Windmill Operations¶
Operational guide for Windmill workflow automation.
Note: Terraform execution has migrated to HCP Terraform (December 2025). Windmill is now used only for non-Terraform automation.
Quick Reference¶
| Property | Value |
|---|---|
| URL | https://windmill.fzymgc.house |
| Staging Workspace | terraform-gitops-staging |
| Production Workspace | terraform-gitops-prod |
| Vault Secret Path | secret/fzymgc-house/cluster/windmill |
Current Use Cases¶
Windmill is used for non-Terraform automation:
| Flow Category | Purpose |
|---|---|
f/app_custom/ |
Custom application flows |
f/app_groups/ |
Application group management |
f/app_themes/ |
Theme management |
f/bots/ |
Bot automation (non-Terraform) |
f/resources/ |
Resource definitions |
Architecture¶
Two-workspace pattern with Git-based promotion:
| Workspace | Branch | Purpose |
|---|---|---|
terraform-gitops-staging |
windmill-staging |
Development/testing, Git sync enabled |
terraform-gitops-prod |
main |
Production, deployed via GitHub Actions |
Deployment flow: windmill-staging branch -> PR -> main -> auto-deploy to prod
Common Operations¶
Sync Commands¶
# Configure workspace
npx wmill workspace add terraform-gitops-staging terraform-gitops-staging \
https://windmill.fzymgc.house "$TOKEN"
# Push changes
npx wmill sync push --workspace terraform-gitops-staging
# Pull remote state
npx wmill sync pull
# Show diff
npx wmill sync diff
Token Validation¶
curl -H "Authorization: Bearer $TOKEN" \
https://windmill.fzymgc.house/api/w/terraform-gitops/users/whoami
View Worker Logs¶
kubectl --context fzymgc-house logs -n windmill -l app=windmill-workers --tail=100
Vault Secrets¶
Windmill secrets stored at secret/fzymgc-house/cluster/windmill:
| Key | Purpose |
|---|---|
terraform_gitops_token |
Workspace sync token |
discord_bot_token |
Discord notifications |
discord_application_id |
Discord app ID |
discord_channel_id |
Notification channel |
Add New Secret¶
- Add secret to Vault
- Update sync configuration
- Run secrets sync flow
GitHub Actions¶
| Workflow | Trigger | Action |
|---|---|---|
windmill-deploy-prod.yaml |
PR merge to main with windmill label |
Deploy to prod workspace |
windmill-open-pr.yaml |
Changes on windmill-staging | Open PR to main |
sync-main-to-windmill-staging.yaml |
PR merge to main | Sync non-windmill changes back |
sync-windmill-secrets.yaml |
Manual/scheduled | Sync Vault secrets to Windmill |
Troubleshooting¶
Flow Failures¶
- Check run logs in Windmill UI
- Review error messages
- Check dependencies (Vault, GitHub)
Sync Issues¶
- Verify workspace token is valid
- Check Git branch state
- Review sync command output
Historical: Terraform Flows (Removed)¶
The following Terraform automation was removed in December 2025 and replaced by HCP Terraform:
f/terraform/deploy_terraform.flow/- Main deployment flowf/terraform/terraform_{init,plan,apply}.py- Terraform execution scriptsf/terraform/notify_*.py- Discord notification scripts.github/workflows/terraform-deploy.yml- GitHub Actions trigger
For current Terraform automation, see HCP Terraform Operations.
See Also¶
- HCP Terraform Operations - Current Terraform execution
- Vault Operations - Secret management