diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c62cd2f2d1e..25d8348d8c4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -92,7 +92,7 @@ jobs: ecr_repo_secret: ECR_PII steps: - name: Checkout code - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6 @@ -130,6 +130,49 @@ jobs: provenance: false sbom: false + # Dev: deploy Trigger.dev background tasks to the preview "dev-sim" branch. + # Gated after migrate-dev for the same reason as build-dev — the new task + # code runs against the dev DB, so the schema must be pushed first. + deploy-trigger-dev: + name: Deploy Trigger.dev (Dev) + needs: [migrate-dev] + if: github.event_name == 'push' && github.ref == 'refs/heads/dev' + runs-on: blacksmith-4vcpu-ubuntu-2404 + steps: + - name: Checkout code + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + + - name: Setup Bun + uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2 + with: + bun-version: 1.3.13 + + - name: Cache Bun dependencies + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 + with: + path: | + ~/.bun/install/cache + node_modules + **/node_modules + key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} + restore-keys: | + ${{ runner.os }}-bun- + + - name: Install dependencies + run: bun install --frozen-lockfile + + - name: Deploy to Trigger.dev + working-directory: ./apps/sim + env: + TRIGGER_ACCESS_TOKEN: ${{ secrets.DEV_TRIGGER_ACCESS_TOKEN }} + TRIGGER_PROJECT_ID: ${{ secrets.TRIGGER_PROJECT_ID }} + run: | + if [ -z "$TRIGGER_ACCESS_TOKEN" ] || [ -z "$TRIGGER_PROJECT_ID" ]; then + echo "ERROR: DEV_TRIGGER_ACCESS_TOKEN and TRIGGER_PROJECT_ID repo secrets must both be set" >&2 + exit 1 + fi + bunx trigger.dev@4.4.3 deploy --env preview --branch dev-sim + # Main/staging: build AMD64 images and push to ECR + GHCR build-amd64: name: Build AMD64 @@ -359,7 +402,7 @@ jobs: steps: - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: - fetch-depth: 2 # Need at least 2 commits to detect changes + fetch-depth: 2 # Need at least 2 commits to detect changes - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4 id: filter with: diff --git a/.github/workflows/migrations.yml b/.github/workflows/migrations.yml index f789ec32627..7965eaf5e6d 100644 --- a/.github/workflows/migrations.yml +++ b/.github/workflows/migrations.yml @@ -69,7 +69,16 @@ jobs: if [ "${ENVIRONMENT}" = "dev" ]; then echo "Dev environment — pushing schema directly (db:push)" - bun run db:push --force + # drizzle-kit push needs a TTY to resolve ambiguous renames (--force only + # covers data-loss). In CI it throws "Interactive prompts require a TTY + # terminal" but still exits 0, so the job goes green without applying the + # change. tee keeps the output live in the log; we then fail on drizzle's + # own TTY error. A genuine non-zero exit already fails via `set -e`. + bun run db:push --force < /dev/null 2>&1 | tee /tmp/db-push.log + if grep -q "Interactive prompts require a TTY terminal" /tmp/db-push.log; then + echo "ERROR: db:push needs an interactive rename decision; land it as a versioned migration instead of relying on push." >&2 + exit 1 + fi else echo "Applying versioned migrations (db:migrate)" bun run ./scripts/migrate.ts