chore: init preview deployments & integration tests

[charlietlamb]

---

Summary by cubic

Automates PR preview deployments to Railway and runs integration tests against the preview URL. Includes Stripe webhook setup/cleanup, test org provisioning, and test config updates to support SERVER_URL.

• New Features

  • Preview Deploy workflow: deploys PRs to Railway, runs database migrations, waits for /health, comments the preview URL, and triggers integration tests.
  • Integration Tests workflow: runs two groups (Balances, Attach) in parallel, uploads artifacts, and reports pass/fail to the PR.
  • Stripe Connect helpers: create and store a preview webhook secret for the test org; remove the webhook after tests.
  • Railway config: Dockerfile build, healthcheck, and PR environment start command.

• Refactors

  • Tests use SERVER_URL instead of localhost for axios clients.
  • CI uses plain bun; local runs still wrap with Infisical.
  • Script to create a sandbox test org and seed required features for CI.

^{Written for commit 0602951. Summary will update on new commits.}

Greptile Overview

Greptile Summary

This PR establishes automated preview deployments and integration testing for pull requests. When a PR is opened or updated, the system deploys a preview environment on Railway, waits for it to become healthy, then runs integration tests against it.

Improvements

• Automated preview deployments on Railway for PRs targeting main or dev branches
• Parallel integration test execution (test-group-1 and test-group-2) against preview environments
• Automated Stripe webhook setup and cleanup for test environments
• Configurable server URL for tests via SERVER_URL environment variable
• CI environment detection to avoid double-wrapping infisical commands

Key Components

• preview-deploy.yml orchestrates Railway deployment and health checks
• integration-tests.yml runs test groups in parallel and reports results to PR
• Webhook management scripts handle Stripe webhook lifecycle
• Test utilities now support remote preview environments

Confidence Score: 2/5

• This PR has a critical issue that will prevent preview deployments from working
• The Railway configuration references a missing start.sh script that will cause preview environment deployments to fail. The workflow and script logic are otherwise sound, but this blocking issue needs to be resolved before merge.
• Pay close attention to railway.json - it references a non-existent start script

Important Files Changed

Filename	Overview
.github/workflows/integration-tests.yml	Adds workflow to run integration tests against preview environments
.github/workflows/preview-deploy.yml	Adds workflow to deploy PR preview environments and trigger tests
railway.json	Configures Railway deployments, references missing start.sh script

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub
    participant Preview as preview-deploy.yml
    participant Railway as Railway
    participant IntTest as integration-tests.yml
    participant Stripe as Stripe API
    
    Dev->>GH: Push to PR
    GH->>Preview: Trigger workflow (on PR open/sync)
    Preview->>Railway: Deploy preview environment
    Railway->>Railway: Build Docker image
    Railway->>Railway: Run start.sh (pr env)
    Railway-->>Preview: Return service domain
    Preview->>Preview: Wait for /health endpoint (30 attempts)
    Preview->>GH: Comment with preview URL
    Preview->>IntTest: Trigger integration-tests.yml
    
    IntTest->>IntTest: Run test-group-1 (Balances)
    IntTest->>IntTest: Run test-group-2 (Attach) in parallel
    IntTest->>Stripe: Setup webhook via setupPreviewWebhook.ts
    Stripe-->>IntTest: Return webhook ID & secret
    IntTest->>IntTest: Store encrypted secret in DB
    IntTest->>IntTest: Run tests against SERVER_URL
    IntTest->>Stripe: Cleanup webhook via cleanupPreviewWebhook.ts
    IntTest->>GH: Post test results as comment

Loading

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
autumn-vite	Ready	Preview, Comment	Jan 28, 2026 8:06pm

[use-tusk]

⚠️ Additional setup required (0602951) View output ↗

Tip

New to Tusk? Learn more here.
Follow the setup instructions so Tusk can start generating tests.

---

View check history

Commit	Status	Output	Created (UTC)
f60206c	⚠️ Additional setup required	Output	Jan 28, 2026 5:44PM
bbf2175	⚠️ Additional setup required	Output	Jan 28, 2026 6:14PM
cad94e6	⚠️ Additional setup required	Output	Jan 28, 2026 6:21PM
5e12338	⚠️ Additional setup required	Output	Jan 28, 2026 6:23PM
14dde07	⚠️ Additional setup required	Output	Jan 28, 2026 6:26PM
340f078	⚠️ Additional setup required	Output	Jan 28, 2026 6:34PM
c8343da	⚠️ Additional setup required	Output	Jan 28, 2026 6:40PM
9fd7a6a	⚠️ Additional setup required	Output	Jan 28, 2026 6:44PM
190222c	⚠️ Additional setup required	Output	Jan 28, 2026 6:45PM
157feeb	⚠️ Additional setup required	Output	Jan 28, 2026 6:48PM
ce634f5	⚠️ Additional setup required	Output	Jan 28, 2026 6:59PM
7fbbbb9	⚠️ Additional setup required	Output	Jan 28, 2026 7:02PM
cbb5b22	⚠️ Additional setup required	Output	Jan 28, 2026 7:34PM
18bfb99	⚠️ Additional setup required	Output	Jan 28, 2026 7:39PM
218dfcd	⚠️ Additional setup required	Output	Jan 28, 2026 7:58PM
0602951	⚠️ Additional setup required	Output	Jan 28, 2026 8:05PM

View output in GitHub ↗

[greptile-apps]

_{3 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

/app/scripts/preview/start.sh does not exist in the repository

Prompt To Fix With AI

This is a comment left during a code review.
Path: railway.json
Line: 15:15

Comment:
`/app/scripts/preview/start.sh` does not exist in the repository

How can I resolve this? If you propose a fix, please make it concise.

[cubic-dev-ai]

3 issues found across 9 files

Confidence score: 2/5

• The preview environment will likely fail because railway.json points startCommand to /app/scripts/preview/start.sh, which is missing in the repo, so deployment would break.
• There are notable security concerns: scripts/preview/setupTestOrgCI.ts logs API key data and .github/workflows/integration-tests.yml pipes a remote install script directly into sudo bash.
• Pay close attention to railway.json, scripts/preview/setupTestOrgCI.ts, .github/workflows/integration-tests.yml - deployment failure and CI secret/supply‑chain risks.

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="scripts/preview/setupTestOrgCI.ts">

<violation number="1" location="scripts/preview/setupTestOrgCI.ts:22">
P2: Avoid logging the API key (even partially) in CI logs; this can leak credentials.</violation>
</file>

<file name=".github/workflows/integration-tests.yml">

<violation number="1" location=".github/workflows/integration-tests.yml:28">
P2: Avoid piping a remote install script directly into sudo bash without verification; it exposes the workflow to supply‑chain/script tampering risks.</violation>
</file>

<file name="railway.json">

<violation number="1" location="railway.json:15">
P1: The startCommand references `/app/scripts/preview/start.sh` but this file does not exist in the repository. The preview environment deployment will fail when Railway attempts to execute this non-existent script. Either add the missing `start.sh` file or update the startCommand to use an existing script.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[railway-app]

🚅 Deployed to the autumn-pr-655 environment in autumn

Service	Status	Web	Updated (UTC)
dev-workers	◻️ Removed (View Logs)		Jan 28, 2026 at 7:09 pm
dev-server	◻️ Removed (View Logs)	Web	Jan 28, 2026 at 7:08 pm