From 8eba4022a3ea1bdbcad9329e4f8f24d966534834 Mon Sep 17 00:00:00 2001 From: iamjr15 Date: Sun, 21 Jun 2026 15:05:21 +0530 Subject: [PATCH 1/2] fix(ci): build db dep closure before db:generate in DB Migrate The `diff` job ran `db:generate` straight after install, but drizzle.config.ts imports `@cheatcode/env/migrate` (built ./dist), so it failed with "Cannot find module @cheatcode/env/dist/migrate.js" on a fresh runner. Build `@cheatcode/db^...` (its workspace dep closure) first. Also add this workflow to the pull_request paths so workflow changes self-validate the diff job. --- .github/workflows/db-migrate.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/db-migrate.yml b/.github/workflows/db-migrate.yml index 2e9ae26..1cb1c2d 100644 --- a/.github/workflows/db-migrate.yml +++ b/.github/workflows/db-migrate.yml @@ -7,6 +7,7 @@ on: - packages/db/src/schema/** - packages/db/drizzle/** - scripts/migrate.ts + - .github/workflows/db-migrate.yml workflow_dispatch: concurrency: @@ -27,6 +28,10 @@ jobs: node-version: 22 cache: pnpm - run: pnpm install --frozen-lockfile + # drizzle.config.ts imports @cheatcode/env/migrate (built ./dist), so build the db + # package's workspace dep closure before generate — otherwise db:generate fails with + # "Cannot find module @cheatcode/env/dist/migrate.js" on a fresh runner. + - run: pnpm turbo build --filter=@cheatcode/db^... - run: pnpm --filter @cheatcode/db db:generate - name: Fail if Drizzle migrations drifted run: git diff --exit-code packages/db/drizzle From 7b7e40df76d4753392898d642cf7f5abe047db0d Mon Sep 17 00:00:00 2001 From: iamjr15 Date: Sun, 21 Jun 2026 15:11:32 +0530 Subject: [PATCH 2/2] fix(ci): placeholder URL for db:generate + guard connect-only plan step db:generate never connects but drizzle.config.ts eagerly requires a URL; supply a placeholder. The migration-plan step needs a real DB and the SUPABASE_MIGRATION_URL secret isn't configured, so guard it on the secret being present. Drift check (generate + git diff) is the gate. --- .github/workflows/db-migrate.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/db-migrate.yml b/.github/workflows/db-migrate.yml index 1cb1c2d..7d0c460 100644 --- a/.github/workflows/db-migrate.yml +++ b/.github/workflows/db-migrate.yml @@ -18,6 +18,10 @@ jobs: diff: if: github.event_name == 'pull_request' runs-on: ubuntu-latest + env: + # Empty unless the SUPABASE_MIGRATION_URL secret is configured. Gates the + # connection-dependent migration-plan step below. + MIGRATION_DB_URL: ${{ secrets.SUPABASE_MIGRATION_URL }} steps: - uses: actions/checkout@v4 - uses: pnpm/action-setup@v4 @@ -32,14 +36,23 @@ jobs: # package's workspace dep closure before generate — otherwise db:generate fails with # "Cannot find module @cheatcode/env/dist/migrate.js" on a fresh runner. - run: pnpm turbo build --filter=@cheatcode/db^... + # drizzle-kit generate reads the schema and never connects; a placeholder URL just + # satisfies drizzle.config.ts's eager loadMigrationEnv() call. - run: pnpm --filter @cheatcode/db db:generate + env: + SUPABASE_MIGRATION_URL: postgres://placeholder@localhost:5432/placeholder - name: Fail if Drizzle migrations drifted run: git diff --exit-code packages/db/drizzle + # The pending-plan comment needs a real DB connection, so it only runs when the + # SUPABASE_MIGRATION_URL secret is configured (it is not today). The drift check + # above is the gate; this stays best-effort. - name: Compute pending migration plan + if: env.MIGRATION_DB_URL != '' run: pnpm tsx scripts/migrate.ts --dry-run | tee migration-plan.txt env: - SUPABASE_MIGRATION_URL: ${{ secrets.SUPABASE_MIGRATION_URL }} + SUPABASE_MIGRATION_URL: ${{ env.MIGRATION_DB_URL }} - uses: marocchino/sticky-pull-request-comment@v2 + if: env.MIGRATION_DB_URL != '' with: header: db-migration-plan path: migration-plan.txt