feat(ci): consolidate ci, make db migrations dependent on ecr success, remove turbopack for staging/prod builds (#1449)

* Remove turbopack * Fix ci errors * Sim agent import fix * Lint * Ci orchestration * Lint * Ci updates * Tdz fix for generate * Remove logger * Fix imports * Lint
2026-01-07 22:24:06 -05:00 · 2025-09-25 12:26:25 -07:00
parent 928581f387
commit d381a69c9f
21 changed files with 315 additions and 40 deletions
--- a/.github/workflows/build-ecr.yml
+++ b/.github/workflows/build-ecr.yml
@@ -3,6 +3,7 @@ name: Build and Push to ECR
 on:
  push:
    branches: [main, staging]
+  workflow_call:

 permissions:
  id-token: write
--- a/.github/workflows/build-ghcr-build.yml
+++ b/.github/workflows/build-ghcr-build.yml
@@ -0,0 +1,83 @@
+name: Build GHCR Images (Build Only)
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # AMD64 builds on x86 runners
+          - dockerfile: ./docker/app.Dockerfile
+            image: ghcr.io/simstudioai/simstudio
+            platform: linux/amd64
+            arch: amd64
+            runner: linux-x64-8-core
+          - dockerfile: ./docker/db.Dockerfile
+            image: ghcr.io/simstudioai/migrations
+            platform: linux/amd64
+            arch: amd64
+            runner: linux-x64-8-core
+          - dockerfile: ./docker/realtime.Dockerfile
+            image: ghcr.io/simstudioai/realtime
+            platform: linux/amd64
+            arch: amd64
+            runner: linux-x64-8-core
+          # ARM64 builds on native ARM64 runners
+          - dockerfile: ./docker/app.Dockerfile
+            image: ghcr.io/simstudioai/simstudio
+            platform: linux/arm64
+            arch: arm64
+            runner: linux-arm64-8-core
+          - dockerfile: ./docker/db.Dockerfile
+            image: ghcr.io/simstudioai/migrations
+            platform: linux/arm64
+            arch: arm64
+            runner: linux-arm64-8-core
+          - dockerfile: ./docker/realtime.Dockerfile
+            image: ghcr.io/simstudioai/realtime
+            platform: linux/arm64
+            arch: arm64
+            runner: linux-arm64-8-core
+    runs-on: ${{ matrix.runner }}
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ matrix.image }}
+          tags: |
+            type=raw,value=latest-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/main' }}
+            type=raw,value=staging-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/staging' }}
+            type=raw,value=staging-${{ github.sha }}-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/staging' }}
+            type=sha,format=long,suffix=-${{ matrix.arch }}
+
+      - name: Build Docker image (no push)
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          platforms: ${{ matrix.platform }}
+          push: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=build-v3
+          cache-to: type=gha,mode=max,scope=build-v3
+          provenance: false
+          sbom: false 
--- a/.github/workflows/build-ghcr-push.yml
+++ b/.github/workflows/build-ghcr-push.yml
@@ -0,0 +1,148 @@
+name: Push GHCR Images
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  push:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # AMD64 builds
+          - dockerfile: ./docker/app.Dockerfile
+            image: ghcr.io/simstudioai/simstudio
+            platform: linux/amd64
+            arch: amd64
+          - dockerfile: ./docker/db.Dockerfile
+            image: ghcr.io/simstudioai/migrations
+            platform: linux/amd64
+            arch: amd64
+          - dockerfile: ./docker/realtime.Dockerfile
+            image: ghcr.io/simstudioai/realtime
+            platform: linux/amd64
+            arch: amd64
+          # ARM64 builds
+          - dockerfile: ./docker/app.Dockerfile
+            image: ghcr.io/simstudioai/simstudio
+            platform: linux/arm64
+            arch: arm64
+          - dockerfile: ./docker/db.Dockerfile
+            image: ghcr.io/simstudioai/migrations
+            platform: linux/arm64
+            arch: arm64
+          - dockerfile: ./docker/realtime.Dockerfile
+            image: ghcr.io/simstudioai/realtime
+            platform: linux/arm64
+            arch: arm64
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ matrix.image }}
+          tags: |
+            type=raw,value=latest-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/main' }}
+            type=raw,value=staging-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/staging' }}
+            type=raw,value=staging-${{ github.sha }}-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/staging' }}
+            type=sha,format=long,suffix=-${{ matrix.arch }}
+
+      - name: Push Docker image from cache
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          platforms: ${{ matrix.platform }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=build-v3
+          cache-to: type=gha,mode=max,scope=build-v3
+          provenance: false
+          sbom: false
+
+  create-manifests:
+    runs-on: ubuntu-latest
+    needs: push
+    strategy:
+      matrix:
+        include:
+          - image: ghcr.io/simstudioai/simstudio
+          - image: ghcr.io/simstudioai/migrations
+          - image: ghcr.io/simstudioai/realtime
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for manifest
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ matrix.image }}
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=raw,value=staging,enable=${{ github.ref == 'refs/heads/staging' }}
+            type=sha,format=long
+
+      - name: Create and push manifest
+        run: |
+          # Extract the tags from metadata (these are the final manifest tags we want)
+          MANIFEST_TAGS="${{ steps.meta.outputs.tags }}"
+
+          # Create manifest for each tag
+          for manifest_tag in $MANIFEST_TAGS; do
+            echo "Creating manifest for $manifest_tag"
+
+            # The architecture-specific images have -amd64 and -arm64 suffixes
+            amd64_image="${manifest_tag}-amd64"
+            arm64_image="${manifest_tag}-arm64"
+
+            echo "Looking for images: $amd64_image and $arm64_image"
+
+            # Check if both architecture images exist
+            if docker manifest inspect "$amd64_image" >/dev/null 2>&1 && docker manifest inspect "$arm64_image" >/dev/null 2>&1; then
+              echo "Both images found, creating manifest..."
+              docker manifest create "$manifest_tag" \
+                "$amd64_image" \
+                "$arm64_image"
+              docker manifest push "$manifest_tag"
+              echo "Successfully created and pushed manifest for $manifest_tag"
+            else
+              echo "Error: One or both architecture images not found"
+              echo "Checking AMD64 image: $amd64_image"
+              docker manifest inspect "$amd64_image" || echo "AMD64 image not found"
+              echo "Checking ARM64 image: $arm64_image"
+              docker manifest inspect "$arm64_image" || echo "ARM64 image not found"
+              exit 1
+            fi
+          done 
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -3,6 +3,11 @@ name: Build and Publish Docker Image
 on:
  push:
    branches: [main, staging]
+  workflow_call:
+
+permissions:
+  contents: read
+  packages: write

 jobs:
  build-and-push:
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -55,11 +55,54 @@ jobs:
          fail_ci_if_error: false
          verbose: true

+  # Call GHCR build workflow (runs in parallel with ECR)
+  build-ghcr:
+    name: Build GHCR Images
+    needs: test
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
+    uses: ./.github/workflows/build-ghcr-build.yml
+    secrets: inherit
+    permissions:
+      contents: read
+      packages: write
+
+  # Call ECR build workflow (runs in parallel with GHCR build)
+  build-ecr-deploy:
+    name: Build ECR and Deploy
+    needs: test
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
+    uses: ./.github/workflows/build-ecr.yml
+    secrets: inherit
+    permissions:
+      id-token: write
+      contents: read
+
+  # Call Trigger.dev deploy workflow (runs in parallel)
+  trigger-deploy:
+    name: Deploy Trigger.dev
+    needs: test
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
+    uses: ./.github/workflows/trigger-deploy.yml
+    secrets: inherit
+
+  # Push GHCR images after ECR/ECS deployment is complete
+  push-ghcr:
+    name: Push GHCR Images
+    needs: [build-ghcr, build-ecr-deploy]
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
+    uses: ./.github/workflows/build-ghcr-push.yml
+    secrets: inherit
+    permissions:
+      contents: read
+      packages: write
+
+  # Run database migrations (depends on GHCR push and trigger deployment)
  migrations:
    name: Apply Database Migrations
+    needs: [push-ghcr, trigger-deploy]
    runs-on: ubuntu-latest
    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
-    needs: test
+    
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
@@ -77,3 +120,11 @@ jobs:
        env:
          DATABASE_URL: ${{ github.ref == 'refs/heads/main' && secrets.DATABASE_URL || secrets.STAGING_DATABASE_URL }}
        run: bunx drizzle-kit migrate --config=./drizzle.config.ts
+
+  # Process docs embeddings if needed
+  process-docs:
+    name: Process Docs
+    needs: migrations
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
+    uses: ./.github/workflows/docs-embeddings.yml
+    secrets: inherit
--- a/.github/workflows/docs-embeddings.yml
+++ b/.github/workflows/docs-embeddings.yml
@@ -6,6 +6,7 @@ on:
    paths:
      - 'apps/docs/**'
  workflow_dispatch: # Allow manual triggering
+  workflow_call:

 jobs:
  process-docs-embeddings:
--- a/.github/workflows/trigger-deploy.yml
+++ b/.github/workflows/trigger-deploy.yml
@@ -5,6 +5,7 @@ on:
    branches:
      - main
      - staging
+  workflow_call:

 jobs:
  deploy: