Skip to content

Post-deploy migrate

Post-deploy migrate #5

name: Post-deploy migrate
# Vercel deploys via its Git integration and reports back to GitHub as a
# deployment_status. When a PRODUCTION deployment succeeds, hit the token-authed
# /api/migrate endpoint on that exact deployment URL to apply pending migrations.
# The migrator is idempotent, so re-runs are safe no-ops.
on:
deployment_status:
jobs:
migrate:
# Only production deployments that finished successfully.
if: >-
github.event.deployment_status.state == 'success' &&
github.event.deployment.environment == 'Production'
runs-on: ubuntu-latest
steps:
- name: Apply migrations on the deployed instance
env:
MIGRATE_SECRET: ${{ secrets.MIGRATE_SECRET }}
TARGET_URL: https://worldhello.osbytes.io
run: |
set -euo pipefail
if [ -z "${MIGRATE_SECRET:-}" ]; then
echo "MIGRATE_SECRET secret is not set — skipping migrate." >&2
exit 1
fi
if [ -z "${TARGET_URL:-}" ]; then
echo "No deployment URL on the event — cannot migrate." >&2
exit 1
fi
echo "Migrating against ${TARGET_URL%/}/api/migrate"
code=$(curl -sS -o /tmp/body.txt -w '%{http_code}' \
-X POST "${TARGET_URL%/}/api/migrate" \
-H "Authorization: Bearer ${MIGRATE_SECRET}")
echo "HTTP ${code}"
cat /tmp/body.txt
echo
# 200 = applied/no-op. Anything else fails the job so a bad migration is loud.
[ "$code" = "200" ]