mmintel/klz-cables.com
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix(deploy): auto-run payload migrations on deploy, hide cms error details from visitors
All checks were successful
Build & Deploy / 🔍 Prepare (push) Successful in 9s
Details
Build & Deploy / 🧪 QA (push) Successful in 3m3s
Details
Build & Deploy / 🏗️ Build (push) Successful in 19m36s
Details
Build & Deploy / 🚀 Deploy (push) Successful in 1m25s
Details
Build & Deploy / 🧪 Post-Deploy Verification (push) Has been skipped
Details
Build & Deploy / 🔔 Notify (push) Successful in 21s
Details

Browse Source
This commit is contained in:
Marc Mintel
2026-03-04 17:57:01 +01:00
parent 69b8ae9067
commit f1d0227260
3 changed files with 52 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
.gitea/workflows/deploy.yml
View File

@@ -226,6 +226,21 @@ jobs:
tags: registry.infra.mintel.me/mintel/klz-2026:${{ needs.prepare.outputs.image_tag }} tags: registry.infra.mintel.me/mintel/klz-2026:${{ needs.prepare.outputs.image_tag }}
secrets: | secrets: |
NPM_TOKEN=${{ secrets.NPM_TOKEN }} NPM_TOKEN=${{ secrets.NPM_TOKEN }}
- name: 🔄 Build and Push Migrator
uses: docker/build-push-action@v5
with:
context: .
push: true
provenance: false
platforms: linux/amd64
target: migrator
build-args: |
NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_url }}
NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }}
NPM_TOKEN=${{ secrets.NPM_TOKEN }}
tags: registry.infra.mintel.me/mintel/klz-2026:migrate-${{ needs.prepare.outputs.image_tag }}
secrets: |
NPM_TOKEN=${{ secrets.NPM_TOKEN }}
# ────────────────────────────────────────────────────────────────────────────── # ──────────────────────────────────────────────────────────────────────────────
# JOB 4: Deploy # JOB 4: Deploy
@@ -396,31 +411,24 @@ jobs:
REMOTE_DB_USER="${REMOTE_DB_USER:-payload}" REMOTE_DB_USER="${REMOTE_DB_USER:-payload}"
REMOTE_DB_NAME="${REMOTE_DB_NAME:-payload}" REMOTE_DB_NAME="${REMOTE_DB_NAME:-payload}"
# Auto-detect migrations from src/migrations/*.ts # Run Payload migrations via a temporary container before restarting the app.
BATCH=1 # This ensures fresh branch deployments (empty DBs) get their schema on first deploy.
VALUES="" echo "🔄 Running Payload migrations..."
for f in $(ls src/migrations/*.ts 2>/dev/null | sort); do MIGRATOR_IMAGE="registry.infra.mintel.me/mintel/klz-2026:migrate-$IMAGE_TAG"
NAME=$(basename "$f" .ts)
[ -n "$VALUES" ] && VALUES="$VALUES," ssh root@alpha.mintel.me "
VALUES="$VALUES ('$NAME', $BATCH)" echo '${{ steps.auth.outputs.token }}' | docker login registry.infra.mintel.me -u '${{ steps.auth.outputs.user }}' --password-stdin 2>/dev/null || true
((BATCH++)) docker pull $MIGRATOR_IMAGE
done docker run --rm \
--network ${PROJECT_NAME}_default \
if [ -n "$VALUES" ]; then --env-file $SITE_DIR/$ENV_FILE \
echo " $MIGRATOR_IMAGE \
DO \$\$ BEGIN && echo '✅ Migrations complete.' \
DELETE FROM payload_migrations WHERE batch = -1; || echo '⚠️ Migrations failed or already up-to-date — continuing.'
INSERT INTO payload_migrations (name, batch) "
SELECT name, batch FROM (VALUES $VALUES) AS v(name, batch)
WHERE NOT EXISTS (SELECT 1 FROM payload_migrations pm WHERE pm.name = v.name);
EXCEPTION WHEN undefined_table THEN
RAISE NOTICE 'payload_migrations table does not exist yet — skipping sanitization';
END \$\$;
" | ssh root@alpha.mintel.me "docker exec -i $DB_CONTAINER psql -U $REMOTE_DB_USER -d $REMOTE_DB_NAME"
fi
# Restart app to pick up clean migration state # Restart app to pick up clean migration state
APP_CONTAINER="${{ needs.prepare.outputs.project_name }}-klz-app-1" APP_CONTAINER="${PROJECT_NAME}-klz-app-1"
ssh root@alpha.mintel.me "docker restart $APP_CONTAINER" ssh root@alpha.mintel.me "docker restart $APP_CONTAINER"
ssh root@alpha.mintel.me "docker system prune -f --filter 'until=24h'" ssh root@alpha.mintel.me "docker system prune -f --filter 'until=24h'"

22
Dockerfile
View File

@@ -5,14 +5,12 @@ WORKDIR /app
# Arguments for build-time configuration # Arguments for build-time configuration
ARG NEXT_PUBLIC_BASE_URL ARG NEXT_PUBLIC_BASE_URL
ARG NEXT_PUBLIC_TARGET ARG NEXT_PUBLIC_TARGET
ARG DIRECTUS_URL
ARG UMAMI_WEBSITE_ID ARG UMAMI_WEBSITE_ID
ARG UMAMI_API_ENDPOINT ARG UMAMI_API_ENDPOINT
# Environment variables for Next.js build # Environment variables for Next.js build
ENV NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL ENV NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL
ENV NEXT_PUBLIC_TARGET=$NEXT_PUBLIC_TARGET ENV NEXT_PUBLIC_TARGET=$NEXT_PUBLIC_TARGET
ENV DIRECTUS_URL=$DIRECTUS_URL
ENV UMAMI_WEBSITE_ID=$UMAMI_WEBSITE_ID ENV UMAMI_WEBSITE_ID=$UMAMI_WEBSITE_ID
ENV UMAMI_API_ENDPOINT=$UMAMI_API_ENDPOINT ENV UMAMI_API_ENDPOINT=$UMAMI_API_ENDPOINT
ENV SKIP_RUNTIME_ENV_VALIDATION=true ENV SKIP_RUNTIME_ENV_VALIDATION=true
@@ -55,11 +53,6 @@ RUN pnpm build
FROM git.infra.mintel.me/mmintel/runtime:latest AS runner FROM git.infra.mintel.me/mmintel/runtime:latest AS runner
WORKDIR /app WORKDIR /app
# Create nextjs user and group (standardized in runtime image but ensuring local ownership)
USER root
RUN chown -R nextjs:nodejs /app
USER nextjs
ENV HOSTNAME="0.0.0.0" ENV HOSTNAME="0.0.0.0"
ENV PORT=3000 ENV PORT=3000
ENV NODE_ENV=production ENV NODE_ENV=production
@@ -71,3 +64,18 @@ COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
COPY --from=builder --chown=nextjs:nodejs /app/.next/cache ./.next/cache COPY --from=builder --chown=nextjs:nodejs /app/.next/cache ./.next/cache
CMD ["node", "server.js"] CMD ["node", "server.js"]
# ──────────────────────────────────────────────────────────────────────────────
# Stage: Migrator — used by CI to run "payload migrate" against the live DB.
# Retains node_modules so the payload CLI is available.
# ──────────────────────────────────────────────────────────────────────────────
FROM node:20-alpine AS migrator
WORKDIR /app
ENV NODE_ENV=production
COPY --from=builder /app/package.json ./package.json
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/src/migrations ./src/migrations
COPY --from=builder /app/payload.config.ts ./payload.config.ts
CMD ["node", "node_modules/.bin/payload", "migrate"]

10
components/CMSConnectivityNotice.tsx
View File

@@ -15,10 +15,12 @@ export default function CMSConnectivityNotice() {
const isDebug = new URLSearchParams(window.location.search).has('cms_debug'); const isDebug = new URLSearchParams(window.location.search).has('cms_debug');
const isLocal = config.isDevelopment; const isLocal = config.isDevelopment;
const isTesting = config.isTesting; const isTesting = config.isTesting;
const target = process.env.NEXT_PUBLIC_TARGET || '';
const isBranch = target === 'branch';
// Only proceed with check if it's developer context (Local or Testing) // Only proceed with check if it's developer context (Local, Testing, or Branch preview)
// Staging and Production should NEVER see this unless forced with ?cms_debug // Staging and Production should NEVER see this unless forced with ?cms_debug
if (!isLocal && !isTesting && !isDebug) return; if (!isLocal && !isTesting && !isBranch && !isDebug) return;
try { try {
const response = await fetch('/api/health/cms'); const response = await fetch('/api/health/cms');
@@ -58,8 +60,8 @@ export default function CMSConnectivityNotice() {
<h4 className="font-bold text-sm mb-1">CMS Issue Detected</h4> <h4 className="font-bold text-sm mb-1">CMS Issue Detected</h4>
<p className="text-xs opacity-90 leading-relaxed mb-3"> <p className="text-xs opacity-90 leading-relaxed mb-3">
{errorMsg === 'relation "products" does not exist' {errorMsg === 'relation "products" does not exist'
? 'The database schema is missing. Please sync your local data to this environment.' ? 'The database schema is missing. Please run migrations for this environment.'
: errorMsg || 'The application cannot connect to the Directus CMS.'} : 'A content service is unavailable. Check the deployment logs for details.'}
</p> </p>
<div className="flex gap-2"> <div className="flex gap-2">
<button <button