feat(ci): turbo + affected builds, staging/prod envs, three-workflow split#174
Draft
billwatson017 wants to merge 1 commit intomainfrom
Draft
feat(ci): turbo + affected builds, staging/prod envs, three-workflow split#174billwatson017 wants to merge 1 commit intomainfrom
billwatson017 wants to merge 1 commit intomainfrom
Conversation
…split Replaces the monolithic build-deploy-test.yml + 402-line build-packages.ts with Turborepo-orchestrated builds, env-aware deploys per trigger, and affected-only execution on PRs and main. Infrastructure: - turbo.json at root — Depot remote cache (cache.depot.dev, team l727rgm5x8), globalEnv covers ZE_* + PUBLIC_* for proper cache separation per env, build task with explicit inputs/outputs per bundler config file type - .github/actions/turbo-affected — composite action that runs `turbo ls --affected`, filters by path prefix, outputs JSON matrix (copied from zephyr-cloud-io) - .github/actions/setup-node — standard pnpm + node 24 + install step - pnpm-workspace.yaml — documented why build-systems/** and the two multi-bundler standalones stay excluded (own lockfiles / pinned deps) Workflows: - development.yml — PR trigger. Runs `turbo build --affected` against the PR base SHA, deploys to staging. Standalones run in a matrix, each gated on its own paths-filter so unchanged standalones are skipped. - release.yml — push to main. Same affected pattern vs HEAD^1, deploys to production. Adds a validate job (Playwright deployment tests) gated on successful builds. - manual.yml — workflow_dispatch + repository_dispatch. User picks environment (dev/staging/production), optional plugin upgrade, force rebuild. Builds ALL workspace examples + all standalones for testing package changes end-to-end. Preserves the prior webhook contract. Staging vs prod mechanism: - ZE_ENV env var switches between `staging` and `production` per trigger - ZE_SECRET_TOKEN switches between ZE_SECRET_TOKEN_STAGING and _PROD - ZE_API / ZE_API_GATE point at the correct backend per env - Since ZE_ENV is in turbo's globalEnv, cache is separated across envs Removed: - scripts/src/build-packages.ts — custom concurrency + mtime-based caching replaced by turbo - scripts/package.json — dropped build-packages, build-affected, build-affected:force, build-affected:list scripts (the latter three pointed at a file that never existed). Kept Playwright test scripts and the generate/validate metadata scripts. - .github/workflows/build-deploy-test.yml — replaced by the three new workflows above. Secrets required for CI (some already exist): - ZE_SECRET_TOKEN_DEV, ZE_SECRET_TOKEN_STAGING, ZE_SECRET_TOKEN_PROD - TURBO_TOKEN (Depot cache access) - TURBO_TEAM (repo var — value l727rgm5x8 to share cache with zephyr-cloud-io) Verified locally: - pnpm install succeeds at root; turbo 2.9.6 installed - pnpm exec turbo ls discovers 29 workspace packages - pnpm exec turbo build --dry-run plans tasks for all 29 cleanly
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces the monolithic build-deploy-test.yml + 402-line
build-packages.tswith Turborepo-orchestrated builds, env-aware deploys per trigger, and affected-only execution on PRs and main. Based on the pattern established inzephyr-cloud-io.Behavior after merge
turbo build --affectedvs base SHA + per-standalone paths-filterturbo build --affectedvs previous commit + per-standalone paths-filterInfrastructure added
turbo.json— Depot remote cache (cache.depot.dev, teaml727rgm5x8),globalEnvcoversZE_*+PUBLIC_*for proper per-env cache separation, explicit inputs/outputs per bundler config type..github/actions/setup-node/action.yml— pnpm 10.6.3 + Node 24 + cached install..github/actions/turbo-affected/action.yml— runsturbo ls --affected, filters by path, outputs JSON matrix +any_changedflag. Copied verbatim from zephyr-cloud-io..github/workflows/development.yml— PR flow, staging deploys, affected-only..github/workflows/release.yml— main flow, production deploys, affected-only, + Playwright validation job..github/workflows/manual.yml— full-build flow for testing package changes. Preserves the priorrepository_dispatch: [build-deploy-test]webhook contract.Staging vs prod — how it works
ZE_ENVenv var is the signal. Same Zephyr account, different deployment target label per env. Turbo'sglobalEnvincludesZE_ENV, so staging and prod builds land in different cache slots and don't cross-contaminate.ZE_ENVZE_APIZE_API_GATEdevelopmentZE_SECRET_TOKEN_DEVapi-dev.zephyr-cloud.iozeapi.zephyrcloudapp.devstagingZE_SECRET_TOKEN_STAGINGzephyr-api-prerelease-…zeapi.zephyrcloudapp.xyzproductionZE_SECRET_TOKEN_PRODapi.zephyr-cloud.iozeapi.zephyrcloud.appStandalones strategy
4 examples stay standalone because they have their own lockfiles or require pinned dep stacks that would conflict with the root workspace:
build-systems/nx-rspack-mf(Nx, own lockfile)build-systems/turborepo-rspack-mf(Turbo, own lockfile)module-federation/airbnb-clone(multi-bundler)module-federation/react-vite-rspack-webpack(multi-bundler)Each runs in a matrix job with a
paths-filtergate so unchanged standalones are skipped on PRs and pushes. Onworkflow_dispatch, all 4 build unconditionally.Removed
scripts/src/build-packages.ts(402 lines of custom TS replaced byturbo)scripts/package.jsonscripts:build-packages,build-packages:force,build-affected,build-affected:force,build-affected:list(the latter three pointed at a file that never existed).github/workflows/build-deploy-test.ymlSecrets / vars required before merge
The workflows reference these — must exist in repo secrets/vars:
Secrets:
ZE_SECRET_TOKEN_DEVZE_SECRET_TOKEN_STAGINGZE_SECRET_TOKEN_PRODTURBO_TOKEN(Depot cache token)Vars:
TURBO_TEAM(value:l727rgm5x8to share cache with zephyr-cloud-io)If any are missing, the first workflow run will surface them clearly. Merging without these configured will cause deploys to fail silently-ish (auth errors).
Verified locally
pnpm installsucceeds at root; turbo 2.9.6 installedpnpm exec turbo lsdiscovers 29 workspace packagespnpm exec turbo build --dry-runplans tasks for all 29 cleanlyTURBO_SCM_BASE=origin/main pnpm exec turbo ls --affectedreturns all packages (expected — we changed root-level files inglobalDependencies)Test plan
ZE_SECRET_TOKEN_STAGINGandZE_SECRET_TOKEN_PRODexist (DEV optional)release.ymldetects the same set, deploys to prod, Playwright validation passesworkflow_dispatchwithenvironment: staging— verify all examples build (including standalones)workflow_dispatchwithplugin_version: next— verify Zephyr plugin upgrade works before buildRelated
Open questions
module-federation/airbnb-cloneandmodule-federation/react-vite-rspack-webpack(no lockfiles, low risk) — gains affected detection for two more examples.build:previewtask? zephyr-cloud-io has two turbo tasks (build+build:preview). Skipped here sinceZE_ENValone cleanly separates envs. Add if there's a reason PRs need a distinct task shape.