Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR adds a Vercel Cron-driven deployment path for running the Snowbridge monitor on a schedule from the web/ workspace, including build-time Foundry installation and a serverless API entrypoint.
Changes:
- Added Vercel configuration to deploy
web/with a cron schedule invoking/api/monitorevery 15 minutes. - Added a Vercel serverless function (
web/api/monitor.ts) that runs the existing operations monitor logic. - Added build/install scripting to ensure Foundry + contract type generation can run in Vercel builds, plus updated ignores and build scripts.
Reviewed changes
Copilot reviewed 10 out of 12 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| web/vercel.json | Configures Vercel install/build commands, cron schedule, and function timeout. |
| web/api/monitor.ts | Adds the serverless endpoint that invokes the operations monitor. |
| web/api/README.md | Documents the cron endpoint, auth expectations, and build requirements. |
| web/scripts/install-foundry.sh | Installs Foundry from GitHub releases and installs/builds forge deps. |
| web/package.json | Adds Vercel-specific build scripts and dependencies needed for the serverless deployment. |
| web/packages/contract-types/scripts/build.sh | Adds a build wrapper to support environments with/without Foundry. |
| web/packages/contract-types/package.json | Switches build to the new script and keeps a full build option. |
| web/.vercelignore | Reduces uploaded deployment size for the web/ root directory. |
| .vercelignore | Adds repo-wide ignore rules to reduce deployment size when deploying from repo root. |
| web/.gitignore | Ignores .vercel and the local Foundry install directory under web/scripts. |
| .gitignore | Ignores .vercel at the repo root. |
| web/pnpm-lock.yaml | Captures dependency graph updates (notably Vercel runtime tooling deps). |
Files not reviewed (1)
- web/pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
| console.error("Monitor error:", error); | ||
| return res.status(500).json({ | ||
| error: "Monitor failed", | ||
| message: error instanceof Error ? error.message : String(error), |
There was a problem hiding this comment.
I think we should remove the error message here, it could expose RPC URLs, AWS details, or stack traces to unauthenticated callers.
|
|
||
| const authHeader = req.headers.authorization; | ||
| if ( | ||
| process.env.CRON_SECRET && |
There was a problem hiding this comment.
Auth bypass when CRON_SECRET is unset. If process.env.CRON_SECRET is falsy, the auth check is skipped entirely. This means anyone can hit /api/monitor and trigger a full monitor run (hitting all RPCs, sending CloudWatch metrics). Should fail closed - reject if CRON_SECRET is not configured, at least in production.
| }, | ||
| "scripts": { | ||
| "preinstall": "npx only-allow pnpm", | ||
| "build": "turbo run build --concurrency=1 --no-cache", |
There was a problem hiding this comment.
Why is --no-cache removed?
There was a problem hiding this comment.
Otherwise, the Vercel build process will fail. I can't find the detailed error messages right now, but there are also some warning messages in my local setup, which suggest that this option parameter may be deprecated.
(base) ➜ web git:(ron/monitor-by-vercel) pnpm build
> @snowbridge/web@ build /Users/yangrong/Projects/snowbridge/web
> turbo run build --concurrency=1 --no-cache
WARNING --no-cache is deprecated and will be removed in a future major version. Use --cache=local:r,remote:r
| "pino-pretty": "^13.1.1" | ||
| }, | ||
| "devDependencies": { | ||
| "@types/pino": "^7.0.5", |
There was a problem hiding this comment.
@types/pino v7 is outdated and may conflict. Pino 10.x ships its own types - this dep is probably unnecessary.
Co-authored-by: Clara van Staden <claravanstaden64@gmail.com>
…nowbridge into ron/monitor-by-vercel
Context
With this PR, we can run vercel --prod --archive=tgz to deploy the monitor to Vercel on demand.
It is currently deployed at https://vercel.com/snowfork/snowbridge-hyl7 and runs the monitor periodically every 15 minutes.