From c6c043c5ca56f3b6475077ed3ab0aba53262b8a1 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 23 Feb 2026 08:22:24 +0000
Subject: [PATCH 1/4] Initial plan


From cc31713d376f7a664a8449b62d3bb067a46b1557 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 23 Feb 2026 08:38:55 +0000
Subject: [PATCH 2/4] =?UTF-8?q?ci:=20deploy=20strategy=20main=E2=86=92prod?=
 =?UTF-8?q?uction,=20develop=E2=86=92preview;=20replace=20blacksmith=20run?=
 =?UTF-8?q?ners=20with=20ubuntu-latest?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: exzosverse-os <248856943+exzosverse-os@users.noreply.github.com>
---
 .github/workflows/deploy.yml       | 28 ++++++++++++++++++----------
 .github/workflows/terraform.yaml   |  2 +-
 .github/workflows/test_client.yaml |  4 ++--
 .github/workflows/test_server.yaml | 10 +++++-----
 clients/apps/web/vercel.json       |  2 +-
 5 files changed, 27 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index b212f53ffe..1707d7424a 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -2,7 +2,7 @@ name: Build and Deploy
 
 on:
   push:
-    branches: ["main"]
+    branches: ["main", "develop"]
     paths:
       - "server/**"
       - ".github/workflows/deploy.yml"
@@ -34,13 +34,13 @@ jobs:
   build:
     name: "Build Docker Image 🐳"
     concurrency:
-      group: build-deploy
+      group: build-deploy-${{ github.ref_name }}
       cancel-in-progress: true
 
     needs: changes
     if: needs.changes.outputs.backend == 'true' || github.event_name == 'workflow_dispatch'
     timeout-minutes: 20
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
@@ -51,7 +51,7 @@ jobs:
       - uses: actions/checkout@v6
 
       - name: Set up Docker Buildx
-        uses: useblacksmith/setup-docker-builder@v1
+        uses: docker/setup-buildx-action@v3
 
       - name: Log in to the Container registry
         uses: docker/login-action@v3
@@ -74,7 +74,7 @@ jobs:
             type=sha
             type=raw,value=latest,enable={{is_default_branch}}
 
-      - uses: useblacksmith/build-push-action@v2
+      - uses: docker/build-push-action@v6
         id: push
         with:
           push: true
@@ -97,7 +97,7 @@ jobs:
             type=sha
             type=raw,value=latest,enable={{is_default_branch}}
 
-      - uses: useblacksmith/build-push-action@v2
+      - uses: docker/build-push-action@v6
         id: push-playwright
         with:
           push: true
@@ -111,9 +111,13 @@ jobs:
             IPINFO_ACCESS_TOKEN=${{ secrets.IPINFO_ACCESS_TOKEN }}
 
   deploy-sandbox:
-    name: "Deploy to Sandbox 🧪"
+    name: "Deploy to Sandbox 🧪 (Preview)"
     needs: [changes, build]
-    if: always() && (needs.build.result == 'success' || needs.build.result == 'skipped') && (needs.changes.outputs.backend == 'true' || github.event_name == 'workflow_dispatch')
+    if: >-
+      always() &&
+      github.ref_name == 'develop' &&
+      (needs.build.result == 'success' || needs.build.result == 'skipped') &&
+      (needs.changes.outputs.backend == 'true' || github.event_name == 'workflow_dispatch')
     uses: ./.github/workflows/deploy-environment.yml
     with:
       environment: sandbox
@@ -131,8 +135,12 @@ jobs:
 
   deploy-production:
     name: "Deploy to Production 🚀"
-    needs: [changes, build, deploy-sandbox]
-    if: always() && !failure() && !cancelled() && (needs.build.result == 'success' || needs.build.result == 'skipped') && (needs.changes.outputs.backend == 'true' || github.event_name == 'workflow_dispatch')
+    needs: [changes, build]
+    if: >-
+      always() &&
+      github.ref_name == 'main' &&
+      (needs.build.result == 'success' || needs.build.result == 'skipped') &&
+      (needs.changes.outputs.backend == 'true' || github.event_name == 'workflow_dispatch')
     uses: ./.github/workflows/deploy-environment.yml
     with:
       environment: production
diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml
index 04d4bb7930..b86f66f8ba 100644
--- a/.github/workflows/terraform.yaml
+++ b/.github/workflows/terraform.yaml
@@ -18,7 +18,7 @@ permissions:
 jobs:
   fmt:
     name: "Terraform: Lint 📝"
-    runs-on: blacksmith-2vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
       - uses: actions/checkout@v6
diff --git a/.github/workflows/test_client.yaml b/.github/workflows/test_client.yaml
index 43125fcba2..8fee7a4216 100644
--- a/.github/workflows/test_client.yaml
+++ b/.github/workflows/test_client.yaml
@@ -16,7 +16,7 @@ permissions:
 jobs:
   changes:
     name: "Detect changes"
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     outputs:
       clients: ${{ steps.filter.outputs.clients }}
     steps:
@@ -34,7 +34,7 @@ jobs:
     needs: changes
     if: needs.changes.outputs.clients == 'true'
     timeout-minutes: 15
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
 
     env:
       TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
diff --git a/.github/workflows/test_server.yaml b/.github/workflows/test_server.yaml
index 57ff154cfd..7d24818a83 100644
--- a/.github/workflows/test_server.yaml
+++ b/.github/workflows/test_server.yaml
@@ -13,7 +13,7 @@ permissions:
 jobs:
   changes:
     name: "Detect changes"
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     outputs:
       server: ${{ steps.filter.outputs.server }}
       migrations: ${{ steps.filter.outputs.migrations }}
@@ -39,7 +39,7 @@ jobs:
     needs: changes
     if: needs.changes.outputs.server == 'true'
     timeout-minutes: 15
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
 
@@ -78,7 +78,7 @@ jobs:
     name: "Server: Tinybird Schema 🐦"
     needs: changes
     if: needs.changes.outputs.tinybird == 'true'
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     services:
       tinybird:
         image: tinybirdco/tinybird-local:latest
@@ -107,7 +107,7 @@ jobs:
     name: "Server: Migration Check 📚"
     needs: changes
     if: needs.changes.outputs.migrations == 'true' && github.event_name == 'pull_request'
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     steps:
       - name: Check for disallowed files
         id: check
@@ -188,7 +188,7 @@ jobs:
     name: "Server: Tests 🐍"
     needs: changes
     if: needs.changes.outputs.server == 'true'
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: ubuntu-latest
     timeout-minutes: 15
     env:
       POLAR_ENV: testing
diff --git a/clients/apps/web/vercel.json b/clients/apps/web/vercel.json
index 8f33973693..755cb48e74 100644
--- a/clients/apps/web/vercel.json
+++ b/clients/apps/web/vercel.json
@@ -1,7 +1,7 @@
 {
   "$schema": "https://openapi.vercel.sh/vercel.json",
   "buildCommand": "cd ../.. && turbo run build --filter=web",
-  "ignoreCommand": "if [ \"$VERCEL_GIT_COMMIT_REF\" != \"main\" ]; then exit 0; fi; npx turbo-ignore",
+  "ignoreCommand": "if [ \"$VERCEL_GIT_COMMIT_REF\" != \"main\" ] && [ \"$VERCEL_GIT_COMMIT_REF\" != \"develop\" ]; then exit 0; fi; npx turbo-ignore",
   "rewrites": [
     {
       "source": "/_mintlify/api/:path+",

From 5fa07b606fc7075361f4f3b24299d5d324149428 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 23 Feb 2026 08:54:28 +0000
Subject: [PATCH 3/4] Initial plan


From 899a8329e0954e83fdf7a31bd0448f3e3dcf4a97 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 23 Feb 2026 09:00:54 +0000
Subject: [PATCH 4/4] fix: make IPInfo download resilient to missing
 IPINFO_ACCESS_TOKEN secret

When the IPINFO_ACCESS_TOKEN secret is not configured in the repository,
BuildKit doesn't create the secret mount at /run/secrets/IPINFO_ACCESS_TOKEN.
The build then fails with: cat: can't open '/run/secrets/IPINFO_ACCESS_TOKEN': No such file or directory

This change adds a conditional check for the secret file existence before
attempting to read it. If the secret is not available, the build continues
with a warning and skips the IPInfo database download.

Co-authored-by: exzosverse-os <248856943+exzosverse-os@users.noreply.github.com>
---
 server/Dockerfile | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/server/Dockerfile b/server/Dockerfile
index 56ac826dda..5e2b0b5f3d 100644
--- a/server/Dockerfile
+++ b/server/Dockerfile
@@ -39,10 +39,14 @@ RUN apk add --no-cache curl jq
 
 RUN --mount=type=secret,id=IPINFO_ACCESS_TOKEN \
   mkdir /data && \
-  TOKEN=$(cat /run/secrets/IPINFO_ACCESS_TOKEN) && \
-  EXPECTED_SHA256=$(curl -fsSL "https://ipinfo.io/data/free/country_asn.mmdb/checksums?token=${TOKEN}" | jq -r '.checksums.sha256') && \
-  curl -fsSL "https://ipinfo.io/data/free/country_asn.mmdb?token=${TOKEN}" -o /data/country_asn.mmdb && \
-  echo "${EXPECTED_SHA256}  /data/country_asn.mmdb" | sha256sum -c -
+  if [ -f /run/secrets/IPINFO_ACCESS_TOKEN ]; then \
+    TOKEN=$(cat /run/secrets/IPINFO_ACCESS_TOKEN) && \
+    EXPECTED_SHA256=$(curl -fsSL "https://ipinfo.io/data/free/country_asn.mmdb/checksums?token=${TOKEN}" | jq -r '.checksums.sha256') && \
+    curl -fsSL "https://ipinfo.io/data/free/country_asn.mmdb?token=${TOKEN}" -o /data/country_asn.mmdb && \
+    echo "${EXPECTED_SHA256}  /data/country_asn.mmdb" | sha256sum -c - ; \
+  else \
+    echo "WARNING: IPINFO_ACCESS_TOKEN not provided, skipping IPInfo database download" ; \
+  fi
 
 # Stage 4: Final production image
 FROM --platform=$BUILDPLATFORM python:3.14-slim AS production