Patch send score views security #938
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this is just dev.send.app | |
| name: Deploy Staging | |
| on: | |
| push: | |
| branches: [dev] | |
| workflow_dispatch: | |
| inputs: | |
| skip-supabase-deploy: | |
| description: 'Whether to skip the Supabase deployment.' | |
| required: false | |
| default: 'false' | |
| workflow_call: | |
| secrets: | |
| VERCEL_TOKEN: | |
| description: 'Vercel token' | |
| required: true | |
| VERCEL_PROJECT_ID: | |
| description: 'Vercel project id' | |
| required: true | |
| VERCEL_ORG_ID: | |
| description: 'Vercel org id' | |
| required: true | |
| SUPABASE_ACCESS_TOKEN: | |
| description: 'Supabase access token' | |
| required: true | |
| STAGING_SUPABASE_PROJECT_ID: | |
| description: 'Staging Supabase project id' | |
| required: true | |
| STAGING_SUPABASE_DB_PASSWORD: | |
| description: 'Staging Supabase db password' | |
| required: true | |
| CI_QA_NOTIFICATION_URL: | |
| description: 'QA notification url' | |
| required: true | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| jobs: | |
| schema-drift-check: | |
| name: Check Schema Drift | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Add after dev branch is merged | |
| # with: | |
| # ref: dev | |
| - name: Check for Schema Drift | |
| uses: ./.github/actions/supabase-schema-drift-check | |
| build-distributor: | |
| name: Build Distributor Docker Image | |
| uses: ./.github/workflows/build-distributor.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| with: | |
| environment: staging | |
| secrets: inherit | |
| build-shovel: | |
| name: Build Shovel Docker Image | |
| uses: ./.github/workflows/build-shovel.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| with: | |
| environment: staging | |
| secrets: inherit | |
| deploy: | |
| needs: [schema-drift-check] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| ref: dev | |
| - name: Deploy | |
| uses: ./.github/actions/deploy | |
| with: | |
| vercel-token: ${{ secrets.VERCEL_TOKEN }} | |
| vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }} | |
| vercel-org-id: ${{ secrets.VERCEL_ORG_ID }} | |
| production: false | |
| supabase-project-id: ${{ secrets.STAGING_SUPABASE_PROJECT_ID }} | |
| supabase-access-token: ${{ secrets.SUPABASE_ACCESS_TOKEN }} | |
| supabase-db-password: ${{ secrets.STAGING_SUPABASE_DB_PASSWORD }} | |
| qa-notification-url: ${{ secrets.CI_QA_NOTIFICATION_URL }} | |
| skip-supabase-deploy: ${{ inputs.skip-supabase-deploy }} | |
| - name: Output Docker Image Tags | |
| run: | | |
| echo "Distributor image built: ${{ needs.build-distributor.outputs.image-tag }}" | |
| echo "Shovel image built: ${{ needs.build-shovel.outputs.image-tag }}" |