From 9f8297aa7ed0caabd94eeda79760be6b92cc5752 Mon Sep 17 00:00:00 2001 From: Hardik Date: Sun, 21 Jun 2026 01:07:49 +0530 Subject: [PATCH] feat(staging): auto-refresh staging on every push to master New .forgejo/workflows/staging.yml rebuilds ppms-staging to latest master on every merge (push to master) on the host runner, so staging always mirrors the trunk; concurrency-coalesced + workflow_dispatch. Also drops --update-env from staging-up.sh (and unsets FORGEJO_*) so the runner's ephemeral token can't leak into ppms-staging. Co-Authored-By: Claude Opus 4.8 --- .forgejo/workflows/staging.yml | 27 +++++++++++++++++++++++++++ automation/README.md | 6 +++++- automation/staging-up.sh | 6 +++++- 3 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 .forgejo/workflows/staging.yml diff --git a/.forgejo/workflows/staging.yml b/.forgejo/workflows/staging.yml new file mode 100644 index 0000000..04f892b --- /dev/null +++ b/.forgejo/workflows/staging.yml @@ -0,0 +1,27 @@ +name: Refresh staging + +# Rebuilds the pms1 staging instance (pm2 `ppms-staging`, port 3200) to the latest +# master on every merge to master, so staging always mirrors the trunk for +# smoke-testing before a release tag. Also runnable on demand (workflow_dispatch). +# See automation/README.md > "Staging". + +on: + push: + branches: [master] + workflow_dispatch: {} + +# Only one staging refresh at a time; a newer master push cancels an in-flight build +# (staging-up.sh always checks out the latest origin/master, so the newest wins). +concurrency: + group: refresh-staging + cancel-in-progress: true + +jobs: + refresh: + runs-on: host + steps: + - name: Rebuild staging on latest master + run: | + set -e + export NVM_DIR="$HOME/.nvm"; . "$NVM_DIR/nvm.sh" + "$HOME/issue-watcher/staging-up.sh" diff --git a/automation/README.md b/automation/README.md index e426785..af8b00d 100644 --- a/automation/README.md +++ b/automation/README.md @@ -121,7 +121,11 @@ before a release tag deploys them to prod. - Checkout: `~/pelagia-staging` (separate from `~/pms` and `~/pelagia-autofix`) - Process: pm2 `ppms-staging` on **port 3200**, against the prod-mirror test DB (`pelagia_test`), safe dev mode (console email, local storage, SSO disabled). -- Refresh to newer master + restart: re-run `~/issue-watcher/staging-up.sh`. +- **Auto-refresh:** [`.forgejo/workflows/staging.yml`](../.forgejo/workflows/staging.yml) + rebuilds staging on **every push to `master`** (i.e. every merged PR) on the host runner, + so staging always tracks the trunk. It runs `~/issue-watcher/staging-up.sh`; concurrent + runs are coalesced (newest master wins). Also triggerable on demand (`workflow_dispatch`). +- Manual refresh / restart: re-run `~/issue-watcher/staging-up.sh`. - Stop: `pm2 delete ppms-staging`. - **Access is SSH-tunnel only** — the dev server binds to `127.0.0.1:3200`, so it is not reachable from the public internet. Open a tunnel and browse `http://localhost:3200`: diff --git a/automation/staging-up.sh b/automation/staging-up.sh index 8625bb9..efb3d83 100644 --- a/automation/staging-up.sh +++ b/automation/staging-up.sh @@ -67,8 +67,12 @@ echo "Generating Prisma client..."; pnpm db:generate # must be applied or the new code 500s on the missing columns. echo "Applying pending migrations to the test DB..."; pnpm db:migrate:deploy +# Drop any FORGEJO_* the caller may carry (e.g. when invoked from the Forgejo +# Actions runner, whose ephemeral FORGEJO_TOKEN would otherwise be injected into +# the staging process). NOT --update-env on restart, for the same reason. +for v in $(env | grep -oE '^FORGEJO_[A-Z_]+' || true); do unset "$v"; done if pm2 describe "$NAME" >/dev/null 2>&1; then - pm2 restart "$NAME" --update-env + pm2 restart "$NAME" else pm2 start "$DIR/App/run-staging.sh" --name "$NAME" --interpreter bash fi