Deploy Workers #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Workers | |
| # Fully automated production deploy. Runs after "Static Checks" succeeds on main — | |
| # no manual step required. `workflow_dispatch` is kept only as a manual fallback. | |
| # The worker chain (agent → gateway → webhooks → preview-proxy) is the Daytona | |
| # backend; the web deploy runs independently and self-skips until its NEXT_PUBLIC | |
| # vars are configured (so a missing web var never blocks the backend cutover). | |
| on: | |
| workflow_run: | |
| workflows: ["Static Checks"] | |
| types: [completed] | |
| workflow_dispatch: {} | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: production-deploy | |
| cancel-in-progress: false | |
| jobs: | |
| # Gateway MUST deploy first: it DEFINES the QuotaTracker Durable Object that the | |
| # agent worker cross-script binds to (CF requires the defining script to exist | |
| # before a consumer can bind its class). Gateway's own service binding to | |
| # cheatcode-agent resolves lazily, so gateway-first has no chicken-and-egg. | |
| deploy-gateway: | |
| # Only on a successful Static Checks run on main, or a manual dispatch. | |
| if: ${{ github.event_name == 'workflow_dispatch' || (github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main') }} | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_sha || github.sha }} | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10.33.2 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| - run: pnpm turbo build --filter=@cheatcode/gateway-worker | |
| - uses: cloudflare/wrangler-action@v3 | |
| with: | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| workingDirectory: apps/gateway-worker | |
| command: deploy | |
| deploy-agent: | |
| needs: deploy-gateway | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_sha || github.sha }} | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10.33.2 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| - run: pnpm turbo build --filter=@cheatcode/agent-worker | |
| - uses: cloudflare/wrangler-action@v3 | |
| with: | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| workingDirectory: apps/agent-worker | |
| command: deploy | |
| deploy-webhooks: | |
| needs: deploy-agent | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_sha || github.sha }} | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10.33.2 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| - run: pnpm turbo build --filter=@cheatcode/webhooks-worker | |
| - uses: cloudflare/wrangler-action@v3 | |
| with: | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| workingDirectory: apps/webhooks-worker | |
| command: deploy | |
| deploy-preview-proxy: | |
| needs: deploy-webhooks | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_sha || github.sha }} | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10.33.2 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| - run: pnpm turbo build --filter=@cheatcode/preview-proxy | |
| - uses: cloudflare/wrangler-action@v3 | |
| with: | |
| apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} | |
| workingDirectory: apps/preview-proxy | |
| command: deploy | |
| deploy-web-vercel: | |
| # The web app is hosted on Vercel: its Next.js bundle exceeds Cloudflare's | |
| # Worker size limit, so the frontend lives on Vercel while the all-Cloudflare | |
| # backend stays on the worker chain above. Independent of that chain. Build env | |
| # (NEXT_PUBLIC_*, CLERK_SECRET_KEY) lives in the Vercel project, so `vercel | |
| # deploy` triggers a server-side build — CI only needs the token + project ids. | |
| # Self-skips until VERCEL_PROJECT_ID is configured. | |
| if: ${{ vars.VERCEL_PROJECT_ID != '' && (github.event_name == 'workflow_dispatch' || (github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main')) }} | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_sha || github.sha }} | |
| - run: npm install -g vercel@latest | |
| - run: vercel deploy --prod --yes --token="$VERCEL_TOKEN" | |
| env: | |
| VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }} | |
| VERCEL_ORG_ID: ${{ vars.VERCEL_ORG_ID }} | |
| VERCEL_PROJECT_ID: ${{ vars.VERCEL_PROJECT_ID }} |