mirror of
https://github.com/codeflash-ai/codeflash-internal.git
synced 2026-05-04 18:25:18 +00:00
a805f4cfbf
Reverts the following commits from main: -d7a8b8f2perf: fix CI build + lazy-load heavy libs + parallelize DB queries (#2601) -48b5e2b4fix: make tree-sitter WASM build failure non-fatal when cache exists (#2602) -c372b6bcMerge pull request #2603 from codeflash-ai/fix/deploy-build-common -b656bb1dfix: cf-api deploy broken by pnpm workspace migration -c1b0076cfix: align TypeScript versions to deduplicate @prisma/client in pnpm -09ed4d4bfix: use redirect instead of throw for auth failures during prerender -71127055fix: redirect remaining auth throws that crash prerendering PR #2601 introduced 18 bugs including 5 authorization bypass vulnerabilities: - Cross-org data access via forged currentOrganizationId cookie - Cross-repo/cross-org member role escalation and deletion (unscoped lookups) - Missing replayTests/concolicTests in approval flow - repository_id filter silently broken for personal accounts - Tests mocking wrong Prisma method ($queryRawUnsafe vs $queryRaw) The subsequent PRs (#2602, #2603, and follow-up commits) were dependent fixes for issues caused by #2601 and are reverted together. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
96 lines
2.9 KiB
YAML
96 lines
2.9 KiB
YAML
name: Deploy CF-WEB-APP to Azure App Service
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- "js/cf-webapp/**"
|
|
- ".github/workflows/deploy_cfwebapp_to_azure.yml"
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build:
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
id-token: write
|
|
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
|
|
- name: Setup Node.js environment
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: "20"
|
|
registry-url: https://npm.pkg.github.com
|
|
scope: "@codeflash-ai"
|
|
|
|
- name: Configure .npmrc for GitHub Packages
|
|
run: |
|
|
echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" > ~/.npmrc
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
cd js/cf-webapp
|
|
npm install
|
|
|
|
- name: Restore Next.js build cache
|
|
uses: actions/cache@v5
|
|
with:
|
|
path: js/cf-webapp/.next/cache
|
|
key: nextjs-${{ runner.os }}-${{ hashFiles('js/cf-webapp/package-lock.json') }}-${{ hashFiles('js/cf-webapp/src/**') }}
|
|
restore-keys: |
|
|
nextjs-${{ runner.os }}-${{ hashFiles('js/cf-webapp/package-lock.json') }}-
|
|
nextjs-${{ runner.os }}-
|
|
|
|
- name: Build and package app
|
|
run: |
|
|
cd js/cf-webapp
|
|
npm run build
|
|
zip -qr cfwebapp.zip . .next node_modules package.json public
|
|
|
|
- name: Upload artifact for deployment jobs
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: cfwebapp-artifact
|
|
path: js/cf-webapp/cfwebapp.zip
|
|
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
environment:
|
|
name: "dev"
|
|
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
|
permissions:
|
|
id-token: write #This is required for requesting the JWT
|
|
|
|
steps:
|
|
- name: Download artifact from build job
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
name: cfwebapp-artifact
|
|
|
|
- name: Unzip artifact for deployment
|
|
run: unzip cfwebapp.zip
|
|
|
|
- name: Login to Azure
|
|
uses: azure/login@v3
|
|
with:
|
|
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
|
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
|
|
- name: "Deploy to Azure App Service - codeflash-webapp-2-staging.azurewebsites.net"
|
|
uses: azure/webapps-deploy@v3
|
|
id: deploy-to-webapp
|
|
with:
|
|
app-name: "codeflash-webapp-2"
|
|
slot-name: "staging"
|
|
# if we deploy a zip we can do Run-From-Zip and skip the oryx build step (which fails if we do a regular zip-deploy because it thinks the project is php for some reason)
|
|
# https://learn.microsoft.com/en-us/azure/app-service/deploy-run-package#enable-running-from-package
|
|
package: "cfwebapp.zip"
|
|
clean: true
|