From ed48871fb90dfe2317106f41985354a8ea2a94cb Mon Sep 17 00:00:00 2001 From: Nejc Drobnic Date: Mon, 6 Apr 2026 12:24:54 +0200 Subject: [PATCH 1/2] feat(deploy): add support for vercel git-based auto-deployments - add `AUTO_DEPLOY_ENABLED` and related git settings to terraform variables - update `deploy-web.yml` to skip CLI deployment when vercel auto-deploy is active - configure vercel module to link git repository if auto-deploy is enabled - document new configuration options in `GETTING_STARTED.md` --- .github/workflows/deploy-web.yml | 4 ++ .github/workflows/terraform.yml | 8 ++++ docs/GETTING_STARTED.md | 4 ++ .../production/terraform.tfvars.example | 8 ++++ .../environments/production/variables.tf | 43 +++++++++++++++++++ .../environments/production/web-vercel.tf | 7 ++- 6 files changed, 73 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-web.yml b/.github/workflows/deploy-web.yml index 3848dcbfe..fea9a6352 100644 --- a/.github/workflows/deploy-web.yml +++ b/.github/workflows/deploy-web.yml @@ -27,12 +27,16 @@ jobs: run: | # Skip if web_platform is set to something other than vercel WEB_PLATFORM="${{ secrets.WEB_PLATFORM }}" + AUTO_DEPLOY_ENABLED="${{ secrets.AUTO_DEPLOY_ENABLED }}" if [ -n "$WEB_PLATFORM" ] && [ "$WEB_PLATFORM" != "vercel" ]; then echo "Skipping Vercel deployment - web_platform is '${WEB_PLATFORM}'" echo "configured=false" >> $GITHUB_OUTPUT elif [ -z "${{ secrets.VERCEL_API_TOKEN }}" ] || [ -z "${{ secrets.VERCEL_PROJECT_ID }}" ]; then echo "Skipping deployment - Vercel secrets not configured" echo "configured=false" >> $GITHUB_OUTPUT + elif [ -n "$AUTO_DEPLOY_ENABLED" ] && [ "$AUTO_DEPLOY_ENABLED" != "false" ]; then + echo "Skipping deployment - auto deploy is handled by Vercel" + echo "configured=false" >> $GITHUB_OUTPUT else echo "configured=true" >> $GITHUB_OUTPUT fi diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index b9bc64bb4..b236efc43 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -212,6 +212,10 @@ jobs: TF_VAR_linear_client_secret: ${{ secrets.LINEAR_CLIENT_SECRET }} TF_VAR_linear_webhook_secret: ${{ secrets.LINEAR_WEBHOOK_SECRET }} TF_VAR_web_platform: "${{ secrets.WEB_PLATFORM || 'vercel' }}" + TF_VAR_auto_deploy_enabled: "${{ secrets.AUTO_DEPLOY_ENABLED || 'false' }}" + TF_VAR_auto_deploy_git_repository: ${{ secrets.AUTO_DEPLOY_GIT_REPOSITORY }} + TF_VAR_auto_deploy_git_branch: ${{ secrets.AUTO_DEPLOY_GIT_BRANCH }} + TF_VAR_auto_deploy_source: ${{ secrets.AUTO_DEPLOY_SOURCE }} TF_VAR_enable_durable_object_bindings: "${{ secrets.ENABLE_DURABLE_OBJECT_BINDINGS || 'true' }}" - name: Post Plan Results @@ -339,6 +343,10 @@ jobs: TF_VAR_linear_webhook_secret: ${{ secrets.LINEAR_WEBHOOK_SECRET }} TF_VAR_web_platform: "${{ secrets.WEB_PLATFORM || 'vercel' }}" TF_VAR_enable_durable_object_bindings: "${{ secrets.ENABLE_DURABLE_OBJECT_BINDINGS || 'true' }}" + TF_VAR_auto_deploy_enabled: "${{ secrets.AUTO_DEPLOY_ENABLED || 'false' }}" + TF_VAR_auto_deploy_git_repository: ${{ secrets.AUTO_DEPLOY_GIT_REPOSITORY }} + TF_VAR_auto_deploy_git_branch: ${{ secrets.AUTO_DEPLOY_GIT_BRANCH }} + TF_VAR_auto_deploy_source: ${{ secrets.AUTO_DEPLOY_SOURCE }} MODAL_TOKEN_ID: ${{ secrets.MODAL_TOKEN_ID }} MODAL_TOKEN_SECRET: ${{ secrets.MODAL_TOKEN_SECRET }} diff --git a/docs/GETTING_STARTED.md b/docs/GETTING_STARTED.md index 38f41ca81..8db99c4a2 100644 --- a/docs/GETTING_STARTED.md +++ b/docs/GETTING_STARTED.md @@ -602,6 +602,10 @@ Go to your fork's Settings → Secrets and variables → Actions, and add: | `VERCEL_API_TOKEN` | Vercel API token _(only if `web_platform = "vercel"`)_ | | `VERCEL_TEAM_ID` | Vercel team/account ID _(only if `web_platform = "vercel"`)_ | | `VERCEL_PROJECT_ID` | Vercel project ID _(only if `web_platform = "vercel"`)_ | +| `AUTO_DEPLOY_ENABLED` | `true` to enable auto deploy, `false` to skip (default: `false`) | +| `AUTO_DEPLOY_GIT_REPOSITORY` | Git repository _(only if `auto_deploy_enabled = "true"`)_ | +| `AUTO_DEPLOY_GIT_BRANCH` | Git branch _(only if `auto_deploy_enabled = "true"`)_ | +| `AUTO_DEPLOY_SOURCE` | Git source (e.g. `github`) _(only if `auto_deploy_enabled = "true"`)_ | | `NEXTAUTH_URL` | Your web app URL | | `MODAL_TOKEN_ID` | Modal token ID | | `MODAL_TOKEN_SECRET` | Modal token secret | diff --git a/terraform/environments/production/terraform.tfvars.example b/terraform/environments/production/terraform.tfvars.example index 47d3affff..396e52bca 100644 --- a/terraform/environments/production/terraform.tfvars.example +++ b/terraform/environments/production/terraform.tfvars.example @@ -110,6 +110,14 @@ linear_webhook_secret = "" # Webhook Signing Secret from the application confi # From: https://console.anthropic.com/ anthropic_api_key = "" +# ============================================================================= +# Vercel - auto-deploy +# ============================================================================= +enable_auto_deploy = false +auto_deploy_git_repository = "" +auto_deploy_git_branch = "" +auto_deploy_source = "github" + # ============================================================================= # Security Secrets # ============================================================================= diff --git a/terraform/environments/production/variables.tf b/terraform/environments/production/variables.tf index 02283bff9..47220441a 100644 --- a/terraform/environments/production/variables.tf +++ b/terraform/environments/production/variables.tf @@ -292,6 +292,49 @@ variable "project_root" { default = "../../../" } +# ============================================================================= +# Vercel - auto-deploy +# ============================================================================= + +variable "enable_auto_deploy" { + description = "Enable auto-deploy for Vercel" + type = bool + default = false + + validation { + condition = var.enable_auto_deploy == false || (length(var.auto_deploy_git_repository) > 0 && length(var.auto_deploy_git_branch) > 0) + error_message = "When enable_auto_deploy is true, auto_deploy_git_repository and auto_deploy_git_branch must be non-empty." + } +} + +variable "auto_deploy_git_repository" { + description = "Git repository for auto-deploy" + type = string + default = "" + + validation { + condition = var.auto_deploy_git_repository == "" || contains(var.auto_deploy_git_repository, "/") + error_message = "auto_deploy_git_repository must include / if specified" + } +} + +variable "auto_deploy_git_branch" { + description = "Git branch for auto-deploy" + type = string + default = "" +} + +variable "auto_deploy_source" { + description = "Source for auto-deploy" + type = string + default = "github" + + validation { + condition = contains(["github", "gitlab", "bitbucket"], var.auto_deploy_source) + error_message = "auto_deploy_source must be 'github', 'gitlab', or 'bitbucket'." + } +} + # ============================================================================= # Access Control # ============================================================================= diff --git a/terraform/environments/production/web-vercel.tf b/terraform/environments/production/web-vercel.tf index 0cbbd9e37..40f1c29e4 100644 --- a/terraform/environments/production/web-vercel.tf +++ b/terraform/environments/production/web-vercel.tf @@ -10,11 +10,16 @@ module "web_app" { team_id = var.vercel_team_id framework = "nextjs" - # No git_repository - deploy via CLI/CI instead of auto-deploy on push root_directory = "packages/web" install_command = "cd ../.. && npm install && npm run build -w @open-inspect/shared" build_command = "next build" + git_repository = var.enable_auto_deploy ? { + type = var.auto_deploy_source + repo = var.auto_deploy_git_repository + production_branch = var.auto_deploy_git_branch + } : null + environment_variables = [ # GitHub OAuth { From 1f4b21a261999b8d6a4c6dba0a2d8d1f8c9edb82 Mon Sep 17 00:00:00 2001 From: Nejc Drobnic Date: Mon, 6 Apr 2026 12:38:36 +0200 Subject: [PATCH 2/2] fix: address coderabbit --- .github/workflows/deploy-web.yml | 4 ++-- .github/workflows/terraform.yml | 8 ++++---- docs/GETTING_STARTED.md | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/deploy-web.yml b/.github/workflows/deploy-web.yml index fea9a6352..59c6a02ac 100644 --- a/.github/workflows/deploy-web.yml +++ b/.github/workflows/deploy-web.yml @@ -27,14 +27,14 @@ jobs: run: | # Skip if web_platform is set to something other than vercel WEB_PLATFORM="${{ secrets.WEB_PLATFORM }}" - AUTO_DEPLOY_ENABLED="${{ secrets.AUTO_DEPLOY_ENABLED }}" + ENABLE_AUTO_DEPLOY="${{ secrets.ENABLE_AUTO_DEPLOY }}" if [ -n "$WEB_PLATFORM" ] && [ "$WEB_PLATFORM" != "vercel" ]; then echo "Skipping Vercel deployment - web_platform is '${WEB_PLATFORM}'" echo "configured=false" >> $GITHUB_OUTPUT elif [ -z "${{ secrets.VERCEL_API_TOKEN }}" ] || [ -z "${{ secrets.VERCEL_PROJECT_ID }}" ]; then echo "Skipping deployment - Vercel secrets not configured" echo "configured=false" >> $GITHUB_OUTPUT - elif [ -n "$AUTO_DEPLOY_ENABLED" ] && [ "$AUTO_DEPLOY_ENABLED" != "false" ]; then + elif [ -n "$ENABLE_AUTO_DEPLOY" ] && [ "$ENABLE_AUTO_DEPLOY" != "false" ]; then echo "Skipping deployment - auto deploy is handled by Vercel" echo "configured=false" >> $GITHUB_OUTPUT else diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index b236efc43..400b8da05 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -212,10 +212,10 @@ jobs: TF_VAR_linear_client_secret: ${{ secrets.LINEAR_CLIENT_SECRET }} TF_VAR_linear_webhook_secret: ${{ secrets.LINEAR_WEBHOOK_SECRET }} TF_VAR_web_platform: "${{ secrets.WEB_PLATFORM || 'vercel' }}" - TF_VAR_auto_deploy_enabled: "${{ secrets.AUTO_DEPLOY_ENABLED || 'false' }}" + TF_VAR_enable_auto_deploy: "${{ secrets.ENABLE_AUTO_DEPLOY || 'false' }}" TF_VAR_auto_deploy_git_repository: ${{ secrets.AUTO_DEPLOY_GIT_REPOSITORY }} TF_VAR_auto_deploy_git_branch: ${{ secrets.AUTO_DEPLOY_GIT_BRANCH }} - TF_VAR_auto_deploy_source: ${{ secrets.AUTO_DEPLOY_SOURCE }} + TF_VAR_auto_deploy_source: ${{ secrets.AUTO_DEPLOY_SOURCE || 'github' }} TF_VAR_enable_durable_object_bindings: "${{ secrets.ENABLE_DURABLE_OBJECT_BINDINGS || 'true' }}" - name: Post Plan Results @@ -343,10 +343,10 @@ jobs: TF_VAR_linear_webhook_secret: ${{ secrets.LINEAR_WEBHOOK_SECRET }} TF_VAR_web_platform: "${{ secrets.WEB_PLATFORM || 'vercel' }}" TF_VAR_enable_durable_object_bindings: "${{ secrets.ENABLE_DURABLE_OBJECT_BINDINGS || 'true' }}" - TF_VAR_auto_deploy_enabled: "${{ secrets.AUTO_DEPLOY_ENABLED || 'false' }}" + TF_VAR_enable_auto_deploy: "${{ secrets.ENABLE_AUTO_DEPLOY || 'false' }}" TF_VAR_auto_deploy_git_repository: ${{ secrets.AUTO_DEPLOY_GIT_REPOSITORY }} TF_VAR_auto_deploy_git_branch: ${{ secrets.AUTO_DEPLOY_GIT_BRANCH }} - TF_VAR_auto_deploy_source: ${{ secrets.AUTO_DEPLOY_SOURCE }} + TF_VAR_auto_deploy_source: ${{ secrets.AUTO_DEPLOY_SOURCE || 'github' }} MODAL_TOKEN_ID: ${{ secrets.MODAL_TOKEN_ID }} MODAL_TOKEN_SECRET: ${{ secrets.MODAL_TOKEN_SECRET }} diff --git a/docs/GETTING_STARTED.md b/docs/GETTING_STARTED.md index 8db99c4a2..db3c9bda8 100644 --- a/docs/GETTING_STARTED.md +++ b/docs/GETTING_STARTED.md @@ -602,10 +602,10 @@ Go to your fork's Settings → Secrets and variables → Actions, and add: | `VERCEL_API_TOKEN` | Vercel API token _(only if `web_platform = "vercel"`)_ | | `VERCEL_TEAM_ID` | Vercel team/account ID _(only if `web_platform = "vercel"`)_ | | `VERCEL_PROJECT_ID` | Vercel project ID _(only if `web_platform = "vercel"`)_ | -| `AUTO_DEPLOY_ENABLED` | `true` to enable auto deploy, `false` to skip (default: `false`) | -| `AUTO_DEPLOY_GIT_REPOSITORY` | Git repository _(only if `auto_deploy_enabled = "true"`)_ | -| `AUTO_DEPLOY_GIT_BRANCH` | Git branch _(only if `auto_deploy_enabled = "true"`)_ | -| `AUTO_DEPLOY_SOURCE` | Git source (e.g. `github`) _(only if `auto_deploy_enabled = "true"`)_ | +| `ENABLE_AUTO_DEPLOY` | `true` to enable auto deploy, `false` to skip (default: `false`) | +| `AUTO_DEPLOY_GIT_REPOSITORY` | Git repository _(only if `enable_auto_deploy = "true"`)_ | +| `AUTO_DEPLOY_GIT_BRANCH` | Git branch _(only if `enable_auto_deploy = "true"`)_ | +| `AUTO_DEPLOY_SOURCE` | Git source (e.g. `github`) _(only if `enable_auto_deploy = "true"`)_ | | `NEXTAUTH_URL` | Your web app URL | | `MODAL_TOKEN_ID` | Modal token ID | | `MODAL_TOKEN_SECRET` | Modal token secret |