prizmkit 1.1.78 → 1.1.79
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bundled/VERSION.json +3 -3
- package/bundled/skills/_metadata.json +1 -1
- package/bundled/skills-windows/prizm-kit/SKILL.md +81 -0
- package/bundled/skills-windows/prizmkit-code-review/SKILL.md +225 -0
- package/bundled/skills-windows/prizmkit-committer/SKILL.md +81 -0
- package/bundled/skills-windows/prizmkit-deploy/SKILL.md +468 -0
- package/bundled/skills-windows/prizmkit-deploy/references/ci-cd-workflows.md +115 -0
- package/bundled/skills-windows/prizmkit-deploy/references/cloud-platform-deploy.md +93 -0
- package/bundled/skills-windows/prizmkit-deploy/references/database-setup.md +46 -0
- package/bundled/skills-windows/prizmkit-deploy/references/deploy-config-schema.md +148 -0
- package/bundled/skills-windows/prizmkit-deploy/references/deploy-history-schema.md +62 -0
- package/bundled/skills-windows/prizmkit-deploy/references/deployment-modes.md +50 -0
- package/bundled/skills-windows/prizmkit-deploy/references/direct-upload.md +26 -0
- package/bundled/skills-windows/prizmkit-deploy/references/dns-setup.md +42 -0
- package/bundled/skills-windows/prizmkit-deploy/references/docker-deploy.md +31 -0
- package/bundled/skills-windows/prizmkit-deploy/references/firewall-setup.md +37 -0
- package/bundled/skills-windows/prizmkit-deploy/references/live-validation-notes.md +21 -0
- package/bundled/skills-windows/prizmkit-deploy/references/nginx-blue-green.md +59 -0
- package/bundled/skills-windows/prizmkit-deploy/references/ssl-setup.md +56 -0
- package/bundled/skills-windows/prizmkit-implement/SKILL.md +65 -0
- package/bundled/skills-windows/prizmkit-plan/SKILL.md +184 -0
- package/bundled/skills-windows/prizmkit-plan/assets/plan-template.md +115 -0
- package/bundled/skills-windows/prizmkit-plan/assets/spec-template.md +73 -0
- package/bundled/skills-windows/prizmkit-plan/references/clarify-guide.md +67 -0
- package/bundled/skills-windows/prizmkit-plan/references/verification-checklist.md +60 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/SKILL.md +115 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/assets/prizm-docs-format.md +613 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/references/op-init.md +45 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/references/op-rebuild.md +15 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/references/op-status.md +14 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/references/op-update.md +19 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/references/op-validate.md +17 -0
- package/bundled/skills-windows/prizmkit-retrospective/SKILL.md +87 -0
- package/bundled/skills-windows/prizmkit-retrospective/references/knowledge-injection-steps.md +50 -0
- package/bundled/skills-windows/prizmkit-retrospective/references/structural-sync-steps.md +43 -0
- package/bundled/skills-windows/prizmkit-test/SKILL.md +281 -0
- package/package.json +1 -1
|
@@ -0,0 +1,468 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: "prizmkit-deploy"
|
|
3
|
+
description: "Universal deployment gateway for any PrizmKit project. Discovers project type and target (SSH server, Vercel, Docker, etc.), then routes: full automation for SSH Linux with PM2 + Nginx + blue/green switching, guided setup for cloud platforms, or safe documentation fallback for unsupported targets. Also operates existing deployments: status, logs, restart, rollback, health checks, history, validate. Use this skill whenever the user asks about deployment, hosting, going live, or server operations. Triggers on: 'deploy', 'ship it', 'take this live', 'deploy to Vercel', 'deploy to my server', 'check deploy status', 'view logs', 'restart app', 'rollback', 'how do I deploy this', any deployment or hosting question."
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# PrizmKit Deploy — Universal Deployment Gateway
|
|
7
|
+
|
|
8
|
+
`/prizmkit-deploy` is the single entry point for all deployment work. When a user asks to deploy anything — any project type, any target — this skill handles it.
|
|
9
|
+
|
|
10
|
+
Three possible outcomes depending on what's supported:
|
|
11
|
+
1. **Full automation** (SSH Linux server): configure, bootstrap, deploy, verify, operate — complete AI takeover.
|
|
12
|
+
2. **Guided setup** (cloud platforms like Vercel, Netlify, Docker): generate config, walk through CLI steps, verify.
|
|
13
|
+
3. **Documented fallback** (unsupported targets): detect what's possible, produce deploy.md, record the adapter gap.
|
|
14
|
+
|
|
15
|
+
When invited, behave as a deployment engineer. Ask until you understand what is being deployed, where it runs, how it is built, how it starts, what secrets it needs, how traffic reaches it, and how health is checked.
|
|
16
|
+
|
|
17
|
+
## Deployment Discovery
|
|
18
|
+
|
|
19
|
+
Before doing anything else, discover what you're deploying and where. This phase routes the request to the right adapter or fallback. It runs regardless of mode (interactive or headless), but interactive mode may ask questions; headless mode reads from existing config and exits with `NEEDS_INPUT` if critical details are missing.
|
|
20
|
+
|
|
21
|
+
### Step 1: Project Detection
|
|
22
|
+
|
|
23
|
+
Scan the project root for build/package files and classify:
|
|
24
|
+
|
|
25
|
+
| File found | Language/Framework | Build command | Start command |
|
|
26
|
+
|------------|-------------------|---------------|---------------|
|
|
27
|
+
| `package.json` with `next` dep | Next.js | `next build` | `next start -p <port>` |
|
|
28
|
+
| `package.json` with `vite` dep | Vite (React/Vue) | `vite build` | `vite preview` |
|
|
29
|
+
| `package.json` (generic) | Node.js | `npm run build` | `npm run start` |
|
|
30
|
+
| `go.mod` | Go | `go build` | `./<binary>` |
|
|
31
|
+
| `Cargo.toml` | Rust | `cargo build --release` | `./target/release/<binary>` |
|
|
32
|
+
| `requirements.txt` / `pyproject.toml` | Python | — | `python -m uvicorn` or similar |
|
|
33
|
+
| `Dockerfile` | Containerized | `docker build` | `docker run` |
|
|
34
|
+
| `docker-compose.yml` | Docker Compose | `docker compose build` | `docker compose up` |
|
|
35
|
+
| `Makefile` only | C/C++/generic | `make` | `make run` or binary |
|
|
36
|
+
|
|
37
|
+
Also scan for:
|
|
38
|
+
- **Environment variables**: grep for `process.env.`, `os.environ`, `os.Getenv`, `env::var` — catalog every reference
|
|
39
|
+
- **Port usage**: grep for port numbers, `listen()`, `PORT` env var
|
|
40
|
+
- **Database dependencies**: check package.json/requirements.txt/go.mod for database drivers
|
|
41
|
+
|
|
42
|
+
### Step 2: Deployment Target Detection
|
|
43
|
+
|
|
44
|
+
Determine WHERE the user wants to deploy. Check in order:
|
|
45
|
+
|
|
46
|
+
**A. User-specified target** (highest priority):
|
|
47
|
+
- "deploy to Vercel" / "deploy to my server" / "deploy with Docker" → use what the user says.
|
|
48
|
+
|
|
49
|
+
**B. Detect from project files** (if user hasn't specified):
|
|
50
|
+
- `vercel.json` → Vercel
|
|
51
|
+
- `netlify.toml` → Netlify
|
|
52
|
+
- `fly.toml` → Fly.io
|
|
53
|
+
- `Dockerfile` or `docker-compose.yml` → Docker
|
|
54
|
+
- `.github/workflows/deploy.yml` → check what it targets
|
|
55
|
+
- `app.yaml` → GCP App Engine
|
|
56
|
+
- `serverless.yml` → Serverless Framework
|
|
57
|
+
|
|
58
|
+
**C. Ask the user** (interactive only):
|
|
59
|
+
- "Where should this project be deployed?"
|
|
60
|
+
- Options to suggest based on detected files + common choices:
|
|
61
|
+
- "My own Linux server (SSH access) — full AI automation"
|
|
62
|
+
- "Vercel / Netlify — guided CLI setup"
|
|
63
|
+
- "Docker — guided container deployment"
|
|
64
|
+
- "Other — generate deployment documentation"
|
|
65
|
+
|
|
66
|
+
If headless mode and no target can be determined, exit with `NEEDS_INPUT` listing the missing target information.
|
|
67
|
+
|
|
68
|
+
**D. Check for existing deployment**:
|
|
69
|
+
- Does `.prizmkit/deploy/deploy.config.json` already exist? If yes, read the configured target.
|
|
70
|
+
- Does the user mention a server IP or hostname? Check if it's already reachable.
|
|
71
|
+
|
|
72
|
+
### Step 3: Route to Adapter
|
|
73
|
+
|
|
74
|
+
Based on detected target, route the rest of the session:
|
|
75
|
+
|
|
76
|
+
1. **SSH Linux server** → §SSH Deployment Path — full automation: bootstrap, configure, deploy, operate. First-version adapter: PM2 + Nginx + blue/green.
|
|
77
|
+
2. **Vercel / Netlify** → §Cloud Platform Deployment Path — guided: detect CLI tools, walk through deploy commands, generate deploy.md. Details in `references/cloud-platform-deploy.md`.
|
|
78
|
+
3. **Docker** → §Docker Deployment Path — guided: detect Dockerfile/Compose, build image, container lifecycle. Details in `references/docker-deploy.md`.
|
|
79
|
+
4. **Unsupported** → §Unsupported Deployment Fallback — generate deploy.md, record adapter gap, provide manual checklist.
|
|
80
|
+
|
|
81
|
+
Cloud and Docker paths follow the same discovery and documentation patterns but use platform CLIs instead of SSH + PM2.
|
|
82
|
+
|
|
83
|
+
**Compatibility check before routing to SSH**: The SSH adapter (PM2 + Nginx + blue/green) requires a Node.js project — verify `package.json` exists. Non-Node.js projects (Go, Rust, Python) targeting a Linux server route to Unsupported Fallback with a note: "Adapter gap: PM2 adapter requires Node.js."
|
|
84
|
+
|
|
85
|
+
### Step 4: Unsupported Deployment Fallback
|
|
86
|
+
|
|
87
|
+
When the deployment target or project type isn't covered by any adapter, don't fail silently. Instead:
|
|
88
|
+
|
|
89
|
+
1. **Detect what you can**: project language, framework, build/start commands, env vars, port usage, database dependencies.
|
|
90
|
+
2. **Generate `.prizmkit/deploy/deploy.md`**: human-readable deployment guide with prerequisites, environment variables table, build/start instructions, health check suggestions.
|
|
91
|
+
3. **Record the adapter gap**: write a note in deploy.md and deploy-history identifying what's missing (e.g., "Adapter needed: Python/FastAPI on systemd").
|
|
92
|
+
4. **Provide a manual checklist**: concrete steps the user can follow to deploy manually.
|
|
93
|
+
5. **Offer to generate CI/CD config**: if `.github/workflows/` exists or the user wants one, generate a basic deploy workflow.
|
|
94
|
+
|
|
95
|
+
## Mode Detection
|
|
96
|
+
|
|
97
|
+
Detect invocation mode from the user's initial message. The mode determines what you're allowed to do:
|
|
98
|
+
|
|
99
|
+
**Interactive mode** (user typed `/prizmkit-deploy` or asked directly):
|
|
100
|
+
- May ask as many questions as needed to fill in missing deployment details.
|
|
101
|
+
- May request approvals for privileged, destructive, or traffic-impacting actions.
|
|
102
|
+
- May deploy to any environment (dev/test/production).
|
|
103
|
+
- Production requires explicit user confirmation before execution.
|
|
104
|
+
|
|
105
|
+
**Headless mode** (invoked via `--headless` flag, pipeline, or script):
|
|
106
|
+
- Never wait for user input — unattended shells that time out on a prompt block pipelines silently without visible errors, so exit with clear status codes instead.
|
|
107
|
+
- May ONLY target `dev` or `test` environments.
|
|
108
|
+
- If `--env production` in headless mode: exit immediately with `ENVIRONMENT_DENIED — production deployment requires interactive mode`, because production deploys must never happen without human oversight.
|
|
109
|
+
- If required info is missing, exit with `NEEDS_INPUT` and write pending questions to `.prizmkit/deploy/pending-input.json`.
|
|
110
|
+
- May only perform actions already authorized by `deploy.config.json`.
|
|
111
|
+
|
|
112
|
+
## Command Routing
|
|
113
|
+
|
|
114
|
+
When the user invokes `/prizmkit-deploy`, determine intent from the first word after the command:
|
|
115
|
+
|
|
116
|
+
```
|
|
117
|
+
/prizmkit-deploy → deploy (if config exists) or configure (if not)
|
|
118
|
+
/prizmkit-deploy configure → first-run or repair configuration wizard
|
|
119
|
+
/prizmkit-deploy deploy → full deployment pipeline
|
|
120
|
+
/prizmkit-deploy status → show PM2 process status for all apps
|
|
121
|
+
/prizmkit-deploy logs --app <id> → tail PM2 logs for the given app
|
|
122
|
+
/prizmkit-deploy restart --app <id> → PM2 restart for the given app
|
|
123
|
+
/prizmkit-deploy rollback --app <id> [--to <releaseId>] → rollback to previous or specified release
|
|
124
|
+
/prizmkit-deploy health --app <id> → run configured health checks
|
|
125
|
+
/prizmkit-deploy history → list recent deployment events from deploy-history/
|
|
126
|
+
/prizmkit-deploy validate → run validation checks without deploying
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
### No-arg behavior
|
|
130
|
+
|
|
131
|
+
- If `.prizmkit/deploy/deploy.config.json` does not exist → start first-run configuration wizard.
|
|
132
|
+
- If config exists and validates → show deployment summary (active release, app status, last deploy time) and ask which environment, then proceed to deploy.
|
|
133
|
+
- If config exists but required fields are missing or validation is stale → enter repair flow.
|
|
134
|
+
|
|
135
|
+
## File Structure
|
|
136
|
+
|
|
137
|
+
All artifacts live under `.prizmkit/deploy/`:
|
|
138
|
+
|
|
139
|
+
```
|
|
140
|
+
.prizmkit/deploy/
|
|
141
|
+
deploy.md # human-readable documentation
|
|
142
|
+
deploy.config.json # machine-readable config & validation state
|
|
143
|
+
pending-input.json # pending questions for headless mode resume
|
|
144
|
+
deploy-history/
|
|
145
|
+
<deployment-id>.json # one per deploy/rollback/event
|
|
146
|
+
deploy-scripts/ # future — PrizmKit-managed deploy scripts
|
|
147
|
+
secrets.enc.json # optional, encrypted local secrets
|
|
148
|
+
secrets.local.json # optional, plaintext secrets (must be gitignored)
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
Read `references/deploy-config-schema.md` when writing or validating `deploy.config.json`. Read `references/deploy-history-schema.md` when writing history records.
|
|
152
|
+
|
|
153
|
+
## SSH Deployment Path
|
|
154
|
+
|
|
155
|
+
The following sections define the SSH deployment adapter — the only fully-automated path. Route here when Discovery determines the target is a Linux server with SSH access.
|
|
156
|
+
|
|
157
|
+
### SSH: Deployment Mode Selection
|
|
158
|
+
|
|
159
|
+
After Discovery routes to SSH, **before** entering the configuration wizard, ask the user how they want to deploy.
|
|
160
|
+
|
|
161
|
+
**First question:**
|
|
162
|
+
> "你想怎么部署到服务器?"
|
|
163
|
+
> - **A. 直接上传(快速上手)** — 本地构建,传到服务器启动。适合第一次部署。
|
|
164
|
+
> - **B. CI/CD 自动部署(推荐)** — 配置 GitHub Actions,以后 `git push` 自动部署。
|
|
165
|
+
|
|
166
|
+
**If user chooses CI/CD, second question:**
|
|
167
|
+
> "CI/CD 有两种模式:"
|
|
168
|
+
> - **Push 模式** — GitHub Actions runner 编译,SCP 传到服务器。服务器压力小。
|
|
169
|
+
> - **Pull 模式** — 服务器自己拉代码编译。配置更简单但需 Deploy Key。
|
|
170
|
+
|
|
171
|
+
For detailed mode descriptions and the full Push/Pull comparison table, read `references/deployment-modes.md`.
|
|
172
|
+
|
|
173
|
+
**Config field:** `deployStrategy` in `deploy.config.json` — `"direct-upload"`, `"ci-cd-push"`, or `"ci-cd-pull"`. Existing configs without this field default to `"ci-cd-pull"` for backward compatibility.
|
|
174
|
+
|
|
175
|
+
### SSH: Server Model
|
|
176
|
+
|
|
177
|
+
Servers are generic SSH targets. A server is valid if it:
|
|
178
|
+
- Can be reached over SSH.
|
|
179
|
+
- Provides a Linux shell.
|
|
180
|
+
- Can install or has Node.js, npm, PM2, Nginx, Git.
|
|
181
|
+
- Can access the configured Git repository (Pull mode only).
|
|
182
|
+
|
|
183
|
+
Server-side directory layout:
|
|
184
|
+
```
|
|
185
|
+
/var/www/<project>/
|
|
186
|
+
releases/
|
|
187
|
+
<release-id>/
|
|
188
|
+
shared/
|
|
189
|
+
.env.production # mode 600, owner: runtime user
|
|
190
|
+
deploy-metadata.json # active color, last release, timestamp
|
|
191
|
+
current -> releases/<release-id>
|
|
192
|
+
deploy-logs/
|
|
193
|
+
```
|
|
194
|
+
|
|
195
|
+
SSH roles: `bootstrapUser` (usually root, for initial setup) and `runtimeUser` (default `deploy`, for app processes). App processes never run as root.
|
|
196
|
+
|
|
197
|
+
### SSH: First-Run Configuration Wizard
|
|
198
|
+
|
|
199
|
+
When `.prizmkit/deploy/deploy.config.json` does not exist, enter configuration wizard. Flow: **deployment mode → collect → validate → confirm → persist**.
|
|
200
|
+
|
|
201
|
+
**Before any questions:** ask deployment mode (see §SSH: Deployment Mode Selection). This determines required steps:
|
|
202
|
+
|
|
203
|
+
| Step | Direct Upload | CI/CD Push | CI/CD Pull |
|
|
204
|
+
|------|:---:|:---:|:---:|
|
|
205
|
+
| SSH Server Discovery | Required | Required | Required |
|
|
206
|
+
| Repository Access | Skipped | Skipped | Required |
|
|
207
|
+
| Application Configuration | Required | Required | Required |
|
|
208
|
+
| Environment Variables | Required | Required | Required |
|
|
209
|
+
| Persist Configuration | Required | Required | Required |
|
|
210
|
+
|
|
211
|
+
#### Step 1: SSH Server Discovery
|
|
212
|
+
|
|
213
|
+
Ask for and validate:
|
|
214
|
+
- **Server host and port** (e.g., `43.161.221.171:22`)
|
|
215
|
+
- **Bootstrap user** (usually `root`) — for initial package install and user creation
|
|
216
|
+
- **Runtime user** (recommend `deploy`) — app runs as this user, never root
|
|
217
|
+
- **Auth method** — SSH key path or agent
|
|
218
|
+
|
|
219
|
+
Validate immediately: `ssh <bootstrapUser>@<host> 'echo OK'`. If that fails, nothing else matters — stop and fix connectivity first.
|
|
220
|
+
|
|
221
|
+
#### Step 2: Repository Access (CI/CD Pull mode only)
|
|
222
|
+
|
|
223
|
+
Only needed when `deployStrategy` is `"ci-cd-pull"` — the server needs to `git pull` code. Skip for `"direct-upload"` (no Git on server) and `"ci-cd-push"` (GitHub Actions handles checkout).
|
|
224
|
+
|
|
225
|
+
Ask for: Git URL, branch, auth strategy (prefer read-only Deploy Key).
|
|
226
|
+
|
|
227
|
+
If using Deploy Key:
|
|
228
|
+
1. Generate ed25519 key on server: `sudo -u <runtimeUser> ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N ""`
|
|
229
|
+
2. Show public key to user: "Add this to GitHub Deploy Keys (read-only)"
|
|
230
|
+
3. Wait for confirmation, then verify: attempt a git clone as runtime user
|
|
231
|
+
|
|
232
|
+
#### Step 3: Application Configuration
|
|
233
|
+
|
|
234
|
+
For each app, collect: id, path, packageManager, installCommand, buildCommand, startCommand, blue/green port pair (default 3101/3102), healthChecks.
|
|
235
|
+
|
|
236
|
+
#### Step 4: Environment Variables
|
|
237
|
+
|
|
238
|
+
Scan source code for `process.env.<VAR>` references. Ask user for each required value. Identify secrets vs non-secrets. Ask about secret storage strategy (see §Secrets Management).
|
|
239
|
+
|
|
240
|
+
#### Step 5: Persist Configuration
|
|
241
|
+
|
|
242
|
+
Write `deploy.config.json` with all collected values and `validated: {}` stubs for each section. Write `deploy.md` as human-readable documentation.
|
|
243
|
+
|
|
244
|
+
### SSH: Bootstrap Flow
|
|
245
|
+
|
|
246
|
+
Before first deployment, bootstrap the server. Present a plan showing every privileged action before executing anything.
|
|
247
|
+
|
|
248
|
+
**Always-run preflight:**
|
|
249
|
+
```
|
|
250
|
+
locale-gen en_US.UTF-8 # fix locale warnings on bare Ubuntu
|
|
251
|
+
apt-get update -qq # refresh package list
|
|
252
|
+
```
|
|
253
|
+
|
|
254
|
+
**Check-and-install (idempotent):** Node.js, npm, PM2, Nginx, Git. Use v22 LTS if v25 not available.
|
|
255
|
+
|
|
256
|
+
**Detect port conflicts:** `ss -tlnp | grep :80 || true`. If port 80/443 is occupied, report and ask how to resolve.
|
|
257
|
+
|
|
258
|
+
**User and directory setup:**
|
|
259
|
+
```
|
|
260
|
+
useradd -m -s /bin/bash <runtimeUser> # if not exists
|
|
261
|
+
mkdir -p /var/www/<project>/{releases,shared,deploy-logs}
|
|
262
|
+
chown -R <runtimeUser>:<runtimeUser> /var/www/<project>
|
|
263
|
+
```
|
|
264
|
+
|
|
265
|
+
**PM2 startup:**
|
|
266
|
+
```
|
|
267
|
+
env PATH=$PATH:/usr/bin pm2 startup systemd -u <runtimeUser> --hp /home/<runtimeUser>
|
|
268
|
+
```
|
|
269
|
+
|
|
270
|
+
**Deploy key (Pull mode only):**
|
|
271
|
+
```
|
|
272
|
+
sudo -u <runtimeUser> ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N ""
|
|
273
|
+
sudo -u <runtimeUser> ssh-keyscan -H github.com >> ~/.ssh/known_hosts
|
|
274
|
+
```
|
|
275
|
+
|
|
276
|
+
**Security baseline (firewall):** After core tools are installed, ask whether to configure ufw. If user agrees, read `references/firewall-setup.md` for the full interactive flow and rule templates.
|
|
277
|
+
|
|
278
|
+
**Database setup:** If Discovery detected database drivers, ask whether to install the database on the server. If user agrees, read `references/database-setup.md` for platform-specific setup commands and security notes.
|
|
279
|
+
|
|
280
|
+
After each bootstrap step, record the result. Bootstrap operations must be idempotent. Back up any existing config files before modifying them.
|
|
281
|
+
|
|
282
|
+
### SSH: Direct Upload Deployment
|
|
283
|
+
|
|
284
|
+
When `deployStrategy` is `"direct-upload"`, the AI builds locally and transfers artifacts to the server. No Git operations on the server. Full procedure in `references/direct-upload.md`.
|
|
285
|
+
|
|
286
|
+
### SSH: CI/CD Pipeline Configuration
|
|
287
|
+
|
|
288
|
+
When `deployStrategy` is `"ci-cd-push"` or `"ci-cd-pull"`, generate `.github/workflows/deploy.yml` with the appropriate workflow template. Both modes share the same trigger and secrets. Full YAML templates in `references/ci-cd-workflows.md`.
|
|
289
|
+
|
|
290
|
+
After generating the workflow, verify: the first `git push` to the configured branch will trigger the first deployment. Monitor the GitHub Actions run and report results.
|
|
291
|
+
|
|
292
|
+
### SSH: DNS Guidance
|
|
293
|
+
|
|
294
|
+
Before SSL, check if the user has a domain pointing to the server.
|
|
295
|
+
|
|
296
|
+
1. Ask: "你有没有域名要绑定到这个项目?" If no domain → skip DNS + SSL, note in deploy.md.
|
|
297
|
+
2. Check DNS: use `Resolve-DnsName <domain> -Type A` to resolve locally. If resolved → proceed to SSL.
|
|
298
|
+
3. If not resolved: show the user DNS setup instructions. Full procedure in `references/dns-setup.md`.
|
|
299
|
+
|
|
300
|
+
### SSH: SSL/HTTPS Configuration
|
|
301
|
+
|
|
302
|
+
Once DNS is confirmed pointing to the server, configure HTTPS via Let's Encrypt.
|
|
303
|
+
|
|
304
|
+
1. Detect cloud vendor via metadata endpoints.
|
|
305
|
+
2. If cloud vendor detected, ask: Let's Encrypt (recommended) or cloud vendor certificate.
|
|
306
|
+
3. Install certbot and request certificate.
|
|
307
|
+
4. Verify auto-renewal with `certbot renew --dry-run`.
|
|
308
|
+
|
|
309
|
+
Full procedure in `references/ssl-setup.md`.
|
|
310
|
+
|
|
311
|
+
### SSH: Deployment Execution Flow
|
|
312
|
+
|
|
313
|
+
Pipeline runs in strict order. Each group must complete before the next begins. If any step before traffic switch fails, STOP — do not touch the live version.
|
|
314
|
+
|
|
315
|
+
**Pre-flight — Change Summary:** Show what will be deployed using `git log --oneline <last-deployed-commit>..HEAD`. If first deployment, show last 5 commits. If no new commits, warn "没有新的代码变更。确定要重新部署吗?"
|
|
316
|
+
|
|
317
|
+
**Group 1 — Pre-flight & Prepare:**
|
|
318
|
+
- Verify SSH, runtime user, tools, deploy key, port availability.
|
|
319
|
+
- Generate `releaseId`: `YYYYMMDD-<short-commit-sha>`. Create `releases/<releaseId>`.
|
|
320
|
+
- Determine target color: read `activeColor` from `shared/deploy-metadata.json` and use the opposite. If first deploy (no metadata, no `current` symlink), default to blue (port 3101).
|
|
321
|
+
|
|
322
|
+
**Group 2 — Fetch & Build:**
|
|
323
|
+
|
|
324
|
+
- **CI/CD Pull mode** (server-side build): git clone → install → copy `.env.production` before build (NEXT_PUBLIC_* vars are baked at build time) → build. If build fails: STOP.
|
|
325
|
+
- **CI/CD Push mode** (runner-side build): extract tarball, skip install/build.
|
|
326
|
+
- **Direct-upload mode**: build was already done locally and SCP'd. Skip this group.
|
|
327
|
+
|
|
328
|
+
**Group 3 — Stage & Health Check:**
|
|
329
|
+
- Start new version on inactive port via PM2: `pm2 start npm --name <project>-<app>-<color> -- run start -- -p <inactivePort>`.
|
|
330
|
+
- PM2 process naming: `<project>-<app>-<color>` (e.g., `prizm-ideas-web-green`).
|
|
331
|
+
- Wait 3-5 seconds, run health checks against new port. If any fails: STOP, do NOT switch traffic.
|
|
332
|
+
|
|
333
|
+
**Group 4 — Switch & Verify:**
|
|
334
|
+
- Update Nginx upstream to new port. Run `nginx -t` — abort on failure.
|
|
335
|
+
- `systemctl reload nginx`. Update `current` symlink to new release.
|
|
336
|
+
- Write `shared/deploy-metadata.json` with new `activeColor`, `activePort`, `lastReleaseId`.
|
|
337
|
+
- Run health checks against public endpoint. If any fails: rollback immediately.
|
|
338
|
+
|
|
339
|
+
**Group 5 — Cleanup & Record:**
|
|
340
|
+
- Stop old PM2 process. Remove oldest releases beyond `releaseRetention` count. `pm2 save`.
|
|
341
|
+
- Write deploy-history JSON. Update `deploy.config.json` validation status.
|
|
342
|
+
|
|
343
|
+
**Post-deploy — Completion Summary:** Output a summary (project, URL, version, duration, health status) and append to deploy.md. If `deployStrategy` is `"direct-upload"`, offer CI/CD upgrade (see §SSH: Post-Deploy CI/CD Upgrade).
|
|
344
|
+
|
|
345
|
+
### SSH: Blue/Green PM2 + Nginx Strategy
|
|
346
|
+
|
|
347
|
+
- Blue: port 3101 (default), Green: port 3102 (default).
|
|
348
|
+
- Active color persisted in `/var/www/<project>/shared/deploy-metadata.json`.
|
|
349
|
+
- PM2 process naming: `<project>-<app>-<color>` (deterministic, never reuse old release IDs).
|
|
350
|
+
- Nginx config must include: `# PrizmKit Managed: <project> — DO NOT EDIT MANUALLY`.
|
|
351
|
+
- Before modifying any Nginx config lacking this marker, ask for user confirmation.
|
|
352
|
+
- Always `nginx -t` before `systemctl reload nginx`.
|
|
353
|
+
|
|
354
|
+
See `references/nginx-blue-green.md` for the full Nginx config template and traffic switch procedure.
|
|
355
|
+
|
|
356
|
+
### SSH: Rollback
|
|
357
|
+
|
|
358
|
+
Two triggers: **automatic** (health check failure after traffic switch) and **manual** (`/prizmkit-deploy rollback --app <id> [--to <releaseId>]`).
|
|
359
|
+
|
|
360
|
+
Steps: identify target release → verify build exists → start PM2 on its port → update Nginx upstream → `nginx -t` → reload → health checks → write rollback event. Do NOT delete the failed release or its logs — preserve for debugging.
|
|
361
|
+
|
|
362
|
+
If no previous release exists, rollback is not possible — state this clearly.
|
|
363
|
+
|
|
364
|
+
### SSH: Operations Commands
|
|
365
|
+
|
|
366
|
+
**status:** `pm2 list` as runtime user + active release, active color/port, last deploy timestamp.
|
|
367
|
+
|
|
368
|
+
**logs --app \<id\>:** `pm2 logs <process-name> --lines 100` as runtime user.
|
|
369
|
+
|
|
370
|
+
**restart --app \<id\>:** identify active PM2 process → `pm2 restart` → wait → health checks.
|
|
371
|
+
|
|
372
|
+
**health --app \<id\>:** run all configured health checks, report pass/fail for each.
|
|
373
|
+
|
|
374
|
+
**history:** list `.prizmkit/deploy/deploy-history/` events chronologically.
|
|
375
|
+
|
|
376
|
+
### SSH: Post-Deploy CI/CD Upgrade
|
|
377
|
+
|
|
378
|
+
After a successful direct-upload deployment, proactively offer CI/CD setup:
|
|
379
|
+
|
|
380
|
+
> "部署成功。要不要顺手帮你配置 CI/CD 自动部署?以后 `git push` 就自动上线。"
|
|
381
|
+
|
|
382
|
+
If user agrees, ask push vs pull, then configure accordingly. If Pull mode: set up deploy key. If Push mode: add GitHub Actions secrets. Generate `deploy.yml` from `references/ci-cd-workflows.md`, update `deployStrategy` in config, write upgrade event to history.
|
|
383
|
+
|
|
384
|
+
## Environment Policy
|
|
385
|
+
|
|
386
|
+
| Mode | dev | test | production |
|
|
387
|
+
|------|-----|------|------------|
|
|
388
|
+
| Interactive | Allowed | Allowed | Allowed (requires confirmation) |
|
|
389
|
+
| Headless | Allowed | Allowed | **REJECTED** — exits with ENVIRONMENT_DENIED |
|
|
390
|
+
|
|
391
|
+
Headless must reject production because production deploys require human oversight — an unattended pipeline timing out mid-deploy can leave the site in a broken state with no one monitoring.
|
|
392
|
+
|
|
393
|
+
## Secrets Management
|
|
394
|
+
|
|
395
|
+
Four storage modes, configured during first-run wizard:
|
|
396
|
+
|
|
397
|
+
- **ask-every-time**: Prompt for secrets on each deploy. Safest, most manual.
|
|
398
|
+
- **encrypted-local**: Store in `.prizmkit/deploy/secrets.enc.json`. Encrypt with user passphrase using Argon2id/scrypt KDF. Decryption material never stored alongside ciphertext.
|
|
399
|
+
- **plaintext-local**: Store in `.prizmkit/deploy/secrets.local.json`. Must be gitignored. Before each deploy, verify the file is not tracked by git. If tracked, stop and ask to resolve.
|
|
400
|
+
- **user-managed-on-server-only**: User handles secrets manually. Skill verifies server-side `.env.production` has all required vars before deploying.
|
|
401
|
+
|
|
402
|
+
Server runtime secrets live in `/var/www/<project>/shared/.env.production` with mode `600`, owned by runtime user.
|
|
403
|
+
|
|
404
|
+
Deploy history records secret presence metadata only (e.g., `{"SUPABASE_SERVICE_ROLE_KEY": {"present": true}}`). Never record raw secret values or unsalted hashes.
|
|
405
|
+
|
|
406
|
+
### SSH: Existing Deployment Takeover
|
|
407
|
+
|
|
408
|
+
When deploying to a server that already has deployment assets:
|
|
409
|
+
|
|
410
|
+
1. Detect: existing `/var/www/<project>` directory, existing PM2 processes with similar names, Nginx config referencing the same domain/IP, port conflicts.
|
|
411
|
+
2. Report findings and ask for takeover decision:
|
|
412
|
+
- **Take over and backup**: Back up existing config, then proceed.
|
|
413
|
+
- **Coexist**: Use different directory/ports/process names.
|
|
414
|
+
- **Manual resolve**: Stop and let the user handle it.
|
|
415
|
+
3. Record takeover decision and validation results in config and history.
|
|
416
|
+
|
|
417
|
+
### SSH: Nginx Management
|
|
418
|
+
|
|
419
|
+
- First Nginx config creation or update of a non-PrizmKit block requires user confirmation.
|
|
420
|
+
- Subsequent updates to PrizmKit-managed blocks (`# PrizmKit Managed:` marker) may proceed automatically.
|
|
421
|
+
- Always `nginx -t` before reload.
|
|
422
|
+
|
|
423
|
+
See `references/nginx-blue-green.md` for the full Nginx config template.
|
|
424
|
+
|
|
425
|
+
### SSH: Bootstrap Safety Rules
|
|
426
|
+
|
|
427
|
+
Before executing privileged bootstrap work, generate an action plan listing: packages, users/groups, SSH keys, Nginx config, directories/permissions, services that may be restarted.
|
|
428
|
+
|
|
429
|
+
Rules:
|
|
430
|
+
- User gives one explicit approval for the entire bootstrap plan.
|
|
431
|
+
- If the plan changes during execution, pause and ask again.
|
|
432
|
+
- Bootstrap operations must be idempotent.
|
|
433
|
+
- Existing config files must be backed up before modification.
|
|
434
|
+
- All privileged actions and results recorded in deploy history.
|
|
435
|
+
- Failed bootstrap stops before deployment, provides recovery instructions.
|
|
436
|
+
|
|
437
|
+
### SSH: Multi-App Coordination
|
|
438
|
+
|
|
439
|
+
An all-app deploy creates one release group. Rules:
|
|
440
|
+
- Pre-traffic phases must complete for ALL selected apps before ANY app switches traffic.
|
|
441
|
+
- If any app fails before traffic switch, NO app switches traffic. Staged processes stopped, live system unchanged.
|
|
442
|
+
- If any app fails after traffic switch, default: group rollback.
|
|
443
|
+
- Single-app deploys (`--app <id>`) do not affect unrelated apps.
|
|
444
|
+
|
|
445
|
+
## Validation
|
|
446
|
+
|
|
447
|
+
Validation is mandatory before production deploy. Check: SSH connectivity, required tools (node, npm, git, pm2, nginx), repository reachability, port availability, required env vars, Nginx config syntax, health check routes accessible.
|
|
448
|
+
|
|
449
|
+
Persist validation in `deploy.config.json` under each section's `validated` field.
|
|
450
|
+
|
|
451
|
+
## Adapter Paths
|
|
452
|
+
|
|
453
|
+
After Discovery routes to a deployment target, read the corresponding reference:
|
|
454
|
+
|
|
455
|
+
| Target | Reference | Mode |
|
|
456
|
+
|--------|-----------|------|
|
|
457
|
+
| SSH Linux server | SSH sections in this file | Full automation |
|
|
458
|
+
| Vercel, Netlify, Fly.io | `references/cloud-platform-deploy.md` | Guided CLI |
|
|
459
|
+
| Docker / Docker Compose | `references/docker-deploy.md` | Guided build + run |
|
|
460
|
+
| Unrecognized target | §Deployment Discovery Step 4 | Documented fallback |
|
|
461
|
+
|
|
462
|
+
## Deploy History Record Schema
|
|
463
|
+
|
|
464
|
+
Each deployment, rollback, or significant event writes a record to `.prizmkit/deploy/deploy-history/<id>.json`. Full schema in `references/deploy-history-schema.md`. Never record raw secret values in history — presence metadata only.
|
|
465
|
+
|
|
466
|
+
## Implementation Notes
|
|
467
|
+
|
|
468
|
+
Live validation findings from the first PrizmKit deployment are in `references/live-validation-notes.md`. Read when troubleshooting bootstrap or deploy issues — these cover port conflict detection, npm verification, locale fixes, deploy key interactivity, PM2 PATH handling, and build-time env var timing.
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
# CI/CD Workflow Templates
|
|
2
|
+
|
|
3
|
+
Read this file when `deployStrategy` is `ci-cd-push` or `ci-cd-pull`.
|
|
4
|
+
|
|
5
|
+
## Shared Configuration
|
|
6
|
+
|
|
7
|
+
**Secrets** (add to GitHub repository Settings → Secrets and variables → Actions):
|
|
8
|
+
- `SSH_HOST` — server IP/hostname
|
|
9
|
+
- `SSH_USER` — runtime user (e.g., `deploy`)
|
|
10
|
+
- `SSH_KEY` — SSH private key
|
|
11
|
+
- `SSH_PORT` — SSH port (default 22)
|
|
12
|
+
|
|
13
|
+
**Shared trigger:**
|
|
14
|
+
```yaml
|
|
15
|
+
on:
|
|
16
|
+
push:
|
|
17
|
+
branches: [<branch>]
|
|
18
|
+
paths-ignore:
|
|
19
|
+
- '.prizmkit/**'
|
|
20
|
+
- 'docs/**'
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
---
|
|
24
|
+
|
|
25
|
+
## Push Mode Workflow (`ci-cd-push`)
|
|
26
|
+
|
|
27
|
+
Build happens on GitHub Actions runner. Only built artifacts are transferred to the server.
|
|
28
|
+
|
|
29
|
+
```yaml
|
|
30
|
+
name: Deploy to Production (Push)
|
|
31
|
+
|
|
32
|
+
on:
|
|
33
|
+
push:
|
|
34
|
+
branches: [<branch>]
|
|
35
|
+
|
|
36
|
+
jobs:
|
|
37
|
+
deploy:
|
|
38
|
+
runs-on: ubuntu-latest
|
|
39
|
+
steps:
|
|
40
|
+
- uses: actions/checkout@v4
|
|
41
|
+
|
|
42
|
+
- uses: actions/setup-node@v4
|
|
43
|
+
with:
|
|
44
|
+
node-version: 20
|
|
45
|
+
|
|
46
|
+
- name: Install & Build
|
|
47
|
+
run: |
|
|
48
|
+
npm ci
|
|
49
|
+
npm run build
|
|
50
|
+
|
|
51
|
+
- name: Package & Transfer
|
|
52
|
+
run: |
|
|
53
|
+
RELEASE_ID=$(date +%Y%m%d)-$(git rev-parse --short HEAD)
|
|
54
|
+
tar czf deploy-$RELEASE_ID.tar.gz \
|
|
55
|
+
<build-output-dir>/ node_modules/ package.json package-lock.json
|
|
56
|
+
scp -P ${{ secrets.SSH_PORT }} deploy-$RELEASE_ID.tar.gz \
|
|
57
|
+
${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/var/www/<project>/releases/
|
|
58
|
+
|
|
59
|
+
- name: Deploy on Server
|
|
60
|
+
uses: appleboy/ssh-action@v1
|
|
61
|
+
with:
|
|
62
|
+
host: ${{ secrets.SSH_HOST }}
|
|
63
|
+
username: ${{ secrets.SSH_USER }}
|
|
64
|
+
key: ${{ secrets.SSH_KEY }}
|
|
65
|
+
port: ${{ secrets.SSH_PORT }}
|
|
66
|
+
script: |
|
|
67
|
+
cd /var/www/<project>
|
|
68
|
+
RELEASE_ID=$(date +%Y%m%d)-$(git rev-parse --short HEAD)
|
|
69
|
+
mkdir -p releases/$RELEASE_ID
|
|
70
|
+
tar xzf releases/deploy-$RELEASE_ID.tar.gz -C releases/$RELEASE_ID
|
|
71
|
+
rm releases/deploy-$RELEASE_ID.tar.gz
|
|
72
|
+
# PM2 start, health check, Nginx switch (same as manual flow)
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
**Key difference from Pull:** the runner checks out code, installs, builds, and only transmits the result. The server doesn't need Git or build tools — just Node.js runtime and PM2.
|
|
76
|
+
|
|
77
|
+
---
|
|
78
|
+
|
|
79
|
+
## Pull Mode Workflow (`ci-cd-pull`)
|
|
80
|
+
|
|
81
|
+
GitHub Actions runner only triggers the server. The server does all the work.
|
|
82
|
+
|
|
83
|
+
```yaml
|
|
84
|
+
name: Deploy to Production (Pull)
|
|
85
|
+
|
|
86
|
+
on:
|
|
87
|
+
push:
|
|
88
|
+
branches: [<branch>]
|
|
89
|
+
|
|
90
|
+
jobs:
|
|
91
|
+
deploy:
|
|
92
|
+
runs-on: ubuntu-latest
|
|
93
|
+
steps:
|
|
94
|
+
- name: Trigger Server Deploy
|
|
95
|
+
uses: appleboy/ssh-action@v1
|
|
96
|
+
with:
|
|
97
|
+
host: ${{ secrets.SSH_HOST }}
|
|
98
|
+
username: ${{ secrets.SSH_USER }}
|
|
99
|
+
key: ${{ secrets.SSH_KEY }}
|
|
100
|
+
port: ${{ secrets.SSH_PORT }}
|
|
101
|
+
script: |
|
|
102
|
+
cd /var/www/<project>
|
|
103
|
+
RELEASE_ID=$(date +%Y%m%d)-$(git rev-parse --short HEAD)
|
|
104
|
+
mkdir -p releases/$RELEASE_ID
|
|
105
|
+
git clone <repoUrl> --branch <branch> releases/$RELEASE_ID
|
|
106
|
+
cd releases/$RELEASE_ID
|
|
107
|
+
npm ci
|
|
108
|
+
cp ../shared/.env.production .
|
|
109
|
+
npm run build
|
|
110
|
+
# PM2 start, health check, Nginx switch
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
**Key difference from Push:** the workflow is simpler (one step: SSH + run script), but the server needs Git, full build toolchain, and must be able to reach the repo.
|
|
114
|
+
|
|
115
|
+
After generating the workflow, verify: the first `git push` to the configured branch will trigger the first deployment. Monitor the GitHub Actions run and report results.
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
# Cloud Platform Deployment Path
|
|
2
|
+
|
|
3
|
+
Guided deployment for Vercel, Netlify, Fly.io, and similar cloud platforms. Full automation isn't available — these platforms require browser-based authentication — but the skill provides structured CLI assistance.
|
|
4
|
+
|
|
5
|
+
## Detect and Validate
|
|
6
|
+
|
|
7
|
+
1. Check if the platform CLI is installed: `vercel --version`, `netlify --version`, `fly version`.
|
|
8
|
+
2. If missing, guide the user to install: `npm install -g vercel` or link to docs.
|
|
9
|
+
3. Check authentication: `vercel whoami`, `netlify status`. If not logged in, guide the user through `vercel login`.
|
|
10
|
+
4. Read the platform config file (`vercel.json`, `netlify.toml`, `fly.toml`) to understand existing settings.
|
|
11
|
+
|
|
12
|
+
## Generate Configuration
|
|
13
|
+
|
|
14
|
+
1. If no platform config file exists, generate one based on project detection:
|
|
15
|
+
- **Next.js on Vercel**: minimal config — Vercel auto-detects Next.js. Generate `vercel.json` only if custom rewrites/redirects are needed.
|
|
16
|
+
- **Static site on Netlify**: generate `netlify.toml` with build command and publish directory.
|
|
17
|
+
- **Any on Fly.io**: generate `fly.toml` with app name, builder, and HTTP service config.
|
|
18
|
+
2. Set environment variables via the platform CLI: `vercel env add`, `netlify env:set`.
|
|
19
|
+
3. Document all env vars needed (from Discovery Step 1 scan).
|
|
20
|
+
|
|
21
|
+
## Deploy and Verify
|
|
22
|
+
|
|
23
|
+
1. Run the platform deploy command: `vercel deploy --prod`, `netlify deploy --prod`, `fly deploy`.
|
|
24
|
+
2. If the command requires interactive input, run it and show output to the user.
|
|
25
|
+
3. After deploy, run health checks against the production URL.
|
|
26
|
+
4. Write a deploy-history event recording: platform, project name, deploy URL, commit SHA, timestamp.
|
|
27
|
+
|
|
28
|
+
## Operations
|
|
29
|
+
|
|
30
|
+
| Command | Vercel | Netlify | Fly.io |
|
|
31
|
+
|---------|--------|---------|--------|
|
|
32
|
+
| status | `vercel list` | `netlify status` | `fly status` |
|
|
33
|
+
| logs | `vercel logs` | `netlify logs` | `fly logs` |
|
|
34
|
+
| rollback | `vercel rollback` | `netlify rollback` | `fly rollback` |
|
|
35
|
+
| env | `vercel env ls` | `netlify env:list` | `fly secrets list` |
|
|
36
|
+
|
|
37
|
+
Platform rollback is instant — no release-based rollback needed.
|
|
38
|
+
|
|
39
|
+
## Platform-Specific Patterns
|
|
40
|
+
|
|
41
|
+
### Vercel
|
|
42
|
+
|
|
43
|
+
Vercel auto-detects Next.js projects — no config file required for basic deployments. Generate `vercel.json` only for custom rewrites, redirects, or headers.
|
|
44
|
+
|
|
45
|
+
Key behaviors:
|
|
46
|
+
- Next.js: framework auto-detected, build command and output directory inferred automatically
|
|
47
|
+
- Static sites: set build command and output directory via `vercel.json` or CLI
|
|
48
|
+
- Env vars: `vercel env add <KEY>` (supports `production`, `preview`, `development` environments)
|
|
49
|
+
- Deploy preview: every branch gets a preview URL automatically (if connected via GitHub)
|
|
50
|
+
|
|
51
|
+
### Netlify
|
|
52
|
+
|
|
53
|
+
Netlify requires explicit build and publish configuration. Use `netlify.toml`:
|
|
54
|
+
|
|
55
|
+
```toml
|
|
56
|
+
[build]
|
|
57
|
+
command = "npm run build"
|
|
58
|
+
publish = "dist"
|
|
59
|
+
|
|
60
|
+
[[redirects]]
|
|
61
|
+
from = "/*"
|
|
62
|
+
to = "/index.html"
|
|
63
|
+
status = 200
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
Key behaviors:
|
|
67
|
+
- SPA redirects: the catch-all redirect above is essential for client-side routing
|
|
68
|
+
- Env vars: `netlify env:set <KEY> <VALUE>` (per-context: `production`, `deploy-preview`, `branch-deploy`)
|
|
69
|
+
- Branch deploys: every branch gets a deploy-preview URL automatically (if connected via GitHub)
|
|
70
|
+
|
|
71
|
+
### Fly.io
|
|
72
|
+
|
|
73
|
+
Fly.io requires a `fly.toml` with app name, builder, and HTTP service config:
|
|
74
|
+
|
|
75
|
+
```toml
|
|
76
|
+
app = "<app-name>"
|
|
77
|
+
primary_region = "lhr"
|
|
78
|
+
|
|
79
|
+
[build]
|
|
80
|
+
builder = "dockerfile"
|
|
81
|
+
|
|
82
|
+
[http_service]
|
|
83
|
+
internal_port = 3000
|
|
84
|
+
force_https = true
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
Key behaviors:
|
|
88
|
+
- Builder: `dockerfile` (default, uses Dockerfile) or `static` (static site hosting)
|
|
89
|
+
- Secrets: `fly secrets set <KEY>=<VALUE>` for runtime environment variables
|
|
90
|
+
- Scale: `fly scale count <N>` to adjust VM instances
|
|
91
|
+
- Volumes: for persistent data, configure `[mounts]` in fly.toml
|
|
92
|
+
|
|
93
|
+
**Note**: These are minimum-viable platform references; browser-based authentication remains a user-action step. Enriched platform coverage is planned for future iterations.
|