Fix/workflow database setup

[OverDsh]

Merge workflow changes to dev (use migrations instead of push, misc changes...)

[github-actions]

🚀 Preview Deployment:

• Vercel Deployment: View Deployment
• Status: ✅ Ready
• Workflow Logs: View Run

[Copilot]

Pull request overview

Updates GitHub Actions deployment workflows to use Drizzle migrations (instead of schema push) and adds guardrails around migration generation so deploys don’t proceed with missing migration files.

Changes:

• Add a check-migrations job to preview and production workflows that runs drizzle-kit generate and fails if it would modify drizzle/.
• Switch database sync in dev/preview workflows from npx drizzle-kit push to npx drizzle-kit migrate.
• Improve workflow behavior: add production concurrency controls, make Turso branch provisioning idempotent, and adjust token usage/quoting.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File	Description
.github/workflows/production_deploy.yml	Adds migration generation check job; gates production deploy on it; adjusts Vercel token usage.
.github/workflows/pr_preview.yml	Adds migration generation check job; makes Turso DB creation idempotent; switches to migrate; tweaks concurrency and PR commenting behavior.
.github/workflows/dev_deploy.yml	Switches DB sync from push to migrate; changes concurrency cancel behavior.
.github/workflows/database_cleanup.yml	Adds paths-ignore; moves TURSO_API_TOKEN to job-level env and simplifies destroy step env.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

check-migrations runs npx drizzle-kit generate without setting TURSO_DATABASE_URL / TURSO_AUTH_TOKEN, but drizzle.config.ts reads these env vars for dbCredentials. If drizzle-kit generate validates/uses dbCredentials for the turso dialect, this job will fail and block production deploys. Consider either passing --schema/--out/--dialect flags to drizzle-kit generate so it doesn't rely on the config’s dbCredentials, or set non-prod credentials env vars for this step.

[Copilot]

check-migrations runs npx drizzle-kit generate without setting TURSO_DATABASE_URL / TURSO_AUTH_TOKEN, but drizzle.config.ts defines dbCredentials from these env vars. If drizzle-kit generate requires/validates credentials for the turso dialect, this workflow will start failing even when migrations are up to date. Prefer invoking drizzle-kit generate with explicit --schema/--out/--dialect args (no DB required) or provide safe credentials for just this step.

[Copilot]

For workflow_dispatch runs (using pr_number), this checkout will use the repository’s default ref rather than the PR’s head commit, so the migration check may validate/deploy the wrong code. If manual dispatch is intended to build a specific PR, update this job to resolve the PR’s head SHA (via refs/pull/<num>/head or the GitHub API) and checkout that ref consistently.

Suggested change

	uses: actions/checkout@v4
	uses: actions/checkout@v4
	with:
	# For pull_request events, use the PR head SHA.
	# For workflow_dispatch with pr_number, use the PR head ref.
	# Otherwise, fall back to the current SHA.
	ref: ${{ github.event.pull_request.head.sha || (github.event.inputs.pr_number && format('refs/pull/{0}/head', github.event.inputs.pr_number)) || github.sha }}

[Copilot]

Because this workflow supports workflow_dispatch with a pr_number input, the deploy job also needs to ensure it is deploying the PR’s head commit (not the default ref the workflow was dispatched from). Consider resolving the PR head SHA/ref early in the job (or reusing the same logic as check-migrations) and checking out that ref before building/deploying.