DEVOPS
Gate Vercel deploys when env vars drift from the GitLab manifest
Before a Vercel production deploy proceeds, compare its environment variables against a committed manifest in GitLab and block the deploy if any required var is missing, renamed…
How it runs
The automated pipeline, trigger to output.
- TriggerVercel production deployment createdVercel
- ActionFetch deployment env vars from VercelVercel
- ActionRead env.manifest.json from GitLab branchGitLab
- LogicDiff live config vs manifest, classify drift
- LogicBranch: unauthorized drift present?
- ActionCancel deploy via Vercel API if driftVercel
- OutputPost verdict and diff to SlackSlack
What it does
This workflow turns a committed env manifest into a hard gate on production deploys. When Vercel signals a pending production deployment, it pulls the project's live environment config, diffs it against the source-of-truth `env.manifest.json` in your GitLab repo, and refuses to let the deploy continue if anything is missing or unauthorized. Approved drift never blocks; surprise drift always does.
When to use it
Use it when config drift has bitten you before — a deleted secret, a typo'd key, a hand-edited value in the Vercel dashboard that nobody recorded. Ideal for teams that treat env config as code and want CI-grade enforcement without writing custom pipeline glue.
How it works
- 1A Vercel deployment-created webhook fires for a production target.
- 2The flow fetches the deployment's resolved environment variables from the Vercel API.
- 3It reads the canonical `env.manifest.json` from the target branch in GitLab.
- 4A diff step classifies every key as matching, missing, extra, or value-changed.
- 5If unauthorized drift exists, the deploy is cancelled via the Vercel API; otherwise it is allowed to proceed.
- 6The verdict and full diff are posted to Slack for the on-call engineer.
Set it up
What you configure once, before turning it on.
- 1Connect VercelDeploys, runtime logs, analytics.
- 2Connect GitLabRepos, MRs, pipelines, registry.
- 3Connect SlackChannels, DMs, threads, mentions.
- 4Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 5Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 6Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More DevOps workflows
Block costly Hugging Face Space hardware upgrades in PR review
When a pull request changes a Space's hardware config, it estimates the new monthly cost and posts a GitHub PR comment that flags upgrades crossing a budget ceiling.
Auto-spin a Zoom war-room when PagerDuty hits SEV-1
When a PagerDuty incident escalates to a critical severity, this workflow creates a dedicated Zoom meeting and posts the bridge link to the incident's Slack channel so responders…
Page on-call when a Hugging Face Space build is stuck or errored
Polls Hugging Face Space runtime status on a schedule and opens a PagerDuty incident when a Space sits in a build or error state past a deadline, with a Slack heads-up.
Slack-approved pause for idle Hugging Face Spaces
On a daily scan it finds idle paid Spaces and posts an interactive Slack approval; on approve it pauses the Space and logs the decision to a GitHub issue audit trail.
Hugging Face Spaces idle-runtime sweep with auto-pause
On a schedule, scans all Hugging Face Spaces for ones running idle past a threshold, pauses them to stop billing, and posts a Slack summary with the estimated monthly savings.
Open a Zoom war-room from a Datadog multi-alert storm
When a Datadog monitor crosses a critical threshold, this workflow dedupes against active incidents, and only for a genuinely new outage it creates a Zoom bridge.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.