fix(deploy): auto-run payload migrations on deploy, hide cms error details from visitors

2026-03-04 17:57:01 +01:00
parent 69b8ae9067
commit f1d0227260
3 changed files with 52 additions and 34 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -226,6 +226,21 @@ jobs:
          tags: registry.infra.mintel.me/mintel/klz-2026:${{ needs.prepare.outputs.image_tag }}
          secrets: |
            NPM_TOKEN=${{ secrets.NPM_TOKEN }}
+      - name: 🔄 Build and Push Migrator
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          provenance: false
+          platforms: linux/amd64
+          target: migrator
+          build-args: |
+            NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_url }}
+            NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }}
+            NPM_TOKEN=${{ secrets.NPM_TOKEN }}
+          tags: registry.infra.mintel.me/mintel/klz-2026:migrate-${{ needs.prepare.outputs.image_tag }}
+          secrets: |
+            NPM_TOKEN=${{ secrets.NPM_TOKEN }}

  # ──────────────────────────────────────────────────────────────────────────────
  # JOB 4: Deploy
@@ -396,31 +411,24 @@ jobs:
          REMOTE_DB_USER="${REMOTE_DB_USER:-payload}"
          REMOTE_DB_NAME="${REMOTE_DB_NAME:-payload}"

-          # Auto-detect migrations from src/migrations/*.ts
-          BATCH=1
-          VALUES=""
-          for f in $(ls src/migrations/*.ts 2>/dev/null | sort); do
-            NAME=$(basename "$f" .ts)
-            [ -n "$VALUES" ] && VALUES="$VALUES,"
-            VALUES="$VALUES ('$NAME', $BATCH)"
-            ((BATCH++))
-          done
-
-          if [ -n "$VALUES" ]; then
-            echo "
-              DO \$\$ BEGIN
-                DELETE FROM payload_migrations WHERE batch = -1;
-                INSERT INTO payload_migrations (name, batch)
-                SELECT name, batch FROM (VALUES $VALUES) AS v(name, batch)
-                WHERE NOT EXISTS (SELECT 1 FROM payload_migrations pm WHERE pm.name = v.name);
-              EXCEPTION WHEN undefined_table THEN
-                RAISE NOTICE 'payload_migrations table does not exist yet — skipping sanitization';
-              END \$\$;
-            " | ssh root@alpha.mintel.me "docker exec -i $DB_CONTAINER psql -U $REMOTE_DB_USER -d $REMOTE_DB_NAME"
-          fi
+          # Run Payload migrations via a temporary container before restarting the app.
+          # This ensures fresh branch deployments (empty DBs) get their schema on first deploy.
+          echo "🔄 Running Payload migrations..."
+          MIGRATOR_IMAGE="registry.infra.mintel.me/mintel/klz-2026:migrate-$IMAGE_TAG"
+          
+          ssh root@alpha.mintel.me "
+            echo '${{ steps.auth.outputs.token }}' | docker login registry.infra.mintel.me -u '${{ steps.auth.outputs.user }}' --password-stdin 2>/dev/null || true
+            docker pull $MIGRATOR_IMAGE
+            docker run --rm \
+              --network ${PROJECT_NAME}_default \
+              --env-file $SITE_DIR/$ENV_FILE \
+              $MIGRATOR_IMAGE \
+            && echo '✅ Migrations complete.' \
+            || echo '⚠️  Migrations failed or already up-to-date — continuing.'
+          "
          
          # Restart app to pick up clean migration state
-          APP_CONTAINER="${{ needs.prepare.outputs.project_name }}-klz-app-1"
+          APP_CONTAINER="${PROJECT_NAME}-klz-app-1"
          ssh root@alpha.mintel.me "docker restart $APP_CONTAINER"
          ssh root@alpha.mintel.me "docker system prune -f --filter 'until=24h'"