Review app smoke test from current master

[justin808]

Replacement for stale/conflicted #734. This draft intentionally adds one visible label marker so the review app can prove it is deploying the PR branch from current master. Do not merge this smoke-test marker as production code; close it after validating the review-app deployment.

---

Note

Low Risk
Low risk: a UI-only label text change with no impact on data handling or behavior.

Overview
Adds a visible "(review app smoke test)" marker next to the "Name" label in CommentForm/forms/HorizontalForm.res to verify review-app deployments are serving the PR branch.

^{Reviewed by Cursor Bugbot for commit 969f423. Bugbot is set up for automated code reviews on this repo. Configure here.}

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 78ea29bc-9f34-4015-aa5e-9581df58fb97

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch jg-codex/pr734-review-app-refresh

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🚀 Quick Review App Commands

Welcome! Here are the commands you can use in this PR:

+review-app-deploy

Deploy your PR branch for testing.

+review-app-delete

Remove the review app when done.

+review-app-help

Show detailed instructions, environment setup, and configuration options.

Comment +review-app-help for full setup details.

[justin808]

+review-app-deploy

[claude]

Code Review

Summary: This is a single-line smoke-test PR that appends " (review app smoke test)" to the "Name" label in HorizontalForm.res to visually confirm the review app is serving the PR branch.

---

Code Quality

• The change is minimal and correct ReScript/React — one extra React.string node adjacent to the existing label text. No logic, state, or API surface is touched.

Potential Issues

• Do not merge. The PR body itself says so, and the change would pollute the production UI with a debug artifact. Once review-app deployment is confirmed, this PR should be closed, not merged.
• The PR is listed as OPEN (not Draft) despite the body describing it as a draft. It should be converted to a draft to signal clearly that it is not merge-ready.

Test Coverage

• No tests needed for a temporary visual marker, but CI should still pass before treating the review app as healthy.

Security / Performance

• No concerns. Static string, no dynamic data, no logic changes.

---

Verdict: Appropriate for its stated purpose (smoke-testing review-app deployment). Close — do not merge — after validation.

[github-actions]

🎉 Deploy Complete!

Open Review App

Deployment successful for PR #744, commit 829b8ce

🎮 Control Plane Console
📋 View Completed Action Build and Deploy Logs

[github-actions]

❌ Review App Deployment Failed

Deployment failed for PR #744, commit 969f423

🎮 Control Plane Console
📋 View Failed Action Build and Deploy Logs

[justin808]

+review-app-deploy

[justin808]

+review-app-deploy

[claude]

Code Review: Review App Smoke Test

Overview

This PR adds a single visible text marker — (review app smoke test) — to the Name label in HorizontalForm.res. Per the PR description, this is a deployment verification change only and must not be merged to master.

---

Assessment

Intended purpose is clear — the PR description correctly labels this as a smoke test and explicitly asks reviewers to close it after validation, not merge it.

The change itself — adding a string literal next to the Name label — is technically harmless. No logic, behavior, data handling, or security surface is affected.

---

Concerns

• Do not merge. The PR description itself says this is not production code. The word "intentionally" and the explicit "close it after validating" instruction make this unambiguous.
• Marker leaks into production if merged. The text (review app smoke test) would appear in the production UI for all users.
• No test added — but none is warranted for a temporary UI string. This is fine given the transient nature.
• Draft status not set. The PR description calls this a "draft" but it is not actually marked as a Draft PR on GitHub. Consider using "Convert to draft" to prevent accidental merge.

---

Verdict

Suitable only for review-app validation. Close (do not merge) once the review-app deployment is confirmed. If ongoing smoke-test infrastructure is needed, consider a non-code approach (e.g., a deploy hook that reports a git revision hash) rather than a source-code marker.

[claude]

This smoke-test marker must be removed before any merge to master. If this PR is accidentally merged, this string will appear in the production UI for all users.

Consider converting the PR to Draft status on GitHub to make the merge guard more explicit.

[github-actions]

🎉 Deploy Complete!

Open Review App

Deployment successful for PR #744, commit 969f423

🎮 Control Plane Console
📋 View Completed Action Build and Deploy Logs

[justin808]

+review-app-help

[github-actions]

Review App Commands

These commands are generated by cpflow.
For full setup, version-pinning, and troubleshooting details, see the upstream
CI automation guide.

Pull Request Commands

Comment with exactly one command, with no surrounding text or trailing spaces.
A single trailing newline from GitHub's comment editor is accepted.

Command	What it does
+review-app-deploy	Builds the PR image, creates the review app if needed, deploys, and comments with the review URL.
+review-app-delete	Deletes the review app. This also runs automatically when the PR closes.
+review-app-help	Posts this help message on the PR.

Standard Setup

For the normal generated review-app path, GitHub needs one repository secret:

Name	Where	Notes
CPLN_TOKEN_STAGING	Repository secret	Control Plane service-account token for the staging/review org.

No repository variables are required for the standard review-app path when
.controlplane/controlplane.yml has exactly one review app entry with
match_if_app_name_starts_with: true. cpflow infers the review-app prefix and
staging org from that config.

Optional overrides exist for forks, clones, and unusual apps:

Name	Notes
CPLN_ORG_STAGING	Override the staging/review Control Plane org inferred from controlplane.yml.
REVIEW_APP_PREFIX	Override the review-app prefix inferred from controlplane.yml.
PRIMARY_WORKLOAD	Public workload used for review URLs and health checks; defaults to rails.

Staging And Production

Staging deploys use the same CPLN_TOKEN_STAGING secret plus STAGING_APP_NAME.
Before the first staging deploy, bootstrap the persistent staging app once:

cpflow setup-app -a "$STAGING_APP_NAME" --org "$CPLN_ORG_STAGING" --skip-post-creation-hook

setup-app creates the app identity, app secret dictionary, app secret policy,
policy binding, and template resources. For later template updates on an
existing persistent app, use cpflow apply-template and make sure the app
identity has reveal permission on the app secret policy.

Production promotion is part of the generated flow, but keep it protected:

Name	Where	Notes
CPLN_TOKEN_PRODUCTION	production GitHub Environment secret	Do not store this as a repository or organization secret.
CPLN_ORG_PRODUCTION	Prefer production Environment variable	Production Control Plane org.
PRODUCTION_APP_NAME	Prefer production Environment variable	Production app name from controlplane.yml.

Configure the production GitHub Environment with required reviewers and
prevent self-review. The generated promotion wrapper passes only the staging
token from repository secrets; GitHub injects CPLN_TOKEN_PRODUCTION only after
the environment approval gate passes.

Before the first promotion, bootstrap the production app the same way in the
production org, using production-only secrets and values.

Version Locking

Generated wrappers pin Control Plane Flow once with the reusable workflow
uses: ref, for example @v5.0.1. For stable releases, this ref should be a
release tag. The upstream reusable workflow automatically
loads its matching shared actions from GitHub's workflow context, so downstream
wrappers should not pass a duplicate Control Plane Flow ref input. If your
generated wrappers still include a with: block whose only purpose is to repeat
the same ref, regenerate them with a newer cpflow.

Leave CPFLOW_VERSION unset so the workflow builds cpflow from the same
checked-out upstream source. If you set CPFLOW_VERSION, it must match the
release tag, for example CPFLOW_VERSION=5.0.1 with a wrapper pinned to
uses: ...@v5.0.1.

Do not leave downstream apps pinned to a moving branch such as main. For a
short-lived test of an unreleased upstream PR, pin to a full 40-character commit
SHA and leave CPFLOW_VERSION unset:

bin/pin-cpflow-github-ref <40-character-control-plane-flow-commit-sha>
bin/test-cpflow-github-flow ruby /path/to/control-plane-flow/bin/cpflow

Advanced Variables

Most apps do not need these:

Name	Notes
DOCKER_BUILD_EXTRA_ARGS	Newline-delimited extra Docker build tokens.
DOCKER_BUILD_SSH_KEY	Private SSH key for Docker builds that fetch private dependencies.
DOCKER_BUILD_SSH_KNOWN_HOSTS	SSH known_hosts entries when SSH build hosts are not GitHub.com.
REVIEW_APP_DEPLOYING_ICON_URL	Cosmetic custom image URL for the animated deploying icon. Set to none to use the text fallback icon.
STAGING_APP_BRANCH	Custom staging branch. The branch must also appear in cpflow-deploy-staging.yml's push filter.
CPLN_CLI_VERSION	Pin a specific @controlplane/cli version; normally leave unset.

The PR-open help workflow posts a short command reference whenever the generated
wrapper exists. That is intentional for configured demo repos. Forks or clones
that copy the workflow before configuring Control Plane can remove
.github/workflows/cpflow-review-app-help.yml or uncomment and adapt the
wrapper-level if: guard shown in that file, for example
vars.REVIEW_APP_PREFIX != '' || vars.CPLN_ORG_STAGING != ''.