Madhura68
a57eadbbd3
dorny/paths-filter@v3 leest PR-changed-files via de GitHub API. Default GITHUB_TOKEN heeft op deze repo geen pull-requests:read permission, waardoor de action faalde met "Resource not accessible by integration". Workflow-level permissions toegevoegd: contents:read + pull-requests:read. Geen andere wijzigingen aan jobs nodig. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
201 lines
5 KiB
YAML
201 lines
5 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
workflow_dispatch:
|
|
inputs:
|
|
target:
|
|
type: choice
|
|
description: Deploy target
|
|
options: [preview, production]
|
|
default: preview
|
|
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
|
|
jobs:
|
|
ci:
|
|
name: Lint, Typecheck, Test & Build
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name != 'workflow_dispatch'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v5
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v5
|
|
with:
|
|
node-version: '24'
|
|
cache: 'npm'
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Generate Prisma client
|
|
run: npx prisma generate --generator client
|
|
|
|
- name: Lint
|
|
run: npm run lint
|
|
|
|
- name: Typecheck
|
|
run: npx tsc --noEmit
|
|
|
|
- name: Prisma validate
|
|
run: npx prisma validate
|
|
|
|
- name: Test
|
|
run: npm test
|
|
|
|
- name: Check doc links
|
|
run: npm run docs:check-links
|
|
|
|
- name: Build
|
|
run: npm run build
|
|
env:
|
|
DATABASE_URL: ${{ secrets.DATABASE_URL }}
|
|
DIRECT_URL: ${{ secrets.DIRECT_URL }}
|
|
SESSION_SECRET: ${{ secrets.SESSION_SECRET }}
|
|
|
|
changes:
|
|
name: Detect deploy-relevant changes
|
|
runs-on: ubuntu-latest
|
|
needs: ci
|
|
if: github.event_name != 'workflow_dispatch'
|
|
outputs:
|
|
code: ${{ steps.filter.outputs.code }}
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
- uses: dorny/paths-filter@v3
|
|
id: filter
|
|
with:
|
|
filters: |
|
|
code:
|
|
- 'app/**'
|
|
- 'components/**'
|
|
- 'lib/**'
|
|
- 'actions/**'
|
|
- 'stores/**'
|
|
- 'prisma/**'
|
|
- 'public/**'
|
|
- 'package.json'
|
|
- 'package-lock.json'
|
|
- 'next.config.ts'
|
|
- 'tsconfig.json'
|
|
- 'vercel.json'
|
|
- 'proxy.ts'
|
|
- 'middleware.ts'
|
|
- '.github/workflows/**'
|
|
|
|
deploy-preview:
|
|
name: Deploy Preview (PR)
|
|
runs-on: ubuntu-latest
|
|
needs: [ci, changes]
|
|
if: |
|
|
github.event_name == 'pull_request' && (
|
|
(needs.changes.outputs.code == 'true'
|
|
&& !contains(github.event.pull_request.labels.*.name, 'skip-deploy'))
|
|
|| contains(github.event.pull_request.labels.*.name, 'force-deploy')
|
|
)
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v5
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v5
|
|
with:
|
|
node-version: '24'
|
|
cache: 'npm'
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Install Vercel CLI
|
|
run: npm install -g vercel@latest
|
|
|
|
- name: Deploy Preview to Vercel
|
|
run: vercel deploy --token=${{ secrets.VERCEL_TOKEN }}
|
|
env:
|
|
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
|
|
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
|
|
|
|
deploy-production:
|
|
name: Deploy Production (main)
|
|
runs-on: ubuntu-latest
|
|
needs: [ci, changes]
|
|
if: |
|
|
github.ref == 'refs/heads/main'
|
|
&& github.event_name == 'push'
|
|
&& needs.changes.outputs.code == 'true'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v5
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v5
|
|
with:
|
|
node-version: '24'
|
|
cache: 'npm'
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Install Vercel CLI
|
|
run: npm install -g vercel@latest
|
|
|
|
- name: Run database migrations
|
|
run: npx prisma migrate deploy
|
|
env:
|
|
DATABASE_URL: ${{ secrets.DATABASE_URL }}
|
|
DIRECT_URL: ${{ secrets.DIRECT_URL }}
|
|
|
|
- name: Deploy Production to Vercel
|
|
run: vercel deploy --prod --token=${{ secrets.VERCEL_TOKEN }}
|
|
env:
|
|
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
|
|
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
|
|
|
|
deploy-manual:
|
|
name: Deploy Manual (workflow_dispatch)
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name == 'workflow_dispatch'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v5
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v5
|
|
with:
|
|
node-version: '24'
|
|
cache: 'npm'
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Install Vercel CLI
|
|
run: npm install -g vercel@latest
|
|
|
|
- name: Run database migrations (production only)
|
|
if: inputs.target == 'production'
|
|
run: npx prisma migrate deploy
|
|
env:
|
|
DATABASE_URL: ${{ secrets.DATABASE_URL }}
|
|
DIRECT_URL: ${{ secrets.DIRECT_URL }}
|
|
|
|
- name: Deploy
|
|
run: |
|
|
if [ "${{ inputs.target }}" = "production" ]; then
|
|
vercel deploy --prod --token=${{ secrets.VERCEL_TOKEN }}
|
|
else
|
|
vercel deploy --token=${{ secrets.VERCEL_TOKEN }}
|
|
fi
|
|
env:
|
|
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
|
|
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
|