sim/.github/workflows/migrations.yml at main · simstudioai/sim · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
name: Database Migrations

on:
  workflow_call:
    inputs:
      environment:
        description: Target environment (production, staging, or dev)
        required: true
        type: string
  workflow_dispatch:
    inputs:
      environment:
        description: Target environment
        required: true
        type: choice
        options:
          - production
          - staging
          - dev

permissions:
  contents: read

jobs:
  migrate:
    name: Apply Database Migrations
    runs-on: blacksmith-4vcpu-ubuntu-2404

    steps:
      - name: Checkout code
        uses: actions/checkout@v6

      - name: Setup Bun
        uses: oven-sh/setup-bun@v2
        with:
          bun-version: 1.3.13

      - name: Cache Bun dependencies
        uses: actions/cache@v5
        with:
          path: |
            ~/.bun/install/cache
            node_modules
            **/node_modules
          key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
          restore-keys: |
            ${{ runner.os }}-bun-

      - name: Install dependencies
        run: bun install --frozen-lockfile

      # The expression maps the explicit environment input to exactly one repo
      # secret, so the job never holds another environment's database URL. An
      # unknown environment resolves to empty and the guard below fails the job.
      # MIGRATION_DATABASE_URL is the optional direct (non-pooled) DSN preferred
      # by migrate.ts; when the secret is unset it resolves to empty and the
      # script falls back to DATABASE_URL.
      - name: Apply database schema changes
        working-directory: ./packages/db
        env:
          DATABASE_URL: ${{ inputs.environment == 'production' && secrets.DATABASE_URL || inputs.environment == 'staging' && secrets.STAGING_DATABASE_URL || inputs.environment == 'dev' && secrets.DEV_DATABASE_URL || '' }}
          MIGRATION_DATABASE_URL: ${{ inputs.environment == 'production' && secrets.MIGRATION_DATABASE_URL || inputs.environment == 'staging' && secrets.STAGING_MIGRATION_DATABASE_URL || '' }}
          ENVIRONMENT: ${{ inputs.environment }}
        run: |
          if [ -z "$DATABASE_URL" ]; then
            echo "ERROR: no database URL secret resolved for environment '${ENVIRONMENT}'" >&2
            exit 1
          fi

          if [ "${ENVIRONMENT}" = "dev" ]; then
            echo "Dev environment — pushing schema directly (db:push)"
            bun run db:push --force
          else
            echo "Applying versioned migrations (db:migrate)"
            bun run ./scripts/migrate.ts
          fi