whekin/household-bot
1
0
Fork 0
mirror of https://github.com/whekin/household-bot.git synced 2026-03-31 10:24:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(deploy): harden runtime config and migrations

Browse Source
This commit is contained in:
whekin
2026-03-10 17:10:23 +04:00
parent 2efb18a4de
commit 1b490fa4a5
6 changed files with 27 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/runbooks/dev-setup.md
View File

@@ -82,7 +82,7 @@ bun run review:coderabbit
- `GCP_PROJECT_ID`
- `GCP_WORKLOAD_IDENTITY_PROVIDER`
- `GCP_SERVICE_ACCOUNT`
- optional for automated migrations: `DATABASE_URL`
- `DATABASE_URL`
- Optional GitHub variables for deploy:
- `GCP_REGION` (default `europe-west1`)
- `ARTIFACT_REPOSITORY` (default `household-bot`)

6
docs/runbooks/first-deploy.md
View File

@@ -62,7 +62,7 @@ Required for CD:
- `GCP_WORKLOAD_IDENTITY_PROVIDER`
- `GCP_SERVICE_ACCOUNT`
Recommended:
Required for a real deploy:
- `DATABASE_URL`
@@ -152,7 +152,7 @@ Populate GitHub repository secrets with the Terraform outputs:
- `GCP_PROJECT_ID`
- `GCP_WORKLOAD_IDENTITY_PROVIDER`
- `GCP_SERVICE_ACCOUNT`
- optional `DATABASE_URL`
- `DATABASE_URL`
If you prefer the GitHub CLI:
@@ -177,7 +177,7 @@ You have two safe options:
The workflow will:
- optionally run `bun run db:migrate` if `DATABASE_URL` secret is configured
- run `bun run db:migrate` before deploy
- build and push bot and mini app images
- deploy both Cloud Run services

4
docs/runbooks/migrations.md
View File

@@ -47,8 +47,8 @@ bun run build
## CD behavior
- CD deploy can run migrations before deploy **if** `DATABASE_URL` secret is present.
- If `DATABASE_URL` is not set, deploy continues without auto-migration.
- CD deploy runs migrations before deploy and now requires the `DATABASE_URL` GitHub secret.
- If `DATABASE_URL` is missing, CD fails fast instead of deploying schema-dependent code without migrations.
## Safety rules

2
docs/specs/HOUSEBOT-062-first-deploy-runbook.md
View File

@@ -45,7 +45,7 @@ Document the exact first-deploy sequence so one engineer can provision, deploy,
## Edge Cases and Failure Modes
- First Terraform apply may not know the final mini app URL; runbook includes a second apply to set allowed origins.
- Missing `DATABASE_URL` in GitHub secrets skips migration automation.
- Missing `DATABASE_URL` in GitHub secrets blocks CD entirely so schema-dependent deploys cannot ship without migrations.
- Scheduler jobs remain paused and dry-run by default to prevent accidental sends.
## Test Plan