name: 'Backend Staging Deployment' on: workflow_call: # workflow_dispatch: # push: # branches: # - staging # paths: # - 'packages/api/**' jobs: deploy: name: Deploy to Cloudflare Workers runs-on: ubuntu-latest timeout-minutes: 10 permissions: contents: read deployments: write steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 1 - name: 'Bun setup' uses: oven-sh/setup-bun@v1 with: bun-version: latest - name: 'Bun install' run: bun install - name: Migrate database run: cd packages/api && bun run migrate:staging env: NO_D1_WARNING: true CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} - name: Deploy uses: cloudflare/wrangler-action@v3 with: wranglerVersion: '4.0.0' apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} workingDirectory: packages/api command: deploy src/worker.ts --minify environment: staging packageManager: bun secrets: | APP_URL API_URL SUPABASE_URL SUPABASE_JWT_VERIFICATION_KEY SUPABASE_SERVICE_ROLE WEBHOOK_SUPABASE_SECRET OPENAI_API_KEY CERTIFICATE_P12_BASE64_CHUNK_1 CERTIFICATE_P12_BASE64_CHUNK_2 CERTIFICATE_P12_PASSWORD env: APP_URL: ${{ secrets.STAGING_APP_URL }} API_URL: ${{ secrets.STAGING_API_URL }} SUPABASE_URL: ${{ secrets.STAGING_SUPABASE_URL }} SUPABASE_JWT_VERIFICATION_KEY: ${{ secrets.STAGING_SUPABASE_JWT_VERIFICATION_KEY }} SUPABASE_SERVICE_ROLE: ${{ secrets.STAGING_SUPABASE_SERVICE_ROLE }} WEBHOOK_SUPABASE_SECRET: ${{ secrets.STAGING_WEBHOOK_SUPABASE_SECRET }} OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} CERTIFICATE_P12_BASE64_CHUNK_1: ${{ secrets.CERTIFICATE_P12_BASE64_CHUNK_1 }} CERTIFICATE_P12_BASE64_CHUNK_2: ${{ secrets.CERTIFICATE_P12_BASE64_CHUNK_2 }} CERTIFICATE_P12_PASSWORD: ${{ secrets.CERTIFICATE_P12_PASSWORD }}