name: Database Migrations

on:
  push:
    branches: [main, staging]
    paths:
      - 'packages/database/drizzle/**'
      - 'packages/database/drizzle.config.ts'
      - '.github/workflows/database-migrations.yml'

# Only one migration per environment at a time
concurrency:
  group: db-migrate-${{ github.ref }}
  cancel-in-progress: false  # Never cancel migrations

jobs:
  migrate:
    runs-on: blacksmith-2vcpu-ubuntu-2404
    environment: ${{ github.ref_name }}
    steps:
      - uses: actions/checkout@v4
      
      - name: Install pnpm
        uses: pnpm/action-setup@v2
        with:
          version: 9.15.0
          
      - name: Setup Node.js
        uses: useblacksmith/setup-node@v5
        with:
          node-version: 22
          cache: 'pnpm'
      
      - name: Fix pnpm store permissions
        run: |
          STORE_PATH=$(pnpm store path --silent)
          if [ -d "$STORE_PATH" ]; then
            sudo chown -R $(whoami):$(whoami) "$STORE_PATH" || true
            chmod -R u+rw "$STORE_PATH" || true
          fi
      
      - name: Mount Turbo cache sticky disk
        uses: useblacksmith/stickydisk@v1
        with:
          key: ${{ github.repository }}-turbo-cache
          path: ./.turbo
          
      - name: Install dependencies
        run: pnpm install --frozen-lockfile --prefer-offline
      
      - name: Run migrations
        run: pnpm run db:migrate
        env:
          DATABASE_URL: ${{ secrets.DB_URL }}
          NODE_TLS_REJECT_UNAUTHORIZED: '0'