name: Production Pipeline on: push: branches: [main] jobs: check-migrations: name: Check for new Prisma migrations runs-on: ubuntu-latest outputs: has_new_migrations: ${{ steps.diff.outputs.has_new_migrations }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 # get full history so git diff works properly - name: Detect new migration files id: diff run: | # Compare the last two commits on main if git diff --quiet HEAD~1 -- prisma/migrations/; then echo "✅ No new Prisma migrations detected." echo "has_new_migrations=false" >> $GITHUB_OUTPUT else echo "⚠️ New Prisma migrations detected! Blocking deployment." echo "has_new_migrations=true" >> $GITHUB_OUTPUT fi deploy: name: Deploy to production runs-on: ubuntu-latest needs: check-migrations if: needs.check-migrations.outputs.has_new_migrations == 'false' steps: - uses: actions/checkout@v2 - name: Install Bun run: | curl -fsSL https://bun.sh/install | bash - uses: appleboy/ssh-action@master with: host: ${{ secrets.PROD_HOST }} username: ${{ secrets.PROD_USERNAME }} password: ${{ secrets.PROD_PASSWORD }} port: 22 script: | export PATH=$HOME/.bun/bin:$PATH export PATH=$HOME/.nvm/versions/node/v22.14.0/bin:$PATH echo $PATH cd ~/online-energieausweis git reset --hard origin/main git clean -f -d git pull origin main git status make prod block-deploy: name: Block deployment (new migrations detected) runs-on: ubuntu-latest needs: check-migrations if: needs.check-migrations.outputs.has_new_migrations == 'true' steps: - name: Stop deploy run: | echo "🚫 Deployment blocked because new Prisma migrations were detected." echo "Please apply migrations on staging and verify before deploying to production." exit 1