jandes-79: Deploy demo app to cloudflare workers

Author: booshja

.changeset/eleven-items-lick.md

@@ -0,0 +1,5 @@
+---
+"happy-harmony": minor
+---
+
+JANDES-79: Deploy demo app to cloudflare workers

.dev.vars.example

@@ -0,0 +1,6 @@
+AUTH_SECRET=
+AWS_REGION=
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+SES_FROM_EMAIL=
+SENTRY_DSN=

.env.example

@@ -1,11 +1,4 @@
-# Your Sentry DSN (from your Sentry account)
-VITE_SENTRY_DSN=""
-
-# Your Sentry organization (from your Sentry account)
-VITE_SENTRY_ORG=""
-
-# Your Sentry project (from your Sentry account)
-VITE_SENTRY_PROJECT=""
-
-# Your Sentry authentication token (from your Sentry account)
-SENTRY_AUTH_TOKEN=""
+CI=
+VITE_SENTRY_ORG=
+VITE_SENTRY_PROJECT=
+SENTRY_AUTH_TOKEN=

.github/pull_request_template.md

@@ -2,6 +2,10 @@
 
 - What changed and why?
 
+### Ticket
+
+JANDES-###: <ticket name here>
+
 ## Risks
 
 - Where could this break or regress?

.github/workflows/playwright.yml

@@ -27,6 +27,13 @@ jobs:
           cache-dependency-path: pnpm-lock.yaml
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
+      - name: Cache Playwright browsers
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/ms-playwright
+          key: ${{ runner.os }}-playwright-${{ hashFiles('pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-playwright-
       - name: Install Playwright Browsers
         run: pnpm exec playwright install --with-deps
       - name: Run Playwright tests

.gitignore

@@ -4,7 +4,8 @@ dist
 dist-ssr
 *.local
 count.txt
-.env
+.env*
+!.env.example
 .nitro
 .tanstack
 .output
@@ -24,3 +25,7 @@ pnpm-workspace.yaml
 /blob-report/
 /playwright/.cache/
 /playwright/.auth/
+
+# Wrangler
+.dev.vars
+!.dev.vars.example

docs/env.md

@@ -1,13 +1,49 @@
-## Environment validation
+# Environment configuration
 
-- Server env is validated with Zod in `src/config/validation.ts` and parsed in `src/env.ts` during startup. Invalid or missing values throw immediately.
-- When `CI=true`, required keys: `VITE_SENTRY_ORG`, `VITE_SENTRY_PROJECT`, `SENTRY_AUTH_TOKEN`.
-- When `CI` is false/omitted, Sentry env is optional and the build runs without the Sentry wrapper.
-- `CI` is coerced to boolean, defaults to `false`.
-- `vite.config.ts` conditionally wraps with Sentry only when all Sentry env vars are present.
+This project separates build-time variables (used by Vite and CI) from runtime variables (provided by Cloudflare Workers).
 
-### Adding a new env var
+## Build-time env
 
-1. Add the key to `serverEnvSchema` in `src/config/validation.ts` (mark it required/optional as needed and document any CI-only requirements).
-2. Access it via `env.MY_KEY` from `src/env.ts`.
-3. Restart the dev server/build; invalid values will surface as startup errors.
+- Purpose: tooling only (e.g., Sentry sourcemap upload in CI).
+- Source: `.env.local` (optional) or CI env.
+- Keys: `CI`, `VITE_SENTRY_ORG`, `VITE_SENTRY_PROJECT`, `SENTRY_AUTH_TOKEN`.
+- Validation: `parseBuildEnv` in `src/config/validation.ts` (used by `vite.config.ts`).
+
+## Runtime env (Workers)
+
+- Purpose: secrets and bindings used by server code at runtime.
+- Source: Cloudflare bindings; local via `.dev.vars` when running `wrangler dev`.
+- Keys: `AUTH_SECRET`, `AWS_REGION`, `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `SES_FROM_EMAIL`, optional `SENTRY_DSN`.
+- Access: `getRuntimeEnv()` from `src/config/runtimeEnv.ts` (Workers runtime only; not for client imports).
+- Validation: Zod schema in `runtimeEnv.ts`; errors list missing keys but never values.
+
+## Local setup
+
+- Build-time: optionally copy `.env.example` to `.env.local` and fill Sentry fields if you need CI-style sourcemap uploads locally.
+- Runtime: copy `.dev.vars.example` to `.dev.vars` and fill values; `wrangler dev` will load them.
+- Run: `pnpm dev` (uses `wrangler dev` on port 3000). `pnpm dev:vite` is available as a Vite-only fallback.
+
+## Staging/production
+
+- Secrets (`AUTH_SECRET`, AWS keys) should be set with `wrangler secret put`.
+- Non-secrets (`AWS_REGION`, `SES_FROM_EMAIL`, optional `SENTRY_DSN`) can be set via `vars` in `wrangler.toml` or `wrangler deploy --var KEY=value`.
+- Build-time Sentry vars for CI are configured in the CI environment (match `.env.example` keys).
+- Runtime env must be read only through `getRuntimeEnv()` inside server code.
+
+## Validation
+
+- Build-time keys are validated by `buildEnvSchema` in `src/config/validation.ts` and parsed via `parseBuildEnv` in `vite.config.ts` / `src/env.ts`. When `CI=true`, Sentry keys are required; otherwise they stay optional.
+- Runtime keys are validated by `getRuntimeEnv()` in `src/config/runtimeEnv.ts`; error messages list missing keys without revealing values.
+
+## Sentry defaults
+
+- Server (Workers): DSN from runtime `SENTRY_DSN` via `getRuntimeEnv()`. Sample rates: traces 0.1 / profiles 0.1 in production, 1.0 in dev/staging. Environment comes from `WORKERS_ENVIRONMENT`/`NODE_ENV`.
+- Client: DSN from `VITE_SENTRY_DSN` (optional). Sample rates mirror server; replays are off by default (`replaysSessionSampleRate=0`, `replaysOnErrorSampleRate=1.0`). Environment uses `import.meta.env.MODE`.
+
+## Testing
+
+- Playwright uses `pnpm dev` (wrangler) so e2e hits the Workers runtime on port 3000. `.dev.vars` must be present for runtime bindings.
+
+## Deployment
+
+- `workers_dev` is enabled for the first deploy to `*.workers.dev`. Route settings remain in `wrangler.jsonc` for attaching the custom domain afterward.

e2eTests/smoke.spec.ts e2e/smoke.spec.tse2eTests/smoke.spec.ts renamed to e2e/smoke.spec.ts

@@ -4,17 +4,18 @@
     "private": true,
     "type": "module",
     "scripts": {
-        "dev": "vite dev --port 3000",
+        "dev": "wrangler dev --port 3000",
+        "dev:vite": "vite dev --port 3000",
         "start": "node .output/server/index.mjs",
         "build": "vite build",
         "serve": "vite preview",
-        "test": "vitest run",
+        "test": "VITEST=true vitest run",
         "test:e2e": "pnpm exec playwright test",
         "test:e2e:report": "pnpm exec playwright show-report",
         "test:watch": "vitest",
         "test:cov": "vitest run --coverage",
         "prepare": "husky",
-        "change": "pnpm exec changeset",
+        "change": "pnpm exec changeset && git add .changeset",
         "change:empty": "pnpm exec changeset add --empty",
         "lint": "pnpm exec eslint --cache --cache-location .eslintcache .",
         "lint:fix": "pnpm exec eslint --cache --cache-location .eslintcache --fix .",
@@ -28,9 +29,14 @@
         "changeset:publish": "pnpm exec changeset publish",
         "check": "pnpm run typecheck && pnpm run lint && pnpm run test",
         "clean": "rm -rf .turbo node_modules .wrangler .output dist",
-        "deploy": "wrangler deploy"
+        "deploy": "pnpm run build && wrangler deploy",
+        "deploy:staging": "pnpm run build && wrangler deploy --env staging",
+        "deploy:production": "pnpm run build && wrangler deploy --env production",
+        "preview": "pnpm run build && vite preview",
+        "cf-typegen": "wrangler types"
     },
     "dependencies": {
+        "@cloudflare/vite-plugin": "^1.20.1",
         "@emotion/react": "^11.14.0",
         "@emotion/styled": "^11.14.1",
         "@sentry/cloudflare": "^10.32.1",
@@ -89,7 +95,7 @@
         "vite": "^7.3.1",
         "vitest": "^3.0.5",
         "web-vitals": "^5.1.0",
-        "wrangler": "^4.58.0"
+        "wrangler": "^4.59.2"
     },
     "engines": {
         "node": ">=18.18"

package.json

@@ -1,7 +1,7 @@
 import { defineConfig, devices } from "@playwright/test";
 
-const PORT = 4173;
-const BASE_URL = `http://127.0.0.1:${PORT}`;
+const PORT = 3000;
+const BASE_URL = `http://localhost:${PORT}`;
 
 /**
  * Read environment variables from file.
@@ -15,7 +15,7 @@ const BASE_URL = `http://127.0.0.1:${PORT}`;
  * See https://playwright.dev/docs/test-configuration.
  */
 export default defineConfig({
-    testDir: "./e2eTests",
+    testDir: "./e2e",
     /* Run tests in files in parallel */
     fullyParallel: true,
     /* Fail the build on CI if you accidentally left test.only in the source code. */
@@ -44,13 +44,13 @@ export default defineConfig({
     },
 
     webServer: {
-        command: `pnpm exec vite dev --host --port ${PORT}`,
+        command: "pnpm dev:vite",
         url: BASE_URL,
         reuseExistingServer: !process.env.CI,
         stdout: "pipe",
         env: {
             ...process.env,
-            SKIP_ENV_LOAD: "true",
+            PLAYWRIGHT_TEST: "true",
         },
     },