Update stuff

apps/next/src/instrumentation-client.ts

@@ -4,7 +4,6 @@ import * as Sentry from '@sentry/nextjs';
 
 Sentry.init({
   dsn: env.NEXT_PUBLIC_SENTRY_DSN,
-  tunnel: '/monitoring',
   integrations: [
     Sentry.replayIntegration({
       maskAllText: false,

apps/next/src/proxy.ts

@@ -30,7 +30,7 @@ export default convexAuthNextjsMiddleware(
 
 export const config = {
   matcher: [
-    '/((?!_next/static|_next/image|favicon.ico|monitoring|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)',
+    '/((?!_next/static|_next/image|favicon.ico|monitoring-tunnel|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)',
     '/((?!.*\\..*|_next).*)',
     '/',
     '/(api)(.*)',

package.json

@@ -65,6 +65,9 @@
     "dev:expo:tunnel": "turbo run dev:tunnel -F @spoon/expo -F @spoon/backend",
     "dev:expo:tunnel:staging": "INFISICAL_ENV=staging turbo run dev:tunnel -F @spoon/expo -F @spoon/backend",
     "codegen:convex": "bash scripts/convex-codegen",
+    "deploy:convex:staging": "bash scripts/deploy-convex staging",
+    "deploy:convex:production": "bash scripts/deploy-convex production",
+    "deploy:convex:prod": "bash scripts/deploy-convex prod",
     "sync:convex": "scripts/sync-convex-env ${INFISICAL_ENV:-dev}",
     "sync:convex:staging": "scripts/sync-convex-env staging",
     "sync:convex:production": "scripts/sync-convex-env production",

packages/backend/convex/auth.ts

@@ -14,37 +14,22 @@ import { api } from './_generated/api';
 import { action, mutation, query } from './_generated/server';
 import { Password, validatePassword } from './custom/auth';
 
-const authProviders = [
-  ...(process.env.AUTH_AUTHENTIK_ID &&
-  process.env.AUTH_AUTHENTIK_SECRET &&
-  process.env.AUTH_AUTHENTIK_ISSUER
-    ? [
-        Authentik({
-          allowDangerousEmailAccountLinking: true,
-          clientId: process.env.AUTH_AUTHENTIK_ID,
-          clientSecret: process.env.AUTH_AUTHENTIK_SECRET,
-          issuer: process.env.AUTH_AUTHENTIK_ISSUER,
-        }),
-      ]
-    : []),
-  ...((process.env.AUTH_GITHUB_ID ?? process.env.GITHUB_APP_CLIENT_ID) &&
-  (process.env.AUTH_GITHUB_SECRET ?? process.env.GITHUB_APP_CLIENT_SECRET)
-    ? [
-        GitHub({
-          allowDangerousEmailAccountLinking: true,
-          clientId:
-            process.env.AUTH_GITHUB_ID ?? process.env.GITHUB_APP_CLIENT_ID,
-          clientSecret:
-            process.env.AUTH_GITHUB_SECRET ??
-            process.env.GITHUB_APP_CLIENT_SECRET,
-        }),
-      ]
-    : []),
-  Password,
-];
-
 export const { auth, signIn, signOut, store, isAuthenticated } = convexAuth({
-  providers: authProviders,
+  providers: [
+    Authentik({
+      allowDangerousEmailAccountLinking: true,
+      clientId: process.env.AUTH_AUTHENTIK_ID,
+      clientSecret: process.env.AUTH_AUTHENTIK_SECRET,
+      issuer: process.env.AUTH_AUTHENTIK_ISSUER,
+    }),
+    GitHub({
+      allowDangerousEmailAccountLinking: true,
+      clientId: process.env.AUTH_GITHUB_ID ?? process.env.GITHUB_APP_CLIENT_ID,
+      clientSecret:
+        process.env.AUTH_GITHUB_SECRET ?? process.env.GITHUB_APP_CLIENT_SECRET,
+    }),
+    Password,
+  ],
 });
 
 const getUserById = async (

packages/backend/convex/diagnostics.ts

@@ -1,34 +0,0 @@
-import { query } from './_generated/server';
-
-const hasEnv = (name: string) => Boolean(process.env[name]?.trim());
-
-export const envStatus = query({
-  args: {},
-  handler: () => ({
-    auth: {
-      authentikId: hasEnv('AUTH_AUTHENTIK_ID'),
-      authentikSecret: hasEnv('AUTH_AUTHENTIK_SECRET'),
-      authentikIssuer: hasEnv('AUTH_AUTHENTIK_ISSUER'),
-      githubId: hasEnv('AUTH_GITHUB_ID') || hasEnv('GITHUB_APP_CLIENT_ID'),
-      githubSecret:
-        hasEnv('AUTH_GITHUB_SECRET') || hasEnv('GITHUB_APP_CLIENT_SECRET'),
-      jwtPrivateKey: hasEnv('JWT_PRIVATE_KEY'),
-      jwks: hasEnv('JWKS'),
-      siteUrl: hasEnv('SITE_URL'),
-    },
-    githubApp: {
-      appId: hasEnv('GITHUB_APP_ID'),
-      privateKey: hasEnv('GITHUB_APP_PRIVATE_KEY'),
-      installationId: hasEnv('GITHUB_APP_INSTALLATION_ID'),
-    },
-    email: {
-      useSendApiKey: hasEnv('USESEND_API_KEY'),
-      useSendUrl: hasEnv('USESEND_URL'),
-      useSendFromEmail: hasEnv('USESEND_FROM_EMAIL'),
-    },
-    spoon: {
-      encryptionKey: hasEnv('SPOON_ENCRYPTION_KEY'),
-      workerToken: hasEnv('SPOON_WORKER_TOKEN'),
-    },
-  }),
-});

packages/backend/package.json

@@ -18,6 +18,7 @@
     "dev:web": "bun sync-env && bun with-env convex dev",
     "setup": "bun sync-env && bun with-env convex dev --until-success",
     "codegen": "convex codegen --typecheck disable",
+    "deploy": "convex deploy --typecheck disable",
     "clean": "git clean -xdf .cache .turbo dist node_modules",
     "format": "prettier --check . --ignore-path ../../.gitignore",
     "lint": "eslint --flag unstable_native_nodejs_ts_config",

scripts/build-next-app

@@ -17,3 +17,8 @@ else
 fi
 args=(); [[ -z "$ENV_FILE" ]] || args+=(--env-file "$ENV_FILE")
 docker compose "${args[@]}" -f "$ROOT_DIR/docker/compose.yml" build spoon-next
+if [[ -n "$ENV_FILE" ]]; then
+  CI_ENV_FILE="$ENV_FILE" bash "$ROOT_DIR/scripts/deploy-convex" "$ENVIRONMENT"
+else
+  bash "$ROOT_DIR/scripts/deploy-convex" "$ENVIRONMENT"
+fi

scripts/deploy-convex

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")/.." && pwd)"
+ENVIRONMENT="${1:-staging}"
+[[ "$ENVIRONMENT" == dev || "$ENVIRONMENT" == staging || "$ENVIRONMENT" == production || "$ENVIRONMENT" == prod ]] || {
+  echo "usage: deploy-convex [dev|staging|production|prod] [convex deploy args...]" >&2
+  exit 2
+}
+shift || true
+FROM_CURRENT_ENV=0
+if [[ "${1:-}" == "--from-current-env" ]]; then
+  FROM_CURRENT_ENV=1
+  shift
+fi
+
+ENV_FILE="${CI_ENV_FILE:-}"
+cleanup() {
+  [[ -n "$ENV_FILE" && "$ENV_FILE" != "${CI_ENV_FILE:-}" ]] && rm -f "$ENV_FILE" || true
+}
+trap cleanup EXIT
+
+if [[ "$FROM_CURRENT_ENV" -eq 0 && -z "$ENV_FILE" && -z "${CI:-}" ]]; then
+  ENV_FILE="$(mktemp "${TMPDIR:-/tmp}/spoon-convex-deploy.XXXXXX.env")"
+  sh "$ROOT_DIR/scripts/export-env" "$ENVIRONMENT" > "$ENV_FILE"
+fi
+
+deploy_from_current_env() {
+  if [[ -z "${CONVEX_SELF_HOSTED_URL:-}" ]]; then
+    if [[ -n "${CONVEX_URL:-}" ]]; then
+      export CONVEX_SELF_HOSTED_URL="$CONVEX_URL"
+    elif [[ -n "${NEXT_PUBLIC_CONVEX_URL:-}" ]]; then
+      export CONVEX_SELF_HOSTED_URL="$NEXT_PUBLIC_CONVEX_URL"
+    fi
+  fi
+
+  bash "$ROOT_DIR/scripts/sync-convex-env" "$ENVIRONMENT" --from-current-env
+  bash "$ROOT_DIR/scripts/convex-codegen"
+  cd "$ROOT_DIR"
+  bun patch:usesend
+  cd "$ROOT_DIR/packages/backend"
+  bun convex deploy --typecheck disable "$@"
+}
+
+if [[ "$FROM_CURRENT_ENV" -eq 0 && -n "$ENV_FILE" ]]; then
+  exec bun dotenv -e "$ENV_FILE" -- bash "$0" "$ENVIRONMENT" --from-current-env "$@"
+fi
+
+deploy_from_current_env "$@"

scripts/with-env

@@ -33,7 +33,7 @@ sh "$ROOT_DIR/scripts/export-env" "$ENVIRONMENT" > "$TMP_ENV"
 
 export WITH_ENV_SOURCE=infisical WITH_ENV_ENVIRONMENT="$ENVIRONMENT" WITH_ENV_STATE_FILE="$STATE_FILE"
 set +e
-bunx dotenv -e "$TMP_ENV" -- "$@"
+bun dotenv -e "$TMP_ENV" -- "$@"
 status=$?
 set -e
 exit "$status"