[Graphite MQ] Draft PR GROUP:spec_cccc0a (PRs 426) #2356
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: ['**', '!changeset-release/**'] | |
| push: | |
| branches: [main] | |
| # TODO: Optimize - separate deployment workflow to avoid re-running tests on main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| actions: read | |
| pull-requests: write # for preview comments | |
| deployments: write # Netlify action needs it | |
| jobs: | |
| # ─────────────────────────────────────── 1. BUILD & TEST ────────────────────────────────────── | |
| build-and-test: | |
| runs-on: ubuntu-latest | |
| env: | |
| NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: ./.github/actions/setup | |
| - name: Setup Deno | |
| uses: denoland/setup-deno@v2 | |
| with: | |
| deno-version: '2.1.4' | |
| - name: Install sqruff | |
| uses: ./.github/actions/setup-sqruff | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Atlas | |
| uses: ariga/setup-atlas@master | |
| with: | |
| cloud-token: ${{ secrets.ATLAS_CLOUD_TOKEN }} | |
| - name: Set Nx base for affected commands | |
| run: | | |
| echo "NX_BASE=origin/main" >> $GITHUB_ENV | |
| echo "NX_HEAD=HEAD" >> $GITHUB_ENV | |
| - name: Verify NX_BASE and NX_HEAD are set | |
| run: echo "BASE=$NX_BASE HEAD=$NX_HEAD" | |
| - name: Pre-start Supabase for affected packages | |
| run: ./scripts/ci-prestart-supabase.sh core client | |
| - name: Quality gate (lint + typecheck + test) | |
| run: pnpm nx affected -t lint typecheck test --parallel --configuration=production --base="$NX_BASE" --head="$NX_HEAD" | |
| - name: Build all affected projects | |
| run: pnpm nx affected -t build --configuration=production --parallel --base="$NX_BASE" --head="$NX_HEAD" | |
| - name: Verify exports for built packages | |
| run: pnpm nx affected -t verify-exports --base="$NX_BASE" --head="$NX_HEAD" | |
| # ─────────────────────────────────────── 2. EDGE-WORKER E2E ────────────────────────────────────── | |
| edge-worker-e2e: | |
| runs-on: ubuntu-latest | |
| env: | |
| NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: ./.github/actions/setup | |
| - name: Setup Deno | |
| uses: denoland/setup-deno@v2 | |
| with: | |
| deno-version: '2.1.4' | |
| - name: Install sqruff | |
| uses: ./.github/actions/setup-sqruff | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Atlas | |
| uses: ariga/setup-atlas@master | |
| with: | |
| cloud-token: ${{ secrets.ATLAS_CLOUD_TOKEN }} | |
| - name: Set Nx base for affected commands | |
| run: | | |
| echo "NX_BASE=origin/main" >> $GITHUB_ENV | |
| echo "NX_HEAD=HEAD" >> $GITHUB_ENV | |
| - name: Verify NX_BASE and NX_HEAD are set | |
| run: echo "BASE=$NX_BASE HEAD=$NX_HEAD" | |
| - name: Pre-start Supabase for affected packages | |
| run: ./scripts/ci-prestart-supabase.sh edge-worker | |
| - name: Check if edge-worker e2e tests are affected | |
| id: check-affected | |
| run: | | |
| if pnpm nx show projects --affected -t test:e2e --base="$NX_BASE" --head="$NX_HEAD" | grep -q "^edge-worker$"; then | |
| echo "affected=true" >> $GITHUB_OUTPUT | |
| echo "Edge-worker e2e tests are affected by changes" | |
| else | |
| echo "affected=false" >> $GITHUB_OUTPUT | |
| echo "Edge-worker e2e tests are not affected by changes - skipping" | |
| fi | |
| - name: Run edge-worker e2e tests | |
| if: steps.check-affected.outputs.affected == 'true' | |
| run: pnpm nx affected -t test:e2e --parallel --base="$NX_BASE" --head="$NX_HEAD" | |
| # ────────────────────────────────── 3. DEPLOY WEBSITE ─────────────────────────── | |
| deploy-website: | |
| needs: [build-and-test, edge-worker-e2e] | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event_name == 'pull_request' && 'preview' || 'production' }} | |
| env: | |
| NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
| CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| DEPLOYMENT_ENV: ${{ github.event_name == 'pull_request' && 'preview' || 'production' }} | |
| VITE_SUPABASE_URL: ${{ github.event_name == 'pull_request' && secrets.WEBSITE_PREVIEW_SUPABASE_URL || secrets.WEBSITE_PRODUCTION_SUPABASE_URL }} | |
| VITE_SUPABASE_ANON_KEY: ${{ github.event_name == 'pull_request' && secrets.WEBSITE_PREVIEW_SUPABASE_ANON_KEY || secrets.WEBSITE_PRODUCTION_SUPABASE_ANON_KEY }} | |
| PLAUSIBLE_PROXY_URL: ${{ secrets.WEBSITE_PLAUSIBLE_PROXY_URL }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: ./.github/actions/setup | |
| - name: Set Nx base for affected commands | |
| run: | | |
| echo "NX_BASE=origin/main" >> $GITHUB_ENV | |
| echo "NX_HEAD=HEAD" >> $GITHUB_ENV | |
| - name: Verify NX_BASE and NX_HEAD are set | |
| run: echo "BASE=$NX_BASE HEAD=$NX_HEAD" | |
| - name: Check if website is affected | |
| id: check-affected | |
| run: | | |
| if [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then | |
| # Always deploy website on main branch | |
| echo "affected=true" >> $GITHUB_OUTPUT | |
| echo "Main branch push - deploying website to production" | |
| elif pnpm nx show projects --affected -t build --base="$NX_BASE" --head="$NX_HEAD" | grep -q "^website$"; then | |
| echo "affected=true" >> $GITHUB_OUTPUT | |
| echo "Website is affected by changes" | |
| else | |
| echo "affected=false" >> $GITHUB_OUTPUT | |
| echo "Website is not affected by changes - skipping deployment" | |
| fi | |
| - name: Validate Supabase environment variables | |
| if: steps.check-affected.outputs.affected == 'true' | |
| run: | | |
| if [ -z "$VITE_SUPABASE_URL" ]; then | |
| echo "❌ Error: VITE_SUPABASE_URL is not set" | |
| echo "Required GitHub secret missing: WEBSITE_${{ github.event_name == 'pull_request' && 'PREVIEW' || 'PRODUCTION' }}_SUPABASE_URL" | |
| exit 1 | |
| fi | |
| if [ -z "$VITE_SUPABASE_ANON_KEY" ]; then | |
| echo "❌ Error: VITE_SUPABASE_ANON_KEY is not set" | |
| echo "Required GitHub secret missing: WEBSITE_${{ github.event_name == 'pull_request' && 'PREVIEW' || 'PRODUCTION' }}_SUPABASE_ANON_KEY" | |
| exit 1 | |
| fi | |
| if [[ ! "$VITE_SUPABASE_URL" =~ ^https:// ]]; then | |
| echo "❌ Error: VITE_SUPABASE_URL must use https:// (not http://)" | |
| echo "Current value: $VITE_SUPABASE_URL" | |
| exit 1 | |
| fi | |
| echo "✅ Supabase environment variables are valid" | |
| - name: Deploy website | |
| id: deploy-website | |
| if: steps.check-affected.outputs.affected == 'true' | |
| env: | |
| CLOUDFLARE_BRANCH: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || 'main' }} | |
| run: | | |
| if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| pnpm nx run website:deploy:preview --skip-nx-cache | |
| else | |
| pnpm nx run website:deploy --skip-nx-cache | |
| fi | |
| - name: Post deployment comment | |
| if: always() | |
| uses: ./.github/actions/deployment-comment | |
| with: | |
| project-name: Website | |
| preview-url: https://pr-${{ github.event.pull_request.number }}.pgflow.pages.dev | |
| production-url: https://pgflow.dev | |
| # ────────────────────────────────── 4. DEPLOY DEMO ─────────────────────────── | |
| deploy-demo: | |
| if: false # temporarily disabled | |
| needs: [build-and-test, edge-worker-e2e] | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event_name == 'pull_request' && 'preview' || 'production' }} | |
| env: | |
| NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
| CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| VITE_SUPABASE_URL: ${{ github.event_name == 'pull_request' && secrets.DEMO_PREVIEW_SUPABASE_URL || secrets.DEMO_PRODUCTION_SUPABASE_URL }} | |
| VITE_SUPABASE_ANON_KEY: ${{ github.event_name == 'pull_request' && secrets.DEMO_PREVIEW_SUPABASE_ANON_KEY || secrets.DEMO_PRODUCTION_SUPABASE_ANON_KEY }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: ./.github/actions/setup | |
| - name: Set Nx base for affected commands | |
| run: | | |
| echo "NX_BASE=origin/main" >> $GITHUB_ENV | |
| echo "NX_HEAD=HEAD" >> $GITHUB_ENV | |
| - name: Verify NX_BASE and NX_HEAD are set | |
| run: echo "BASE=$NX_BASE HEAD=$NX_HEAD" | |
| - name: Validate Supabase environment variables | |
| run: | | |
| if [ -z "$VITE_SUPABASE_URL" ]; then | |
| echo "❌ Error: VITE_SUPABASE_URL is not set" | |
| echo "Required GitHub secret missing: DEMO_${{ github.event_name == 'pull_request' && 'PREVIEW' || 'PRODUCTION' }}_SUPABASE_URL" | |
| exit 1 | |
| fi | |
| if [ -z "$VITE_SUPABASE_ANON_KEY" ]; then | |
| echo "❌ Error: VITE_SUPABASE_ANON_KEY is not set" | |
| echo "Required GitHub secret missing: DEMO_${{ github.event_name == 'pull_request' && 'PREVIEW' || 'PRODUCTION' }}_SUPABASE_ANON_KEY" | |
| exit 1 | |
| fi | |
| if [[ ! "$VITE_SUPABASE_URL" =~ ^https:// ]]; then | |
| echo "❌ Error: VITE_SUPABASE_URL must use https:// (not http://)" | |
| echo "Current value: $VITE_SUPABASE_URL" | |
| exit 1 | |
| fi | |
| echo "✅ Supabase environment variables are valid" | |
| - name: Deploy demo | |
| id: deploy-demo | |
| env: | |
| PREVIEW_NAME: pr-${{ github.event.pull_request.number }} | |
| run: | | |
| if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| pnpm nx affected -t deploy:preview --projects=demo --base="$NX_BASE" --head="$NX_HEAD" | |
| else | |
| pnpm nx affected -t deploy --projects=demo --base="$NX_BASE" --head="$NX_HEAD" | |
| fi | |
| - name: Post deployment comment | |
| if: success() | |
| uses: ./.github/actions/deployment-comment | |
| with: | |
| project-name: Demo | |
| preview-url: https://pr-${{ github.event.pull_request.number }}-pgflow-demo.jumski.workers.dev | |
| production-url: https://demo.pgflow.dev |