GitHub Workflows¶
Overview of the GitHub Actions workflows in .github/workflows/. They cover deployment,
releases, PR checks, preview environments, tests, and docs.
Keep this in sync
This page mirrors the workflow files. When you add, rename, or retrigger a workflow, update the matching row in the same PR.
Deployment¶
Triggered by a push to the environment branch (path-filtered to the relevant app), or
manually via workflow_dispatch. main → Production, develop → Staging.
| Workflow | File | Trigger | Description |
|---|---|---|---|
| Backend - Prod Deploy | backend-deploy-production.yml |
Push main / manual |
Deploys Cloud Functions, Firestore rules, Medplum bots, Web Professionals, and prod Terraform to Production; applies Datadog Cloud Run instrumentation. |
| Backend - Dev Deploy | backend-deploy-staging.yml |
Push develop / manual |
As above, to Staging (staging Terraform). |
| Clinicians - Prod Deploy | clinicians-deploy-production.yml |
Push main / manual |
Builds the Flutter web app, deploys to Firebase Hosting (Production); Datadog sourcemaps + Slack notifications. |
| Clinicians - Staging Deploy | clinicians-deploy-staging.yml |
Push develop / manual |
Builds and deploys to Firebase Hosting (Staging). |
| Members - Prod Deploy | members-deploy-production.yml |
Push main / manual |
Builds the Flutter web app, deploys to Firebase Hosting (Production); Datadog sourcemaps + Slack notifications. |
| Members - Staging Deploy | members-deploy-staging.yml |
Push develop / manual |
Builds and deploys to Firebase Hosting (Staging). |
Release management¶
See Branching & releases for the flow these drive.
| Workflow | File | Trigger | Description |
|---|---|---|---|
| Cut Release | cut-release.yml |
Manual | Cuts a release/X.Y.Z branch from develop and opens the release PR to main. |
| Back Merge Main to Develop | back-merge.yml |
Push main |
Opens/updates the sync/main-to-develop PR so main and develop don't diverge after a release. |
| Release PR Guard | release-pr-guard.yml |
PR | Guards PRs targeting main: enforces release/* or hotfix/* branch naming and the required app version bumps. |
PR checks¶
Run on pull requests to gate merges.
| Workflow | File | Trigger | Description |
|---|---|---|---|
| Backend - PR Checks | backend-pr-checks.yml |
PR | Lint, test, and build for the backend packages. |
| Flutter - PR Checks | flutter-pr-checks.yml |
PR | Analyze, format check, and test for the Flutter apps and shared packages. |
| Check Android Build | mobile-build-staging-apps.yml |
Push/PR develop |
Verifies the Android build compiles for Members & Clinicians (path-filtered to native/gradle/pubspec changes). |
| Terraform - Plan | terraform-plan.yml |
PR (non-draft) | Runs terraform plan for the staging and production workspaces on infrastructure/terraform/** changes; fails the check on plan errors so infra issues surface before merge. |
| Engineering Docs | docs.yml |
PR / push develop |
Builds the docs site --strict on PR (via uv); deploys to Cloudflare Pages on merge to develop. |
Preview environments¶
| Workflow | File | Trigger | Description |
|---|---|---|---|
| Preview - Backend and Apps | preview-pr.yml |
PR (pull_request_target) |
Creates preview environments for Backend (Cloud Run) and the Members/Clinicians apps (Firebase Hosting channels), deploying only changed components. |
| Preview - Cleanup Resources | preview-cleanup.yml |
PR closed | Tears down the Cloud Run services, Docker images, and caches for a closed PR. |
| Preview - Janitor | preview-janitor.yml |
Schedule (Sun 03:00 UTC) / manual | Sweeps orphaned preview resources; manual runs support a dry-run input. |
See Preview environments.
Tests & health checks¶
| Workflow | File | Trigger | Description |
|---|---|---|---|
| Members - Integration Tests | members-integration-tests.yml |
Manual | Flutter integration tests for the Members app (Chrome driver). |
| Members - Patrol Tests | members-patrol-tests.yml |
PR (pull_request_target) |
Patrol E2E tests for the Members app. |
| Backend - Clinical BFF Health Check | backend-api-test-clinical.yml |
Manual | EchoAPI scenarios against the Clinical BFF. |
| Backend - Member BFF Health Check | backend-api-test-member.yml |
Manual | EchoAPI scenarios against the Member BFF. |
Utility¶
| Workflow | File | Trigger | Description |
|---|---|---|---|
| Validate Google Secrets | validate-google-secrets.yml |
Push develop/main / manual |
Checks the GCP Secret Manager secrets referenced by the functions exist (path-filtered to secrets config). |