ci: Add ephemeral preview deployments for pull requests#43
ci: Add ephemeral preview deployments for pull requests#43
Conversation
Each PR push builds the in-repo CLI from source, runs analyze + build, and deploys to a unique Vercel preview URL posted back as a sticky PR comment. Lets reviewers click through and validate site output before merging. Fork PRs are skipped (no secrets exposure under pull_request).
|
ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughA new GitHub Actions workflow deploys ephemeral Vercel previews for same-repository pull requests. It checks out code, sets up Node.js and builds the in-repo CLI, runs ChangesPR Preview Deployment Workflow
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
| Filename | Overview |
|---|---|
| .github/workflows/deploy-vercel-preview.yml | New workflow for ephemeral Vercel preview deployments on PRs; correctly guards against fork PRs, uses smart concurrency, and posts sticky comments — third-party action is unpinned by SHA and Yarn caching is missing |
Reviews (1): Last reviewed commit: "feat(ci): add ephemeral Vercel preview d..." | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }} | ||
|
|
||
| - name: Comment preview URL on PR (sticky) | ||
| uses: marocchino/sticky-pull-request-comment@v2 |
There was a problem hiding this comment.
v2) rather than an immutable commit SHA. If the v2 tag is ever force-pushed (accidentally or maliciously), the workflow would execute the updated code with pull-requests: write access and the GITHUB_TOKEN. Pinning to the exact SHA the tag currently resolves to eliminates that exposure.
| uses: marocchino/sticky-pull-request-comment@v2 | |
| uses: marocchino/sticky-pull-request-comment@<current-sha> # v2 |
| - uses: actions/setup-node@v6 | ||
| with: | ||
| node-version: 22 |
There was a problem hiding this comment.
setup-node step doesn't enable Yarn caching. Every PR run does a fresh yarn install. Adding cache: 'yarn' restores the cache from a prior run if the lockfile hasn't changed, cutting the install step from tens of seconds to near-zero on cache hits.
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 22 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 22 | |
| cache: 'yarn' |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/deploy-vercel-preview.yml:
- Around line 86-90: Remove the --token="$VERCEL_TOKEN" flag from the vercel
deploy command so the CLI reads VERCEL_TOKEN from the environment; update the
run block that currently contains vercel deploy --prebuilt --yes
--token="$VERCEL_TOKEN" to simply call vercel deploy --prebuilt --yes and ensure
the workflow continues to set VERCEL_TOKEN in env so the CLI picks it up
natively.
- Line 88: Replace the unpinned global install "npm install -g vercel@latest"
with a pinned CLI version to avoid accidental breaking changes; update the
workflow to use a specific version string (or a VERCEL_CLI_VERSION variable)
instead of `@latest` and ensure the workflow step that runs the deploy and
captures URL (the URL=$(vercel deploy ...) usage) uses that pinned install so
the stdout contract remains stable.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 034d8e71-eac2-4bae-a6ff-dc7e2352ff92
📒 Files selected for processing (1)
.github/workflows/deploy-vercel-preview.yml
- Pin marocchino/sticky-pull-request-comment to commit SHA (v2.9.4) — matches the SHA-pin convention already used in lint-pr-title.yml; Dependabot will rotate it. - Drop `--token` flag from `vercel deploy` — VERCEL_TOKEN is already in env, the flag exposed it in /proc/<pid>/cmdline. - Pin `vercel` CLI to v53 instead of @latest, so a future semver-breaking release can't silently break URL capture. - Enable Yarn cache on setup-node to speed up `yarn install`.
There was a problem hiding this comment.
znat has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/deploy-vercel-preview.yml:
- Around line 101-111: The "Comment preview URL on PR (sticky)" step uses
marocchino/sticky-pull-request-comment and runs only on success, leaving a stale
comment when deploy fails; update the workflow so this step runs regardless of
job success (e.g., add if: always() to the step) and change the message to
reflect failure when steps.deploy.outputs.url is unavailable (use
github.event.pull_request.head.sha and conditionally output a failure note or a
blank/removed URL) so the sticky comment is updated on both success and failure.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: a124cc29-7e9b-43c4-9b9f-f268e54fbeff
📒 Files selected for processing (1)
.github/workflows/deploy-vercel-preview.yml
znat
changed the title
|
Vercel preview — built from |
Without an `if:` guard, the comment step only runs on success, so a later failed run would leave the previous run's URL/SHA pinned at the top of the PR. Splits into success/failure variants sharing the same sticky header so the comment always reflects the latest run.
There was a problem hiding this comment.
znat has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.
2 participants
Summary
This PR adds a new GitHub Actions workflow that automatically deploys ephemeral preview builds to Vercel for each pull request, allowing reviewers to test CLI changes in a live environment before merging.
Key Changes
deploy-vercel-preview.ymlthat triggers on PR events (opened, synchronize, reopened)pull_requesteventsImplementation Details
VERCEL_TOKEN,VERCEL_ORG_ID,VERCEL_PROJECT_ID) andMINIMAX_API_KEY--prebuiltflag with Vercel CLI to deploy pre-built output without triggering Vercel's build system--prodflag to generate unique preview URLs per buildset -euo pipefailin shell stepspull-requests: writepermission for posting sticky commentshttps://claude.ai/code/session_019V8WesTVrDcAovLA1tSfPy
Summary by CodeRabbit