fix: promote staged Vercel deployments to active production#1981
fix: promote staged Vercel deployments to active production#1981amikofalvy wants to merge 1 commit intomainfrom
Conversation
agents-manage-ui has Deployment Protection with staged deployments enabled, so `vercel deploy --prod` only stages the deployment without activating it. Add an explicit `vercel promote` step after deployment checks pass to ensure all projects are promoted to active production. Co-authored-by: Cursor <cursoragent@cursor.com>
|
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Review Summary
(0) Total Issues | Risk: Low
This is a clean, focused fix that adds an explicit vercel promote step to handle Vercel's staged deployments feature. The implementation follows the existing workflow patterns and uses the same authentication approach as the existing steps.
🔴❗ Critical (0) ❗🔴
None.
🟠⚠️ Major (0) 🟠⚠️
None.
🟡 Minor (0) 🟡
None.
💭 Consider (0) 💭
None.
🧹 While You're Here (1) 🧹
🧹 1) vercel-production.yml Missing explicit permissions block
Issue: The workflow lacks an explicit permissions: block, inheriting default GITHUB_TOKEN permissions which may be broader than necessary.
Why: Other workflows in this repo (release.yml, claude-code-review.yml, stale.yml) follow the principle of least privilege by explicitly declaring required permissions. Since this workflow only needs to read the repo (for checkout) and doesn't write to GitHub (only to Vercel via VERCEL_TOKEN), adding explicit minimal permissions would align with security best practices.
Fix: Add at the workflow level (after env: block):
permissions:
contents: readRefs: release.yml permissions block
✅ APPROVE
Summary: Clean, minimal change that correctly addresses the staged deployment activation problem. The implementation follows existing patterns in the workflow (same auth tokens, same step structure). The "While You're Here" suggestion is optional and unrelated to the PR's core purpose.
Discarded (4)
| Location | Issue | Reason Discarded |
|---|---|---|
vercel-production.yml:36 |
Mutable tag (@v4) for actions/checkout |
Pre-existing code; repo-wide pattern (other workflows use same approach). |
vercel-production.yml:60-68 |
No timeout-minutes on steps |
Pre-existing pattern; MEDIUM confidence doesn't meet threshold. |
vercel-production.yml:65-68 |
No error handling if promote fails for non-staged | INFO severity; already manually tested per PR description. |
vercel-production.yml:44 |
Vercel CLI installed without version pin | Pre-existing code; INFO severity. |
Reviewers (1)
| Reviewer | Returned | Main Findings | Consider | While You're Here | Inline Comments | Pending Recs | Discarded |
|---|---|---|---|---|---|---|---|
pr-review-devops |
5 | 0 | 0 | 1 | 0 | 0 | 4 |
| Total | 5 | 0 | 0 | 1 | 0 | 0 | 4 |
1 participant
Summary
agents-manage-uihas Deployment Protection (staged deployments) enabled in Vercel, sovercel deploy --prodonly stages the deployment without activating it — it shows as "Production: Staged" in the dashboardvercel promotestep after deployment checks pass to ensure the deployment becomes the active production deploymentagents-api), the promote is a no-opTest plan
agents-apideploys as "Production" (active) — no change neededagents-manage-uimoves from "Production: Staged" to "Production" (active)Made with Cursor