Update CI/CD workflows to use latest Bun version, replace tj-actions with dorny/paths-filter for changed file checks, and adjust conditionals for infrastructure and web changes. Upgrade Pulumi action version in preview workflow.

claudfuen · claudfuen · commit a267c8db7967 · 2025-07-08T20:32:45.000-04:00
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -19,7 +19,7 @@ jobs:
       - name: Setup Bun
         uses: oven-sh/setup-bun@v2
         with:
-          bun-version: 1.2.8
+          bun-version: latest
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -28,16 +28,16 @@ jobs:
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ env.AWS_REGION }}
 
-      # Check what changed
+      # Check what changed - Using dorny/paths-filter instead of compromised tj-actions
       - name: Check changed files
         id: changed-files
-        uses: tj-actions/changed-files@v44
+        uses: dorny/paths-filter@v3
         with:
-          files_yaml: |
+          filters: |
             infra:
-              - apps/infra/**
+              - 'apps/infra/**'
             web:
-              - apps/web/**
+              - 'apps/web/**'
 
       # Login to ECR (needed for both paths)
       - name: Login to Amazon ECR
@@ -46,7 +46,7 @@ jobs:
 
       # Path 1: Infrastructure changes - let Pulumi handle everything
       - name: Deploy infrastructure with Pulumi
-        if: steps.changed-files.outputs.infra_any_changed == 'true'
+        if: steps.changed-files.outputs.infra == 'true'
         run: |
           cd apps/infra
           bun install
@@ -55,7 +55,7 @@ jobs:
 
       # Path 2: Code-only changes - build image and update ECS directly
       - name: Build and push Docker image
-        if: steps.changed-files.outputs.infra_any_changed != 'true' && steps.changed-files.outputs.web_any_changed == 'true'
+        if: steps.changed-files.outputs.infra != 'true' && steps.changed-files.outputs.web == 'true'
         working-directory: ./apps/web
         env:
           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
@@ -102,7 +102,7 @@ jobs:
 
       # Update ECS service (only if we built a new image)
       - name: Update ECS service
-        if: steps.changed-files.outputs.infra_any_changed != 'true' && steps.changed-files.outputs.web_any_changed == 'true'
+        if: steps.changed-files.outputs.infra != 'true' && steps.changed-files.outputs.web == 'true'
         run: |
           aws ecs update-service \
             --cluster pathfinder-cluster \
@@ -116,4 +116,4 @@ jobs:
       - name: Deployment complete
         run: |
           echo "✅ Deployment completed successfully!"
-          echo "🎯 Deployment type: ${{ steps.changed-files.outputs.infra_any_changed == 'true' && 'Infrastructure + App' || 'App Only' }}"
+          echo "🎯 Deployment type: ${{ steps.changed-files.outputs.infra == 'true' && 'Infrastructure + App' || 'App Only' }}"
diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml
@@ -18,15 +18,7 @@ jobs:
       - name: Setup Bun
         uses: oven-sh/setup-bun@v2
         with:
-          bun-version: 1.2.8
-
-      - name: Setup Node.js (for Pulumi)
-        uses: actions/setup-node@v4
-        with:
-          node-version: "20"
-
-      - name: Install pnpm
-        run: npm install -g pnpm
+          bun-version: latest
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -37,11 +29,11 @@ jobs:
 
       - name: Install dependencies
         run: |
+          cd apps/infra
           bun install
-          cd apps/infra && pnpm install
 
       - name: Pulumi Preview
-        uses: pulumi/actions@v5
+        uses: pulumi/actions@v6
         with:
           command: preview
           stack-name: compai/placeholder-dev
diff --git a/apps/web/src/app/api/todos/[id]/route.ts b/apps/web/src/app/api/todos/[id]/route.ts
@@ -5,10 +5,11 @@ import { NextResponse } from "next/server";
 // PATCH /api/todos/[id] - Update a todo
 export async function PATCH(
   request: Request,
-  { params }: { params: { id: string } }
+  { params }: { params: Promise<{ id: string }> }
 ) {
   try {
-    const id = parseInt(params.id);
+    const { id: idParam } = await params;
+    const id = parseInt(idParam);
     if (isNaN(id)) {
       return NextResponse.json({ error: "Invalid todo ID" }, { status: 400 });
     }
@@ -53,10 +54,11 @@ export async function PATCH(
 // DELETE /api/todos/[id] - Delete a todo
 export async function DELETE(
   request: Request,
-  { params }: { params: { id: string } }
+  { params }: { params: Promise<{ id: string }> }
 ) {
   try {
-    const id = parseInt(params.id);
+    const { id: idParam } = await params;
+    const id = parseInt(idParam);
     if (isNaN(id)) {
       return NextResponse.json({ error: "Invalid todo ID" }, { status: 400 });
     }
