From 104a5a46a017597b222a8331ce8abca2c8f2bf02 Mon Sep 17 00:00:00 2001 From: Till JS Date: Tue, 28 Apr 2026 17:10:08 +0200 Subject: [PATCH] fix(deploy): pnpm install workspace deps before running safe-db-push MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two follow-up fixes after the first migration-step deploy revealed gaps: 1. \`pnpm dlx drizzle-kit\` doesn't work — the drizzle.config.ts file itself does \`import { defineConfig } from 'drizzle-kit'\`, and Node's resolver only finds that import via local node_modules, not pnpm's dlx cache. Reverted to plain \`pnpm exec drizzle-kit\` and require the workspace to be installed. 2. CD now runs \`pnpm install --filter ./services/... --frozen- lockfile --ignore-scripts\` once at the start of the migration step for every Drizzle service in the deploy. Path-based filter (not name-based) because our service package names follow no uniform convention (\`@mana/auth\` vs \`@mana/credits-service\` vs \`@mana/events\`). pnpm's lockfile cache makes second-and-later runs near-instant. 3. Dropped the \`--silent\` flag from \`pnpm exec drizzle-kit --version\` — it isn't a recognised pnpm-exec flag and causes a 254 exit code, making the script's "is drizzle-kit available?" probe always fail. Smoke-tested locally — script now runs cleanly against mana-auth's schema, reports "no changes detected", cleans up the probe SQL file. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/cd-macmini.yml | 29 +++++++++++++++++++++++++++++ scripts/mac-mini/safe-db-push.sh | 25 +++++++++++++------------ 2 files changed, 42 insertions(+), 12 deletions(-) diff --git a/.github/workflows/cd-macmini.yml b/.github/workflows/cd-macmini.yml index ead03e74a..77a7c6482 100644 --- a/.github/workflows/cd-macmini.yml +++ b/.github/workflows/cd-macmini.yml @@ -340,6 +340,35 @@ jobs: . "$ENV_FILE" set +a PG_PASSWORD="${POSTGRES_PASSWORD:-mana123}" + + # `drizzle-kit` reads `drizzle.config.ts`, which itself + # `import {defineConfig} from 'drizzle-kit'`. Node's resolver + # only finds that import when the package lives in the local + # node_modules — `pnpm dlx` puts it in the global cache, + # invisible to a from-cwd resolve. So before running any + # migration we install workspace deps for every Drizzle + # service in this deploy. pnpm's lockfile cache makes the + # second-and-later runs near-instant. + DRIZZLE_SVCS="" + for svc in $SERVICES; do + if [ -f "services/$svc/drizzle.config.ts" ] || [ -f "services/$svc/drizzle.config.js" ]; then + DRIZZLE_SVCS="$DRIZZLE_SVCS $svc" + fi + done + if [ -n "$DRIZZLE_SVCS" ]; then + echo "Installing workspace deps for Drizzle services:$DRIZZLE_SVCS" + # Use pnpm's path-based filter (`--filter ./services/...`) + # because our service package names don't follow a uniform + # convention (`@mana/auth` vs `@mana/credits-service` etc.). + # The trailing `...` includes transitive workspace deps. + FILTER_FLAGS="" + for svc in $DRIZZLE_SVCS; do + FILTER_FLAGS="$FILTER_FLAGS --filter ./services/$svc..." + done + # shellcheck disable=SC2086 + pnpm install $FILTER_FLAGS --frozen-lockfile --ignore-scripts 2>&1 | tail -5 || true + fi + # Most services live in mana_platform; mana-sync (Go, no # Drizzle) and a handful of others use mana_sync. Per-service # routing is read straight from compose's DATABASE_URL env. diff --git a/scripts/mac-mini/safe-db-push.sh b/scripts/mac-mini/safe-db-push.sh index 44dbb8181..f331cc6ea 100755 --- a/scripts/mac-mini/safe-db-push.sh +++ b/scripts/mac-mini/safe-db-push.sh @@ -57,16 +57,17 @@ fi cd "$SVC_DIR" -# Pick how we'll invoke drizzle-kit. The Mac Mini runner doesn't run -# `pnpm install` for the workspace (everything builds inside Docker), -# so the per-service node_modules/.bin/drizzle-kit binary is missing. -# `pnpm dlx` fetches drizzle-kit on demand, caches it in the global -# pnpm store, and is then fast on every subsequent call. drizzle-kit -# reads its config from cwd so it still finds drizzle.config.ts here. -if pnpm exec --silent drizzle-kit --version >/dev/null 2>&1; then - DRIZZLE="pnpm exec drizzle-kit" -else - DRIZZLE="pnpm dlx drizzle-kit" +# Drizzle-kit must be available as a workspace-local module — its +# binary AND the import that drizzle.config.ts performs both go +# through Node's local-dir resolver. The CD pipeline runs `pnpm +# install --filter ./services/...` before invoking this script +# so every Drizzle service has node_modules/.bin/drizzle-kit + the +# importable package linked. `pnpm dlx` doesn't work here because +# its global cache isn't on Node's resolution path for the config +# file's `import { defineConfig } from 'drizzle-kit'`. +if ! pnpm exec drizzle-kit --version >/dev/null 2>&1; then + echo "[safe-db-push] $SVC: drizzle-kit not installed in workspace — run \`pnpm install --filter ./services/$SVC...\` first" + exit 0 fi # Snapshot the existing migration set before we generate. Anything new @@ -75,7 +76,7 @@ PRE_GEN_FILES=$(find drizzle -maxdepth 2 -name '*.sql' 2>/dev/null | sort || tru # Generate-only — does not touch the database. echo "[safe-db-push] $SVC: generating diff…" -GEN_OUT=$($DRIZZLE generate --name "__ci_safety_check_$$" 2>&1 || true) +GEN_OUT=$(pnpm exec drizzle-kit generate --name "__ci_safety_check_$$" 2>&1 || true) echo "$GEN_OUT" | tail -20 POST_GEN_FILES=$(find drizzle -maxdepth 2 -name '*.sql' 2>/dev/null | sort || true) @@ -132,5 +133,5 @@ fi # Additive only — safe to apply. echo "[safe-db-push] $SVC: ✓ additive only, applying…" -$DRIZZLE push --force +pnpm exec drizzle-kit push --force echo "[safe-db-push] $SVC: ✓ schema is now in sync"