SRE-567: Replace staging deploy with workflow_dispatch to infra repo

[TimDiekmann]

🌟 What is the purpose of this PR?

Move staging ECS deployment management from the hash repo to the internal-infra promote workflow. Eliminates duplication and gives staging the same rollback, notification, and approval capabilities as production.

🔗 Related links

• SRE-567
• hashintel/internal-infra#189

🚫 Blocked by

• hashintel/internal-infra#189

🔍 What does this change?

• Remove ECS deploy jobs (deploy-graph, deploy-app, deploy-workers) and staging-specific env vars
• Add promote-staging job: Vault → GitHub App token → workflow_dispatch to internal-infra
• Replace rtCamp/action-slack-notify with Vault-based chat.postMessage for failure notifications

Pre-Merge Checklist 🚀

🚢 Has this modified a publishable library?

This PR:

• does not modify any publishable blocks or libraries, or modifications do not need publishing

📜 Does this require a change to the docs?

The changes in this PR:

• are internal and do not require a docs change

🕸️ Does this require a change to the Turbo Graph?

The changes in this PR:

• do not affect the execution graph

🛡 What tests cover this?

• Tested end-to-end: hash CD → Vault auth → App token → workflow_dispatch → infra promote dry-run

❓ How to test this?

1. Trigger workflow_dispatch on this branch
2. Verify promote-staging job succeeds
3. Check that the promote workflow runs on internal-infra

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
hash	Ready	Preview, Comment	Apr 3, 2026 1:03pm
hashdotdesign	Ready	Preview, Comment	Apr 3, 2026 1:03pm
hashdotdesign-tokens	Ready	Preview, Comment	Apr 3, 2026 1:03pm
petrinaut	Ready	Preview, Comment	Apr 3, 2026 1:03pm

[cursor]

PR Summary

Medium Risk
Changes the staging CD flow from in-repo ECS redeploy steps to cross-repo workflow_dispatch, so misconfigured Vault/GitHub App/dispatch inputs could block staging deployments. Also replaces Slack notifications with a custom API call, which could reduce failure visibility if the token/channel payload is wrong.

Overview
Staging deployments are no longer performed directly from this repo’s CD workflow. The workflow now only builds/pushes images, then triggers hashintel/internal-infra’s promote.yml via workflow_dispatch (using a Vault-fetched GitHub App token) to promote the current github.sha to staging.

It removes the staging ECS redeploy jobs/env wiring (clusters/services/roles) and replaces the previous Slack webhook action with a Vault-sourced Slack bot token + direct chat.postMessage API call on workflow failure.

^{Written by Cursor Bugbot for commit 0027735. This will update automatically on new commits. Configure here.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 62.50%. Comparing base (a70891f) to head (0027735).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8606      +/-   ##
==========================================
- Coverage   62.50%   62.50%   -0.01%     
==========================================
  Files        1318     1318              
  Lines      134219   134224       +5     
  Branches     5518     5518              
==========================================
+ Hits        83895    83896       +1     
- Misses      49409    49413       +4     
  Partials      915      915              

Flag	Coverage Δ
apps.hash-ai-worker-ts	1.40% <ø> (ø)
apps.hash-api	0.00% <ø> (ø)
blockprotocol.type-system	40.84% <ø> (ø)
local.claude-hooks	0.00% <ø> (ø)
local.harpc-client	51.24% <ø> (ø)
local.hash-graph-sdk	9.63% <ø> (ø)
local.hash-isomorphic-utils	0.00% <ø> (ø)
rust.antsi	0.00% <ø> (ø)
rust.error-stack	90.87% <ø> (ø)
rust.harpc-codec	84.70% <ø> (ø)
rust.harpc-net	96.22% <ø> (+0.01%)	⬆️
rust.harpc-tower	67.03% <ø> (ø)
rust.harpc-types	0.00% <ø> (ø)
rust.harpc-wire-protocol	92.23% <ø> (ø)
rust.hash-codec	72.76% <ø> (ø)
rust.hash-graph-api	2.52% <ø> (ø)
rust.hash-graph-authorization	62.34% <ø> (ø)
rust.hash-graph-postgres-store	26.38% <ø> (-0.01%)	⬇️
rust.hash-graph-store	37.76% <ø> (ø)
rust.hash-graph-temporal-versioning	47.95% <ø> (ø)
rust.hash-graph-types	0.00% <ø> (ø)
rust.hash-graph-validation	83.45% <ø> (ø)
rust.hashql-ast	87.23% <ø> (ø)
rust.hashql-compiletest	29.69% <ø> (ø)
rust.hashql-core	82.29% <ø> (ø)
rust.hashql-diagnostics	72.43% <ø> (ø)
rust.hashql-eval	69.13% <ø> (ø)
rust.hashql-hir	89.06% <ø> (ø)
rust.hashql-mir	92.64% <ø> (ø)
rust.hashql-syntax-jexpr	94.05% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[codspeed-hq]

Merging this PR will not alter performance

✅ 80 untouched benchmarks

---

_{Comparing t/sre-567-staging-cd-dispatch (0027735) with main (72b0a7b)¹}

Footnotes

1. No successful run was found on main (b03f6fe) during the generation of this report, so 72b0a7b was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Image tag missing sha- prefix in dispatch payload

High Severity

The docker-build-push action tags ECR images as sha-${{ github.sha }} (with a sha- prefix), but the promote-staging dispatch sends "image_tag": "${{ github.sha }}" — the raw commit SHA without the prefix. If the downstream promote.yml workflow uses image_tag directly as the ECR image tag, it won't find the images. Notably, the echo on line 311 acknowledges the sha- convention (sha-${GITHUB_SHA:0:12}) but the input itself omits it.

 

[github-actions]

Benchmark results

@rust/hash-graph-benches – Integrations

policy_resolution_large

Function	Value	Mean	Flame graphs
resolve_policies_for_actor	user: empty, selectivity: high, policies: 2002	$$26.9 \mathrm{ms} \pm 151 \mathrm{μs}\left({\color{gray}-3.867 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: low, policies: 1	$$3.36 \mathrm{ms} \pm 16.1 \mathrm{μs}\left({\color{gray}-2.637 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: medium, policies: 1001	$$12.1 \mathrm{ms} \pm 82.2 \mathrm{μs}\left({\color{lightgreen}-8.119 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: high, policies: 3314	$$42.3 \mathrm{ms} \pm 332 \mathrm{μs}\left({\color{gray}-2.351 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: low, policies: 1	$$13.9 \mathrm{ms} \pm 97.3 \mathrm{μs}\left({\color{gray}-4.757 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: medium, policies: 1526	$$23.5 \mathrm{ms} \pm 165 \mathrm{μs}\left({\color{gray}-3.819 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: high, policies: 2078	$$28.8 \mathrm{ms} \pm 156 \mathrm{μs}\left({\color{gray}-0.820 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: low, policies: 1	$$3.63 \mathrm{ms} \pm 18.4 \mathrm{μs}\left({\color{gray}-2.649 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: medium, policies: 1033	$$13.5 \mathrm{ms} \pm 84.1 \mathrm{μs}\left({\color{lightgreen}-6.951 \mathrm{\%}}\right) $$	Flame Graph

policy_resolution_medium

Function	Value	Mean	Flame graphs
resolve_policies_for_actor	user: empty, selectivity: high, policies: 102	$$3.76 \mathrm{ms} \pm 23.0 \mathrm{μs}\left({\color{gray}1.12 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: low, policies: 1	$$2.94 \mathrm{ms} \pm 19.3 \mathrm{μs}\left({\color{gray}0.188 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: medium, policies: 51	$$3.29 \mathrm{ms} \pm 18.3 \mathrm{μs}\left({\color{gray}0.038 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: high, policies: 269	$$5.13 \mathrm{ms} \pm 33.9 \mathrm{μs}\left({\color{gray}0.559 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: low, policies: 1	$$3.47 \mathrm{ms} \pm 16.6 \mathrm{μs}\left({\color{gray}-0.248 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: medium, policies: 107	$$4.10 \mathrm{ms} \pm 24.4 \mathrm{μs}\left({\color{gray}0.446 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: high, policies: 133	$$4.45 \mathrm{ms} \pm 23.4 \mathrm{μs}\left({\color{gray}-0.674 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: low, policies: 1	$$3.37 \mathrm{ms} \pm 16.7 \mathrm{μs}\left({\color{gray}0.481 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: medium, policies: 63	$$4.01 \mathrm{ms} \pm 22.3 \mathrm{μs}\left({\color{gray}-2.501 \mathrm{\%}}\right) $$	Flame Graph

policy_resolution_none

Function	Value	Mean	Flame graphs
resolve_policies_for_actor	user: empty, selectivity: high, policies: 2	$$2.67 \mathrm{ms} \pm 14.1 \mathrm{μs}\left({\color{gray}-0.947 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: low, policies: 1	$$2.62 \mathrm{ms} \pm 16.4 \mathrm{μs}\left({\color{gray}0.725 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: medium, policies: 1	$$2.73 \mathrm{ms} \pm 11.7 \mathrm{μs}\left({\color{gray}-0.687 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: high, policies: 8	$$3.00 \mathrm{ms} \pm 16.6 \mathrm{μs}\left({\color{gray}-0.007 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: low, policies: 1	$$2.81 \mathrm{ms} \pm 17.3 \mathrm{μs}\left({\color{gray}-0.152 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: medium, policies: 3	$$3.08 \mathrm{ms} \pm 11.9 \mathrm{μs}\left({\color{gray}-0.458 \mathrm{\%}}\right) $$	Flame Graph

policy_resolution_small

Function	Value	Mean	Flame graphs
resolve_policies_for_actor	user: empty, selectivity: high, policies: 52	$$3.18 \mathrm{ms} \pm 25.5 \mathrm{μs}\left({\color{gray}4.72 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: low, policies: 1	$$2.85 \mathrm{ms} \pm 16.8 \mathrm{μs}\left({\color{gray}4.67 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: medium, policies: 25	$$3.02 \mathrm{ms} \pm 17.4 \mathrm{μs}\left({\color{gray}4.63 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: high, policies: 94	$$3.65 \mathrm{ms} \pm 25.2 \mathrm{μs}\left({\color{gray}4.30 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: low, policies: 1	$$3.07 \mathrm{ms} \pm 23.3 \mathrm{μs}\left({\color{gray}2.94 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: medium, policies: 26	$$3.32 \mathrm{ms} \pm 23.4 \mathrm{μs}\left({\color{gray}1.70 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: high, policies: 66	$$3.54 \mathrm{ms} \pm 24.3 \mathrm{μs}\left({\color{gray}4.02 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: low, policies: 1	$$3.13 \mathrm{ms} \pm 19.4 \mathrm{μs}\left({\color{red}5.63 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: medium, policies: 29	$$3.48 \mathrm{ms} \pm 24.2 \mathrm{μs}\left({\color{red}5.90 \mathrm{\%}}\right) $$	Flame Graph

read_scaling_complete

Function	Value	Mean	Flame graphs
entity_by_id;one_depth	1 entities	$$44.7 \mathrm{ms} \pm 246 \mathrm{μs}\left({\color{gray}-1.171 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;one_depth	10 entities	$$82.9 \mathrm{ms} \pm 453 \mathrm{μs}\left({\color{gray}-0.070 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;one_depth	25 entities	$$49.8 \mathrm{ms} \pm 269 \mathrm{μs}\left({\color{gray}2.38 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;one_depth	5 entities	$$52.9 \mathrm{ms} \pm 496 \mathrm{μs}\left({\color{gray}1.30 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;one_depth	50 entities	$$62.3 \mathrm{ms} \pm 446 \mathrm{μs}\left({\color{gray}1.93 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	1 entities	$$47.1 \mathrm{ms} \pm 246 \mathrm{μs}\left({\color{gray}3.74 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	10 entities	$$427 \mathrm{ms} \pm 1.05 \mathrm{ms}\left({\color{gray}0.122 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	25 entities	$$100 \mathrm{ms} \pm 509 \mathrm{μs}\left({\color{gray}0.461 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	5 entities	$$90.4 \mathrm{ms} \pm 441 \mathrm{μs}\left({\color{gray}-0.363 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	50 entities	$$292 \mathrm{ms} \pm 963 \mathrm{μs}\left({\color{lightgreen}-8.375 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	1 entities	$$19.7 \mathrm{ms} \pm 123 \mathrm{μs}\left({\color{gray}2.82 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	10 entities	$$20.3 \mathrm{ms} \pm 103 \mathrm{μs}\left({\color{gray}2.99 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	25 entities	$$20.4 \mathrm{ms} \pm 114 \mathrm{μs}\left({\color{gray}2.40 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	5 entities	$$20.1 \mathrm{ms} \pm 97.1 \mathrm{μs}\left({\color{gray}3.30 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	50 entities	$$24.4 \mathrm{ms} \pm 125 \mathrm{μs}\left({\color{gray}1.75 \mathrm{\%}}\right) $$	Flame Graph

read_scaling_linkless

Function	Value	Mean	Flame graphs
entity_by_id	1 entities	$$19.5 \mathrm{ms} \pm 100 \mathrm{μs}\left({\color{gray}4.58 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	10 entities	$$20.0 \mathrm{ms} \pm 108 \mathrm{μs}\left({\color{red}5.34 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	100 entities	$$19.9 \mathrm{ms} \pm 96.1 \mathrm{μs}\left({\color{red}5.09 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	1000 entities	$$20.0 \mathrm{ms} \pm 104 \mathrm{μs}\left({\color{gray}3.93 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	10000 entities	$$26.4 \mathrm{ms} \pm 219 \mathrm{μs}\left({\color{gray}4.50 \mathrm{\%}}\right) $$	Flame Graph

representative_read_entity

Function	Value	Mean	Flame graphs
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/block/v/1	$$33.4 \mathrm{ms} \pm 291 \mathrm{μs}\left({\color{gray}1.33 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/book/v/1	$$33.6 \mathrm{ms} \pm 343 \mathrm{μs}\left({\color{gray}0.910 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/building/v/1	$$34.6 \mathrm{ms} \pm 306 \mathrm{μs}\left({\color{gray}0.096 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/organization/v/1	$$33.2 \mathrm{ms} \pm 315 \mathrm{μs}\left({\color{gray}2.69 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/page/v/2	$$32.9 \mathrm{ms} \pm 263 \mathrm{μs}\left({\color{gray}1.95 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/person/v/1	$$33.4 \mathrm{ms} \pm 297 \mathrm{μs}\left({\color{gray}-0.069 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/playlist/v/1	$$33.3 \mathrm{ms} \pm 267 \mathrm{μs}\left({\color{gray}-0.294 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/song/v/1	$$33.6 \mathrm{ms} \pm 314 \mathrm{μs}\left({\color{gray}0.539 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/uk-address/v/1	$$34.0 \mathrm{ms} \pm 368 \mathrm{μs}\left({\color{gray}0.578 \mathrm{\%}}\right) $$	Flame Graph

representative_read_entity_type

Function	Value	Mean	Flame graphs
get_entity_type_by_id	Account ID: bf5a9ef5-dc3b-43cf-a291-6210c0321eba	$$8.35 \mathrm{ms} \pm 48.2 \mathrm{μs}\left({\color{gray}-0.178 \mathrm{\%}}\right) $$	Flame Graph

representative_read_multiple_entities

Function	Value	Mean	Flame graphs
entity_by_property	traversal_paths=0	0	$$95.3 \mathrm{ms} \pm 634 \mathrm{μs}\left({\color{gray}3.50 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=255	1,resolve_depths=inherit:1;values:255;properties:255;links:127;link_dests:126;type:true	$$143 \mathrm{ms} \pm 852 \mathrm{μs}\left({\color{gray}-0.847 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:0;links:0;link_dests:0;type:false	$$99.8 \mathrm{ms} \pm 543 \mathrm{μs}\left({\color{gray}0.846 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:0;links:1;link_dests:0;type:true	$$109 \mathrm{ms} \pm 577 \mathrm{μs}\left({\color{gray}-2.155 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:2;links:1;link_dests:0;type:true	$$119 \mathrm{ms} \pm 560 \mathrm{μs}\left({\color{gray}1.77 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:2;properties:2;links:1;link_dests:0;type:true	$$126 \mathrm{ms} \pm 643 \mathrm{μs}\left({\color{gray}2.20 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=0	0	$$100.0 \mathrm{ms} \pm 517 \mathrm{μs}\left({\color{gray}-0.689 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=255	1,resolve_depths=inherit:1;values:255;properties:255;links:127;link_dests:126;type:true	$$128 \mathrm{ms} \pm 497 \mathrm{μs}\left({\color{gray}-4.740 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:0;links:0;link_dests:0;type:false	$$107 \mathrm{ms} \pm 570 \mathrm{μs}\left({\color{gray}-2.217 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:0;links:1;link_dests:0;type:true	$$116 \mathrm{ms} \pm 695 \mathrm{μs}\left({\color{gray}-3.589 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:2;links:1;link_dests:0;type:true	$$118 \mathrm{ms} \pm 558 \mathrm{μs}\left({\color{lightgreen}-5.022 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:2;properties:2;links:1;link_dests:0;type:true	$$118 \mathrm{ms} \pm 382 \mathrm{μs}\left({\color{gray}-4.953 \mathrm{\%}}\right) $$

scenarios

Function	Value	Mean	Flame graphs
full_test	query-limited	$$143 \mathrm{ms} \pm 568 \mathrm{μs}\left({\color{gray}2.31 \mathrm{\%}}\right) $$	Flame Graph
full_test	query-unlimited	$$153 \mathrm{ms} \pm 513 \mathrm{μs}\left({\color{gray}2.27 \mathrm{\%}}\right) $$	Flame Graph
linked_queries	query-limited	$$41.3 \mathrm{ms} \pm 341 \mathrm{μs}\left({\color{lightgreen}-60.371 \mathrm{\%}}\right) $$	Flame Graph
linked_queries	query-unlimited	$$537 \mathrm{ms} \pm 1.04 \mathrm{ms}\left({\color{lightgreen}-6.714 \mathrm{\%}}\right) $$	Flame Graph

[augmentcode]

🤖 Augment PR Summary

Summary: This PR moves staging backend deployment orchestration out of this repo and into the hashintel/internal-infra promote workflow, so staging gets the same promotion/rollback patterns as production.

Changes:

• Removed staging ECS deploy jobs (graph/app/workers) and the staging-specific ECS environment variables from hash-backend-cd.yml.
• Added a new promote-staging job that authenticates to Vault, generates a GitHub App installation token, and triggers internal-infra via workflow_dispatch.
• Updated job dependencies so promotion happens only after all images are built and pushed.
• Replaced the previous Slack webhook action with a Vault-fetched Slack bot token and a direct chat.postMessage call for failure notifications.

Technical Notes: Promotion is triggered through the GitHub REST API and Slack notifications are sent using a bot OAuth token retrieved from Vault.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 2 suggestions posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

.github/workflows/hash-backend-cd.yml:302 — The dispatched image_tag is set to the raw ${{ github.sha }}, but the build/push action tags images as sha-${{ github.sha }} (see .github/actions/docker-build-push/action.yml). This mismatch is likely to make the promote workflow look for a tag that was never pushed, causing staging promotion to fail or deploy the wrong image.

Severity: high

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

.github/workflows/hash-backend-cd.yml:294 — If curl fails at the network/transport level, the captured HTTP_CODE can end up as 000 and this script will treat it as success (since it’s not >= 400). That could lead to the job reporting a successful dispatch when none occurred.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}