ToolJet/.github/workflows/cloud-frontend.yml

name: Deploy to cloud frontend

on:
  workflow_dispatch:
    inputs:
      branch:
        description: 'Git branch to deploy (must start with "lts-", e.g., lts-3.6)'
        required: true

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - name: ✅ Check user authorization
        run: |
          allowed_user1=${{ secrets.ALLOWED_USER1_USERNAME }}
          allowed_user2=${{ secrets.ALLOWED_USER2_USERNAME }}
          allowed_user3=${{ secrets.ALLOWED_USER3_USERNAME }}

          if [[ "${{ github.actor }}" != "$allowed_user1" && \
                "${{ github.actor }}" != "$allowed_user2" && \
                "${{ github.actor }}" != "$allowed_user3" ]]; then
            echo "❌ User '${{ github.actor }}' is not authorized to trigger this workflow."
            exit 1
          else
            echo "✅ User '${{ github.actor }}' is authorized."
          fi          

      - name: 📥 Manual Git checkout with submodules
        run: |
          set -e

          BRANCH="${{ github.event.inputs.branch }}"
          REPO="https://x-access-token:${{ secrets.CUSTOM_GITHUB_TOKEN }}@github.com/${{ github.repository }}"

          git config --global url."https://x-access-token:${{ secrets.CUSTOM_GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/"
          git config --global http.version HTTP/1.1
          git config --global http.postBuffer 524288000

          echo "👉 Cloning $REPO (branch: $BRANCH)"
          git clone --recurse-submodules --depth=1 --branch "$BRANCH" "$REPO" repo
          cd repo

          echo "🔁 Updating submodules"
          git submodule update --init --recursive

          echo "🔀 Attempting to checkout '$BRANCH' in each submodule and validating"

          BRANCH="$BRANCH" git submodule foreach --recursive bash -c '
            name="$sm_path"
            echo ""
            echo "Entering '\''$name'\''"
            echo "↪ $name: trying to checkout branch '\''$BRANCH'\''"

            if git ls-remote --exit-code --heads origin "$BRANCH" >/dev/null; then
              git fetch origin "$BRANCH:$BRANCH" || {
                echo "❌ $name: fetch failed for $BRANCH"
                exit 1
              }

              PREV=$(git rev-parse --short HEAD || echo "unknown")
              git checkout "$BRANCH" || {
                echo "❌ $name: checkout failed for $BRANCH"
                exit 1
              }

              echo "Previous HEAD position was $PREV: $(git log -1 --pretty=%s || echo 'unknown')"
              echo "✅ $name: checked out branch $BRANCH"
            else
              echo "⚠️ $name: branch '$BRANCH' not found on origin. Falling back to 'main'"
              PREV=$(git rev-parse --short HEAD || echo "unknown")
              git checkout main && git pull origin main || {
                echo "❌ $name: fallback to main failed"
                exit 1
              }
              echo "Previous HEAD position was $PREV: $(git log -1 --pretty=%s || echo 'unknown')"
              echo "✅ $name: now on branch main"
            fi

            CURRENT=$(git rev-parse --abbrev-ref HEAD)
            echo "🔎 $name: current branch = $CURRENT"
            if [ "$CURRENT" != "$BRANCH" ] && [ "$CURRENT" != "main" ]; then
              echo "❌ $name: unexpected branch state — wanted '$BRANCH' or fallback 'main', got '$CURRENT'"
              exit 1
            fi
          '          

      - name: 🧰 Setup Node.js
        uses: actions/setup-node@v2
        with:
          node-version: 22.15.1

      - name: 📦 Install dependencies
        run: npm install
        working-directory: repo

      - name: 🛠️ Build the project
        run: npm run build:plugins:prod && npm run build:frontend
        working-directory: repo
        env:
          GOOGLE_MAPS_API_KEY: ${{ secrets.CLOUD_GOOGLE_MAPS_API_KEY }}
          NODE_ENV: ${{ secrets.CLOUD_NODE_ENV }}
          NODE_OPTIONS: ${{ secrets.CLOUD_NODE_OPTIONS }}
          SENTRY_AUTH_TOKEN: ${{ secrets.CLOUD_SENTRY_AUTH_TOKEN }}
          SENTRY_ORG: ${{ secrets.CLOUD_SENTRY_ORG }}
          SENTRY_PROJECT: ${{ secrets.CLOUD_SENTRY_PROJECT }}
          SERVE_CLIENT: ${{ secrets.CLOUD_SERVE_CLIENT }}
          SERVER_IP: ${{ secrets.CLOUD_SERVER_IP }}
          TJDB_SQL_MODE_DISABLE: ${{ secrets.CLOUD_TJDB_SQL_MODE_DISABLE }}
          TOOLJET_SERVER_URL: ${{ secrets.CLOUD_TOOLJET_SERVER_URL }}
          TOOLJET_EDITION: cloud
          WEBSITE_SIGNUP_URL: https://website-stage.tooljet.ai/ai-create-account

      - name: 🚀 Deploy to Netlify
        run: |
          npm install -g netlify-cli
          netlify deploy --prod --dir=frontend/build --auth=$NETLIFY_AUTH_TOKEN --site=${{ secrets.CLOUD_NETLIFY_SITE_ID }}          
        working-directory: repo
        env:
          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
          GOOGLE_MAPS_API_KEY: ${{ secrets.CLOUD_GOOGLE_MAPS_API_KEY }}
          NODE_ENV: ${{ secrets.CLOUD_NODE_ENV }}
          NODE_OPTIONS: ${{ secrets.CLOUD_NODE_OPTIONS }}
          SENTRY_AUTH_TOKEN: ${{ secrets.CLOUD_SENTRY_AUTH_TOKEN }}
          SENTRY_ORG: ${{ secrets.CLOUD_SENTRY_ORG }}
          SENTRY_PROJECT: ${{ secrets.CLOUD_SENTRY_PROJECT }}
          SERVE_CLIENT: ${{ secrets.CLOUD_SERVE_CLIENT }}
          SERVER_IP: ${{ secrets.CLOUD_SERVER_IP }}
          TJDB_SQL_MODE_DISABLE: ${{ secrets.CLOUD_TJDB_SQL_MODE_DISABLE }}
          TOOLJET_SERVER_URL: ${{ secrets.CLOUD_TOOLJET_SERVER_URL }}
          WEBSITE_SIGNUP_URL: https://website-stage.tooljet.ai/ai-create-account
          TOOLJET_EDITION: cloud