fix(auth): auto-refresh expired access tokens #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| jobs: | |
| # ============================================ | |
| # CI Jobs - Run on all pushes and PRs | |
| # ============================================ | |
| lint-and-typecheck: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build packages | |
| run: pnpm build:packages | |
| - name: Typecheck | |
| run: pnpm typecheck | |
| # ============================================ | |
| # Release - Auto version bump on main | |
| # ============================================ | |
| release: | |
| runs-on: ubuntu-latest | |
| needs: lint-and-typecheck | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| permissions: | |
| contents: write | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| released: ${{ steps.release.outputs.released }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Configure Git | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| - name: Run release | |
| id: release | |
| run: | | |
| # Get current version | |
| CURRENT_VERSION=$(grep -oP 'VERSION = "\K[^"]+' packages/shared/src/version.ts) | |
| echo "Current version: $CURRENT_VERSION" | |
| # Check if there would be a version bump | |
| DRY_RUN_OUTPUT=$(pnpm release:dry 2>&1 || true) | |
| echo "$DRY_RUN_OUTPUT" | |
| # Extract the new version from dry run | |
| NEW_VERSION=$(echo "$DRY_RUN_OUTPUT" | grep -oP 'bumping version .* to \K[0-9]+\.[0-9]+\.[0-9]+' | head -1 || echo "") | |
| if [ -n "$NEW_VERSION" ] && [ "$NEW_VERSION" != "$CURRENT_VERSION" ]; then | |
| echo "Version bump detected: $CURRENT_VERSION -> $NEW_VERSION" | |
| pnpm release | |
| echo "released=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "No version change needed (current: $CURRENT_VERSION)" | |
| echo "released=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Extract version | |
| id: version | |
| run: | | |
| VERSION=$(grep -oP 'VERSION = "\K[^"]+' packages/shared/src/version.ts) | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "New version: $VERSION" | |
| - name: Push release | |
| if: steps.release.outputs.released == 'true' | |
| run: git push --follow-tags origin main | |
| build-web: | |
| runs-on: ubuntu-latest | |
| needs: lint-and-typecheck | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build packages | |
| run: pnpm build:packages | |
| - name: Build web app | |
| run: pnpm build:web | |
| env: | |
| VITE_SUPABASE_URL: ${{ secrets.SUPABASE_URL || 'http://localhost:54321' }} | |
| VITE_SUPABASE_ANON_KEY: ${{ secrets.SUPABASE_ANON_KEY || 'placeholder' }} | |
| BUILD_NUMBER: ${{ github.run_number }} | |
| COMMIT_SHA: ${{ github.sha }} | |
| BUILD_DATE: ${{ github.event.head_commit.timestamp }} | |
| - name: Upload build artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: web-dist | |
| path: apps/web/dist | |
| # ============================================ | |
| # Deploy Jobs - Only on push to main | |
| # ============================================ | |
| deploy-web: | |
| runs-on: ubuntu-latest | |
| needs: [build-web, release] | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main # Get latest including release commit | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build packages | |
| run: pnpm build:packages | |
| - name: Build web app | |
| run: pnpm build:web | |
| env: | |
| VITE_SUPABASE_URL: ${{ secrets.SUPABASE_URL }} | |
| VITE_SUPABASE_ANON_KEY: ${{ secrets.SUPABASE_ANON_KEY }} | |
| VITE_SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| BUILD_NUMBER: ${{ github.run_number }} | |
| COMMIT_SHA: ${{ github.sha }} | |
| BUILD_DATE: ${{ github.event.head_commit.timestamp }} | |
| - name: Deploy to DigitalOcean | |
| uses: appleboy/scp-action@v0.1.7 | |
| with: | |
| host: ${{ secrets.DO_HOST }} | |
| username: ${{ secrets.DO_USERNAME }} | |
| key: ${{ secrets.DO_SSH_KEY }} | |
| source: 'apps/web/dist/*' | |
| target: '/var/www/lumio' | |
| strip_components: 3 | |
| - name: Reload Nginx | |
| uses: appleboy/ssh-action@v1.0.3 | |
| with: | |
| host: ${{ secrets.DO_HOST }} | |
| username: ${{ secrets.DO_USERNAME }} | |
| key: ${{ secrets.DO_SSH_KEY }} | |
| script: sudo systemctl reload nginx | |
| deploy-migrations: | |
| runs-on: ubuntu-latest | |
| needs: release | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - uses: supabase/setup-cli@v1 | |
| with: | |
| version: latest | |
| - name: Link Supabase project | |
| run: supabase link --project-ref ${{ secrets.SUPABASE_PROJECT_REF }} | |
| env: | |
| SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }} | |
| - name: Run database migrations | |
| run: supabase db push | |
| env: | |
| SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }} | |
| deploy-functions: | |
| runs-on: ubuntu-latest | |
| needs: [release, deploy-migrations] | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main # Get latest including release commit | |
| - name: Extract version info | |
| id: version | |
| run: | | |
| VERSION=$(grep -oP 'VERSION = "\K[^"]+' packages/shared/src/version.ts) | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "build_number=${{ github.run_number }}" >> $GITHUB_OUTPUT | |
| echo "git_sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT | |
| echo "build_date=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_OUTPUT | |
| echo "Version: $VERSION, Build: ${{ github.run_number }}, SHA: ${GITHUB_SHA::7}" | |
| - uses: supabase/setup-cli@v1 | |
| with: | |
| version: latest | |
| - name: Deploy Edge Functions | |
| run: | | |
| supabase functions deploy git-sync --project-ref ${{ secrets.SUPABASE_PROJECT_REF }} | |
| supabase functions deploy llm-proxy --project-ref ${{ secrets.SUPABASE_PROJECT_REF }} | |
| supabase functions deploy study-planner --project-ref ${{ secrets.SUPABASE_PROJECT_REF }} | |
| supabase functions deploy version --project-ref ${{ secrets.SUPABASE_PROJECT_REF }} | |
| env: | |
| SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }} | |
| LUMIO_VERSION: ${{ steps.version.outputs.version }} | |
| BUILD_NUMBER: ${{ steps.version.outputs.build_number }} | |
| GIT_SHA: ${{ steps.version.outputs.git_sha }} | |
| BUILD_DATE: ${{ steps.version.outputs.build_date }} | |
| build-android: | |
| runs-on: ubuntu-latest | |
| needs: release | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main # Get latest including release commit | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'pnpm' | |
| - name: Setup EAS | |
| uses: expo/expo-github-action@v8 | |
| with: | |
| eas-version: latest | |
| token: ${{ secrets.EXPO_TOKEN }} | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build packages | |
| run: pnpm build:packages | |
| - name: Build Android APK | |
| working-directory: apps/mobile | |
| run: eas build --platform android --profile preview --non-interactive |