simstudioai · Sg312 · Sep 25, 2025 · Sep 25, 2025 · Sep 25, 2025 · Sep 25, 2025
diff --git a/.github/workflows/build-ecr.yml b/.github/workflows/build-ecr.yml
@@ -3,6 +3,7 @@ name: Build and Push to ECR
 on:
   push:
     branches: [main, staging]
+  workflow_call:
 
 permissions:
   id-token: write

diff --git a/.github/workflows/build-ghcr-build.yml b/.github/workflows/build-ghcr-build.yml
@@ -0,0 +1,83 @@
+name: Build GHCR Images (Build Only)
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # AMD64 builds on x86 runners
+          - dockerfile: ./docker/app.Dockerfile
+            image: ghcr.io/simstudioai/simstudio
+            platform: linux/amd64
+            arch: amd64
+            runner: linux-x64-8-core
+          - dockerfile: ./docker/db.Dockerfile
+            image: ghcr.io/simstudioai/migrations
+            platform: linux/amd64
+            arch: amd64
+            runner: linux-x64-8-core
+          - dockerfile: ./docker/realtime.Dockerfile
+            image: ghcr.io/simstudioai/realtime
+            platform: linux/amd64
+            arch: amd64
+            runner: linux-x64-8-core
+          # ARM64 builds on native ARM64 runners
+          - dockerfile: ./docker/app.Dockerfile
+            image: ghcr.io/simstudioai/simstudio
+            platform: linux/arm64
+            arch: arm64
+            runner: linux-arm64-8-core
+          - dockerfile: ./docker/db.Dockerfile
+            image: ghcr.io/simstudioai/migrations
+            platform: linux/arm64
+            arch: arm64
+            runner: linux-arm64-8-core
+          - dockerfile: ./docker/realtime.Dockerfile
+            image: ghcr.io/simstudioai/realtime
+            platform: linux/arm64
+            arch: arm64
+            runner: linux-arm64-8-core
+    runs-on: ${{ matrix.runner }}
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ matrix.image }}
+          tags: |
+            type=raw,value=latest-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/main' }}
+            type=raw,value=staging-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/staging' }}
+            type=raw,value=staging-${{ github.sha }}-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/staging' }}
+            type=sha,format=long,suffix=-${{ matrix.arch }}
+
+      - name: Build Docker image (no push)
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          platforms: ${{ matrix.platform }}
+          push: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=build-v3
+          cache-to: type=gha,mode=max,scope=build-v3
+          provenance: false
+          sbom: false 
diff --git a/.github/workflows/build-ghcr-push.yml b/.github/workflows/build-ghcr-push.yml
@@ -0,0 +1,148 @@
+name: Push GHCR Images
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  push:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # AMD64 builds
+          - dockerfile: ./docker/app.Dockerfile
+            image: ghcr.io/simstudioai/simstudio
+            platform: linux/amd64
+            arch: amd64
+          - dockerfile: ./docker/db.Dockerfile
+            image: ghcr.io/simstudioai/migrations
+            platform: linux/amd64
+            arch: amd64
+          - dockerfile: ./docker/realtime.Dockerfile
+            image: ghcr.io/simstudioai/realtime
+            platform: linux/amd64
+            arch: amd64
+          # ARM64 builds
+          - dockerfile: ./docker/app.Dockerfile
+            image: ghcr.io/simstudioai/simstudio
+            platform: linux/arm64
+            arch: arm64
+          - dockerfile: ./docker/db.Dockerfile
+            image: ghcr.io/simstudioai/migrations
+            platform: linux/arm64
+            arch: arm64
+          - dockerfile: ./docker/realtime.Dockerfile
+            image: ghcr.io/simstudioai/realtime
+            platform: linux/arm64
+            arch: arm64
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ matrix.image }}
+          tags: |
+            type=raw,value=latest-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/main' }}
+            type=raw,value=staging-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/staging' }}
+            type=raw,value=staging-${{ github.sha }}-${{ matrix.arch }},enable=${{ github.ref == 'refs/heads/staging' }}
+            type=sha,format=long,suffix=-${{ matrix.arch }}
+
+      - name: Push Docker image from cache
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          platforms: ${{ matrix.platform }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=build-v3
+          cache-to: type=gha,mode=max,scope=build-v3
+          provenance: false
+          sbom: false
+
+  create-manifests:
+    runs-on: ubuntu-latest
+    needs: push
+    strategy:
+      matrix:
+        include:
+          - image: ghcr.io/simstudioai/simstudio
+          - image: ghcr.io/simstudioai/migrations
+          - image: ghcr.io/simstudioai/realtime
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for manifest
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ matrix.image }}
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=raw,value=staging,enable=${{ github.ref == 'refs/heads/staging' }}
+            type=sha,format=long
+
+      - name: Create and push manifest
+        run: |
+          # Extract the tags from metadata (these are the final manifest tags we want)
+          MANIFEST_TAGS="${{ steps.meta.outputs.tags }}"
+
+          # Create manifest for each tag
+          for manifest_tag in $MANIFEST_TAGS; do
+            echo "Creating manifest for $manifest_tag"
+
+            # The architecture-specific images have -amd64 and -arm64 suffixes
+            amd64_image="${manifest_tag}-amd64"
+            arm64_image="${manifest_tag}-arm64"
+
+            echo "Looking for images: $amd64_image and $arm64_image"
+
+            # Check if both architecture images exist
+            if docker manifest inspect "$amd64_image" >/dev/null 2>&1 && docker manifest inspect "$arm64_image" >/dev/null 2>&1; then
+              echo "Both images found, creating manifest..."
+              docker manifest create "$manifest_tag" \
+                "$amd64_image" \
+                "$arm64_image"
+              docker manifest push "$manifest_tag"
+              echo "Successfully created and pushed manifest for $manifest_tag"
+            else
+              echo "Error: One or both architecture images not found"
+              echo "Checking AMD64 image: $amd64_image"
+              docker manifest inspect "$amd64_image" || echo "AMD64 image not found"
+              echo "Checking ARM64 image: $arm64_image"
+              docker manifest inspect "$arm64_image" || echo "ARM64 image not found"
+              exit 1
+            fi
+          done 
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -3,6 +3,11 @@ name: Build and Publish Docker Image
 on:
   push:
     branches: [main, staging]
+  workflow_call:
+
+permissions:
+  contents: read
+  packages: write
 
 jobs:
   build-and-push:

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -55,11 +55,54 @@ jobs:
           fail_ci_if_error: false
           verbose: true
 
+  # Call GHCR build workflow (runs in parallel with ECR)
+  build-ghcr:
+    name: Build GHCR Images
+    needs: test
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
+    uses: ./.github/workflows/build-ghcr-build.yml
+    secrets: inherit
+    permissions:
+      contents: read
+      packages: write
+
+  # Call ECR build workflow (runs in parallel with GHCR build)
+  build-ecr-deploy:
+    name: Build ECR and Deploy
+    needs: test
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
+    uses: ./.github/workflows/build-ecr.yml
+    secrets: inherit
+    permissions:
+      id-token: write
+      contents: read
+
+  # Call Trigger.dev deploy workflow (runs in parallel)
+  trigger-deploy:
+    name: Deploy Trigger.dev
+    needs: test
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
+    uses: ./.github/workflows/trigger-deploy.yml
+    secrets: inherit
+
+  # Push GHCR images after ECR/ECS deployment is complete
+  push-ghcr:
+    name: Push GHCR Images
+    needs: [build-ghcr, build-ecr-deploy]
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
+    uses: ./.github/workflows/build-ghcr-push.yml
+    secrets: inherit
+    permissions:
+      contents: read
+      packages: write
+
+  # Run database migrations (depends on GHCR push and trigger deployment)
   migrations:
     name: Apply Database Migrations
+    needs: [push-ghcr, trigger-deploy]
     runs-on: ubuntu-latest
     if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
-    needs: test
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -77,3 +120,11 @@ jobs:
         env:
           DATABASE_URL: ${{ github.ref == 'refs/heads/main' && secrets.DATABASE_URL || secrets.STAGING_DATABASE_URL }}
         run: bunx drizzle-kit migrate --config=./drizzle.config.ts
+
+  # Process docs embeddings if needed
+  process-docs:
+    name: Process Docs
+    needs: migrations
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging')
+    uses: ./.github/workflows/docs-embeddings.yml
+    secrets: inherit
diff --git a/.github/workflows/docs-embeddings.yml b/.github/workflows/docs-embeddings.yml
@@ -6,6 +6,7 @@ on:
     paths:
       - 'apps/docs/**'
   workflow_dispatch: # Allow manual triggering
+  workflow_call:
 
 jobs:
   process-docs-embeddings:

diff --git a/.github/workflows/trigger-deploy.yml b/.github/workflows/trigger-deploy.yml
@@ -5,6 +5,7 @@ on:
     branches:
       - main
       - staging
+  workflow_call:
 
 jobs:
   deploy:

diff --git a/apps/sim/app/api/copilot/api-keys/generate/route.ts b/apps/sim/app/api/copilot/api-keys/generate/route.ts
@@ -1,12 +1,7 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { env } from '@/lib/env'
-import { createLogger } from '@/lib/logs/console/logger'
-import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/sim-agent'
-
-const logger = createLogger('CopilotApiKeysGenerate')
-
-const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
+import { SIM_AGENT_API_URL_DEFAULT } from '@/lib/sim-agent/constants'
 
 export async function POST(req: NextRequest) {
   try {
@@ -17,6 +12,9 @@ export async function POST(req: NextRequest) {
 
     const userId = session.user.id
 
+    // Move environment variable access inside the function
+    const SIM_AGENT_API_URL = env.SIM_AGENT_API_URL || SIM_AGENT_API_URL_DEFAULT
+
     const res = await fetch(`${SIM_AGENT_API_URL}/api/validate-key/generate`, {
       method: 'POST',
       headers: {
@@ -27,8 +25,6 @@ export async function POST(req: NextRequest) {
     })
 
     if (!res.ok) {
-      const errorBody = await res.text().catch(() => '')
-      logger.error('Sim Agent generate key error', { status: res.status, error: errorBody })
       return NextResponse.json(
         { error: 'Failed to generate copilot API key' },
         { status: res.status || 500 }
@@ -38,7 +34,6 @@ export async function POST(req: NextRequest) {
     const data = (await res.json().catch(() => null)) as { apiKey?: string } | null
 
     if (!data?.apiKey) {
-      logger.error('Sim Agent generate key returned invalid payload')
       return NextResponse.json({ error: 'Invalid response from Sim Agent' }, { status: 500 })
     }
 
@@ -47,7 +42,6 @@ export async function POST(req: NextRequest) {
       { status: 201 }
     )
   } catch (error) {
-    logger.error('Failed to proxy generate copilot API key', { error })
     return NextResponse.json({ error: 'Failed to generate copilot API key' }, { status: 500 })
   }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,6 +5,7 @@ on: @@
         branches:
           - main
           - staging
+      workflow_call:
     jobs:
       deploy:
@@ Expand Down @@