Skip to content

WIP; do not merge - testing Vercel build triggers #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
timrcm wants to merge 6 commits into
base: main
Choose a base branch
from
Open

WIP; do not merge - testing Vercel build triggers #39

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
9b52774
[VW-12] Allow github actions to control Vercel builds
timrcm Jan 6, 2026
198d6d7
Attempt to trigger Vercel build
timrcm Jan 7, 2026
d66d8c2
Pull vercel env info before build
timrcm Jan 7, 2026
acafbba
Attempt to trigger Vercel build
timrcm Jan 7, 2026
70605c6
attempt build with VERCEL_TOKEN as env var
timrcm Jan 7, 2026
247552f
confirmed that token must be passed as cli argument
timrcm Jan 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions .github/workflows/vercel-preview-deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: Vercel Preview Deployment

env:
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}

on:
pull_request:
types: [opened, synchronize, reopened]

jobs:
Deploy-Preview:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Vercel CLI
run: npm install --global vercel@latest
- name: Pull Vercel env info
run: vercel pull --yes --environment=preview --token=${{ secrets.VERCEL_TOKEN }}
- name: Build
run: vercel build --token=${{ secrets.VERCEL_TOKEN }}
- name: Deploy preview
run: vercel deploy --prebuilt --token=${{ secrets.VERCEL_TOKEN }} --yes
24 changes: 24 additions & 0 deletions .github/workflows/vercel-production-deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Vercel Production Deployment

env:
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}

on:
push:
branches:
- main
Comment on lines +7 to +10
Copy link

@coderabbitai coderabbitai bot Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Add concurrency controls for production deployments.

Without concurrency controls, rapid pushes to main could trigger multiple simultaneous production deployments. For production, it's critical to ensure only one deployment runs at a time and that the latest commit is deployed.

🔎 Recommended addition after line 10 
 on:
   push:
     branches:
       - main
+
+concurrency:
+  group: production
+  cancel-in-progress: false

Note: Using cancel-in-progress: false ensures deployments complete in order rather than canceling in-progress ones.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
on:
push:
branches:
- main
on:
push:
branches:
- main
concurrency:
group: production
cancel-in-progress: false
🤖 Prompt for AI Agents 
In @.github/workflows/vercel-production-deployment.yml around lines 7 - 10, Add
a concurrency section to the GitHub Actions workflow to serialize production
deployments: under the top-level trigger (after the existing on: push: branches:
- main), add a concurrency block with a descriptive group name like
"production-deploy" that includes the repository and github.ref or
github.ref_name to ensure only one deployment for main runs at a time, and set
cancel-in-progress: false so newer pushes wait and the latest commit is deployed
in order. Ensure the concurrency block is present at top-level of the workflow
YAML (same indentation as on: and jobs:) so it applies to the entire workflow.


jobs:
Deploy-Production:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Vercel CLI
run: npm install --global vercel@latest
- name: Pull Vercel env info
run: vercel pull --yes --environment=production --token=${{ secrets.VERCEL_TOKEN }}
- name: Build
run: vercel build --prod --token=${{ secrets.VERCEL_TOKEN }}
- name: Deploy production
run: vercel deploy --prebuilt --prod --token=${{ secrets.VERCEL_TOKEN }} --yes
Comment on lines +20 to +24
Copy link

@coderabbitai coderabbitai bot Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Token exposure risk in command-line arguments.

Passing VERCEL_TOKEN as a CLI argument can expose it in logs. Use environment variables instead, which Vercel CLI reads automatically.

🔎 Recommended fix to use environment variables for the token 
       - name: Pull Vercel env info
-        run: vercel pull --yes --environment=production --token=${{ secrets.VERCEL_TOKEN }}
+        run: vercel pull --yes --environment=production
+        env:
+          VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
       - name: Build
-        run: vercel build --prod --token=${{ secrets.VERCEL_TOKEN }}
+        run: vercel build --prod
+        env:
+          VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
       - name: Deploy production
-        run: vercel deploy --prebuilt --prod --token=${{ secrets.VERCEL_TOKEN }} --yes
+        run: vercel deploy --prebuilt --prod --yes
+        env:
+          VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
run: vercel pull --yes --environment=production --token=${{ secrets.VERCEL_TOKEN }}
- name: Build
run: vercel build --prod --token=${{ secrets.VERCEL_TOKEN }}
- name: Deploy production
run: vercel deploy --prebuilt --prod --token=${{ secrets.VERCEL_TOKEN }} --yes
run: vercel pull --yes --environment=production
env:
VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
- name: Build
run: vercel build --prod
env:
VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
- name: Deploy production
run: vercel deploy --prebuilt --prod --yes
env:
VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
🤖 Prompt for AI Agents 
In @.github/workflows/vercel-production-deployment.yml around lines 20 - 24,
Remove the --token CLI flags from the vercel commands and instead export
VERCEL_TOKEN as an environment variable for the steps; specifically, update the
steps that run "vercel pull --yes --environment=production --token=${{
secrets.VERCEL_TOKEN }}", "vercel build --prod --token=${{ secrets.VERCEL_TOKEN
}}", and "vercel deploy --prebuilt --prod --token=${{ secrets.VERCEL_TOKEN }}
--yes" to drop the --token arguments and add env: VERCEL_TOKEN: ${{
secrets.VERCEL_TOKEN }} on the job/step that runs these commands so the Vercel
CLI reads the token from the environment rather than exposing it in command-line
logs.