT_SECRET_PATH_ROLE=secret/prodstack6/roles/${MODEL_NAME}
           export VAULT_SECRET_PATH_COMMON=secret/prodstack6/juju/common
           export CHARM_NAME=${{ vars.CHARM_NAME }}
+          export PRIVATE_CHARM_NAME="${{ vars.CHARM_NAME }}-private"
 
           export VAULT_TOKEN=$(vault write -f -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") 
 
@@ -112,63 +151,16 @@ jobs:
           PASSWORD=$(vault read -field=password "${VAULT_SECRET_PATH_ROLE}/juju")
           printf "controllers:\n  %s:\n    user: %s\n    password: %s\n" "$CONTROLLER_NAME" "$USERNAME" "$PASSWORD" > ~/.local/share/juju/accounts.yaml
 
-      - name: Deploy Application to staging
-        run: |
-          export JUJU_MODEL=admin/${{ vars.JUJU_MODEL_NAME }}
-          export CHARM_NAME=${{ vars.CHARM_NAME }}
-
-          if juju status --color --relations | grep -q "^$CHARM_NAME\\s"; then
-            echo "Application '$CHARM_NAME' exists. Running juju refresh..."
-            juju refresh $CHARM_NAME --path ./*.charm --resource flask-app-image=${{ needs.publish-image.outputs.image_url }}
-          else
-            echo "Application '$CHARM_NAME' not found. Running juju deploy..."
-            juju deploy ./*.charm $CHARM_NAME --resource flask-app-image=${{ needs.publish-image.outputs.image_url }}
-          fi
-
-  deploy-production:
-    runs-on:
-      [self-hosted, self-hosted-linux-amd64-jammy-private-endpoint-medium]
-    needs: [pack-charm, publish-image]
-    environment:
-      name: production
-      url: https://ubuntu.com/security/api/docs
-    steps:
-      - name: Install Dependencies
-        run: |
-          sudo snap install juju --classic
-          sudo snap install vault --classic
-
       - name: Download Charm Artifact
         uses: actions/download-artifact@v4
         with:
           name: ubuntu-security-api-charm
 
-      - name: Configure Vault and Juju
-        env:
-          VAULT_ADDR: "https://vault.admin.canonical.com:8200"
-          VAULT_ROLE_ID: ${{ secrets.VAULT_APPROLE_ROLE_ID }}
-          VAULT_SECRET_ID: ${{ secrets.VAULT_APPROLE_SECRET_ID }}
-        run: |
-          set -e
-          export CONTROLLER_NAME=${{ vars.JUJU_CONTROLLER_NAME }}
-          export MODEL_NAME=${{ vars.JUJU_MODEL_NAME }}
-          export VAULT_SECRET_PATH_ROLE=secret/prodstack6/roles/${MODEL_NAME}
-          export VAULT_SECRET_PATH_COMMON=secret/prodstack6/juju/common
-          export CHARM_NAME=${{ vars.CHARM_NAME }}
-
-
-          export VAULT_TOKEN=$(vault write -f -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") 
-
-          mkdir -p ~/.local/share/juju
-          vault read -field=controller_config "${VAULT_SECRET_PATH_COMMON}/controllers/${CONTROLLER_NAME}" | base64 -d > ~/.local/share/juju/controllers.yaml
-          USERNAME=$(vault read -field=username "${VAULT_SECRET_PATH_ROLE}/juju")
-          PASSWORD=$(vault read -field=password "${VAULT_SECRET_PATH_ROLE}/juju")
-          printf "controllers:\n  %s:\n    user: %s\n    password: %s\n" "$CONTROLLER_NAME" "$USERNAME" "$PASSWORD" > ~/.local/share/juju/accounts.yaml
-
-      - name: Deploy Application to production
+      - name: Deploy Application to staging
         run: |
           export JUJU_MODEL=admin/${{ vars.JUJU_MODEL_NAME }}
           export CHARM_NAME=${{ vars.CHARM_NAME }}
+          export PRIVATE_CHARM_NAME="${{ vars.CHARM_NAME }}-private"
 
           if juju status --color --relations | grep -q "^$CHARM_NAME\\s"; then
             echo "Application '$CHARM_NAME' exists. Running juju refresh..."
@@ -177,3 +169,60 @@ jobs:
             echo "Application '$CHARM_NAME' not found. Running juju deploy..."
             juju deploy ./*.charm $CHARM_NAME --resource flask-app-image=${{ needs.publish-image.outputs.image_url }}
           fi
+
+          if juju status --color --relations | grep -q "^$PRIVATE_CHARM_NAME\\s"; then
+            echo "Application '$PRIVATE_CHARM_NAME' exists. Running juju refresh..."
+            juju refresh $PRIVATE_CHARM_NAME --path ./*.charm --resource flask-app-image=${{ needs.publish-image.outputs.image_url }}
+          else
+            echo "Application '$PRIVATE_CHARM_NAME' not found. Running juju deploy..."
+            juju deploy ./*.charm $PRIVATE_CHARM_NAME --resource flask-app-image=${{ needs.publish-image.outputs.image_url }}
+          fi
+
+
+  # deploy-production:
+  #   runs-on:
+  #     [self-hosted, self-hosted-linux-amd64-jammy-private-endpoint-medium]
+  #   needs: [publish-image]
+  #   environment:
+  #     name: production
+  #     url: https://ubuntu.com/security/api/docs
+  #   steps:
+  #     - name: Install Dependencies
+  #       run: |
+  #         sudo snap install juju --classic
+  #         sudo snap install vault --classic
+
+  #     - name: Configure Vault and Juju
+  #       env:
+  #         VAULT_ADDR: "https://vault.admin.canonical.com:8200"
+  #         VAULT_ROLE_ID: ${{ secrets.VAULT_APPROLE_ROLE_ID }}
+  #         VAULT_SECRET_ID: ${{ secrets.VAULT_APPROLE_SECRET_ID }}
+  #       run: |
+  #         set -e
+  #         export CONTROLLER_NAME=${{ vars.JUJU_CONTROLLER_NAME }}
+  #         export MODEL_NAME=${{ vars.JUJU_MODEL_NAME }}
+  #         export VAULT_SECRET_PATH_ROLE=secret/prodstack6/roles/${MODEL_NAME}
+  #         export VAULT_SECRET_PATH_COMMON=secret/prodstack6/juju/common
+  #         export CHARM_NAME=${{ vars.CHARM_NAME }}
+
+
+  #         export VAULT_TOKEN=$(vault write -f -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") 
+
+  #         mkdir -p ~/.local/share/juju
+  #         vault read -field=controller_config "${VAULT_SECRET_PATH_COMMON}/controllers/${CONTROLLER_NAME}" | base64 -d > ~/.local/share/juju/controllers.yaml
+  #         USERNAME=$(vault read -field=username "${VAULT_SECRET_PATH_ROLE}/juju")
+  #         PASSWORD=$(vault read -field=password "${VAULT_SECRET_PATH_ROLE}/juju")
+  #         printf "controllers:\n  %s:\n    user: %s\n    password: %s\n" "$CONTROLLER_NAME" "$USERNAME" "$PASSWORD" > ~/.local/share/juju/accounts.yaml
+
+  #     - name: Deploy Application to production
+  #       run: |
+            # export JUJU_MODEL=admin/${{ vars.JUJU_MODEL_NAME }}
+            # export CHARM_NAME=${{ vars.CHARM_NAME }}
+
+            # if juju status --color --relations | grep -q "^$CHARM_NAME\\s"; then
+            #   echo "Application '$CHARM_NAME' exists. Running juju refresh..."
+            #   juju refresh $CHARM_NAME --path ./*.charm --resource flask-app-image=${{ needs.publish-image.outputs.image_url }}
+            # else
+            #   echo "Application '$CHARM_NAME' not found. Running juju deploy..."
+            #   juju deploy ./*.charm $CHARM_NAME --resource flask-app-image=${{ needs.publish-image.outputs.image_url }}
+            # fi
diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,4 @@
+flask
 canonicalwebteam.flask-base @ git+https://github.com/canonical/canonicalwebteam.flask-base@add-compression-override-option
 setuptools<81
 alchemy-mock==0.4.3