-
Notifications
You must be signed in to change notification settings - Fork 0
173 lines (145 loc) · 6.13 KB
/
deploy.yml
File metadata and controls
173 lines (145 loc) · 6.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
name: Deploy
# Post-merge ops QA notes:
# - Verify customer-facing HTML surfaces return 200 after deploy changes: https://socialproof.dev/ and https://app.socialproof.dev/
# - Verify marketing routes on socialproof.dev still render (example: /for/plumbers/, /vs/boast/, /blog/testimonials-for-yoga-studios/)
# - Do NOT use root-path checks for api.socialproof.dev or widget.socialproof.dev; their expected health checks are endpoint/asset specific.
# - A successful Pages deploy is not enough by itself; confirm the intended custom domain is actually bound/live before closing infra issues.
on:
push:
branches: [main]
jobs:
verify-cloudflare-secrets:
name: Verify Cloudflare deploy secrets
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- name: Fail fast if Cloudflare deploy secrets are missing
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
run: |
test -n "$CLOUDFLARE_API_TOKEN" || { echo 'Missing secret: CLOUDFLARE_API_TOKEN' >&2; exit 1; }
test -n "$CLOUDFLARE_ACCOUNT_ID" || { echo 'Missing secret: CLOUDFLARE_ACCOUNT_ID' >&2; exit 1; }
# ┌─ Test ───────────────────────────────────────────────
test:
name: Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
cache-dependency-path: package-lock.json
- name: Install dependencies
run: npm ci
- name: Run tests
working-directory: apps/worker
run: npm test
# ┌─ Worker ─────────────────────────────────────────────
deploy-worker:
name: Deploy Worker
runs-on: ubuntu-latest
needs: [test, verify-cloudflare-secrets]
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
cache-dependency-path: package-lock.json
- name: Install dependencies
run: npm ci
- name: Apply D1 migrations
working-directory: apps/worker
run: npx wrangler d1 migrations apply vouch-db --remote
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
- name: Deploy worker
working-directory: apps/worker
run: npx wrangler deploy
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
# ┌─ Widget ─────────────────────────────────────────────
deploy-widget:
name: Deploy Widget
runs-on: ubuntu-latest
needs: deploy-worker
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
cache-dependency-path: package-lock.json
- name: Install dependencies
run: npm ci
- name: Deploy widget
working-directory: apps/widget
run: npx wrangler deploy
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
# ┌─ Dashboard (Cloudflare Pages) ───────────────────────
deploy-dashboard:
name: Deploy Dashboard
runs-on: ubuntu-latest
needs: [test, verify-cloudflare-secrets]
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
cache-dependency-path: package-lock.json
- name: Install dependencies
run: npm ci
- name: Build dashboard
working-directory: apps/dashboard
run: npm run build
- name: Deploy dashboard to Pages
working-directory: apps/dashboard
run: npx wrangler pages deploy dist --project-name=proof-dashboard
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
# ┌─ Marketing Site (Cloudflare Pages) ──────────────────
deploy-marketing-site:
name: Deploy Marketing Site
runs-on: ubuntu-latest
needs: [test, verify-cloudflare-secrets]
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
cache-dependency-path: package-lock.json
- name: Install dependencies
run: npm ci
- name: Build marketing site
working-directory: apps/marketing-site
run: npm run build
- name: Verify marketing artifacts
run: |
test -f apps/marketing-site/dist/_redirects
grep -F '/c/* https://api.socialproof.dev/c/:splat 302' apps/marketing-site/dist/_redirects
test -f apps/marketing-site/dist/sitemap-index.xml
test -f apps/marketing-site/dist/sitemap-0.xml
grep -F 'https://socialproof.dev/for/' apps/marketing-site/dist/sitemap-0.xml
grep -F 'https://socialproof.dev/vs/' apps/marketing-site/dist/sitemap-0.xml
# Deploy result is only trustworthy if failures are surfaced and the intended Pages/custom domain binding is verified separately.
- name: Deploy marketing site to Pages
working-directory: apps/marketing-site
run: npx wrangler pages deploy dist --project-name=socialproof-marketing
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
- name: Post-deploy smoke check
run: ./scripts/post-deploy-smoke.sh