feat(deploy): add PlanetScale bootstrap and Vitess config#75
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Adds PlanetScale/ Vitess bootstrap + credential-secrets scripts to support a Vitess PR workflow in the AWS multi-env staging deployment, and registers an optional Vitess database entry in staging config.
Changes:
- Add
bootstrap-planetscale.shto create a PlanetScale database with unsharded + sharded keyspaces, plus credentials. - Add
setup-planetscale-token.shto write the generated PlanetScale service token and vtgate DSN into AWS Secrets Manager. - Extend staging
config.yamlwith an optionalcommerceVitess database configuration.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| deploy/aws-multi-env/staging/config.yaml | Adds an optional Vitess/PlanetScale database config for staging. |
| deploy/aws-multi-env/scripts/setup-planetscale-token.sh | New script to store PlanetScale token + vtgate DSN as Secrets Manager secrets. |
| deploy/aws-multi-env/scripts/bootstrap-planetscale.sh | New script to create/manage a PlanetScale database and generate required credentials. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
aparajon
force-pushed
the
worktree-ps-bootstrap
branch
2 times, most recently
from
c5f9f49 to
aff1547
Compare
Add scripts to bootstrap a PlanetScale database for testing the Vitess engine with the PR workflow: - bootstrap-planetscale.sh: creates database with sharded + unsharded keyspaces, service token with required permissions, and vtgate password for progress polling - setup-planetscale-token.sh: stores credentials in AWS Secrets Manager Add commerce (Vitess) database to staging config. Credentials are resolved lazily so MySQL-only deployments are unaffected. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Handle --help before --org validation so help works without flags
- Use jq -re to fail on null/missing fields instead of silently
producing "null" strings
- Default terraform output to {} on failure so the prefix check
produces the intended error message
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace internal "tern client: unknown deployment: default" error with user-friendly message: database "X" (env): not found in server configuration. Log a warning in resolveDeployment when falling back to the default deployment. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Save PlanetScale credentials to .planetscale-credentials (gitignored) instead of printing to console - setup-planetscale-token.sh reads from the file automatically - Add step to enable safe migrations on main branch (required for deploy requests) - Fix --org flag position (must be trailing, not before subcommand) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Service token access associations are lost after database deletion, making cleanup impossible. Delete tokens with access to the database first by checking each token's access list via show-access. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Follow the terraform.tfvars pattern: check in config.yaml.example with placeholders, gitignore config.yaml with actual deployment values. The deploy script auto-copies example → config.yaml on first run. This prevents org-specific values (like PlanetScale organization names) from being committed to the OSS repo. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
aparajon
force-pushed
the
worktree-ps-bootstrap
branch
from
8422785 to
101e4fa
Compare
pscale service-token delete doesn't support --force (only database delete does). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The vtgate DSN contains parentheses in @tcp(...) which breaks when sourced as a shell script without quoting. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
setup-planetscale-token.sh runs from staging/ but the credentials file may be in the parent directory if bootstrap was run from deploy/aws-multi-env/. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Single command does everything: creates PlanetScale DB, credentials, and stores them in Secrets Manager. Uses --env to resolve the terraform state directory automatically — no need to cd first. Removes setup-planetscale-token.sh (functionality merged into bootstrap). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Delete now also removes Secrets Manager entries and the local credentials file. --env is required for both create and delete. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use naming convention (schemabot-<env>) for Secrets Manager prefix instead of reading terraform state. PlanetScale infra isn't managed by terraform so the script shouldn't depend on it. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Show AWS profile, region, and prefix. Don't swallow errors from AWS CLI — show output on failure and exit. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…o image tag Dockerfile copies config.yaml.example (always in repo) instead of config.yaml (gitignored). Deploy script tags images with <sha>-<config-hash> for determinism and allows config.yaml to differ from committed code without failing the dirty-tree check. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
aparajon
force-pushed
the
worktree-ps-bootstrap
branch
from
fd27064 to
7272897
Compare
aparajon
changed the title
morgo
approved these changes
May 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add scripts and config to bootstrap a PlanetScale database for testing the Vitess engine with the PR workflow.
bootstrap-planetscale.sh — single command creates everything:
Config changes:
commerce(Vitess) database to staging config exampleconfig.yaml— useconfig.yaml.examplepattern (like terraform.tfvars)<sha>-<config-hash>for determinismconfig.yamlfrom.examplebefore Docker buildError message improvement:
🤖 Generated with Claude Code