Skip to content

ci(dev): auto-deploy Trigger.dev tasks + fail dev db:push on TTY prompt#5343

Merged
TheodoreSpeaks merged 8 commits into
stagingfrom
feat/dev-ci-deployment
Jul 2, 2026
Merged

ci(dev): auto-deploy Trigger.dev tasks + fail dev db:push on TTY prompt#5343
TheodoreSpeaks merged 8 commits into
stagingfrom
feat/dev-ci-deployment

Conversation

@TheodoreSpeaks

@TheodoreSpeaks TheodoreSpeaks commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

What

Two dev-CI fixes:

  1. Automate the Trigger.dev task deploy that was being run by hand.
  2. Stop the dev db:push step from false-greening when drizzle-kit needs an interactive prompt.

1. Trigger.dev deploy job

Replaces the manual command:

TRIGGER_PROJECT_ID=… bunx trigger.dev@4.4.3 deploy --env preview --branch dev-sim

New deploy-trigger-dev job:

  • Trigger: push to dev only.
  • Ordering: needs: [migrate-dev] — the deployed task code runs against the dev DB, so the schema push lands first (same rationale as build-dev).
  • Remote build: no --local-build, so the runner needs no Docker/buildx — Trigger.dev builds server-side.
  • Auth/config: TRIGGER_ACCESS_TOKEN and TRIGGER_PROJECT_ID from repo secrets, with a fail-fast guard so a missing secret exits with a clear message instead of a cryptic CLI error.

2. Dev db:push false-green fix (migrations.yml)

drizzle-kit push needs a TTY to resolve ambiguous renames (--force only covers data-loss). In CI it throws Interactive prompts require a TTY terminal but still exits 0, so the job went green while silently skipping the schema change — e.g. run 28415609570, which threw that error and still passed.

Fix: tee the output (kept live in the log) and fail on drizzle-kit's own dedicated TTY error. A genuine non-zero exit is still caught by set -e. Staging/prod are untouched — they use versioned migrate.ts.

Required before the trigger job runs

Set both repo secrets:

gh secret set TRIGGER_ACCESS_TOKEN --repo simstudioai/sim   # tr_pat_… PAT
gh secret set TRIGGER_PROJECT_ID   --repo simstudioai/sim   # proj_…

Notes

🤖 Generated with Claude Code

Add a deploy-trigger-dev job that runs `trigger.dev deploy --env preview
--branch dev-sim` on pushes to the dev branch, replacing the manual step.
Gated after migrate-dev for the same reason as build-dev: the new task
code runs against the dev DB, so the schema must be pushed first.

Uses Trigger.dev's remote build (no --local-build), so the runner needs
no Docker/buildx. Requires a TRIGGER_ACCESS_TOKEN repo secret.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015orsjbLX34FPFGujSK3AQK
@vercel

vercel Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment Jul 2, 2026 2:00am

Request Review

@TheodoreSpeaks

Copy link
Copy Markdown
Collaborator Author

@greptile review

@cursor

cursor Bot commented Jul 1, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
Changes dev deployment automation and dev DB schema application behavior; misconfigured secrets or a failing deploy could block dev pushes, but production/staging migration paths are untouched.

Overview
Dev CI now deploys Trigger.dev background tasks on every push to dev, and dev schema pushes no longer pass when drizzle-kit would need an interactive prompt.

A new deploy-trigger-dev job runs after migrate-dev (same ordering as build-dev) and runs trigger.dev@4.4.3 deploy --env preview --branch dev-sim from apps/sim, with fail-fast checks for DEV_TRIGGER_ACCESS_TOKEN and TRIGGER_PROJECT_ID.

In migrations.yml, dev db:push output is captured and the job fails if drizzle-kit logs Interactive prompts require a TTY terminal, so ambiguous renames must be shipped as versioned migrations instead of silently skipping schema changes. Staging/production db:migrate paths are unchanged.

actions/checkout is bumped to v6 on the affected CI steps.

Reviewed by Cursor Bugbot for commit c2652f6. Bugbot is set up for automated code reviews on this repo. Configure here.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015orsjbLX34FPFGujSK3AQK
@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR automates two previously manual dev-CI steps: deploying Trigger.dev background tasks on every push to dev, and catching the long-standing drizzle-kit false-green where db:push printed a TTY error yet exited 0.

  • deploy-trigger-dev job (ci.yml): new job gated after migrate-dev, authenticates via DEV_TRIGGER_ACCESS_TOKEN / TRIGGER_PROJECT_ID secrets with an explicit fail-fast guard, and runs bunx trigger.dev@4.4.3 deploy --env preview --branch dev-sim server-side (no Docker required on the runner).
  • False-green fix (migrations.yml): pipes db:push output through tee so the log is captured live, then greps for drizzle-kit's dedicated TTY error string and exits non-zero if found; genuine non-zero exits from drizzle-kit still propagate correctly because GitHub Actions sets pipefail by default.

Confidence Score: 5/5

Both changes are confined to CI workflow files and introduce no risk to application code or data. The Trigger.dev deploy job is additive; the migrations fix correctly gates on the existing error string without touching staging or production paths.

The new Trigger.dev job is straightforward and well-guarded. The db:push false-green fix uses tee + grep rather than a flag, which is appropriate given drizzle-kit's exit-0 behavior; GitHub Actions' default pipefail ensures genuine failures still propagate. The one discrepancy — the PR description's setup command names a secret that the workflow never reads — is a documentation gap that would cause a confusing first-run failure but is easily corrected.

No files require special attention beyond verifying that the DEV_TRIGGER_ACCESS_TOKEN secret (not TRIGGER_ACCESS_TOKEN as stated in the PR description) is set in the repo before the first push to dev.

Important Files Changed

Filename Overview
.github/workflows/ci.yml Adds deploy-trigger-dev job gated after migrate-dev; updates build-dev checkout pin from v4 to v6 hash. Secret name in PR description (TRIGGER_ACCESS_TOKEN) doesn't match the workflow's DEV_TRIGGER_ACCESS_TOKEN reference, but the workflow itself is internally consistent.
.github/workflows/migrations.yml Pipes db:push output through tee and greps for drizzle-kit's TTY error string to catch the false-green case. Logic is correct; GitHub Actions sets pipefail by default so a genuine non-zero from bun also propagates through the pipe.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    push["Push to `dev`"]

    push --> detect-version
    push --> migrate-dev

    migrate-dev --> build-dev
    detect-version --> build-dev
    migrate-dev --> deploy-trigger-dev

    build-dev --> ecr["ECR images pushed\n(dev tag)"]
    deploy-trigger-dev --> trig["Trigger.dev tasks deployed\n(preview / dev-sim branch)"]

    style deploy-trigger-dev fill:#d4edda,stroke:#28a745
    style trig fill:#d4edda,stroke:#28a745
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    push["Push to `dev`"]

    push --> detect-version
    push --> migrate-dev

    migrate-dev --> build-dev
    detect-version --> build-dev
    migrate-dev --> deploy-trigger-dev

    build-dev --> ecr["ECR images pushed\n(dev tag)"]
    deploy-trigger-dev --> trig["Trigger.dev tasks deployed\n(preview / dev-sim branch)"]

    style deploy-trigger-dev fill:#d4edda,stroke:#28a745
    style trig fill:#d4edda,stroke:#28a745
Loading

Reviews (3): Last reviewed commit: "ci: align build-dev checkout to v6 to ma..." | Re-trigger Greptile

@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR automates the manual Trigger.dev deploy command into the CI pipeline with a new deploy-trigger-dev job, and bundles a set of React component refactors: removing unused props, migrating local search/filter state to URL-persisted state (nuqs), and memoizing expensive render-time computations.

  • CI: Adds deploy-trigger-dev job, gated on migrate-dev, running bunx trigger.dev@4.4.3 deploy --env preview --branch dev-sim on every dev push; authentication via TRIGGER_ACCESS_TOKEN repo secret.
  • URL state migration: inbox-task-list and teammates views now persist their search/filter state in the URL using nuqs, with debounced URL writes and clean-URL semantics (history: replace, clearOnDefault).
  • Component cleanup: Unused props (setOrgName, currentUserEmail, isLoadingWorkflows) and redundant memoizations are removed; the ServerDetailView tool-edit useEffect is replaced with an explicit handler that pre-populates form state synchronously on open.

Confidence Score: 4/5

Safe to merge; the CI job is correctly structured and the React refactors are clean with no functional regressions.

The new deploy-trigger-dev job follows existing patterns exactly — correct secret handling, pinned action hashes, and proper dependency ordering on migrate-dev. The React changes are additive cleanups (URL state migration, prop removal, memoization) with no logic regressions found. The only noteworthy detail is that handleMothershipEnvironmentChange in admin.tsx lost its useCallback wrapper and will produce a new function reference on every render, which can cause unnecessary child re-renders, but the admin page is low-traffic and the impact is negligible.

apps/sim/app/workspace/.../admin/admin.tsx — removed useCallback from a prop callback; worth a second look if the receiving ChipSelect is memoized.

Important Files Changed

Filename Overview
.github/workflows/ci.yml Adds deploy-trigger-dev job gated on migrate-dev, matching the existing branching pattern; uses pinned action hashes, correct secret reference, and a version-pinned CLI invocation.
apps/sim/app/workspace/[workspaceId]/settings/components/inbox/components/inbox-task-list/inbox-task-list.tsx Migrates local useState search/filter to URL state via useQueryStates; debounces URL writes on search input while keeping status changes instant; type alias updated to share InboxStatusFilter.
apps/sim/app/workspace/[workspaceId]/settings/components/team-management/components/organization-member-lists/organization-member-lists.tsx Memoizes workspace group computation (was recalculated inside JSX map on every render); removes unused currentUserEmail prop.
apps/sim/app/workspace/[workspaceId]/settings/components/admin/admin.tsx Removes useMemo/useCallback wrappers; handleMothershipEnvironmentChange is recreated on every render and may be passed to a memoized child, causing extra re-renders.
apps/sim/app/workspace/[workspaceId]/settings/components/workflow-mcp-servers/workflow-mcp-servers.tsx Replaces useEffect-based form pre-population with an explicit handleOpenToolEdit handler; removes isLoadingWorkflows prop thread-through since the child didn't use it meaningfully.
apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tool-input/components/custom-tool-modal/custom-tool-modal.tsx Removes flex-none overflow-visible from modal body now that autocomplete dropdowns are rendered in portaled popovers; comment explains the reasoning clearly.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    push["push to dev"] --> migrate-dev["migrate-dev\n(migrations.yml / dev)"]
    push --> detect-version["detect-version"]
    migrate-dev --> build-dev["build-dev\n(Docker → ECR :dev)"]
    detect-version --> build-dev
    migrate-dev --> deploy-trigger-dev["deploy-trigger-dev ✨\n(bunx trigger.dev deploy\n--env preview --branch dev-sim)"]

    style deploy-trigger-dev fill:#d4f1d4,stroke:#2a9d2a
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    push["push to dev"] --> migrate-dev["migrate-dev\n(migrations.yml / dev)"]
    push --> detect-version["detect-version"]
    migrate-dev --> build-dev["build-dev\n(Docker → ECR :dev)"]
    detect-version --> build-dev
    migrate-dev --> deploy-trigger-dev["deploy-trigger-dev ✨\n(bunx trigger.dev deploy\n--env preview --branch dev-sim)"]

    style deploy-trigger-dev fill:#d4f1d4,stroke:#2a9d2a
Loading

Reviews (2): Last reviewed commit: "ci(trigger): source TRIGGER_PROJECT_ID f..." | Re-trigger Greptile

Comment thread .github/workflows/ci.yml
Comment thread .github/workflows/ci.yml
Comment on lines 86 to +95
}
}

const handleMothershipEnvironmentChange = useCallback(
async (nextEnvironment: MothershipEnvironment) => {
if (nextEnvironment !== settings?.mothershipEnvironment && !updateSetting.isPending) {
await updateSetting.mutateAsync({
key: 'mothershipEnvironment',
value: nextEnvironment,
})
}
},
[settings?.mothershipEnvironment, updateSetting]
)
const handleMothershipEnvironmentChange = async (nextEnvironment: MothershipEnvironment) => {
if (nextEnvironment !== settings?.mothershipEnvironment && !updateSetting.isPending) {
await updateSetting.mutateAsync({
key: 'mothershipEnvironment',
value: nextEnvironment,
})
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Unstable function reference on every render

handleMothershipEnvironmentChange is recreated on every render now that useCallback was removed. If the child component it's passed to is wrapped in React.memo (e.g. the ChipSelect onChange), that memoization is defeated and the child re-renders on every parent render. Since this is an admin settings page the performance impact is minimal, but the previous useCallback with [settings?.mothershipEnvironment, updateSetting] deps was the correct pattern for a stable prop callback.

@TheodoreSpeaks TheodoreSpeaks changed the base branch from dev to staging July 1, 2026 23:39
Guard the deploy step so a missing TRIGGER_ACCESS_TOKEN or
TRIGGER_PROJECT_ID exits with a clear message instead of a cryptic
trigger.dev CLI error, matching the DATABASE_URL guard in migrations.yml.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015orsjbLX34FPFGujSK3AQK
@TheodoreSpeaks

Copy link
Copy Markdown
Collaborator Author

Addressed the review comments scoped to this PR's actual change (the CI job):

  • Cursor Bugbot (Medium) — missing project-ID / secret setup: added a fail-fast guard to the deploy step (d22b025). A missing TRIGGER_ACCESS_TOKEN or TRIGGER_PROJECT_ID now exits with a clear error instead of a cryptic trigger.dev CLI failure, matching the DATABASE_URL guard in migrations.yml. Both secrets still need to be set on the repo before the job can run.
  • Greptile (P2) — checkout hash differs from build-dev: intentionally not touching build-dev here — it's a pre-existing inconsistency in an unrelated job, and this new job already uses the # v6 hash consistent with the other newer jobs. Worth a separate cleanup if desired.

The remaining comments (inbox debounce P1, admin.tsx useCallback P2, teammates/MCP refactors) are on commits #5324 and #5321, which are already merged — they only appear in this diff because the PR brings dev up to date with main. They're out of scope for this CI-only PR and were reviewed on their own PRs.

drizzle-kit push prompts interactively for ambiguous renames (--force only
covers data-loss). In CI there's no TTY, so the prompt reads EOF and drizzle
can exit 0 without applying — the job goes green while the schema change was
silently skipped. Close stdin, reject prompt markers, and require a success
marker so an unresolved rename or failed statement fails the job.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015orsjbLX34FPFGujSK3AQK
@TheodoreSpeaks

Copy link
Copy Markdown
Collaborator Author

Added a second dev-CI fix (cb2aa5e, migrations.yml): the dev db:push step was showing green even when it hit an interactive rename prompt. drizzle-kit push prompts for ambiguous renames (--force only auto-answers data-loss), and in CI (no TTY) that prompt reads EOF and drizzle can exit 0 without applying — a false pass.

Fix: close stdin, then reject prompt markers (created or renamed / Do you want) and require a success marker (Changes applied / No changes detected), so an unresolved rename or failed statement fails the job instead of passing.

drizzle-kit push needs a TTY to resolve ambiguous renames; in CI it throws
"Interactive prompts require a TTY terminal" but still exits 0, so the job
went green without applying the schema (e.g. run 28415609570). Fail on that
explicit error. Keys on drizzle's own stable message rather than fuzzy prompt
text, and a real non-zero exit still fails via set -e.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015orsjbLX34FPFGujSK3AQK
@TheodoreSpeaks

Copy link
Copy Markdown
Collaborator Author

Revised the db:push guard (3b13560) after finding a concrete failing run and reconsidering the approach.

Evidence: run 28415609570 (migrate-dev job 84197762054) printed:

Error: Interactive prompts require a TTY terminal ...
    at promptNamedWithSchemasConflict (drizzle-kit/bin.cjs)
    at enumsResolver → applyPgSnapshotsDiff

…and the job still went green. So the schema change (an enum rename decision) was silently skipped.

On the flakiness concern: I dropped the fuzzy created or renamed / Changes applied matching. drizzle-kit throws its own dedicated, purpose-built error string — Interactive prompts require a TTY terminal — which is stable across patch versions (it's an intentional CI guard, not incidental prompt text). We can't rely on exit code alone here because drizzle throws but still exits 0 (its bug); a genuine non-zero exit is still caught by set -e. tee keeps output live in the log, so nothing is hidden — the grep runs on the captured file afterward.

@TheodoreSpeaks TheodoreSpeaks changed the title ci(trigger): auto-deploy Trigger.dev tasks to dev-sim on dev pushes ci(dev): auto-deploy Trigger.dev tasks + fail dev db:push on TTY prompt Jul 2, 2026
The PAT is only used by the dev deploy job, so prefix it DEV_ to match the
repo's dev-scoped secret convention. TRIGGER_PROJECT_ID stays unprefixed —
it's the shared project (same one prod uses); dev-sim is a preview branch
within it, not a separate project.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015orsjbLX34FPFGujSK3AQK

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit bc3b5ad. Configure here.

Comment thread .github/workflows/ci.yml
build-dev was the only job still pinning actions/checkout to the v4 hash;
every other job uses v6. Non-functional consistency fix.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015orsjbLX34FPFGujSK3AQK
@TheodoreSpeaks

Copy link
Copy Markdown
Collaborator Author

Addressed the outstanding CI-file comments:

  • Greptile (P2) — checkout hash mismatch: aligned build-dev to the # v6 hash (c2652f6); it was the only job still on v4.
  • Cursor (Medium) — wrong secret name in fail-fast error: the error message already reads DEV_TRIGGER_ACCESS_TOKEN at HEAD, so it's resolved.

The remaining inbox-debounce (P1) and admin useCallback (P2) comments are on already-merged commits (#5324/#5321) that only appear because this PR brings dev up to date — out of scope here.

@TheodoreSpeaks

Copy link
Copy Markdown
Collaborator Author

@greptile review

@TheodoreSpeaks TheodoreSpeaks merged commit dcc7c0c into staging Jul 2, 2026
18 checks passed
@TheodoreSpeaks TheodoreSpeaks deleted the feat/dev-ci-deployment branch July 2, 2026 02:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant