Chore/vercel env sync

[coderisedev]

• Branch: chore/vercel-env-sync

• Compare/PR: https://github.com/coderisedev/cs/compare/chore/vercel-env-sync?expand=1

• Included files:

  • .github/workflows/sync-vercel-env.yml
  • scripts/vercel/upsert-env.sh
  • infra/gcp/env/medusa.env.example
  • scripts/gce/configure-secrets.sh
  • apps/storefront/.env.local.example

• 总结说明
  - Developer Performance: Added quick-check gate and low‑resource build. See docs/runbooks/developer-performance.md for pnpm quick-check, pnpm
  build:quick, and resource limit tips.

  • 文档路径
    • docs/runbooks/developer-performance.md

[vercel]

Someone is attempting to deploy this pull request to the coderisedev-3303's projects Team on Vercel.

To accomplish this, the commit author's email address needs to be associated with a GitHub account.

Learn more about how to change the commit author information.

[Copilot]

Pull Request Overview

This PR establishes a Vercel environment synchronization workflow and extends the CI/CD pipeline with automated E2E testing capabilities using Playwright. It also updates CORS configuration to support both production and staging storefronts for OAuth callbacks.

Key Changes:

• Added GitHub Actions workflow for syncing environment variables to Vercel projects (production and staging)
• Implemented Playwright E2E test harness with smoke tests for storefront, admin apps, and health endpoints
• Updated AUTH_CORS configuration to include both production and staging domains for OAuth callback support

Reviewed Changes

Copilot reviewed 19 out of 20 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
.github/workflows/sync-vercel-env.yml	New workflow for syncing environment variables to Vercel projects via API
scripts/vercel/upsert-env.sh	Bash script to upsert individual environment variables in Vercel projects
scripts/gce/configure-secrets.sh	Updated AUTH_CORS to allow both production and staging domains
infra/gcp/env/medusa.env.example	Updated example environment file with corrected domains and new Sentry configuration
apps/storefront/.env.local.example	Comprehensive environment variable documentation for storefront
.github/workflows/deploy-services.yml	Added post-deploy smoke checks job and first-init workflow support
playwright.config.ts	Playwright configuration for E2E tests
tests/e2e/*.spec.ts	E2E test specs for smoke tests, health checks, and admin apps
package.json	Added Playwright dependency and test scripts
turbo.json	Added typecheck task
apps/*/package.json	Added typecheck scripts to medusa, strapi, and storefront
apps/medusa/jest.config.js	Updated Jest config with ES2022 target
docs/stories/story-1.7.md	Story documentation for E2E test harness
docs/sprint-status.yaml	Updated story statuses

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The error handling with || true silently suppresses all curl/jq failures. If the API call fails for reasons other than the variable not existing (e.g., invalid token, network issues), the script will proceed to create a new variable without awareness of the failure. Consider checking the HTTP response code explicitly or logging a warning when the API call fails.

Suggested change

	EXISTING=$(curl -fsSL -H "Authorization: Bearer $VERCEL_TOKEN" "$LIST_URL" | jq -r --arg KEY "$KEY" '.envs[]? | select(.key==$KEY) | .id' || true)
	RESPONSE=$(mktemp)
	HTTP_STATUS=$(curl -sSL -w "%{http_code}" -o "$RESPONSE" -H "Authorization: Bearer $VERCEL_TOKEN" "$LIST_URL")
	if [[ "$HTTP_STATUS" -ne 200 ]]; then
	echo "Error: Failed to fetch environment variables from Vercel API (HTTP $HTTP_STATUS)" >&2
	cat "$RESPONSE" >&2
	rm -f "$RESPONSE"
	exit 1
	fi
	EXISTING=$(jq -r --arg KEY "$KEY" '.envs[]? | select(.key==$KEY) | .id' < "$RESPONSE")
	rm -f "$RESPONSE"

[Copilot]

The deletion failure is silently ignored with || true. If deletion fails (e.g., due to permissions or API errors), the subsequent creation may fail with a conflict error. Consider logging deletion failures or checking the response to provide clearer error messages.

Suggested change

	curl -fsSL -X DELETE -H "Authorization: Bearer $VERCEL_TOKEN" "$DEL_URL" >/dev/null || true
	if ! curl -fsSL -X DELETE -H "Authorization: Bearer $VERCEL_TOKEN" "$DEL_URL" >/dev/null; then
	echo "Failed to delete existing environment variable with id $EXISTING (key: $KEY) from project $PROJECT_ID" >&2
	exit 2
	fi

[Copilot]

The expression inputs.db_password != '' && inputs.first_init && inputs.db_password is redundant since inputs.db_password appears twice. The middle check inputs.first_init should be sufficient along with the first non-empty check. Simplify to: github.event_name == 'workflow_dispatch' && inputs.first_init && inputs.db_password || secrets.GCE_DB_PASSWORD || ''

Suggested change

	DB_PW: ${{ github.event_name == 'workflow_dispatch' && inputs.db_password != '' && inputs.first_init && inputs.db_password || secrets.GCE_DB_PASSWORD || '' }}
	DB_PW: ${{ github.event_name == 'workflow_dispatch' && inputs.first_init && inputs.db_password || secrets.GCE_DB_PASSWORD || '' }}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
cs	Error			Oct 28, 2025 0:38am
cs-production	Error			Oct 28, 2025 0:38am
cs-staging	Error			Oct 28, 2025 0:38am