Add: Implemented better GitHub CI actions workflow and preview URL handling.

Author: rafmevis

.github/workflows/feature-api.yaml

@@ -0,0 +1,75 @@
+name: Feature API Deploy
+permissions:
+  contents: read
+  pull-requests: write
+on:
+  push:
+    branches:
+      - 'feature/**'
+      - 'feat/**'
+    paths:
+      - apps/api/**
+      - packages/**
+      - "!packages/email/**"
+      - "!packages/ui/**"
+jobs:
+  deploy:
+    name: 🚀 Deploy Feature API to Fly
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+      - name: Install dependencies
+        run: bun install
+      - name: 🔦 Run linter
+        run: bun run lint
+        working-directory: ./apps/api
+      - name: 🪐 Check TypeScript
+        run: bun run typecheck
+        working-directory: ./apps/api
+      
+      # Create a branch-specific Fly app name
+      - name: Set Fly app name
+        id: fly-app
+        run: |
+          BRANCH_NAME=$(echo "${{ github.ref_name }}" | sed 's/[^a-zA-Z0-9-]/-/g' | cut -c1-30)
+          APP_NAME="avelero-api-${BRANCH_NAME}"
+          echo "app_name=${APP_NAME}" >> $GITHUB_OUTPUT
+          echo "Deploying to: ${APP_NAME}"
+      
+      - uses: superfly/flyctl-actions/setup-flyctl@master
+      
+      # Deploy to branch-specific Fly app
+      - name: Deploy to Fly
+        run: |
+          flyctl deploy --remote-only \
+            --dockerfile apps/api/Dockerfile \
+            --config apps/api/fly-preview.yml \
+            --app ${{ steps.fly-app.outputs.app_name }} \
+            --auto-confirm || flyctl apps create ${{ steps.fly-app.outputs.app_name }} && \
+          flyctl deploy --remote-only \
+            --dockerfile apps/api/Dockerfile \
+            --config apps/api/fly-preview.yml \
+            --app ${{ steps.fly-app.outputs.app_name }}
+        env:
+          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN_STAGING }}
+      
+      - name: Get deployment URL
+        id: deploy-url
+        run: |
+          URL="https://${{ steps.fly-app.outputs.app_name }}.fly.dev"
+          echo "url=${URL}" >> $GITHUB_OUTPUT
+      
+      - name: Comment on PR
+        if: github.event_name == 'pull_request'
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: '🚀 API Preview deployed to: ${{ steps.deploy-url.outputs.url }}'
+            })

.github/workflows/feature-app.yaml

@@ -0,0 +1,75 @@
+name: Feature Deployment - App
+env:
+  VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
+  VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID_APP }}
+  TURBO_TOKEN: ${{ secrets.VERCEL_TOKEN }}
+  TURBO_TEAM: ${{ secrets.VERCEL_ORG_ID }}
+on:
+  push:
+    branches:
+      - 'feature/**'
+      - 'feat/**'
+    paths:
+      - apps/app/**
+      - packages/**
+  pull_request:
+    branches:
+      - staging
+      - main
+    paths:
+      - apps/app/**
+      - packages/**
+permissions:
+  contents: read
+  pull-requests: write
+jobs:
+  deploy-feature:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+      - name: Install dependencies
+        run: bun install
+      - name: 🔦 Run linter
+        run: bun run lint
+        working-directory: ./apps/app
+      - name: 🪐 Check TypeScript
+        run: NODE_OPTIONS="--max-old-space-size=8192" bun run typecheck
+        working-directory: ./apps/app
+      
+      - name: 📤 Pull Vercel Environment Information
+        run: bunx vercel pull --yes --environment=preview --token=${{ secrets.VERCEL_TOKEN }}
+      
+      - name: 🏗 Build Project Artifacts
+        run: bunx vercel build --token=${{ secrets.VERCEL_TOKEN }}
+      
+      - name: 📤 Pull Environment Variables to .env
+        run: bunx vercel env pull .env --yes --environment=preview --token=${{ secrets.VERCEL_TOKEN }}
+      
+      - name: 🔄 Deploy Background Jobs
+        env:
+          TRIGGER_ACCESS_TOKEN: ${{ secrets.TRIGGER_ACCESS_TOKEN }}
+        run: |
+          TRIGGER_PROJECT_ID=${{ secrets.TRIGGER_PROJECT_ID }} bunx trigger.dev@4.0.2 deploy
+        working-directory: packages/jobs
+      
+      - name: 🚀 Deploy to Vercel
+        id: deploy
+        run: |
+          DEPLOYMENT_URL=$(bunx vercel deploy --prebuilt --archive=tgz --token=${{ secrets.VERCEL_TOKEN }})
+          echo "url=${DEPLOYMENT_URL}" >> $GITHUB_OUTPUT
+          echo "Deployed to: ${DEPLOYMENT_URL}"
+      
+      - name: Comment on PR
+        if: github.event_name == 'pull_request'
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: '🚀 App Preview deployed to: ${{ steps.deploy.outputs.url }}'
+            })

apps/api/src/index.ts

@@ -12,7 +12,26 @@ app.use(secureHeaders());
 app.use(
   "*",
   cors({
-    origin: process.env.ALLOWED_API_ORIGINS?.split(",") ?? [],
+    origin: (origin, c) => {
+      if (!origin) return origin; // Allow requests with no origin
+      
+      const allowedOrigins = process.env.ALLOWED_API_ORIGINS?.split(",") ?? [];
+      
+      // Check exact matches first (most secure and fastest)
+      if (allowedOrigins.includes(origin)) return origin;
+      
+      // Check wildcard patterns (only if explicitly configured)
+      const isAllowed = allowedOrigins.some(pattern => {
+        if (pattern.includes('*')) {
+          // Escape dots and replace * with .*
+          const regex = new RegExp(`^${pattern.replace(/\./g, '\\.').replace(/\*/g, '.*')}$`);
+          return regex.test(origin);
+        }
+        return false;
+      });
+      
+      return isAllowed ? origin : undefined;
+    },
     allowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"],
     allowHeaders: [
       "Authorization",
@@ -44,4 +63,4 @@ app.get("/health", (c) => c.json({ status: "ok" }, 200));
 export default {
   port: process.env.PORT ? Number.parseInt(process.env.PORT) : 4000,
   fetch: app.fetch,
-};
+};