Deploy Workers #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Workers | |
| # Fully automated production deploy. Runs after "Static Checks" succeeds on main — | |
| # no manual step required. `workflow_dispatch` is kept only as a manual fallback. | |
| # The worker chain (agent → gateway → webhooks → preview-proxy) is the Daytona | |
| # backend; the web deploy runs independently and self-skips until its NEXT_PUBLIC | |
| # vars are configured (so a missing web var never blocks the backend cutover). | |
| on: | |
| workflow_run: | |
| workflows: ["Static Checks"] | |
| types: [completed] | |
| workflow_dispatch: {} | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: production-deploy | |
| cancel-in-progress: false | |
| jobs: | |
| # Gateway MUST deploy first: it DEFINES the QuotaTracker Durable Object that the | |
| # agent worker cross-script binds to (CF requires the defining script to exist | |
| # before a consumer can bind its class). Gateway's own service binding to | |
| # cheatcode-agent resolves lazily, so gateway-first has no chicken-and-egg. | |
| deploy-gateway: | |
| # Only on a successful Static Checks run on main, or a manual dispatch. | |
| if: ${{ github.event_name == 'workflow_dispatch' || (github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main') }} | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_sha || github.sha }} | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10.33.2 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| - run: pnpm turbo build --filter=@cheatcode/gateway-worker | |
| - uses: cloudflare/wrangler-action@v3 | |
| with: | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| workingDirectory: apps/gateway-worker | |
| command: deploy | |
| deploy-agent: | |
| needs: deploy-gateway | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_sha || github.sha }} | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10.33.2 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| - run: pnpm turbo build --filter=@cheatcode/agent-worker | |
| - uses: cloudflare/wrangler-action@v3 | |
| with: | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| workingDirectory: apps/agent-worker | |
| command: deploy | |
| deploy-webhooks: | |
| needs: deploy-agent | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_sha || github.sha }} | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10.33.2 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| - run: pnpm turbo build --filter=@cheatcode/webhooks-worker | |
| - uses: cloudflare/wrangler-action@v3 | |
| with: | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| workingDirectory: apps/webhooks-worker | |
| command: deploy | |
| deploy-preview-proxy: | |
| needs: deploy-webhooks | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_sha || github.sha }} | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10.33.2 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| - run: pnpm turbo build --filter=@cheatcode/preview-proxy | |
| - uses: cloudflare/wrangler-action@v3 | |
| with: | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| workingDirectory: apps/preview-proxy | |
| command: deploy | |
| deploy-web: | |
| # Independent of the worker chain; self-skips until the NEXT_PUBLIC vars exist | |
| # so a missing web var can never block the backend cutover. | |
| needs: deploy-agent | |
| if: ${{ vars.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY != '' }} | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_sha || github.sha }} | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10.33.2 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| # `run deploy` (not bare `deploy`) — `pnpm deploy` is a reserved built-in | |
| # that ignores the package's deploy script and errors NOTHING_TO_DEPLOY. | |
| - run: pnpm --filter @cheatcode/web run deploy | |
| env: | |
| CHEATCODE_PROD_DEPLOY_APPROVED: "true" | |
| CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ vars.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }} | |
| NEXT_PUBLIC_POLAR_PRO_MONTHLY_PRODUCT_ID: ${{ vars.NEXT_PUBLIC_POLAR_PRO_MONTHLY_PRODUCT_ID }} |