warden-worker/.github/workflows/deploy-dev.yaml
qaz741wsd856 929dadbb08 fix: restructure frontend asset handling and add UI overrides
- Updated `.gitignore` to reflect new directory structure for frontend assets under `public/web-vault/`.
- Modified `README.md` to include instructions for applying UI overrides and updated deployment notes.
- Adjusted `wrangler.toml` to point to the new asset directory.
- Updated GitHub workflows to remove large source maps to satisfy Cloudflare static asset per-file limits.
- Introduced `vaultwarden.css` for lightweight UI tweaks and added a script to apply these overrides during deployment.
- Updated deployment documentation to reflect changes in asset management and optional UI customization.
2025-12-28 16:51:25 +00:00

167 lines
No EOL
7.7 KiB
YAML

name: Deploy Dev
on:
push:
branches: [dev]
workflow_dispatch:
jobs:
build-and-deploy:
name: Deploy to Cloudflare (Dev)
runs-on: ubuntu-latest
env:
# Pin tool versions to avoid upstream updates breaking CI
WORKER_BUILD_VERSION: "0.7.1"
WRANGLER_VERSION: "4.54.0"
# Required for wrangler
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
steps:
- uses: actions/checkout@v4
- name: Set up Node.js (for npx wrangler)
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Install Rust toolchain (from rust-toolchain.toml)
run: |
set -euo pipefail
TOOLCHAIN="$(sed -n 's/^channel[[:space:]]*=[[:space:]]*"\([^"]*\)".*$/\1/p' rust-toolchain.toml | head -n 1)"
if [ -z "$TOOLCHAIN" ]; then
echo "❌ Failed to read toolchain channel from rust-toolchain.toml" >&2
exit 1
fi
echo "Using Rust toolchain: $TOOLCHAIN"
echo "RUSTUP_TOOLCHAIN=$TOOLCHAIN" >> "$GITHUB_ENV"
rustup toolchain install "$TOOLCHAIN" --profile minimal --component rustfmt --component clippy --target wasm32-unknown-unknown
- name: Install lld
run: sudo apt install -y lld clang gcc llvm
- name: Install worker-build
run: |
set -euo pipefail
if command -v worker-build &> /dev/null; then
echo "worker-build already installed: $(worker-build --version || true)"
fi
cargo install --locked -q worker-build --version "${WORKER_BUILD_VERSION}"
- name: Download and extract frontend (bw_web_builds)
run: |
# Get latest version tag from bw_web_builds
LATEST_TAG=$(curl -s https://api.github.com/repos/dani-garcia/bw_web_builds/releases/latest | jq -r .tag_name)
echo "📦 Downloading frontend version: $LATEST_TAG"
# Download the web vault release
wget -q "https://github.com/dani-garcia/bw_web_builds/releases/download/$LATEST_TAG/bw_web_${LATEST_TAG}.tar.gz"
# Extract to public/web-vault
tar -xzf bw_web_${LATEST_TAG}.tar.gz -C public/
# bw_web_builds extracts into a web-vault folder (expected)
if [ ! -d "public/web-vault" ]; then
echo "❌ Expected ./public/web-vault after extracting bw_web_builds" >&2
ls -la public/ | head -50 || true
exit 1
fi
# Remove large source maps to satisfy Cloudflare static asset per-file limits
find public/web-vault -type f -name '*.map' -delete
# Cleanup
rm -f bw_web_${LATEST_TAG}.tar.gz
echo "✅ Frontend files extracted to ./public/web-vault"
ls -la public/web-vault/ | head -20
- name: Apply web vault overrides (vaultwarden.css)
env:
# Optional: control build-time UI tweaks (defaults to hiding signup unless explicitly set to "false")
DISABLE_USER_REGISTRATION: ${{ vars.DISABLE_USER_REGISTRATION_DEV }}
run: |
bash scripts/apply-web-vault-overrides.sh public/web-vault
- name: Replace D1_DATABASE_ID_DEV in wrangler.toml
run: sed -i "s/\${D1_DATABASE_ID_DEV}/${{ secrets.D1_DATABASE_ID_DEV }}/g" wrangler.toml
- name: Enable R2 binding when R2_NAME_DEV is provided
env:
R2_NAME_DEV: ${{ secrets.R2_NAME_DEV }}
run: |
if [ -n "$R2_NAME_DEV" ]; then
echo "🔧 Enabling dev R2 bucket binding"
{
echo ''
echo '[[env.dev.r2_buckets]]'
echo 'binding = "ATTACHMENTS_BUCKET"'
echo "bucket_name = \"${R2_NAME_DEV}\""
} >> wrangler.toml
else
echo "⏭️ R2_NAME_DEV not set, skipping R2 binding"
fi
- name: Apply D1 database migrations (dev)
run: |
set -euo pipefail # Ensure pipe returns first non-zero exit code
WRANGLER="npx --yes wrangler@${WRANGLER_VERSION}"
# Apply migrations with retry loop to handle legacy ensure_schema columns
MAX_RETRIES=10
RETRY_COUNT=0
while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
echo "🔄 Attempting to apply migrations (attempt $((RETRY_COUNT + 1))/$MAX_RETRIES)..."
if $WRANGLER d1 migrations apply vault1 --env dev --remote 2>&1 | tee migration_output.txt; then
echo "✅ All migrations applied successfully"
exit 0
fi
# Check if failure is due to duplicate column (from legacy ensure_schema)
if grep -q "duplicate column name" migration_output.txt; then
# Extract the migration name that failed
# Format: "Migration 0001_add_password_salt.sql failed with the following errors:"
FAILED_MIGRATION=$(grep -oP "Migration \K[0-9]+_[a-zA-Z0-9_]+\.sql(?= failed)" migration_output.txt)
if [ -z "$FAILED_MIGRATION" ]; then
echo "❌ Detected duplicate column error, but could not identify the migration filename from output."
cat migration_output.txt
exit 1
fi
echo "⚠️ Migration '$FAILED_MIGRATION' failed: column already exists"
echo "📝 Marking migration as applied..."
# Initialize d1_migrations table and mark this migration as applied
$WRANGLER d1 execute vault1 --env dev --remote --command "
CREATE TABLE IF NOT EXISTS d1_migrations (
id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT UNIQUE NOT NULL,
applied_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
);
INSERT OR IGNORE INTO d1_migrations (name) VALUES ('$FAILED_MIGRATION');
"
RETRY_COUNT=$((RETRY_COUNT + 1))
echo "🔁 Retrying remaining migrations..."
else
echo "❌ Migration failed with unexpected error:"
cat migration_output.txt
exit 1
fi
done
echo "❌ Max retries ($MAX_RETRIES) exceeded"
exit 1
- uses: cloudflare/wrangler-action@v3
id: cf
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
wranglerVersion: ${{ env.WRANGLER_VERSION }}
packageManager: npm
command: deploy --env dev