From 40fd4aa6eeefe7ed838bb25192cb6b0c536682d2 Mon Sep 17 00:00:00 2001
From: Guillem Arias <accounts@gariasf.com>
Date: Sat, 30 May 2026 11:07:29 +0200
Subject: [PATCH] fix(ci): drop leftover preview pre-delete steps after
 isolation merge

The preview isolation refactor (#2025) removed the "Delete existing preview
container/Worker" steps. Merging main into this branch auto-kept this branch's
copies, leaving two steps that run `npx wrangler` from `workers/preview` with
Cloudflare secrets in scope. That trips bin/preview_deploy_security_check.rb
(PR-controlled working-directory, npx wrangler, secrets outside the deploy
step), failing scan_ruby and, in turn, the preview deploy gate. Removing them
realigns the workflow with main's isolated model.
---
 .github/workflows/preview-deploy.yml | 33 ----------------------------
 1 file changed, 33 deletions(-)

diff --git a/.github/workflows/preview-deploy.yml b/.github/workflows/preview-deploy.yml
index 8f0ee7951..aba03b987 100644
--- a/.github/workflows/preview-deploy.yml
+++ b/.github/workflows/preview-deploy.yml
@@ -122,39 +122,6 @@ jobs:
           cd "$preview_dir"
           npm ci --ignore-scripts --no-audit --no-fund
 
-      - name: Delete existing preview container app before redeploy
-        env:
-          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-        working-directory: workers/preview
-        run: |
-          set -euo pipefail
-          CONTAINER_NAME="sure-preview-${PR_NUMBER}-railscontainer"
-          echo "Looking for stale preview container app: $CONTAINER_NAME"
-
-          CONTAINER_ID=$(npx wrangler containers list --json | jq -r --arg NAME "$CONTAINER_NAME" '
-            map(select((.name // .application_name // .app_name // "") == $NAME))
-            | first
-            | (.id // .container_id // .application_id // empty)
-          ')
-
-          if [ -n "$CONTAINER_ID" ]; then
-            echo "Deleting stale preview container app $CONTAINER_NAME ($CONTAINER_ID)"
-            npx wrangler containers delete "$CONTAINER_ID"
-          else
-            echo "No stale preview container app found; continuing"
-          fi
-
-      - name: Delete existing preview Worker before redeploy
-        env:
-          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-        working-directory: workers/preview
-        run: |
-          WORKER_NAME="sure-preview-${PR_NUMBER}"
-          echo "Ensuring fresh preview deployment for $WORKER_NAME"
-          npx wrangler delete --name "$WORKER_NAME" --force || echo "Existing preview not found; continuing"
-
       - name: Create GitHub Deployment
         id: deployment
         uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7