v0.4.1: docker fixes, deployed state improvements

fix(deployed): support internal JWT for deployed child workflow executions (#1498 )
fix(ci): fix docker manifest build (#1495 )
2026-01-09 23:17:59 -05:00 · 2025-09-30 01:16:28 -07:00 · 2025-09-30 01:14:32 -07:00 · 2025-09-29 20:57:00 -07:00 · 2025-09-29 20:55:52 -07:00
2 changed files with 20 additions and 10 deletions
--- a/.github/workflows/images.yml
+++ b/.github/workflows/images.yml
@@ -129,12 +129,9 @@ jobs:

      - name: Generate ARM64 tags
        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ matrix.image }}
-          tags: |
-            type=raw,value=latest-arm64
-            type=sha,format=long,suffix=-arm64
+        run: |
+          IMAGE="${{ matrix.image }}"
+          echo "tags=${IMAGE}:latest-arm64,${IMAGE}:${{ github.sha }}-arm64" >> $GITHUB_OUTPUT

      - name: Build and push ARM64 to GHCR
        uses: useblacksmith/build-push-action@v2
--- a/apps/sim/app/api/workflows/[id]/deployed/route.ts
+++ b/apps/sim/app/api/workflows/[id]/deployed/route.ts
@@ -1,6 +1,7 @@
 import { db, workflowDeploymentVersion } from '@sim/db'
 import { and, desc, eq } from 'drizzle-orm'
 import type { NextRequest, NextResponse } from 'next/server'
+import { verifyInternalToken } from '@/lib/auth/internal'
 import { createLogger } from '@/lib/logs/console/logger'
 import { generateRequestId } from '@/lib/utils'
 import { validateWorkflowPermissions } from '@/lib/workflows/utils'
@@ -23,10 +24,22 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
  try {
    logger.debug(`[${requestId}] Fetching deployed state for workflow: ${id}`)

-    const { error } = await validateWorkflowPermissions(id, requestId, 'read')
-    if (error) {
-      const response = createErrorResponse(error.message, error.status)
-      return addNoCacheHeaders(response)
+    const authHeader = request.headers.get('authorization')
+    let isInternalCall = false
+
+    if (authHeader?.startsWith('Bearer ')) {
+      const token = authHeader.split(' ')[1]
+      isInternalCall = await verifyInternalToken(token)
+    }
+
+    if (!isInternalCall) {
+      const { error } = await validateWorkflowPermissions(id, requestId, 'read')
+      if (error) {
+        const response = createErrorResponse(error.message, error.status)
+        return addNoCacheHeaders(response)
+      }
+    } else {
+      logger.debug(`[${requestId}] Internal API call for deployed workflow: ${id}`)
    }

    const [active] = await db
Author	SHA1	Message	Date
Waleed	f9f84111cb	v0.4.1: docker fixes, deployed state improvements	2025-09-30 01:16:28 -07:00
Waleed	01ffee8e7c	fix(deployed): support internal JWT for deployed child workflow executions (#1498 )	2025-09-30 01:14:32 -07:00
Siddharth Ganesan	367189fe15	fix(ci): fix docker manifest build (#1495 )	2025-09-29 20:57:00 -07:00
Siddharth Ganesan	7de9e5fb19	fix(ci): fix docker manifest build	2025-09-29 20:55:52 -07:00