From cad6440779ee874341a379cbc7e650fda24c7796 Mon Sep 17 00:00:00 2001 From: Torgny Bjers Date: Sat, 27 Jun 2026 18:11:51 -0400 Subject: [PATCH 1/3] ci: add preview deployment configuration --- .github/workflows/deploy.yml | 9 +++++---- package.json | 4 ++-- worker-configuration.d.ts | 14 ++++++++++++-- wrangler.json | 21 ++++++++++++++++++++- 4 files changed, 39 insertions(+), 9 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 62846bf..6bda251 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -27,6 +27,8 @@ jobs: deploy: if: github.actor != 'dependabot[bot]' runs-on: ubuntu-latest + env: + TARGET_ENV: ${{ github.ref == 'refs/heads/main' && 'production' || 'preview' }} environment: name: ${{ github.ref == 'refs/heads/main' && 'production' || 'preview' }} url: https://coverage-tracker.zerostash.org @@ -35,7 +37,7 @@ jobs: - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: '22' + node-version: '24' cache: npm cache-dependency-path: | package-lock.json @@ -53,14 +55,13 @@ jobs: DB_ID: ${{ secrets.CLOUDFLARE_D1_DATABASE_ID }} run: | # Use jq to update the database_id inside the d1_databases array - jq --arg new_val "${DB_ID}" '.env.prod.d1_databases[0].database_id = $new_val' wrangler.json > wrangler.json.tmp + jq --arg new_val "${DB_ID}" '.env.${TARGET_ENV}.d1_databases[0].database_id = $new_val' wrangler.json > wrangler.json.tmp # Replace the old file with the newly updated one mv wrangler.json.tmp wrangler.json - name: Deploy Worker + assets - if: github.ref == 'refs/heads/main' - run: npx wrangler deploy --env prod + run: npx wrangler deploy --env "$TARGET_ENV" env: CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} diff --git a/package.json b/package.json index aa6cbc6..d96874b 100644 --- a/package.json +++ b/package.json @@ -4,12 +4,12 @@ "private": true, "scripts": { "dev": "wrangler dev --env dev", - "deploy": "wrangler d1 migrations apply DB --remote && wrangler deploy", + "deploy": "wrangler d1 migrations apply DB --remote && wrangler deploy --env production", "typecheck": "tsc --noEmit", "test": "vitest run", "db:migrate:local": "wrangler d1 migrations apply DB --local --env dev", "db:seed:local": "wrangler d1 execute DB --local --file test/seed-local.sql --env dev", - "db:migrate:remote": "wrangler d1 migrations apply DB --remote" + "db:migrate:remote": "wrangler d1 migrations apply DB --remote --env production" }, "dependencies": { "hono": "^4.6.0", diff --git a/worker-configuration.d.ts b/worker-configuration.d.ts index b025e75..e338b1e 100644 --- a/worker-configuration.d.ts +++ b/worker-configuration.d.ts @@ -1,5 +1,5 @@ /* eslint-disable */ -// Generated by Wrangler by running `wrangler types` (hash: 4da199130f00b626578a818ba765ff7b) +// Generated by Wrangler by running `wrangler types` (hash: fe199aae2c0315020845f5624581203b) // Runtime types generated with workerd@1.20260625.1 2026-06-25 nodejs_compat interface __BaseEnv_Env { DB?: D1Database; @@ -21,7 +21,17 @@ declare namespace Cloudflare { ASSETS: Fetcher; DEV_BYPASS_SECRET: string; } - interface ProdEnv { + interface ProductionEnv { + DB: D1Database; + ASSETS: Fetcher; + GITHUB_APP_ID: string; + GITHUB_APP_CLIENT_ID: string; + GITHUB_APP_PRIVATE_KEY: string; + GITHUB_WEBHOOK_SECRET: string; + CF_ACCESS_AUD: string; + CF_ACCESS_TEAM_DOMAIN: string; + } + interface PreviewEnv { DB: D1Database; ASSETS: Fetcher; GITHUB_APP_ID: string; diff --git a/wrangler.json b/wrangler.json index ae27126..3d30425 100644 --- a/wrangler.json +++ b/wrangler.json @@ -29,7 +29,7 @@ ] } }, - "prod": { + "production": { "observability": { "enabled": true }, "triggers": { "crons": ["30 6 * * *"] }, "d1_databases": [ @@ -49,6 +49,25 @@ "CF_ACCESS_TEAM_DOMAIN" ] } + }, + "preview": { + "d1_databases": [ + { + "binding": "DB", + "database_name": "coverage", + "migrations_dir": "migrations" + } + ], + "secrets": { + "required": [ + "GITHUB_APP_ID", + "GITHUB_APP_CLIENT_ID", + "GITHUB_APP_PRIVATE_KEY", + "GITHUB_WEBHOOK_SECRET", + "CF_ACCESS_AUD", + "CF_ACCESS_TEAM_DOMAIN" + ] + } } } } From e6ed7f0b413e2deeb2e74bf56e8a44566dbb72dc Mon Sep 17 00:00:00 2001 From: Torgny Bjers Date: Sat, 27 Jun 2026 18:14:14 -0400 Subject: [PATCH 2/3] ci: fix environment name variable interpolation in with jq --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 6bda251..c28dd9a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -55,7 +55,7 @@ jobs: DB_ID: ${{ secrets.CLOUDFLARE_D1_DATABASE_ID }} run: | # Use jq to update the database_id inside the d1_databases array - jq --arg new_val "${DB_ID}" '.env.${TARGET_ENV}.d1_databases[0].database_id = $new_val' wrangler.json > wrangler.json.tmp + jq --arg new_val "${DB_ID}" '.env."${TARGET_ENV}".d1_databases[0].database_id = $new_val' wrangler.json > wrangler.json.tmp # Replace the old file with the newly updated one mv wrangler.json.tmp wrangler.json From d79949419c4286ad75516d032b452dae81a0cbbf Mon Sep 17 00:00:00 2001 From: Torgny Bjers Date: Sat, 27 Jun 2026 18:28:14 -0400 Subject: [PATCH 3/3] ci: inject environment secrets --- .github/workflows/deploy.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index c28dd9a..a4845c9 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -60,6 +60,22 @@ jobs: # Replace the old file with the newly updated one mv wrangler.json.tmp wrangler.json + - name: Set up secrets + env: + GITHUB_APP_ID: ${{ secrets.GITHUB_APP_ID }} + GITHUB_APP_CLIENT_ID: ${{ secrets.GITHUB_APP_CLIENT_ID }} + GITHUB_APP_PRIVATE_KEY: ${{ secrets.GITHUB_APP_PRIVATE_KEY }} + GITHUB_WEBHOOK_SECRET: ${{ secrets.GITHUB_WEBHOOK_SECRET }} + CF_ACCESS_AUD: ${{ secrets.CF_ACCESS_AUD }} + CF_ACCESS_TEAM_DOMAIN: ${{ secrets.CF_ACCESS_TEAM_DOMAIN }} + run: | + echo "$GITHUB_APP_ID" | npx wrangler secret put GITHUB_APP_ID --env "$TARGET_ENV" + echo "$GITHUB_APP_CLIENT_ID" | npx wrangler secret put GITHUB_APP_CLIENT_ID --env "$TARGET_ENV" + echo "$GITHUB_APP_PRIVATE_KEY" | npx wrangler secret put GITHUB_APP_PRIVATE_KEY --env "$TARGET_ENV" + echo "$GITHUB_WEBHOOK_SECRET" | npx wrangler secret put GITHUB_WEBHOOK_SECRET --env "$TARGET_ENV" + echo "$CF_ACCESS_AUD" | npx wrangler secret put CF_ACCESS_AUD --env "$TARGET_ENV" + echo "$CF_ACCESS_TEAM_DOMAIN" | npx wrangler secret put CF_ACCESS_TEAM_DOMAIN --env "$TARGET_ENV" + - name: Deploy Worker + assets run: npx wrangler deploy --env "$TARGET_ENV" env: