fix: github workflow

Author: iamjr15

.github/workflows/deploy-cloud-run.yml

@@ -0,0 +1,89 @@
+name: Deploy to Google Cloud Run
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+env:
+  PROJECT_ID: cheatcode-backend
+  SERVICE_API: cheatcode-api
+  SERVICE_WORKER: cheatcode-worker
+  REGION: asia-south1
+  IMAGE_NAME: gcr.io/cheatcode-backend/backend-api
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Configure Docker for GCR
+        run: gcloud auth configure-docker
+
+      - name: Set image tag
+        id: image_tag
+        run: |
+          echo "tag=latest" >> $GITHUB_OUTPUT
+
+      - name: Build Docker image
+        run: |
+          docker build -t ${{ env.IMAGE_NAME }}:${{ steps.image_tag.outputs.tag }} ./backend
+
+      - name: Push Docker image
+        run: |
+          docker push ${{ env.IMAGE_NAME }}:${{ steps.image_tag.outputs.tag }}
+
+      - name: Deploy API service to Cloud Run
+        run: |
+          gcloud run deploy ${{ env.SERVICE_API }} \
+            --image ${{ env.IMAGE_NAME }}:${{ steps.image_tag.outputs.tag }} \
+            --platform managed \
+            --region ${{ env.REGION }} \
+            --allow-unauthenticated \
+            --port 8000 \
+            --set-secrets "ENV_MODE=ENV_MODE:latest,REDIS_URL=REDIS_URL:latest,SUPABASE_URL=SUPABASE_URL:latest,SUPABASE_ANON_KEY=SUPABASE_ANON_KEY:latest,SUPABASE_SERVICE_ROLE_KEY=SUPABASE_SERVICE_ROLE_KEY:latest,ANTHROPIC_API_KEY=ANTHROPIC_API_KEY:latest,OPENAI_API_KEY=OPENAI_API_KEY:latest,OPENROUTER_API_KEY=OPENROUTER_API_KEY:latest,MORPH_API_KEY=MORPH_API_KEY:latest,MODEL_TO_USE=MODEL_TO_USE:latest,CLERK_SECRET_KEY=CLERK_SECRET_KEY:latest,CLERK_DOMAIN=CLERK_DOMAIN:latest,DODO_PAYMENTS_API_KEY=DODO_PAYMENTS_API_KEY:latest,DODO_PAYMENTS_WEBHOOK_SECRET=DODO_PAYMENTS_WEBHOOK_SECRET:latest,TAVILY_API_KEY=TAVILY_API_KEY:latest,FIRECRAWL_API_KEY=FIRECRAWL_API_KEY:latest,FIRECRAWL_URL=FIRECRAWL_URL:latest,DAYTONA_API_KEY=DAYTONA_API_KEY:latest,DAYTONA_SERVER_URL=DAYTONA_SERVER_URL:latest,DAYTONA_TARGET=DAYTONA_TARGET:latest,LANGFUSE_PUBLIC_KEY=LANGFUSE_PUBLIC_KEY:latest,LANGFUSE_SECRET_KEY=LANGFUSE_SECRET_KEY:latest,LANGFUSE_HOST=LANGFUSE_HOST:latest,FREESTYLE_API_KEY=FREESTYLE_API_KEY:latest,FEATURE_FLAGS_ENABLED=FEATURE_FLAGS_ENABLED:latest,PIPEDREAM_CLIENT_ID=PIPEDREAM_CLIENT_ID:latest,PIPEDREAM_CLIENT_SECRET=PIPEDREAM_CLIENT_SECRET:latest,PIPEDREAM_PROJECT_ID=PIPEDREAM_PROJECT_ID:latest,PIPEDREAM_X_PD_ENVIRONMENT=PIPEDREAM_X_PD_ENVIRONMENT:latest,SMITHERY_API_KEY=SMITHERY_API_KEY:latest,MCP_CREDENTIAL_ENCRYPTION_KEY=MCP_CREDENTIAL_ENCRYPTION_KEY:latest,GOOGLE_API_KEY=GOOGLE_API_KEY:latest,NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY:latest,NEXT_PUBLIC_URL=NEXT_PUBLIC_URL:latest" \
+            --memory 4Gi \
+            --cpu 2 \
+            --concurrency 160 \
+            --max-instances 3 \
+            --min-instances 1 \
+            --no-cpu-throttling \
+            --timeout 900
+
+      - name: Deploy Worker service to Cloud Run
+        run: |
+          gcloud run deploy ${{ env.SERVICE_WORKER }} \
+            --image ${{ env.IMAGE_NAME }}:${{ steps.image_tag.outputs.tag }} \
+            --platform managed \
+            --region ${{ env.REGION }} \
+            --allow-unauthenticated \
+            --port 8000 \
+            --set-secrets "ENV_MODE=ENV_MODE:latest,REDIS_URL=REDIS_URL:latest,SUPABASE_URL=SUPABASE_URL:latest,SUPABASE_ANON_KEY=SUPABASE_ANON_KEY:latest,SUPABASE_SERVICE_ROLE_KEY=SUPABASE_SERVICE_ROLE_KEY:latest,ANTHROPIC_API_KEY=ANTHROPIC_API_KEY:latest,OPENAI_API_KEY=OPENAI_API_KEY:latest,OPENROUTER_API_KEY=OPENROUTER_API_KEY:latest,MORPH_API_KEY=MORPH_API_KEY:latest,MODEL_TO_USE=MODEL_TO_USE:latest,CLERK_SECRET_KEY=CLERK_SECRET_KEY:latest,CLERK_DOMAIN=CLERK_DOMAIN:latest,DODO_PAYMENTS_API_KEY=DODO_PAYMENTS_API_KEY:latest,DODO_PAYMENTS_WEBHOOK_SECRET=DODO_PAYMENTS_WEBHOOK_SECRET:latest,TAVILY_API_KEY=TAVILY_API_KEY:latest,FIRECRAWL_API_KEY=FIRECRAWL_API_KEY:latest,FIRECRAWL_URL=FIRECRAWL_URL:latest,DAYTONA_API_KEY=DAYTONA_API_KEY:latest,DAYTONA_SERVER_URL=DAYTONA_SERVER_URL:latest,DAYTONA_TARGET=DAYTONA_TARGET:latest,LANGFUSE_PUBLIC_KEY=LANGFUSE_PUBLIC_KEY:latest,LANGFUSE_SECRET_KEY=LANGFUSE_SECRET_KEY:latest,LANGFUSE_HOST=LANGFUSE_HOST:latest,FREESTYLE_API_KEY=FREESTYLE_API_KEY:latest,FEATURE_FLAGS_ENABLED=FEATURE_FLAGS_ENABLED:latest,PIPEDREAM_CLIENT_ID=PIPEDREAM_CLIENT_ID:latest,PIPEDREAM_CLIENT_SECRET=PIPEDREAM_CLIENT_SECRET:latest,PIPEDREAM_PROJECT_ID=PIPEDREAM_PROJECT_ID:latest,PIPEDREAM_X_PD_ENVIRONMENT=PIPEDREAM_X_PD_ENVIRONMENT:latest,SMITHERY_API_KEY=SMITHERY_API_KEY:latest,MCP_CREDENTIAL_ENCRYPTION_KEY=MCP_CREDENTIAL_ENCRYPTION_KEY:latest,GOOGLE_API_KEY=GOOGLE_API_KEY:latest,NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY:latest,NEXT_PUBLIC_URL=NEXT_PUBLIC_URL:latest" \
+            --memory 4Gi \
+            --cpu 2 \
+            --concurrency 80 \
+            --max-instances 2 \
+            --min-instances 1 \
+            --no-cpu-throttling \
+            --timeout 900 \
+            --command="uv" \
+            --args="run,python,worker_service.py"
+
+      - name: Output deployment URLs
+        run: |
+          echo "API Service URL: $(gcloud run services describe ${{ env.SERVICE_API }} --region=${{ env.REGION }} --format='value(status.url)')"
+          echo "Worker Service URL: $(gcloud run services describe ${{ env.SERVICE_WORKER }} --region=${{ env.REGION }} --format='value(status.url)')"

.github/workflows/docker-build.yml

@@ -35,8 +35,8 @@ Build, run, and ship full-stack applications with an agent that codes, executes,
 
 Cheatcode is a full-stack application that pairs a Next.js dashboard with a FastAPI backend to provide an AI agent capable of:
 
-- Creating and modifying projects and threads with a collaborative chat interface
-- Executing actions inside isolated sandboxes using Daytona for code execution and app previews
+- Creating and modifying projects and threads with a collaborative chat interface  
+- Executing all code operations in isolated sandboxes using Daytona (required for file operations, shell commands, and app previews)
 - Integrating with multiple LLM providers including OpenAI, Anthropic, OpenRouter, and Groq via LiteLLM
 - Managing authentication and data through Supabase with Redis for queues and caching
 - Supporting web browsing and crawling via external APIs with optional billing and usage tracking
@@ -121,11 +121,11 @@ graph TD
 
 - **Supabase project** with URL, anon key, and service role key
 - **Clerk application** with publishable key and secret key
+- **Daytona account** with API key, server URL, and target for sandbox code execution and app previews
 - **At least one LLM provider**: OpenAI, Anthropic, OpenRouter, or Groq API key
 
 ### Optional Integrations
 
-- **Daytona account** for sandbox code execution and app previews
 - **Sentry** for error monitoring
 - **Langfuse** for LLM observability
 
@@ -155,16 +155,16 @@ CLERK_SECRET_KEY=YOUR_CLERK_SECRET_KEY
 # Redis (Docker Compose uses service name 'redis')
 REDIS_URL=redis://redis:6379
 
+# Sandbox Integration (Required)
+DAYTONA_API_KEY=YOUR_DAYTONA_API_KEY
+DAYTONA_SERVER_URL=YOUR_DAYTONA_SERVER_URL
+DAYTONA_TARGET=YOUR_DAYTONA_TARGET
+
 # LLM Providers (choose at least one)
 OPENAI_API_KEY=YOUR_OPENAI_API_KEY
 ANTHROPIC_API_KEY=YOUR_ANTHROPIC_API_KEY
 OPENROUTER_API_KEY=YOUR_OPENROUTER_API_KEY
 
-# Optional: Sandbox Integration
-DAYTONA_API_KEY=YOUR_DAYTONA_API_KEY
-DAYTONA_SERVER_URL=YOUR_DAYTONA_SERVER_URL
-DAYTONA_TARGET=YOUR_DAYTONA_TARGET
-
 # Optional: External Services
 TAVILY_API_KEY=YOUR_TAVILY_API_KEY
 FIRECRAWL_API_KEY=YOUR_FIRECRAWL_API_KEY
@@ -214,6 +214,7 @@ docker compose up --build
 2. **Frontend Access**: Visit http://localhost:3000 and sign in with Clerk
 3. **Create Project**: Create a new project and thread
 4. **Test Agent**: Send a message and start the agent
+5. **Verify Sandbox**: Ensure Daytona credentials are working - the agent cannot execute code without a properly configured Daytona sandbox environment
 
 ## Local Development
 
@@ -272,9 +273,9 @@ npm run dev
 | `ANTHROPIC_API_KEY` | * | Anthropic API key |
 | `OPENROUTER_API_KEY` | * | OpenRouter API key |
 | `GROQ_API_KEY` | * | Groq API key |
-| `DAYTONA_API_KEY` | No | Daytona API key for sandboxes |
-| `DAYTONA_SERVER_URL` | No | Daytona server URL |
-| `DAYTONA_TARGET` | No | Daytona target environment |
+| `DAYTONA_API_KEY` | Yes | Daytona API key for sandbox code execution |
+| `DAYTONA_SERVER_URL` | Yes | Daytona server URL |
+| `DAYTONA_TARGET` | Yes | Daytona target environment |
 | `TAVILY_API_KEY` | No | Tavily API key for web search |
 | `FIRECRAWL_API_KEY` | No | Firecrawl API key for web scraping |
 | `LANGFUSE_PUBLIC_KEY` | No | Langfuse public key for LLM observability |
@@ -527,10 +528,11 @@ sudo usermod -aG docker $USER
    - Check rate limits and usage quotas
    - Review backend logs for LLM errors
 
-3. **Sandbox Issues**
-   - Ensure Daytona credentials are configured
+3. **Sandbox Issues** (Required for core functionality)
+   - Ensure Daytona credentials are configured (required for code execution)
    - Check Daytona service status
    - Verify network connectivity to Daytona servers
+   - Note: The agent cannot execute code or create files without working Daytona integration
 
 ### Getting Help
 

.github/workflows/update-PROD.yml

@@ -23,17 +23,19 @@ COPY --chown=app:app . .
 USER app
 
 ENV PYTHONPATH=/app
-EXPOSE 8000
+# Support both local development and Cloud Run PORT env var
+ENV PORT=8000
+EXPOSE $PORT
 
 # Container health-check
-HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -f http://localhost:8000/api/health || exit 1
+HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -f http://localhost:${PORT}/api/health || exit 1
 
 # Gunicorn – compute optimal workers (2×CPU+1) at runtime
 CMD ["sh", "-c", "CPU=$(getconf _NPROCESSORS_ONLN); WORKERS=$((2*CPU+1)); exec \
 uv run gunicorn main:app \
   --workers ${WORKERS} \
   --worker-class uvicorn.workers.UvicornWorker \
-  --bind 0.0.0.0:8000 \
+  --bind 0.0.0.0:${PORT} \
   --timeout 1800 \
   --graceful-timeout 600 \
   --keep-alive 1800 \