create-svc 0.1.57 → 0.1.58

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-svc",
-  "version": "0.1.57",
+  "version": "0.1.58",
   "description": "Local microservice bootstrap CLI for Cloud Run and Workers services with Neon-backed data.",
   "module": "index.ts",
   "type": "module",

package/src/scaffold.test.ts

@@ -139,12 +139,18 @@ test("scaffolds all runtime/framework variants with shared cloudrun config", asy
     expect(await Bun.file(join(generatedRoot, "grafana", "alerts.yaml")).exists()).toBeTrue();
 
     const previewWorkflow = await Bun.file(join(generatedRoot, ".github", "workflows", "preview.yml")).text();
-    expect(previewWorkflow).toContain("push:");
-    expect(previewWorkflow).toContain("branches-ignore:");
-    expect(previewWorkflow).toContain("- main");
-    expect(previewWorkflow).toContain("github.ref_name");
+    expect(previewWorkflow).toContain("issue_comment:");
+    expect(previewWorkflow).toContain("/deploy preview");
+    expect(previewWorkflow).not.toContain("branches-ignore:");
     expect(previewWorkflow).toContain("service deploy --ci --environment preview --name");
+    expect(previewWorkflow).toContain("steps.pr.outputs.number");
     expect(previewWorkflow).toContain("NEON_API_KEY");
+    expect(previewWorkflow).toContain("CLOUDFLARE_API_TOKEN");
+
+    const previewCleanupWorkflow = await Bun.file(join(generatedRoot, ".github", "workflows", "preview-cleanup.yml")).text();
+    expect(previewCleanupWorkflow).toContain("pull_request:");
+    expect(previewCleanupWorkflow).toContain("types: [closed]");
+    expect(previewCleanupWorkflow).toContain("github.event.pull_request.number");
 
     const deployWorkflow = await Bun.file(join(generatedRoot, ".github", "workflows", "deploy.yml")).text();
     expect(deployWorkflow).toContain("branches:");
@@ -156,6 +162,11 @@ test("scaffolds all runtime/framework variants with shared cloudrun config", asy
     expect(deployWorkflow).toContain("bun run dashboards");
     expect(deployWorkflow).toContain("GCX_ENABLED");
 
+    const personalWorkflow = await Bun.file(join(generatedRoot, ".github", "workflows", "personal.yml")).text();
+    expect(personalWorkflow).toContain("workflow_dispatch:");
+    expect(personalWorkflow).toContain("service deploy --ci --environment personal --name");
+    expect(personalWorkflow).toContain("service deploy --ci --destroy --environment personal --name");
+
     if (variant.runtime === "go") {
       const goMod = await Bun.file(join(generatedRoot, "go.mod")).text();
       const goSumExists = await Bun.file(join(generatedRoot, "go.sum")).exists();
@@ -309,10 +320,11 @@ test("scaffolds a backend package cleanly into a nested monorepo-style directory
   expect(readme).toContain("GitHub Actions deployment");
   expect(readme).toContain(".github/workflows/preview.yml");
   expect(readme).toContain(".github/workflows/deploy.yml");
-  expect(readme).toContain("pushes to non-main branches");
+  expect(readme).toContain("/deploy preview");
   expect(readme).toContain("GCP_WIF_PROVIDER");
   expect(readme).toContain("GCP_DEPLOYER_SERVICE_ACCOUNT");
   expect(readme).toContain("NEON_API_KEY");
+  expect(readme).toContain("CLOUDFLARE_API_TOKEN");
 
   const packageJson = await Bun.file(join(generatedRoot, "package.json")).text();
   expect(packageJson).toContain('"hono"');
@@ -392,6 +404,16 @@ test("scaffolds the workers target with wrangler lifecycle commands", async () =
   expect(await Bun.file(join(generatedRoot, "src", "db", "repository.ts")).exists()).toBeFalse();
   expect(await Bun.file(join(generatedRoot, "src", "temporal", "worker.ts")).exists()).toBeFalse();
   expect(await Bun.file(join(generatedRoot, "scripts", "codegen.ts")).exists()).toBeFalse();
+
+  const previewWorkflow = await Bun.file(join(generatedRoot, ".github", "workflows", "preview.yml")).text();
+  expect(previewWorkflow).toContain("issue_comment:");
+  expect(previewWorkflow).toContain("/deploy preview");
+  expect(previewWorkflow).toContain("service deploy --name dns-api-pr-");
+  expect(previewWorkflow).not.toContain("google-github-actions/auth");
+
+  const previewCleanupWorkflow = await Bun.file(join(generatedRoot, ".github", "workflows", "preview-cleanup.yml")).text();
+  expect(previewCleanupWorkflow).toContain("pull_request:");
+  expect(previewCleanupWorkflow).toContain("wrangler delete --name dns-api-pr-");
 });
 
 test("microservice profile does not generate a website package", async () => {

package/src/scaffold.ts

@@ -13,7 +13,10 @@ import { exampleForProfile, type Profile } from "./profiles";
 import type { GitBootstrapConfig } from "./git-bootstrap";
 
 const GENERATED_GITHUB_ACTION_WORKFLOWS = new Set([
+  ".github/workflows/ci.yml",
   ".github/workflows/preview.yml",
+  ".github/workflows/preview-cleanup.yml",
+  ".github/workflows/personal.yml",
   ".github/workflows/deploy.yml",
 ]);
 
@@ -243,9 +246,9 @@ function buildReplacements(config: ScaffoldConfig) {
       config.runtime === "bun" ? "bun run observability-bootstrap" : "make observability-bootstrap",
     WORKFLOW_DEPLOY_MAIN_COMMAND: "service deploy --ci",
     WORKFLOW_DEPLOY_PREVIEW_COMMAND:
-      "service deploy --ci --environment preview --name ${{ github.ref_name }}",
+      "service deploy --ci --environment preview --name ${{ steps.pr.outputs.number }}",
     WORKFLOW_DEPLOY_MAIN_DOC_COMMAND: "service deploy --ci",
-    WORKFLOW_DEPLOY_PREVIEW_DOC_COMMAND: "service deploy --ci --environment preview --name <branch-name>",
+    WORKFLOW_DEPLOY_PREVIEW_DOC_COMMAND: "service deploy --ci --environment preview --name <pull-request-number>",
     COMMAND_AUTH_RESOURCE: "service auth resource-server",
     COMMAND_AUTH_CLIENT: "service auth client create",
     COMMAND_AUTH_TOKEN: "service auth token",

package/templates/shared/.github/workflows/personal.yml

@@ -30,12 +30,15 @@ jobs:
           workload_identity_provider: ${{ vars.GCP_WIF_PROVIDER }}
           service_account: ${{ vars.GCP_DEPLOYER_SERVICE_ACCOUNT }}
       - uses: google-github-actions/setup-gcloud@v2
+      - run: gcloud components install beta --quiet
       - run: bun install
+      - run: bun install -g create-svc@latest
       - run: |
           if [ "${{ inputs.destroy }}" = "true" ]; then
-            bun run deploy -- --ci --destroy --environment personal --name "${{ inputs.slug }}"
+            service deploy --ci --destroy --environment personal --name "${{ inputs.slug }}"
           else
-            bun run deploy -- --ci --environment personal --name "${{ inputs.slug }}"
+            service deploy --ci --environment personal --name "${{ inputs.slug }}"
           fi
         env:
           NEON_API_KEY: ${{ secrets.NEON_API_KEY }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}

package/templates/shared/.github/workflows/preview-cleanup.yml

@@ -19,7 +19,10 @@ jobs:
           workload_identity_provider: ${{ vars.GCP_WIF_PROVIDER }}
           service_account: ${{ vars.GCP_DEPLOYER_SERVICE_ACCOUNT }}
       - uses: google-github-actions/setup-gcloud@v2
+      - run: gcloud components install beta --quiet
       - run: bun install
-      - run: bun run deploy -- --ci --destroy --environment preview --name ${{ github.event.pull_request.number }}
+      - run: bun install -g create-svc@latest
+      - run: service deploy --ci --destroy --environment preview --name ${{ github.event.pull_request.number }}
         env:
           NEON_API_KEY: ${{ secrets.NEON_API_KEY }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}

package/templates/shared/.github/workflows/preview.yml

@@ -1,19 +1,30 @@
 name: Preview
 
 on:
-  push:
-    branches-ignore:
-      - main
+  issue_comment:
+    types: [created]
 
 permissions:
   contents: read
+  issues: read
   id-token: write
+  pull-requests: read
 
 jobs:
   deploy:
+    if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/deploy preview') }}
     runs-on: ubuntu-latest
     steps:
+      - id: pr
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          pr_json="$(gh api "repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}")"
+          echo "number=$(jq -r '.number' <<< "$pr_json")" >> "$GITHUB_OUTPUT"
+          echo "head_sha=$(jq -r '.head.sha' <<< "$pr_json")" >> "$GITHUB_OUTPUT"
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.pr.outputs.head_sha }}
       - uses: oven-sh/setup-bun@v2
       - if: ${{ '{{RUNTIME}}' == 'go' }}
         uses: actions/setup-go@v5
@@ -24,8 +35,10 @@ jobs:
           workload_identity_provider: ${{ vars.GCP_WIF_PROVIDER }}
           service_account: ${{ vars.GCP_DEPLOYER_SERVICE_ACCOUNT }}
       - uses: google-github-actions/setup-gcloud@v2
+      - run: gcloud components install beta --quiet
       - run: bun install
       - run: bun install -g create-svc@latest
       - run: {{WORKFLOW_DEPLOY_PREVIEW_COMMAND}}
         env:
           NEON_API_KEY: ${{ secrets.NEON_API_KEY }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}

package/templates/shared/README.md

@@ -230,7 +230,8 @@ secrets only when you add a provider adapter. A generic adapter can honor:
 
 The scaffold emits a minimal deployment workflow slice for Cloud Run:
 
-- [.github/workflows/preview.yml](.github/workflows/preview.yml) deploys a preview environment on pushes to non-main branches. It runs `{{WORKFLOW_DEPLOY_PREVIEW_DOC_COMMAND}}`.
+- [.github/workflows/preview.yml](.github/workflows/preview.yml) deploys a preview environment only when a pull request comment contains `/deploy preview`. It runs `{{WORKFLOW_DEPLOY_PREVIEW_DOC_COMMAND}}`.
+- [.github/workflows/preview-cleanup.yml](.github/workflows/preview-cleanup.yml) destroys the preview service and Neon preview branch when the pull request is closed or merged.
 - [.github/workflows/deploy.yml](.github/workflows/deploy.yml) deploys the main production environment on pushes to `main`. It runs `{{WORKFLOW_DEPLOY_MAIN_DOC_COMMAND}}`.
 
 These workflows intentionally assume only GitHub OIDC, Google Cloud Workload Identity Federation, the generated `service` CLI, and Neon.
@@ -244,6 +245,7 @@ Before enabling the workflows, set these GitHub repository variables:
 Set this GitHub repository secret:
 
 - `NEON_API_KEY`: Neon admin API key used to create preview branches and resolve the main database
+- `CLOUDFLARE_API_TOKEN`: Cloudflare API token used to publish Cloud Run custom-domain DNS records
 
 The deployer service account needs enough access in the generated GCP project to run `service deploy`, including Cloud Run, Artifact Registry, Secret Manager, IAM service account usage, and storage operations for this service.
 Run `{{COMMAND_BOOTSTRAP}}` once before relying on the production workflow for a fresh project.

package/templates/targets/workers/.github/workflows/preview-cleanup.yml

@@ -0,0 +1,20 @@
+name: Preview Cleanup
+
+on:
+  pull_request:
+    types: [closed]
+
+permissions:
+  contents: read
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+      - run: bun install
+      - run: bun install -g create-svc@latest
+      - run: wrangler delete --name {{SERVICE_ID}}-pr-${{ github.event.pull_request.number }} --force
+        env:
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}

package/templates/targets/workers/.github/workflows/preview.yml

@@ -0,0 +1,32 @@
+name: Preview
+
+on:
+  issue_comment:
+    types: [created]
+
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read
+
+jobs:
+  deploy:
+    if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/deploy preview') }}
+    runs-on: ubuntu-latest
+    steps:
+      - id: pr
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          pr_json="$(gh api "repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}")"
+          echo "number=$(jq -r '.number' <<< "$pr_json")" >> "$GITHUB_OUTPUT"
+          echo "head_sha=$(jq -r '.head.sha' <<< "$pr_json")" >> "$GITHUB_OUTPUT"
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.pr.outputs.head_sha }}
+      - uses: oven-sh/setup-bun@v2
+      - run: bun install
+      - run: bun install -g create-svc@latest
+      - run: service deploy --name {{SERVICE_ID}}-pr-${{ steps.pr.outputs.number }}
+        env:
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}