eliza/.github/workflows/cloud-cf-deploy.yml at 9224a5f620d2770217c5d569d8586467c130221f · elizaOS/eliza · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
name: Cloud CF Deploy

# Cloudflare deployment for the eliza-cloud SPA + Workers API.
# - push to develop  -> staging   (api-staging.elizacloud.ai + Pages preview "develop")
# - push to main     -> production (api.elizacloud.ai + Pages production)
# - pull_request     -> preview    (Pages preview branch backed by staging API)
#
# Required repo secrets:
#   CLOUDFLARE_API_TOKEN   - account-scoped token with Workers + Pages edit perms
#   CLOUDFLARE_ACCOUNT_ID  - matches account_id in packages/cloud-api/wrangler.toml
#
# Source: cloud/.github/workflows/cf-deploy.yml in the original elizaOS/cloud repo.

on:
  push:
    branches: [main, develop, develop-cf]
    paths:
      - "packages/cloud-api/**"
      - "packages/cloud-frontend/**"
      - "packages/cloud-shared/**"
      - "packages/cloud-services/**"
      - ".github/workflows/cloud-cf-deploy.yml"
  pull_request:
    branches: [main, develop, develop-cf]
    paths:
      - "packages/cloud-api/**"
      - "packages/cloud-frontend/**"
      - "packages/cloud-shared/**"
      - "packages/cloud-services/**"
      - ".github/workflows/cloud-cf-deploy.yml"
  workflow_dispatch:
    inputs:
      environment:
        description: Cloudflare environment to deploy
        required: true
        default: staging
        type: choice
        options:
          - staging
          - production

concurrency:
  group: cloud-cf-deploy-${{ github.ref }}
  cancel-in-progress: true

# Default to least privilege. Override per-job where needed.
permissions:
  contents: read

jobs:
  # ---------------------------------------------------------------------------
  # API Worker
  # ---------------------------------------------------------------------------
  deploy-api:
    name: Deploy API Worker
    runs-on: ubuntu-latest
    if: github.event_name != 'pull_request'
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: "22"

      - uses: oven-sh/setup-bun@v2
        with:
          bun-version: "1.3.13"

      - name: Install dependencies
        run: bun install --no-save && git diff --exit-code -- bun.lock

      - name: Build linked elizaOS workspaces
        run: bun run build:core

      - name: Verify Worker
        run: bun run --cwd packages/cloud-api typecheck

      - name: Run Worker e2e
        run: bun run --cwd packages/cloud-api test:e2e

      - name: Build
        run: bun run --cwd packages/cloud-api build

      - name: Resolve deploy environment
        id: env
        run: |
          if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ "${{ inputs.environment }}" = "production" ]; then
            echo "wrangler_args=--env production" >> "$GITHUB_OUTPUT"
          elif [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            echo "wrangler_args=--env staging" >> "$GITHUB_OUTPUT"
          elif [ "${{ github.ref }}" = "refs/heads/main" ]; then
            echo "wrangler_args=--env production" >> "$GITHUB_OUTPUT"
          else
            echo "wrangler_args=--env staging" >> "$GITHUB_OUTPUT"
          fi

      - name: Check Cloudflare credentials
        id: cf
        env:
          HAS_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN != '' }}
          HAS_ACCOUNT: ${{ secrets.CLOUDFLARE_ACCOUNT_ID != '' }}
          EVENT_NAME: ${{ github.event_name }}
        run: |
          if [ "$HAS_TOKEN" = "true" ] && [ "$HAS_ACCOUNT" = "true" ]; then
            echo "configured=true" >> "$GITHUB_OUTPUT"
          else
            echo "configured=false" >> "$GITHUB_OUTPUT"
            MSG="CLOUDFLARE_API_TOKEN/CLOUDFLARE_ACCOUNT_ID not configured. Add them at https://github.com/elizaOS/eliza/settings/secrets/actions."
            if [ "$EVENT_NAME" = "pull_request" ]; then
              # PRs from forks legitimately lack access to repo secrets.
              echo "::warning::$MSG Skipping Worker deploy (PR event)." >> "$GITHUB_STEP_SUMMARY"
            else
              echo "::error::$MSG Refusing to silently skip Worker deploy on $EVENT_NAME event." >> "$GITHUB_STEP_SUMMARY"
              echo "::error::$MSG Refusing to silently skip Worker deploy on $EVENT_NAME event."
              exit 1
            fi
          fi

      - name: Deploy to Cloudflare Workers
        if: steps.cf.outputs.configured == 'true'
        working-directory: packages/cloud-api
        env:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
        run: bunx wrangler deploy ${{ steps.env.outputs.wrangler_args }}

  # ---------------------------------------------------------------------------
  # Frontend (Cloudflare Pages)
  # ---------------------------------------------------------------------------
  deploy-frontend:
    name: Deploy Frontend (Pages)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: "22"

      - uses: oven-sh/setup-bun@v2
        with:
          bun-version: "1.3.13"

      - name: Install dependencies
        run: bun install --no-save && git diff --exit-code -- bun.lock

      - name: Build linked elizaOS core workspace
        run: bun run build:core

      - name: Verify Frontend
        run: bun run --cwd packages/cloud-frontend typecheck

      - name: Build
        run: bun run --cwd packages/cloud-frontend build
        env:
          # Pages preview/staging/prod all share the same API host today;
          # override per-env if that changes.
          VITE_API_URL: ${{ ((github.event_name == 'workflow_dispatch' && inputs.environment == 'production') || github.ref == 'refs/heads/main') && 'https://api.elizacloud.ai' || 'https://api-staging.elizacloud.ai' }}
          NEXT_PUBLIC_API_URL: ${{ ((github.event_name == 'workflow_dispatch' && inputs.environment == 'production') || github.ref == 'refs/heads/main') && 'https://api.elizacloud.ai' || 'https://api-staging.elizacloud.ai' }}
          NEXT_PUBLIC_APP_URL: ${{ ((github.event_name == 'workflow_dispatch' && inputs.environment == 'production') || github.ref == 'refs/heads/main') && 'https://elizacloud.ai' || 'https://staging.elizacloud.ai' }}
          NEXT_PUBLIC_STEWARD_TENANT_ID: elizacloud
          NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID: ${{ vars.NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID }}

      - name: Resolve Pages branch
        id: pages
        env:
          PR_HEAD_REF: ${{ github.head_ref }}
          EVENT_NAME: ${{ github.event_name }}
        run: |
          if [ "$EVENT_NAME" = "pull_request" ]; then
            echo "branch=$PR_HEAD_REF" >> "$GITHUB_OUTPUT"
          elif [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ "${{ inputs.environment }}" = "production" ]; then
            echo "branch=main" >> "$GITHUB_OUTPUT"
          elif [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            echo "branch=develop" >> "$GITHUB_OUTPUT"
          else
            echo "branch=${GITHUB_REF#refs/heads/}" >> "$GITHUB_OUTPUT"
          fi

      - name: Check Cloudflare credentials
        id: cf
        env:
          HAS_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN != '' }}
          HAS_ACCOUNT: ${{ secrets.CLOUDFLARE_ACCOUNT_ID != '' }}
          EVENT_NAME: ${{ github.event_name }}
        run: |
          if [ "$HAS_TOKEN" = "true" ] && [ "$HAS_ACCOUNT" = "true" ]; then
            echo "configured=true" >> "$GITHUB_OUTPUT"
          else
            echo "configured=false" >> "$GITHUB_OUTPUT"
            MSG="CLOUDFLARE_API_TOKEN/CLOUDFLARE_ACCOUNT_ID not configured. Add them at https://github.com/elizaOS/eliza/settings/secrets/actions."
            if [ "$EVENT_NAME" = "pull_request" ]; then
              # PRs from forks legitimately lack access to repo secrets.
              echo "::warning::$MSG Skipping Pages deploy (PR event)." >> "$GITHUB_STEP_SUMMARY"
            else
              echo "::error::$MSG Refusing to silently skip Pages deploy on $EVENT_NAME event." >> "$GITHUB_STEP_SUMMARY"
              echo "::error::$MSG Refusing to silently skip Pages deploy on $EVENT_NAME event."
              exit 1
            fi
          fi

      - name: Deploy to Cloudflare Pages
        if: steps.cf.outputs.configured == 'true'
        working-directory: packages/cloud-frontend
        env:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
        # Do NOT pass a positional `dist` argument: wrangler.toml already sets
        # `pages_build_output_dir = "./dist"`, and passing both makes wrangler
        # ignore wrangler.toml — which silently drops the `functions/` upload
        # (so `_middleware.ts` never runs and `/api/*` falls through to the
        # SPA's index.html instead of being proxied to the API Worker).
        run: bunx wrangler pages deploy --project-name=eliza-cloud --branch=${{ steps.pages.outputs.branch }}