feat(deploy): add support for vercel git-based auto-deployments

.github/workflows/deploy-web.yml

@@ -27,12 +27,16 @@ jobs:
         run: |
           # Skip if web_platform is set to something other than vercel
           WEB_PLATFORM="${{ secrets.WEB_PLATFORM }}"
+          ENABLE_AUTO_DEPLOY="${{ secrets.ENABLE_AUTO_DEPLOY }}"
           if [ -n "$WEB_PLATFORM" ] && [ "$WEB_PLATFORM" != "vercel" ]; then
             echo "Skipping Vercel deployment - web_platform is '${WEB_PLATFORM}'"
             echo "configured=false" >> $GITHUB_OUTPUT
           elif [ -z "${{ secrets.VERCEL_API_TOKEN }}" ] || [ -z "${{ secrets.VERCEL_PROJECT_ID }}" ]; then
             echo "Skipping deployment - Vercel secrets not configured"
             echo "configured=false" >> $GITHUB_OUTPUT
+          elif [ -n "$ENABLE_AUTO_DEPLOY" ] && [ "$ENABLE_AUTO_DEPLOY" != "false" ]; then
+            echo "Skipping deployment - auto deploy is handled by Vercel"
+            echo "configured=false" >> $GITHUB_OUTPUT
           else
             echo "configured=true" >> $GITHUB_OUTPUT
           fi

.github/workflows/terraform.yml

@@ -212,6 +212,10 @@ jobs:
           TF_VAR_linear_client_secret: ${{ secrets.LINEAR_CLIENT_SECRET }}
           TF_VAR_linear_webhook_secret: ${{ secrets.LINEAR_WEBHOOK_SECRET }}
           TF_VAR_web_platform: "${{ secrets.WEB_PLATFORM || 'vercel' }}"
+          TF_VAR_enable_auto_deploy: "${{ secrets.ENABLE_AUTO_DEPLOY || 'false' }}"
+          TF_VAR_auto_deploy_git_repository: ${{ secrets.AUTO_DEPLOY_GIT_REPOSITORY }}
+          TF_VAR_auto_deploy_git_branch: ${{ secrets.AUTO_DEPLOY_GIT_BRANCH }}
+          TF_VAR_auto_deploy_source: ${{ secrets.AUTO_DEPLOY_SOURCE || 'github' }}
           TF_VAR_enable_durable_object_bindings: "${{ secrets.ENABLE_DURABLE_OBJECT_BINDINGS || 'true' }}"
 
       - name: Post Plan Results
@@ -339,6 +343,10 @@ jobs:
           TF_VAR_linear_webhook_secret: ${{ secrets.LINEAR_WEBHOOK_SECRET }}
           TF_VAR_web_platform: "${{ secrets.WEB_PLATFORM || 'vercel' }}"
           TF_VAR_enable_durable_object_bindings: "${{ secrets.ENABLE_DURABLE_OBJECT_BINDINGS || 'true' }}"
+          TF_VAR_enable_auto_deploy: "${{ secrets.ENABLE_AUTO_DEPLOY || 'false' }}"
+          TF_VAR_auto_deploy_git_repository: ${{ secrets.AUTO_DEPLOY_GIT_REPOSITORY }}
+          TF_VAR_auto_deploy_git_branch: ${{ secrets.AUTO_DEPLOY_GIT_BRANCH }}
+          TF_VAR_auto_deploy_source: ${{ secrets.AUTO_DEPLOY_SOURCE || 'github' }}
           MODAL_TOKEN_ID: ${{ secrets.MODAL_TOKEN_ID }}
           MODAL_TOKEN_SECRET: ${{ secrets.MODAL_TOKEN_SECRET }}
 

docs/GETTING_STARTED.md

@@ -623,6 +623,10 @@ Go to your fork's Settings → Secrets and variables → Actions, and add:
 | `VERCEL_API_TOKEN`            | Vercel API token _(only if `web_platform = "vercel"`)_                        |
 | `VERCEL_TEAM_ID`              | Vercel team/account ID _(only if `web_platform = "vercel"`)_                  |
 | `VERCEL_PROJECT_ID`           | Vercel project ID _(only if `web_platform = "vercel"`)_                       |
+| `ENABLE_AUTO_DEPLOY`          | `true` to enable auto deploy, `false` to skip (default: `false`)              |
+| `AUTO_DEPLOY_GIT_REPOSITORY`  | Git repository _(only if `enable_auto_deploy = "true"`)_                      |
+| `AUTO_DEPLOY_GIT_BRANCH`      | Git branch _(only if `enable_auto_deploy = "true"`)_                          |
+| `AUTO_DEPLOY_SOURCE`          | Git source (e.g. `github`) _(only if `enable_auto_deploy = "true"`)_          |
 | `NEXTAUTH_URL`                | Your web app URL                                                              |
 | `MODAL_TOKEN_ID`              | Modal token ID                                                                |
 | `MODAL_TOKEN_SECRET`          | Modal token secret                                                            |

terraform/environments/production/terraform.tfvars.example

@@ -121,6 +121,14 @@ linear_webhook_secret = ""   # Webhook Signing Secret from the application confi
 # From: https://console.anthropic.com/
 anthropic_api_key = ""
 
+# =============================================================================
+# Vercel - auto-deploy
+# =============================================================================
+enable_auto_deploy = false
+auto_deploy_git_repository = ""
+auto_deploy_git_branch = ""
+auto_deploy_source = "github"
+
 # =============================================================================
 # Security Secrets
 # =============================================================================

terraform/environments/production/variables.tf

@@ -367,6 +367,49 @@ variable "project_root" {
   default     = "../../../"
 }
 
+# =============================================================================
+# Vercel - auto-deploy
+# =============================================================================
+
+variable "enable_auto_deploy" {
+  description = "Enable auto-deploy for Vercel"
+  type        = bool
+  default     = false
+
+  validation {
+    condition     = var.enable_auto_deploy == false || (length(var.auto_deploy_git_repository) > 0 && length(var.auto_deploy_git_branch) > 0)
+    error_message = "When enable_auto_deploy is true, auto_deploy_git_repository and auto_deploy_git_branch must be non-empty."
+  }
+}
+
+variable "auto_deploy_git_repository" {
+  description = "Git repository for auto-deploy"
+  type        = string
+  default     = ""
+
+  validation {
+    condition     = var.auto_deploy_git_repository == "" || contains(var.auto_deploy_git_repository, "/")
+    error_message = "auto_deploy_git_repository must include / if specified"
+  }
+}
+
+variable "auto_deploy_git_branch" {
+  description = "Git branch for auto-deploy"
+  type        = string
+  default     = ""
+}
+
+variable "auto_deploy_source" {
+  description = "Source for auto-deploy"
+  type        = string
+  default     = "github"
+
+  validation {
+    condition     = contains(["github", "gitlab", "bitbucket"], var.auto_deploy_source)
+    error_message = "auto_deploy_source must be 'github', 'gitlab', or 'bitbucket'."
+  }
+}
+
 # =============================================================================
 # Access Control
 # =============================================================================

terraform/environments/production/web-vercel.tf

@@ -10,11 +10,16 @@ module "web_app" {
   team_id      = var.vercel_team_id
   framework    = "nextjs"
 
-  # No git_repository - deploy via CLI/CI instead of auto-deploy on push
   root_directory  = "packages/web"
   install_command = "cd ../.. && npm install && npm run build -w @open-inspect/shared"
   build_command   = "next build"
 
+  git_repository = var.enable_auto_deploy ? {
+    type              = var.auto_deploy_source
+    repo              = var.auto_deploy_git_repository
+    production_branch = var.auto_deploy_git_branch
+  } : null
+
   environment_variables = [
     # GitHub OAuth
     {