Merge pull request #25 from SMSDAO/dependabot/npm_and_yarn/hono-4.12.7 #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Production Validation & Deploy | ||
|
Check failure on line 1 in .github/workflows/deploy-production.yml
|
||
| on: | ||
| push: | ||
| branches: [main] | ||
| workflow_dispatch: | ||
| inputs: | ||
| deploy_contracts: | ||
| description: 'Deploy smart contracts (requires PRIVATE_KEY secret)' | ||
| required: false | ||
| default: 'false' | ||
| type: choice | ||
| options: ['false', 'true'] | ||
| run_migrations: | ||
| description: 'Run database migrations (requires DATABASE_URL secret)' | ||
| required: false | ||
| default: 'false' | ||
| type: choice | ||
| options: ['false', 'true'] | ||
| # Note: Vercel automatically deploys the frontend when code is pushed to main | ||
| # (configured in vercel.json). This workflow acts as a pre-deployment validation | ||
| # gate and handles smart contract deployment and backend build checks. | ||
| # | ||
| # Contract deployment and DB migrations are intentionally gated behind | ||
| # workflow_dispatch (manual trigger) to prevent accidental redeploys on every push. | ||
| concurrency: | ||
| group: deploy-production | ||
| cancel-in-progress: false | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| # ───────────────────────────────────────────────────────────── | ||
| # STEP 1 – Frontend: lint • typecheck • test • build • upload | ||
| # ───────────────────────────────────────────────────────────── | ||
| frontend: | ||
| name: Step 1 – Frontend Validation & Build | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Use Node 24 | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 24 | ||
| cache: npm | ||
| - name: Install dependencies | ||
| run: npm ci | ||
| - name: Lint | ||
| run: npm run lint --if-present | ||
| - name: Typecheck | ||
| run: npm run typecheck --if-present | ||
| - name: Run frontend tests | ||
| run: npm test | ||
| env: | ||
| CI: true | ||
| - name: Build Next.js application | ||
| run: npm run build | ||
| env: | ||
| # Supply minimal env so validate-env.ts passes in CI. | ||
| # Vercel injects the real values at deploy time via vercel.json. | ||
| NODE_ENV: production | ||
| NEXT_PUBLIC_CHAIN_ID: ${{ secrets.NEXT_PUBLIC_CHAIN_ID || '84532' }} | ||
| NEXT_PUBLIC_CHAIN_NAME: ${{ secrets.NEXT_PUBLIC_CHAIN_NAME || 'Base Sepolia' }} | ||
| NEXT_PUBLIC_WALLET_CONNECT_ID: ${{ secrets.NEXT_PUBLIC_WALLET_CONNECT_ID || '' }} | ||
| NEXT_PUBLIC_LIRA_TOKEN: ${{ secrets.NEXT_PUBLIC_LIRA_TOKEN || '' }} | ||
| NEXT_PUBLIC_FACTORY: ${{ secrets.NEXT_PUBLIC_FACTORY || '' }} | ||
| DATABASE_URL: ${{ secrets.DATABASE_URL || 'postgresql://placeholder:placeholder@localhost:5432/lira' }} | ||
| # Build artifact archived for debugging and audit purposes. | ||
| # Vercel performs the actual frontend deployment on every main push. | ||
| - name: Upload frontend build artifacts | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: nextjs-build | ||
| path: .next/ | ||
| retention-days: 7 | ||
| # ───────────────────────────────────────────────────────────── | ||
| # STEP 2 – Backend: contract tests • deploy contracts • backend | ||
| # ───────────────────────────────────────────────────────────── | ||
| backend: | ||
| name: Step 2 – Backend & Smart Contracts Deploy | ||
| runs-on: ubuntu-latest | ||
| needs: frontend | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Use Node 24 | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 24 | ||
| cache: npm | ||
| - name: Install dependencies | ||
| run: npm ci | ||
| # Deployment gate: all smart contract tests must pass before deployment. | ||
| - name: Run smart contract tests | ||
| run: npx hardhat test | ||
| - name: Compile contracts | ||
| run: npx hardhat compile | ||
| - name: Deploy LiraToken, LiraTokenRegistry, TokenLaunchFactory, AgentExecutor | ||
| if: ${{ github.event_name == 'workflow_dispatch' && inputs.deploy_contracts == 'true' && secrets.PRIVATE_KEY != '' }} | ||
| run: npx hardhat run scripts/deploy/deploy.js --network ${{ vars.DEPLOY_NETWORK || 'baseSepolia' }} | ||
| env: | ||
| PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }} | ||
| BASE_RPC_URL: ${{ secrets.BASE_RPC_URL || 'https://mainnet.base.org' }} | ||
| BASE_SEPOLIA_RPC_URL: ${{ secrets.BASE_SEPOLIA_RPC_URL || 'https://sepolia.base.org' }} | ||
| TREASURY_ADDRESS: ${{ secrets.TREASURY_ADDRESS || '' }} | ||
| FEE_COLLECTOR_ADDRESS: ${{ secrets.FEE_COLLECTOR_ADDRESS || '' }} | ||
| BASESCAN_API_KEY: ${{ secrets.BASESCAN_API_KEY || '' }} | ||
| - name: Upload deployment addresses | ||
| if: ${{ github.event_name == 'workflow_dispatch' && inputs.deploy_contracts == 'true' && secrets.PRIVATE_KEY != '' }} | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: deployment-addresses | ||
| path: deployments/ | ||
| if-no-files-found: ignore | ||
| retention-days: 30 | ||
| # ── Database migrations ────────────────────────────────── | ||
| # Runs only on manual workflow_dispatch with run_migrations=true to | ||
| # prevent schema changes from applying automatically on every push. | ||
| - name: Run database migrations | ||
| if: ${{ github.event_name == 'workflow_dispatch' && inputs.run_migrations == 'true' && secrets.DATABASE_URL != '' }} | ||
| run: npm run db:migrate:deploy | ||
| env: | ||
| DATABASE_URL: ${{ secrets.DATABASE_URL }} | ||
| # ── Backend services (PHP / Go / Java) ────────────────── | ||
| # These steps are compilation/validation checks only. | ||
| # Backend service deployment is handled by separate pipelines. | ||
| - name: Set up PHP | ||
| if: hashFiles('backend/php/**') != '' | ||
| uses: shivammathur/setup-php@v2 | ||
| with: | ||
| php-version: '8.2' | ||
| - name: Build PHP backend | ||
| if: hashFiles('backend/php/composer.json') != '' | ||
| run: | | ||
| cd backend/php | ||
| composer install --no-dev --optimize-autoloader | ||
| - name: Set up Go | ||
| if: hashFiles('backend/go/**') != '' | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: '1.22' | ||
| - name: Build Go backend | ||
| if: hashFiles('backend/go/go.mod') != '' | ||
| run: | | ||
| cd backend/go | ||
| go build -o bin/lira-api ./cmd/api | ||
| - name: Set up Java | ||
| if: hashFiles('backend/java/**') != '' | ||
| uses: actions/setup-java@v4 | ||
| with: | ||
| distribution: temurin | ||
| java-version: '21' | ||
| - name: Build Java backend | ||
| if: hashFiles('backend/java/pom.xml') != '' | ||
| run: | | ||
| cd backend/java | ||
| mvn --no-transfer-progress clean package -DskipTests | ||
| # ── Health checks ──────────────────────────────────────── | ||
| - name: Health check – frontend build artifact present | ||
| run: | | ||
| if [ -d ".next" ]; then | ||
| echo "✅ Next.js build artifact exists" | ||
| else | ||
| echo "ℹ️ .next directory not present on this runner (artifact uploaded in Step 1; Vercel deploys from main push)" | ||
| fi | ||
| - name: Health check – deployment addresses recorded | ||
| run: | | ||
| if [ -d "deployments" ] && [ -n "$(ls -A deployments 2>/dev/null)" ]; then | ||
| echo "✅ Deployment address files:" | ||
| ls -la deployments/ | ||
| else | ||
| echo "ℹ️ No deployment files (contract deploy skipped – PRIVATE_KEY not set)" | ||
| fi | ||
