diff --git a/.github/workflows/cd-macmini.yml b/.github/workflows/cd-macmini.yml index ead03e74a..77a7c6482 100644 --- a/.github/workflows/cd-macmini.yml +++ b/.github/workflows/cd-macmini.yml @@ -340,6 +340,35 @@ jobs: . "$ENV_FILE" set +a PG_PASSWORD="${POSTGRES_PASSWORD:-mana123}" + + # `drizzle-kit` reads `drizzle.config.ts`, which itself + # `import {defineConfig} from 'drizzle-kit'`. Node's resolver + # only finds that import when the package lives in the local + # node_modules — `pnpm dlx` puts it in the global cache, + # invisible to a from-cwd resolve. So before running any + # migration we install workspace deps for every Drizzle + # service in this deploy. pnpm's lockfile cache makes the + # second-and-later runs near-instant. + DRIZZLE_SVCS="" + for svc in $SERVICES; do + if [ -f "services/$svc/drizzle.config.ts" ] || [ -f "services/$svc/drizzle.config.js" ]; then + DRIZZLE_SVCS="$DRIZZLE_SVCS $svc" + fi + done + if [ -n "$DRIZZLE_SVCS" ]; then + echo "Installing workspace deps for Drizzle services:$DRIZZLE_SVCS" + # Use pnpm's path-based filter (`--filter ./services/...`) + # because our service package names don't follow a uniform + # convention (`@mana/auth` vs `@mana/credits-service` etc.). + # The trailing `...` includes transitive workspace deps. + FILTER_FLAGS="" + for svc in $DRIZZLE_SVCS; do + FILTER_FLAGS="$FILTER_FLAGS --filter ./services/$svc..." + done + # shellcheck disable=SC2086 + pnpm install $FILTER_FLAGS --frozen-lockfile --ignore-scripts 2>&1 | tail -5 || true + fi + # Most services live in mana_platform; mana-sync (Go, no # Drizzle) and a handful of others use mana_sync. Per-service # routing is read straight from compose's DATABASE_URL env. diff --git a/scripts/mac-mini/safe-db-push.sh b/scripts/mac-mini/safe-db-push.sh index 44dbb8181..f331cc6ea 100755 --- a/scripts/mac-mini/safe-db-push.sh +++ b/scripts/mac-mini/safe-db-push.sh @@ -57,16 +57,17 @@ fi cd "$SVC_DIR" -# Pick how we'll invoke drizzle-kit. The Mac Mini runner doesn't run -# `pnpm install` for the workspace (everything builds inside Docker), -# so the per-service node_modules/.bin/drizzle-kit binary is missing. -# `pnpm dlx` fetches drizzle-kit on demand, caches it in the global -# pnpm store, and is then fast on every subsequent call. drizzle-kit -# reads its config from cwd so it still finds drizzle.config.ts here. -if pnpm exec --silent drizzle-kit --version >/dev/null 2>&1; then - DRIZZLE="pnpm exec drizzle-kit" -else - DRIZZLE="pnpm dlx drizzle-kit" +# Drizzle-kit must be available as a workspace-local module — its +# binary AND the import that drizzle.config.ts performs both go +# through Node's local-dir resolver. The CD pipeline runs `pnpm +# install --filter ./services/...` before invoking this script +# so every Drizzle service has node_modules/.bin/drizzle-kit + the +# importable package linked. `pnpm dlx` doesn't work here because +# its global cache isn't on Node's resolution path for the config +# file's `import { defineConfig } from 'drizzle-kit'`. +if ! pnpm exec drizzle-kit --version >/dev/null 2>&1; then + echo "[safe-db-push] $SVC: drizzle-kit not installed in workspace — run \`pnpm install --filter ./services/$SVC...\` first" + exit 0 fi # Snapshot the existing migration set before we generate. Anything new @@ -75,7 +76,7 @@ PRE_GEN_FILES=$(find drizzle -maxdepth 2 -name '*.sql' 2>/dev/null | sort || tru # Generate-only — does not touch the database. echo "[safe-db-push] $SVC: generating diff…" -GEN_OUT=$($DRIZZLE generate --name "__ci_safety_check_$$" 2>&1 || true) +GEN_OUT=$(pnpm exec drizzle-kit generate --name "__ci_safety_check_$$" 2>&1 || true) echo "$GEN_OUT" | tail -20 POST_GEN_FILES=$(find drizzle -maxdepth 2 -name '*.sql' 2>/dev/null | sort || true) @@ -132,5 +133,5 @@ fi # Additive only — safe to apply. echo "[safe-db-push] $SVC: ✓ additive only, applying…" -$DRIZZLE push --force +pnpm exec drizzle-kit push --force echo "[safe-db-push] $SVC: ✓ schema is now in sync"