168 lines
7.5 KiB
YAML
168 lines
7.5 KiB
YAML
name: Build
|
|
|
|
on:
|
|
push:
|
|
branches: [main, uat, release*]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build:
|
|
name: Run production build
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
# Pin tool versions to avoid upstream updates breaking CI
|
|
WORKER_BUILD_VERSION: "0.7.1"
|
|
WRANGLER_VERSION: "4.54.0"
|
|
|
|
# Required for wrangler
|
|
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Node.js (for npx wrangler)
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "20"
|
|
|
|
- name: Install Rust toolchain (from rust-toolchain.toml)
|
|
run: |
|
|
set -euo pipefail
|
|
TOOLCHAIN="$(sed -n 's/^channel[[:space:]]*=[[:space:]]*"\([^"]*\)".*$/\1/p' rust-toolchain.toml | head -n 1)"
|
|
if [ -z "$TOOLCHAIN" ]; then
|
|
echo "❌ Failed to read toolchain channel from rust-toolchain.toml" >&2
|
|
exit 1
|
|
fi
|
|
echo "Using Rust toolchain: $TOOLCHAIN"
|
|
echo "RUSTUP_TOOLCHAIN=$TOOLCHAIN" >> "$GITHUB_ENV"
|
|
rustup toolchain install "$TOOLCHAIN" --profile minimal --component rustfmt --component clippy --target wasm32-unknown-unknown
|
|
# - name: Cache Cargo registry and build artifacts
|
|
# uses: actions/cache@v3
|
|
# with:
|
|
# path: |
|
|
# target
|
|
# ~/.cargo/bin
|
|
# ~/.cargo/registry
|
|
# ~/.cargo/git
|
|
# key: cargo-build-cache-${{ github.run_id }}
|
|
# restore-keys: |
|
|
# cargo-build-cache-
|
|
- name: Install lld
|
|
run: sudo apt install -y lld clang gcc llvm
|
|
|
|
- name: Install worker-build
|
|
run: |
|
|
set -euo pipefail
|
|
if command -v worker-build &> /dev/null; then
|
|
echo "worker-build already installed: $(worker-build --version || true)"
|
|
fi
|
|
cargo install --locked -q worker-build --version "${WORKER_BUILD_VERSION}"
|
|
|
|
- name: Download and extract frontend (bw_web_builds)
|
|
run: |
|
|
# Get latest version tag from bw_web_builds
|
|
LATEST_TAG=$(curl -s https://api.github.com/repos/dani-garcia/bw_web_builds/releases/latest | jq -r .tag_name)
|
|
echo "📦 Downloading frontend version: $LATEST_TAG"
|
|
|
|
# Download the web vault release
|
|
wget -q "https://github.com/dani-garcia/bw_web_builds/releases/download/$LATEST_TAG/bw_web_${LATEST_TAG}.tar.gz"
|
|
|
|
# Create public directory and extract
|
|
mkdir -p public
|
|
tar -xzf bw_web_${LATEST_TAG}.tar.gz -C public/
|
|
|
|
# bw_web_builds extracts with a web-vault folder, move contents out
|
|
if [ -d "public/web-vault" ]; then
|
|
shopt -s dotglob
|
|
mv public/web-vault/* public/
|
|
shopt -u dotglob
|
|
rmdir public/web-vault
|
|
fi
|
|
|
|
# Cleanup
|
|
rm -f bw_web_${LATEST_TAG}.tar.gz
|
|
|
|
echo "✅ Frontend files extracted to ./public"
|
|
ls -la public/ | head -20
|
|
|
|
- name: Replace D1_DATABASE_ID in wrangler.toml
|
|
run: sed -i "s/\${D1_DATABASE_ID}/${{ secrets.D1_DATABASE_ID }}/g" wrangler.toml
|
|
|
|
- name: Enable R2 binding when R2_NAME is provided
|
|
env:
|
|
R2_NAME: ${{ secrets.R2_NAME }}
|
|
run: |
|
|
if [ -n "$R2_NAME" ]; then
|
|
echo "🔧 Enabling R2 bucket binding"
|
|
{
|
|
echo ''
|
|
echo '[[r2_buckets]]'
|
|
echo 'binding = "ATTACHMENTS_BUCKET"'
|
|
echo "bucket_name = \"${R2_NAME}\""
|
|
} >> wrangler.toml
|
|
else
|
|
echo "⏭️ R2_NAME not set, skipping R2 binding"
|
|
fi
|
|
|
|
- name: Apply D1 database migrations
|
|
run: |
|
|
set -euo pipefail # Ensure pipe returns first non-zero exit code
|
|
WRANGLER="npx --yes wrangler@${WRANGLER_VERSION}"
|
|
|
|
# Apply migrations with retry loop to handle legacy ensure_schema columns
|
|
MAX_RETRIES=10
|
|
RETRY_COUNT=0
|
|
|
|
while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
|
|
echo "🔄 Attempting to apply migrations (attempt $((RETRY_COUNT + 1))/$MAX_RETRIES)..."
|
|
|
|
if $WRANGLER d1 migrations apply vault1 --remote 2>&1 | tee migration_output.txt; then
|
|
echo "✅ All migrations applied successfully"
|
|
exit 0
|
|
fi
|
|
|
|
# Check if failure is due to duplicate column (from legacy ensure_schema)
|
|
if grep -q "duplicate column name" migration_output.txt; then
|
|
# Extract the migration name that failed
|
|
# Format: "Migration 0001_add_password_salt.sql failed with the following errors:"
|
|
FAILED_MIGRATION=$(grep -oP "Migration \K[0-9]+_[a-zA-Z0-9_]+\.sql(?= failed)" migration_output.txt)
|
|
if [ -z "$FAILED_MIGRATION" ]; then
|
|
echo "❌ Detected duplicate column error, but could not identify the migration filename from output."
|
|
cat migration_output.txt
|
|
exit 1
|
|
fi
|
|
|
|
echo "⚠️ Migration '$FAILED_MIGRATION' failed: column already exists"
|
|
echo "📝 Marking migration as applied..."
|
|
|
|
# Initialize d1_migrations table and mark this migration as applied
|
|
$WRANGLER d1 execute vault1 --remote --command "
|
|
CREATE TABLE IF NOT EXISTS d1_migrations (
|
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
name TEXT UNIQUE NOT NULL,
|
|
applied_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
|
|
);
|
|
INSERT OR IGNORE INTO d1_migrations (name) VALUES ('$FAILED_MIGRATION');
|
|
"
|
|
|
|
RETRY_COUNT=$((RETRY_COUNT + 1))
|
|
echo "🔁 Retrying remaining migrations..."
|
|
else
|
|
echo "❌ Migration failed with unexpected error:"
|
|
cat migration_output.txt
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
echo "❌ Max retries ($MAX_RETRIES) exceeded"
|
|
exit 1
|
|
|
|
- uses: cloudflare/wrangler-action@v3
|
|
id: cf
|
|
with:
|
|
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
|
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
|
|
wranglerVersion: ${{ env.WRANGLER_VERSION }}
|
|
packageManager: npm
|
|
command: deploy
|