From 4843618f14254cbccb59abd1ce3e1282898af4e4 Mon Sep 17 00:00:00 2001 From: Zbigniew Sobiecki Date: Fri, 20 Feb 2026 19:56:51 +0000 Subject: [PATCH 1/2] ci: add database migration step to deploy workflows Run drizzle-kit migrate before restarting services so schema changes are applied automatically on each deploy. Uses the dashboard builder stage (which has drizzle-kit and migrations) with the drizzle config mounted from the workspace. Requires DEV_DATABASE_URL secret for dev deploys and DATABASE_URL secret for production deploys. Co-Authored-By: Claude Opus 4.6 --- .github/workflows/deploy-dev.yml | 9 +++++++++ .github/workflows/deploy.yml | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 6df39a38..5ef2e402 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -58,6 +58,15 @@ jobs: cascade-frontend-dev:build \ wrangler pages deploy dist/web --project-name=cascade-dashboard-dev --branch=main + - name: Run database migrations (dev) + run: | + docker build --target=builder -f Dockerfile.dashboard -t cascade-migrator:dev . + docker run --rm \ + -e DATABASE_URL="${{ secrets.DEV_DATABASE_URL }}" \ + -v "${{ github.workspace }}/drizzle.config.ts:/app/drizzle.config.ts" \ + cascade-migrator:dev \ + ./node_modules/.bin/drizzle-kit migrate + - name: Pull and restart cascade-router-dev run: | cd /opt/services diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 84d98df8..7b11a663 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -51,6 +51,15 @@ jobs: -e CLOUDFLARE_ACCOUNT_ID="${{ secrets.CLOUDFLARE_ACCOUNT_ID }}" \ cascade-frontend:build + - name: Run database migrations + run: | + docker build --target=builder -f Dockerfile.dashboard -t cascade-migrator:latest . + docker run --rm \ + -e DATABASE_URL="${{ secrets.DATABASE_URL }}" \ + -v "${{ github.workspace }}/drizzle.config.ts:/app/drizzle.config.ts" \ + cascade-migrator:latest \ + ./node_modules/.bin/drizzle-kit migrate + - name: Restart cascade-router run: | cd /opt/services From e40086fde93f990850840d665ea5fe1c3f517d13 Mon Sep 17 00:00:00 2001 From: Zbigniew Sobiecki Date: Fri, 20 Feb 2026 20:05:19 +0000 Subject: [PATCH 2/2] fix(claude-code): add /workspace to allowed directories for Claude Code SDK Claude Code CLI 2.1.44 introduced stricter path validation that rejects cwd paths outside the working directory. This caused "Path access denied" errors for the planning agent on damisa (and any project using claude-code backend). Adding `additionalDirectories: [getWorkspaceDir()]` explicitly allows the /workspace directory tree. Co-Authored-By: Claude Opus 4.6 --- src/backends/claude-code/index.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/backends/claude-code/index.ts b/src/backends/claude-code/index.ts index 8216a10e..1fdf05e3 100644 --- a/src/backends/claude-code/index.ts +++ b/src/backends/claude-code/index.ts @@ -11,6 +11,7 @@ import type { import { storeLlmCall } from '../../db/repositories/runsRepository.js'; import { logger } from '../../utils/logging.js'; import { extractPRUrl } from '../../utils/prUrl.js'; +import { getWorkspaceDir } from '../../utils/repo.js'; import type { AgentBackend, AgentBackendInput, @@ -387,6 +388,7 @@ export class ClaudeCodeBackend implements AgentBackend { model, systemPrompt, cwd: input.repoDir, + additionalDirectories: [getWorkspaceDir()], maxBudgetUsd: input.budgetUsd, permissionMode: 'bypassPermissions', allowDangerouslySkipPermissions: true,