feat(deploy): added deploy wizard#260
Draft
wyattjoh wants to merge 24 commits into
Draft
Conversation
🦋 Changeset detectedLatest commit: c749d58 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Contributor
Author
|
!snapshot |
Contributor
Snapshot publishednpm install -g clerk@1.3.1-snapshot.0dd30be
|
Contributor
Author
|
Stack: wyattjoh/deploy
Part of a stacked-prs chain. Do not merge manually. |
This was referenced May 13, 2026
wyattjoh
force-pushed
the
wyattjoh/api-error-classification
branch
from
93d7a24 to
bf05f3e
Compare
wyattjoh
force-pushed
the
wyattjoh/api-error-classification
branch
from
bf05f3e to
ffb869f
Compare
wyattjoh
force-pushed
the
wyattjoh/deploy
branch
2 times, most recently
from
a3d8b46 to
7e6819c
Compare
wyattjoh
force-pushed
the
wyattjoh/api-error-classification
branch
from
ffb869f to
162f269
Compare
- Preserve completed providers when pausing OAuth setup mid-loop, so `clerk deploy --continue` can finish multi-provider stacks. - Surface a warning for OAuth providers enabled in dev that the wizard does not yet support, instead of silently skipping them. - Close the gutter as Paused (not Failed) when DNS verification times out, since the state is recoverable via --continue. - Tighten the production-domain regex to reject malformed inputs like example..com or example-.com before they reach the API.
Move deploy lifecycle endpoint wrappers into the shared PLAPI client while routing the deploy wizard through a command-local adapter that defaults to mocked operations until the backend endpoints are ready.
Switch the deploy command from the in-process mock lifecycle to the live PLAPI endpoints. Add a typed error mapper that translates known PLAPI failures (plan_insufficient, home_url_taken, ssl_retry_throttled, etc.) into CliError with stable codes, with a recovery path for the production_instance_exists case so the wizard re-derives state instead of surfacing the error. Surface per-component progress (DNS / SSL / mail) during deploy_status polling, and drop the four hidden --test-fail-* CLI options now that failure injection is routed through the test's module mock. Collapse the api/mock indirection layer to a thin re-export of the plapi endpoints + a no-op configureMockDeployApi stub for the test seam, and strip the dead mockDeployApi implementation that the indirection used to back.
Swap the "Continue to OAuth setup?" yes/no prompt during initial production setup for the same verify/skip select used when resuming. Choosing skip records DNS as pending and continues to OAuth instead of pausing the deploy, so the dashboard remains the single place to monitor propagation.
- Tolerate getDeployStatus failures inside the reconcile-path snapshot read so the deploy continues to the verify-or-skip prompt instead of failing before the user can react. - Split the snapshot fetch into separate "Reading development configuration" and "Reading production configuration" spinners so the gutter reflects what is actually being loaded. - Add triggerDomainDnsCheck (POST .../dns_check) and call it best-effort when the user picks "Check DNS now" so an active check job is kicked rather than waiting on background reconciliation. - Type the dns_ok/ssl_ok/mail_ok booleans on DeployStatusResponse and use them to name the specific pending component in the timeout warning.
Switch deploy command imports back to lib/plapi.ts directly and remove the ./mock.ts harness plus the --test-force-* / --test-fail-* CLI flags it backed. The wrappers were added for an earlier mockable-deploy-API experiment that is no longer needed.
Replace the single-spinner pollDeployStatus loop with a chained mail/dns/ssl spinner sequence that emits a per-component success line as each boolean flips true. Add a defensive status === "complete" check after all three components succeed so the proxy_ok server-side case fails closed rather than reporting verified. When all DNS components are resolved but the server has not yet marked the deployment complete, exit the verification path without reaching finishDeploy.
After the DNS records block in both runDnsSetup and runExistingDomainDnsVerification, prompt the user (default: no) to export the records as a clerk-<domain>.zone BIND zone file.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (19)
📝 WalkthroughWalkthroughThis pull request implements Estimated code review effort🎯 4 (Complex) | ⏱️ ~75 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
📝 WalkthroughWalkthroughThis PR implements a complete interactive Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
The Domain Connect URL helper returned Cloudflare's template for every domain regardless of the actual registrar — a misleading prompt for any user not on Cloudflare. Remove it entirely until NS-based registrar detection lands as its own change. Other cleanups from the same review pass: runDeploy throws a NOT_LINKED CliError on unlinked directories instead of warning and exiting zero; startNewDeploy's 409 production_instance_exists recovery now persists the recovered production instance id to the profile; OAuth skip routes through deployPausedError so its exit code matches Ctrl-C (1 instead of silent 0); runDnsVerification loops on timeout retry instead of recursing; and runOAuthSetup drops the redundant startIndex slice since the completed set already skips previously-saved providers.
wyattjoh
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
clerk deploy, an interactive wizard that promotes a linked Clerk application from development to production. The wizard validates clone compatibility, creates the production instance and primary domain, walks the user through the returned CNAME records (with optional BIND zone export to./clerk-<domain>.zone), verifies DNS/SSL/mail with a per-component spinner chain, and collects production OAuth credentials for Google, GitHub, Microsoft, Apple, and Linear.State is derived from the Platform API on each run, not persisted locally. The wizard reads the live application, domains, deploy status, and instance config on entry and resumes from the next pending step. The only profile write is
instances.productiononce the production instance exists. Pressing Ctrl-C or picking "Skip" at an OAuth provider exits withDeploy pausedand exit code 1; rerunning resumes from whatever the API now reports.Platform API errors specific to the deploy lifecycle are mapped to typed
CliErrors incommands/deploy/errors.ts(unsupported plan features, provider/taken domains,production_instance_existsrecovery, SSL/mail retry throttles). The wizard refuses to start in agent mode because production configuration is interactive.Test plan
bun run format:checkbun run lintbun run typecheckbun run testbun run test:e2e:operror: No Clerk project linked; linked directory walks through create → DNS records → BIND export → verification → OAuth → production summary; Ctrl-C at OAuth exits withDeploy pausedand exit code 1; rerun resumes at the skipped provider.