create-svc 0.1.62 → 0.1.64

package/src/service-runtime/cloudrun/lib.ts

@@ -3,6 +3,7 @@ import { join } from "node:path";
 import { config } from "./config";
 import { serviceRoot } from "../runtime";
 import { localDockerBuildArgs, parseDeployArgs, type DeployArgs } from "./deploy-args";
+import { resolveTemporalRuntimeConfigValues } from "./temporal-config";
 
 type CommandOptions = {
   allowFailure?: boolean;
@@ -36,6 +37,8 @@ type CommandResult = {
   exitCode: number;
 };
 
+type CloudRunProcess = "api" | "worker";
+
 const decoder = new TextDecoder();
 const encoder = new TextEncoder();
 const CLOUDFLARE_DNS_TTL_AUTO = 1;
@@ -506,12 +509,16 @@ export function resolveDeploymentTarget(environment: DeployArgs["environment"],
   };
 }
 
-export async function renderManifest(image: string, target: DeploymentTarget) {
+export async function renderManifest(image: string, target: DeploymentTarget, process: CloudRunProcess = "api") {
   const template = await Bun.file(join(serviceRoot, "service.yaml")).text();
   const temporal = resolveTemporalRuntimeConfig();
+  const serviceName = process === "worker" ? `${target.serviceName}-worker` : target.serviceName;
   const values = {
-    SERVICE_NAME: target.serviceName,
+    SERVICE_NAME: serviceName,
     SERVICE_ID: config.serviceName,
+    SERVICE_ROLE: process,
+    SERVICE_INGRESS: process === "worker" ? "internal" : "all",
+    CONTAINER_COMMAND: renderContainerCommand(process),
     RUNTIME_SERVICE_ACCOUNT: config.runtimeServiceAccount,
     IMAGE_URL: image,
     DATABASE_URL_SECRET: target.databaseSecretName,
@@ -545,24 +552,40 @@ export async function renderManifest(image: string, target: DeploymentTarget) {
 }
 
 export function resolveTemporalRuntimeConfig() {
-  const enabledOverride = process.env.TEMPORAL_ENABLED?.trim();
-  const address = process.env.TEMPORAL_ADDRESS?.trim() || config.temporal.address;
-  const namespace = process.env.TEMPORAL_NAMESPACE?.trim() || config.temporal.namespace;
-  const taskQueue = process.env.TEMPORAL_TASK_QUEUE?.trim() || config.temporal.taskQueue;
-  const apiKeySecretName = process.env.TEMPORAL_API_KEY_SECRET?.trim() || (process.env.TEMPORAL_API_KEY?.trim() ? config.temporal.apiKeySecretName : "");
-  const enabled = enabledOverride
-    ? ["1", "true", "yes", "on"].includes(enabledOverride.toLowerCase())
-    : Boolean(process.env.TEMPORAL_ADDRESS?.trim() || process.env.TEMPORAL_API_KEY?.trim() || process.env.TEMPORAL_API_KEY_SECRET?.trim());
+  return resolveTemporalRuntimeConfigValues(config.temporal, process.env, readTemporalProviderFields);
+}
 
+function readTemporalProviderFields(mount: string, path: string) {
   return {
-    enabled,
-    address,
-    namespace,
-    taskQueue,
-    apiKeySecretName,
+    address: readVaultField(mount, path, ["TEMPORAL_ADDRESS", "address"]),
+    namespace: readVaultField(mount, path, ["TEMPORAL_NAMESPACE", "namespace"]),
+    apiKey: readVaultField(mount, path, ["TEMPORAL_API_KEY", "api_key"]),
   };
 }
 
+function readVaultField(mount: string, path: string, fields: string[]) {
+  const vault = Bun.which("vault");
+  if (!vault || !path) {
+    return "";
+  }
+
+  for (const field of fields) {
+    const result = Bun.spawnSync([vault, "kv", "get", `-mount=${mount}`, `-field=${field}`, path], {
+      cwd: process.cwd(),
+      env: process.env,
+      stdout: "pipe",
+      stderr: "pipe",
+    });
+    if (result.success && result.stdout) {
+      const value = decoder.decode(result.stdout).trim();
+      if (value) {
+        return value;
+      }
+    }
+  }
+  return "";
+}
+
 export async function writeRenderedManifest(image: string, target: DeploymentTarget) {
   const rendered = await renderManifest(image, target);
   const path = new URL("../../.cloudrun.rendered.yaml", import.meta.url);
@@ -570,6 +593,23 @@ export async function writeRenderedManifest(image: string, target: DeploymentTar
   return path;
 }
 
+export async function writeRenderedWorkerManifest(image: string, target: DeploymentTarget) {
+  const rendered = await renderManifest(image, target, "worker");
+  const path = new URL("../../.cloudrun.worker.rendered.yaml", import.meta.url);
+  await Bun.write(path, rendered);
+  return path;
+}
+
+function renderContainerCommand(process: CloudRunProcess) {
+  if (process === "api") {
+    return "";
+  }
+  if (config.runtime === "bun") {
+    return ["          command:", "            - bun", "          args:", "            - run", "            - ./src/worker.ts"].join("\n");
+  }
+  return ["          command:", "            - /app/worker"].join("\n");
+}
+
 export function serviceUrl(serviceName: string) {
   return gcloud(
     ["run", "services", "describe", serviceName, "--project", config.project.id, "--region", config.region, "--format=value(status.url)"]

package/src/service-runtime/cloudrun/temporal-config.test.ts

@@ -0,0 +1,66 @@
+import { expect, test } from "bun:test";
+import { resolveTemporalRuntimeConfigValues } from "./temporal-config";
+
+const baseConfig = {
+  enabled: true,
+  address: "localhost:7233",
+  namespace: "default",
+  taskQueue: "orders",
+  apiKeySecretName: "orders-temporal-api-key",
+  vaultMount: "secret",
+  vaultPath: "prod/providers/temporal",
+};
+
+test("resolveTemporalRuntimeConfigValues reads production Temporal config from Vault fields", () => {
+  const resolved = resolveTemporalRuntimeConfigValues(baseConfig, {}, () => ({
+    address: "temporal.example.tmprl.cloud:7233",
+    namespace: "anmho.prod",
+    apiKey: "secret-key",
+  }));
+
+  expect(resolved).toEqual({
+    enabled: true,
+    address: "temporal.example.tmprl.cloud:7233",
+    namespace: "anmho.prod",
+    taskQueue: "orders",
+    apiKeySecretName: "orders-temporal-api-key",
+    apiKey: "secret-key",
+  });
+});
+
+test("resolveTemporalRuntimeConfigValues prefers explicit environment overrides", () => {
+  const resolved = resolveTemporalRuntimeConfigValues(
+    baseConfig,
+    {
+      TEMPORAL_ADDRESS: "env.temporal:7233",
+      TEMPORAL_NAMESPACE: "env.namespace",
+      TEMPORAL_TASK_QUEUE: "env-task-queue",
+      TEMPORAL_API_KEY: "env-key",
+      TEMPORAL_API_KEY_SECRET: "env-secret-name",
+    },
+    () => ({
+      address: "vault.temporal:7233",
+      namespace: "vault.namespace",
+      apiKey: "vault-key",
+    })
+  );
+
+  expect(resolved.address).toBe("env.temporal:7233");
+  expect(resolved.namespace).toBe("env.namespace");
+  expect(resolved.taskQueue).toBe("env-task-queue");
+  expect(resolved.apiKey).toBe("env-key");
+  expect(resolved.apiKeySecretName).toBe("env-secret-name");
+});
+
+test("resolveTemporalRuntimeConfigValues fails clearly when enabled Temporal resolves to localhost", () => {
+  expect(() => resolveTemporalRuntimeConfigValues(baseConfig, {}, () => ({}))).toThrow(
+    "Temporal is enabled for this Cloud Run service, but the resolved Temporal address is local"
+  );
+});
+
+test("resolveTemporalRuntimeConfigValues allows explicit Temporal disable", () => {
+  const resolved = resolveTemporalRuntimeConfigValues(baseConfig, { TEMPORAL_ENABLED: "false" }, () => ({}));
+
+  expect(resolved.enabled).toBeFalse();
+  expect(resolved.apiKeySecretName).toBe("");
+});

package/src/service-runtime/cloudrun/temporal-config.ts

@@ -0,0 +1,84 @@
+type TemporalConfigInput = {
+  enabled: boolean;
+  address: string;
+  namespace: string;
+  taskQueue: string;
+  apiKeySecretName: string;
+  vaultMount: string;
+  vaultPath: string;
+};
+
+type TemporalProviderFields = {
+  address?: string;
+  namespace?: string;
+  apiKey?: string;
+};
+
+export type TemporalRuntimeConfig = {
+  enabled: boolean;
+  address: string;
+  namespace: string;
+  taskQueue: string;
+  apiKeySecretName: string;
+  apiKey: string;
+};
+
+export function resolveTemporalRuntimeConfigValues(
+  config: TemporalConfigInput,
+  env: Record<string, string | undefined>,
+  readProviderFields: (mount: string, path: string) => TemporalProviderFields
+): TemporalRuntimeConfig {
+  const enabledOverride = env.TEMPORAL_ENABLED?.trim();
+  const enabled = enabledOverride ? isTruthy(enabledOverride) : config.enabled;
+  const taskQueue = env.TEMPORAL_TASK_QUEUE?.trim() || config.taskQueue;
+
+  if (!enabled) {
+    return {
+      enabled: false,
+      address: env.TEMPORAL_ADDRESS?.trim() || config.address,
+      namespace: env.TEMPORAL_NAMESPACE?.trim() || config.namespace,
+      taskQueue,
+      apiKeySecretName: "",
+      apiKey: "",
+    };
+  }
+
+  const provider = readProviderFields(config.vaultMount, config.vaultPath);
+  const address = env.TEMPORAL_ADDRESS?.trim() || provider.address || config.address;
+  const namespace = env.TEMPORAL_NAMESPACE?.trim() || provider.namespace || config.namespace;
+  const apiKey = env.TEMPORAL_API_KEY?.trim() || provider.apiKey || "";
+  const apiKeySecretName = env.TEMPORAL_API_KEY_SECRET?.trim() || (apiKey ? config.apiKeySecretName : "");
+
+  if (isLocalTemporalAddress(address)) {
+    throw new Error(
+      [
+        "Temporal is enabled for this Cloud Run service, but the resolved Temporal address is local.",
+        `Set TEMPORAL_ADDRESS, TEMPORAL_NAMESPACE, and TEMPORAL_API_KEY, or populate Vault at ${config.vaultMount}/${config.vaultPath}`,
+        "with TEMPORAL_ADDRESS, TEMPORAL_NAMESPACE, and TEMPORAL_API_KEY before running service create or service deploy.",
+        "Set TEMPORAL_ENABLED=false only for services that should deploy without Temporal.",
+      ].join(" ")
+    );
+  }
+
+  if (!namespace) {
+    throw new Error(`Temporal is enabled but TEMPORAL_NAMESPACE is missing; set it in env or Vault at ${config.vaultMount}/${config.vaultPath}`);
+  }
+
+  return {
+    enabled,
+    address,
+    namespace,
+    taskQueue,
+    apiKeySecretName,
+    apiKey,
+  };
+}
+
+function isTruthy(value: string) {
+  return ["1", "true", "yes", "on"].includes(value.trim().toLowerCase());
+}
+
+function isLocalTemporalAddress(address: string) {
+  const value = address.trim().toLowerCase();
+  return value === "" || value.startsWith("localhost:") || value.startsWith("127.0.0.1:") || value.startsWith("[::1]:");
+}

package/src/service-runtime/workers/cli.ts

@@ -15,6 +15,12 @@ const config = {
   hostname: serviceConfig.dns.hostname,
   neonDatabaseName: serviceConfig.neon.database_name,
   neonRoleName: serviceConfig.neon.role_name,
+  triggerDev: {
+    projectRefEnv: serviceConfig.workers?.trigger_dev?.project_ref_env || "TRIGGER_PROJECT_REF",
+    accessTokenEnv: serviceConfig.workers?.trigger_dev?.access_token_env || "TRIGGER_ACCESS_TOKEN",
+    secretKeyEnv: serviceConfig.workers?.trigger_dev?.secret_key_env || "TRIGGER_SECRET_KEY",
+    waitlistTaskId: serviceConfig.workers?.trigger_dev?.waitlist_task_id || `${serviceConfig.service_id}-waitlist-follow-up`,
+  },
   git: {
     enabled: Boolean(serviceConfig.git?.enabled),
     owner: serviceConfig.git?.owner || "anmho",
@@ -35,18 +41,28 @@ export async function main(argv = Bun.argv.slice(2)) {
 
   if (command === "create") {
     return runMain("Create", async () => {
+      ensureTriggerDevConfig();
       ensureAuthResourceServer();
       ensureAuthClient();
       const databaseUrl = await resolveDatabaseUrl({ preferRemote: true });
       await applySchemaWithRetries(databaseUrl);
       await ensureHyperdrive(databaseUrl);
+      deployTriggerDevTasks();
+      publishTriggerDevSecret();
       run("wrangler", ["deploy"]);
       return `Created https://${config.hostname}`;
     });
   }
 
   if (command === "deploy") {
+    if (hasHelpFlag(rest)) {
+      console.log(formatHelp());
+      return;
+    }
     return runMain("Deploy", () => {
+      ensureTriggerDevConfig();
+      deployTriggerDevTasks();
+      publishTriggerDevSecret();
       run("wrangler", ["deploy", ...rest]);
       return `Deployed https://${config.hostname}`;
     });
@@ -148,6 +164,10 @@ export async function main(argv = Bun.argv.slice(2)) {
   throw new Error(`Unknown command: ${command}\n\n${formatHelp()}`);
 }
 
+function hasHelpFlag(args: string[]) {
+  return args.includes("--help") || args.includes("-h") || args.includes("help");
+}
+
 function formatHelp() {
   return [
     "Usage:",
@@ -507,6 +527,11 @@ async function runDoctor() {
     return "dashboard directory found";
   });
   await record(results, "authctl", "warn", () => runAuthDoctor().detail);
+  await record(results, "Trigger.dev config", "fail", () => {
+    ensureTriggerDevConfig();
+    return `${config.triggerDev.waitlistTaskId} configured`;
+  });
+  await record(results, "Trigger.dev CLI", "warn", () => checkCommand("trigger"));
   await record(results, "deployed health", "warn", async () => {
     const response = await fetch(`https://${config.hostname}/healthz`, { signal: AbortSignal.timeout(5_000) });
     if (!response.ok) {
@@ -523,6 +548,69 @@ async function runDoctor() {
   return output;
 }
 
+function ensureTriggerDevConfig() {
+  const missing = [];
+  if (!process.env[config.triggerDev.projectRefEnv]?.trim()) {
+    missing.push(config.triggerDev.projectRefEnv);
+  }
+  if (!process.env[config.triggerDev.accessTokenEnv]?.trim()) {
+    missing.push(config.triggerDev.accessTokenEnv);
+  }
+  if (!process.env[config.triggerDev.secretKeyEnv]?.trim()) {
+    missing.push(config.triggerDev.secretKeyEnv);
+  }
+  if (missing.length > 0) {
+    throw new Error(`${formatList(missing)} required for Workers Trigger.dev task deployment and dispatch`);
+  }
+}
+
+function formatList(values: string[]) {
+  if (values.length <= 1) {
+    return values[0] ?? "";
+  }
+  if (values.length === 2) {
+    return values.join(" and ");
+  }
+  return `${values.slice(0, -1).join(", ")}, and ${values.at(-1)}`;
+}
+
+function deployTriggerDevTasks() {
+  run("trigger", ["deploy", "--project-ref", process.env[config.triggerDev.projectRefEnv]?.trim() || ""]);
+}
+
+function publishTriggerDevSecret() {
+  const secret = process.env[config.triggerDev.secretKeyEnv]?.trim();
+  if (!secret) {
+    throw new Error(`${config.triggerDev.secretKeyEnv} required to publish the Workers Trigger.dev secret`);
+  }
+  const wrangler = resolveCommandPath("wrangler");
+  if (!wrangler) {
+    throw new Error("missing required command: wrangler");
+  }
+  runShell(`printf %s "$${config.triggerDev.secretKeyEnv}" | ${shellQuote(wrangler)} secret put TRIGGER_SECRET_KEY --name ${shellQuote(config.serviceName)}`);
+}
+
+function runShell(script: string) {
+  const shell = Bun.which("sh");
+  if (!shell) {
+    throw new Error("missing required command: sh");
+  }
+  const result = Bun.spawnSync([shell, "-c", script], {
+    cwd: process.cwd(),
+    env: process.env,
+    stdin: "inherit",
+    stdout: "inherit",
+    stderr: "inherit",
+  });
+  if (!result.success) {
+    throw new Error(`shell command failed with exit code ${result.exitCode}: ${script}`);
+  }
+}
+
+function shellQuote(value: string) {
+  return `'${value.replace(/'/g, `'\\''`)}'`;
+}
+
 async function record(
   results: Array<{ name: string; status: DoctorStatus; detail: string }>,
   name: string,

package/src/service.test.ts

@@ -2,7 +2,13 @@ import { expect, test } from "bun:test";
 import { mkdtemp, mkdir, writeFile } from "node:fs/promises";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
-import { findGeneratedServiceRoot, formatOutsideServiceCommandError, generatedDependenciesInstalled, normalizeScaffoldArgs } from "./service";
+import {
+  findGeneratedServiceRoot,
+  formatOutsideServiceCommandError,
+  generatedDependenciesInstalled,
+  generatedServiceCommandHelp,
+  normalizeScaffoldArgs,
+} from "./service";
 
 test("normalizeScaffoldArgs treats explicit scaffold commands as generator commands", () => {
   expect(normalizeScaffoldArgs(["create", "launch-api", "--yes"])).toEqual(["launch-api", "--yes"]);
@@ -23,7 +29,7 @@ test("formatOutsideServiceCommandError rejects repo-local commands outside gener
 test("formatOutsideServiceCommandError does not treat positional names as scaffold commands", () => {
   const message = formatOutsideServiceCommandError("launch-api");
   expect(message).toContain("Unknown command: launch-api");
-  expect(message).toContain("service create <service_id>");
+  expect(message).toContain("service new <service_id>");
 });
 
 test("findGeneratedServiceRoot detects generated service context from nested directories", async () => {
@@ -47,3 +53,10 @@ test("generatedDependenciesInstalled requires node_modules when package.json exi
   await mkdir(join(root, "node_modules"));
   expect(generatedDependenciesInstalled(root)).toBeTrue();
 });
+
+test("generatedServiceCommandHelp intercepts deploy help before side effects", () => {
+  expect(generatedServiceCommandHelp(["deploy", "--help"])).toContain("service deploy");
+  expect(generatedServiceCommandHelp(["deploy", "-h"])).toContain("--environment");
+  expect(generatedServiceCommandHelp(["deploy"])).toBeUndefined();
+  expect(generatedServiceCommandHelp(["destroy", "--help"])).toBeUndefined();
+});

package/src/service.ts

@@ -58,7 +58,7 @@ export function formatOutsideServiceCommandError(command: string) {
       "",
       "No service.jsonc was found in this directory or its parents.",
       "To create a new service, run:",
-      "  service create <service_id>",
+      "  service new <service_id>",
     ].join("\n");
   }
 
@@ -85,6 +85,12 @@ function isGeneratedServiceRoot(path: string) {
 }
 
 async function delegateToGeneratedService(serviceRoot: string, argv: string[]) {
+  const commandHelp = generatedServiceCommandHelp(argv);
+  if (commandHelp) {
+    console.log(commandHelp);
+    return;
+  }
+
   ensureGeneratedDependencies(serviceRoot);
   process.chdir(serviceRoot);
   process.env.CREATE_SVC_SERVICE_ROOT = serviceRoot;
@@ -123,3 +129,27 @@ function ensureGeneratedDependencies(serviceRoot: string) {
     process.exit(result.exitCode || 1);
   }
 }
+
+export function generatedServiceCommandHelp(argv: string[]) {
+  const [command, ...rest] = argv;
+  if (command !== "deploy" || !hasHelpFlag(rest)) {
+    return undefined;
+  }
+
+  return [
+    "Usage:",
+    "  service deploy [--ci] [--environment main|preview|personal] [--name <name>]",
+    "",
+    "Options:",
+    "  --ci                         Run without interactive prompts",
+    "  --environment <environment>  Deploy main, preview, or personal",
+    "  --name <name>                Name preview or personal environment",
+    "  --build <local|cloudbuild>   Select image build strategy",
+    "  --cloud-build                Use Cloud Build",
+    "  --destroy                    Destroy a non-main deployment environment",
+  ].join("\n");
+}
+
+function hasHelpFlag(args: string[]) {
+  return args.includes("--help") || args.includes("-h") || args.includes("help");
+}

package/templates/shared/.env.example

@@ -3,7 +3,7 @@
 
 DATABASE_URL=postgres://{{LOCAL_DATABASE_USER}}:{{LOCAL_DATABASE_PASSWORD}}@127.0.0.1:{{LOCAL_DATABASE_PORT}}/{{LOCAL_DATABASE_NAME}}?sslmode=disable
 
-TEMPORAL_ENABLED=false
+TEMPORAL_ENABLED=true
 TEMPORAL_ADDRESS=localhost:7233
 TEMPORAL_NAMESPACE=default
 TEMPORAL_TASK_QUEUE={{SERVICE_ID}}

package/templates/shared/README.md

@@ -55,10 +55,49 @@ Local runtime uses:
 
 - `DATABASE_URL` from `.env.local`, pointed at Docker Compose Postgres
 - `{{COMMAND_MIGRATE}}` and `{{COMMAND_DEV}}`, which open Docker Desktop if needed, wait for Docker readiness, and start Docker Compose Postgres
-- `TEMPORAL_ENABLED=false` by default; set Temporal env vars locally only when you want to run against a real Temporal server
+- `TEMPORAL_ENABLED=true` by default with `localhost:7233` and `default`; set `TEMPORAL_ENABLED=false` when you are not running a local Temporal server
 
 No cloud credentials are required for local HTTP development after Docker and Postgres are running.
 
+## Temporal
+
+Temporal is enabled by default for generated services.
+
+Local development uses these generated defaults:
+
+- `TEMPORAL_ENABLED=true`
+- `TEMPORAL_ADDRESS=localhost:7233`
+- `TEMPORAL_NAMESPACE=default`
+- `TEMPORAL_TASK_QUEUE={{TEMPORAL_TASK_QUEUE}}`
+
+The generated app deploys a Cloud Run API service and, when Temporal is enabled,
+a separate Cloud Run worker service named `{{SERVICE_ID}}-worker`.
+When `POST /v1/triggers/waitlist` or the ConnectRPC `RecordTrigger` method
+creates a trigger, the API service starts `waitlistFollowUpWorkflow` /
+`WaitlistFollowUpWorkflow` asynchronously on the service task queue. The API
+request only waits for the trigger record; workflow completion happens through
+Temporal and is polled by the worker service.
+Local `{{COMMAND_DEV}}` starts the API process and the worker process together.
+
+Production and preview deploys render `TEMPORAL_ENABLED=true` into the Cloud Run
+manifest unless you override it. For Temporal Cloud, replace the local defaults
+with real connection settings before the worker can run:
+
+- `TEMPORAL_ADDRESS`
+- `TEMPORAL_NAMESPACE`
+- any TLS certificate/key or API-key settings used by your worker code
+
+If a service does not need Temporal, opt out with:
+
+```bash
+TEMPORAL_ENABLED=false {{COMMAND_DEV}}
+TEMPORAL_ENABLED=false {{COMMAND_DEPLOY}}
+```
+
+When Cloud Run starts with Temporal enabled but without address or namespace
+values, the generated runtime fails during startup with an explicit
+configuration error instead of silently running a broken worker.
+
 ## Remote provisioning
 
 The generated service config lives in [service.jsonc](service.jsonc).
@@ -158,14 +197,7 @@ Optional remote-only Vault overrides for Neon admin key lookup:
 
 The generator only stores application-facing connection material in Secret Manager. Neon admin credentials stay local to create and deploy.
 
-## Temporal
-
-Cloud Run variants include an in-process Temporal worker in the service process.
-Production Temporal is enabled when you set `TEMPORAL_ENABLED=true`, or when
-`TEMPORAL_ADDRESS`, `TEMPORAL_API_KEY`, or `TEMPORAL_API_KEY_SECRET` is present
-during deploy rendering.
-
-For Temporal Cloud, provide:
+For production Temporal Cloud, provide:
 
 ```bash
 TEMPORAL_ENABLED=true

package/templates/shared/scripts/dev.ts

@@ -1,10 +1,10 @@
 import { readLocalEnv } from "./local-env";
 import { ensureLocalPostgres } from "./local-docker";
 
-const command = Bun.argv.slice(2);
+const { apiCommand, workerCommand } = parseCommands(Bun.argv.slice(2));
 
-if (command.length === 0) {
-  throw new Error("Usage: bun run ./scripts/dev.ts <command...>");
+if (apiCommand.length === 0) {
+  throw new Error("Usage: bun run ./scripts/dev.ts <api-command...> [--worker <worker-command...>]");
 }
 
 await ensureLocalPostgres();
@@ -17,11 +17,43 @@ if (env.DATABASE_URL && !env.CLOUDFLARE_HYPERDRIVE_LOCAL_CONNECTION_STRING_HYPER
   env.CLOUDFLARE_HYPERDRIVE_LOCAL_CONNECTION_STRING_HYPERDRIVE = env.DATABASE_URL;
 }
 
-const child = Bun.spawn(command, {
+const api = Bun.spawn(apiCommand, {
   stdin: "inherit",
   stdout: "inherit",
   stderr: "inherit",
   env,
 });
 
-process.exit(await child.exited);
+const worker = workerCommand
+  ? Bun.spawn(workerCommand, {
+      stdin: "ignore",
+      stdout: "inherit",
+      stderr: "inherit",
+      env: {
+        ...env,
+        PORT: env.TEMPORAL_WORKER_PORT || "0",
+      },
+    })
+  : undefined;
+
+for (const signal of ["SIGINT", "SIGTERM"] as const) {
+  process.on(signal, () => {
+    api.kill(signal);
+    worker?.kill(signal);
+  });
+}
+
+const exitCode = await Promise.race([api.exited, worker?.exited ?? new Promise<never>(() => {})]);
+api.kill();
+worker?.kill();
+process.exit(exitCode);
+
+function parseCommands(argv: string[]) {
+  const separator = argv.indexOf("--worker");
+  if (separator === -1) {
+    return { apiCommand: argv, workerCommand: undefined };
+  }
+  const apiCommand = argv.slice(0, separator);
+  const workerCommand = argv.slice(separator + 1);
+  return { apiCommand, workerCommand: workerCommand.length > 0 ? workerCommand : undefined };
+}

package/templates/shared/service.jsonc

@@ -53,7 +53,7 @@
   },
 
   "temporal": {
-    "enabled": false,
+    "enabled": true,
     "address": "localhost:7233",
     "namespace": "default",
     "task_queue": "{{SERVICE_ID}}",
@@ -117,6 +117,12 @@
   "workers": {
     "script_name": "{{SERVICE_ID}}",
     "hyperdrive_binding": "HYPERDRIVE",
-    "cron": "*/15 * * * *"
+    "trigger_dev": {
+      "project_ref_env": "TRIGGER_PROJECT_REF",
+      "access_token_env": "TRIGGER_ACCESS_TOKEN",
+      "secret_key_env": "TRIGGER_SECRET_KEY",
+      "api_url": "https://api.trigger.dev",
+      "waitlist_task_id": "{{SERVICE_ID}}-waitlist-follow-up"
+    }
   }
 }

package/templates/shared/service.yaml

@@ -5,18 +5,21 @@ metadata:
   labels:
     managed_by: create-service
     service_id: ${SERVICE_ID}
+    service_role: ${SERVICE_ROLE}
   annotations:
-    run.googleapis.com/ingress: all
+    run.googleapis.com/ingress: ${SERVICE_INGRESS}
 spec:
   template:
     metadata:
       labels:
         managed_by: create-service
         service_id: ${SERVICE_ID}
+        service_role: ${SERVICE_ROLE}
     spec:
       serviceAccountName: ${RUNTIME_SERVICE_ACCOUNT}
       containers:
         - image: ${IMAGE_URL}
+${CONTAINER_COMMAND}
           ports:
             - containerPort: 8080
           env:

package/templates/targets/workers/.github/workflows/deploy.yml

@@ -16,5 +16,8 @@ jobs:
       - run: bun run deploy
         env:
           CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          TRIGGER_PROJECT_REF: ${{ secrets.TRIGGER_PROJECT_REF }}
+          TRIGGER_ACCESS_TOKEN: ${{ secrets.TRIGGER_ACCESS_TOKEN }}
+          TRIGGER_SECRET_KEY: ${{ secrets.TRIGGER_SECRET_KEY }}
       - if: ${{ vars.GCX_ENABLED == 'true' }}
         run: bun run dashboards