ci(deploy-neep): tee log on remote, fetch tail via second SSH

[beats-dh]

Description

Follow-up to #3951. The deploy ran successfully on the remote in #3940 (comment), but the workflow itself failed at the Truncate remote output for comment step:

Error: An error occurred trying to start process '/usr/bin/bash' with working directory '/home/runner/work/canary/canary'. Argument list too long

Two issues showed up in the captured log:

1. Argument list too long (E2BIG) — we passed ${{ steps.remote.outputs.stdout }} (multi-MB build log) as an env var to the truncate step's bash. Linux's ARG_MAX is ~2 MB and the env block counts toward it, so execve failed before bash even ran.
2. Every line was duplicated in the captured output (e.g. === [6/7] Deploy do binário === printed twice, success banner printed twice). The combination of appleboy/ssh-action's capture_stdout: true plus our exec 2>&1 was double-capturing each line, inflating the size.

Behaviour

Actual

• Successful deploy still marks the workflow as failed because the truncate step crashes on the env-var size.
• Captured stdout is duplicated, doubling the volume that gets piped through the runner.

Expected

• Workflow status reflects the actual deploy outcome.
• Failure comments still get the tail of the build log without funneling the entire log through a runner env var.

Type of change

• Bug fix (non-breaking change which fixes an issue)

What changed

• Drop capture_stdout: true from the deploy SSH step — we no longer rely on the action capturing the full log.
• Tee remote output to /tmp/canary-deploy.log on the VPS (exec > >(tee /tmp/canary-deploy.log) 2>&1) so the log lives on disk regardless of how the action captures.
• Replace the Truncate remote output for comment runner step with a small second SSH step Fetch remote deploy log tail that runs tail -c 50000 /tmp/canary-deploy.log with capture_stdout: true. The captured output is bounded to ~50 KB — comfortably under both ARG_MAX and GitHub's ~65 K comment-body limit.
• The fetch step only runs on failure (steps.remote.outcome != 'success'), so successful deploys don't pay for an extra SSH session.
• Failure comment now reads from ${{ steps.fetch_log.outputs.stdout }}.

How Has This Been Tested

• /deploy on a passing branch — verify the workflow now exits clean (no truncate-step crash) and the success comment is unchanged.
• /deploy on a deliberately broken branch — verify the failure comment contains the tail of the build log and is no longer duplicated.

Test Configuration:

• Server Version: any
• Client: n/a (CI workflow)
• Operating System: Ubuntu (runner) + remote VPS

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I checked the PR checks reports
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works

Summary by CodeRabbit

• Chores
  • Improved deployment failure reporting by persistently capturing full remote output and including the last ~50KB of that log in failure notifications for easier troubleshooting.
  • Clarified various remote progress and error messages (including Portuguese→English updates) to make deployment feedback more readable, without changing deployment control flow.

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ca67f90c-d091-47cb-9237-7e27465a8ee5

📥 Commits

Reviewing files that changed from the base of the PR and between d11294a and 26d94b0.

📒 Files selected for processing (1)

• .github/workflows/deploy-neep.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/deploy-neep.yml

---

📝 Walkthrough

Walkthrough

The deploy workflow now writes remote deploy stdout/stderr into /tmp/canary-deploy.log via tee; on failure a follow-up SSH step tails the last 50KB of that file and the PR failure comment embeds that tail. Several remote progress/error messages were updated.

Changes

Deployment Log Capture and Failure Reporting

Layer / File(s)	Summary
Remote Log Capture Configuration .github/workflows/deploy-neep.yml	The remote SSH step now initializes /tmp/canary-deploy.log and pipes stdout+stderr through tee into that file instead of relying on action-captured stdout.
Remote Script Message Edits .github/workflows/deploy-neep.yml	Multiple remote deploy progress and error messages were reworded (including Portuguese→English updates) without changing control flow.
Log Retrieval on Failure .github/workflows/deploy-neep.yml	A new failure-only step runs tail -c 50000 /tmp/canary-deploy.log via SSH and exposes the tail via step stdout.
Failure Comment Integration .github/workflows/deploy-neep.yml	The prior truncation step was removed and the PR failure comment <details> now embeds ${{ steps.fetch_log.outputs.stdout }} (the fetched log tail).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• opentibiabr/canary#3951: Modifies the same deploy-neep workflow's remote stdout capture and PR-comment behavior; related to prior capture/truncation approach.

Suggested reviewers

• majestyotbr

Poem

🐰 I hop across the CI fence at night,
And tee each whisper, stdout bright,
When builds misbehave I fetch the tail,
Fifty kilobytes tell the fail,
Logs on the host — a deploy rabbit's delight!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: implementing remote tee logging and fetching the log tail via a second SSH call to fix the CI workflow failure.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch beats/deploy-neep-fix-log-fetch

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud