prizmkit 1.1.78 → 1.1.80
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bundled/VERSION.json +3 -3
- package/bundled/dev-pipeline/scripts/init-pipeline.py +2 -0
- package/bundled/dev-pipeline-windows/scripts/init-pipeline.py +2 -0
- package/bundled/skills/_metadata.json +1 -1
- package/bundled/skills/app-planner/SKILL.md +10 -347
- package/bundled/skills/app-planner/references/infrastructure-convention-discovery.md +108 -0
- package/bundled/skills/app-planner/references/project-conventions-discovery.md +59 -0
- package/bundled/skills/app-planner/references/project-state-detection.md +88 -0
- package/bundled/skills/app-planner/references/rules-configuration.md +46 -0
- package/bundled/skills/bug-fix-workflow/SKILL.md +1 -30
- package/bundled/skills/bug-fix-workflow/references/bug-diagnosis.md +66 -0
- package/bundled/skills/bugfix-pipeline-launcher/SKILL.md +3 -40
- package/bundled/skills/bugfix-pipeline-launcher/references/configuration.md +49 -0
- package/bundled/skills/feature-pipeline-launcher/SKILL.md +3 -46
- package/bundled/skills/feature-pipeline-launcher/references/configuration.md +55 -0
- package/bundled/skills/feature-workflow/SKILL.md +5 -121
- package/bundled/skills/feature-workflow/references/brainstorm-guide.md +137 -0
- package/bundled/skills/prizm-kit/SKILL.md +11 -0
- package/bundled/skills/prizmkit-code-review/SKILL.md +66 -135
- package/bundled/skills/prizmkit-code-review/references/dev-agent-prompt.md +30 -0
- package/bundled/skills/prizmkit-code-review/references/review-report-template.md +31 -0
- package/bundled/skills/prizmkit-code-review/references/reviewer-agent-prompt.md +62 -0
- package/bundled/skills/prizmkit-code-review/scripts/check_loop.py +186 -0
- package/bundled/skills/prizmkit-committer/SKILL.md +6 -0
- package/bundled/skills/prizmkit-deploy/SKILL.md +48 -72
- package/bundled/skills/prizmkit-deploy/references/data-safety-examples.md +120 -0
- package/bundled/skills/prizmkit-deploy/references/ssh-bootstrap-flow.md +49 -0
- package/bundled/skills/prizmkit-deploy/references/ssh-execution-flow.md +41 -0
- package/bundled/skills/prizmkit-deploy/references/ssh-takeover.md +20 -0
- package/bundled/skills/prizmkit-implement/SKILL.md +6 -0
- package/bundled/skills/prizmkit-plan/SKILL.md +1 -83
- package/bundled/skills/prizmkit-plan/references/examples.md +85 -0
- package/bundled/skills/prizmkit-prizm-docs/SKILL.md +13 -0
- package/bundled/skills/prizmkit-test/SKILL.md +3 -151
- package/bundled/skills/prizmkit-test/references/examples.md +70 -0
- package/bundled/skills/prizmkit-test/references/test-generation-steps.md +49 -0
- package/bundled/skills/prizmkit-test/references/test-report-template.md +42 -0
- package/bundled/skills/recovery-workflow/SKILL.md +1 -30
- package/bundled/skills/recovery-workflow/references/detection.md +58 -0
- package/bundled/skills/refactor-pipeline-launcher/SKILL.md +3 -45
- package/bundled/skills/refactor-pipeline-launcher/references/configuration.md +54 -0
- package/bundled/skills/refactor-planner/SKILL.md +9 -149
- package/bundled/skills/refactor-planner/references/fast-path.md +59 -0
- package/bundled/skills/refactor-planner/references/planning-phases.md +135 -0
- package/bundled/skills/refactor-workflow/SKILL.md +4 -103
- package/bundled/skills/refactor-workflow/references/brainstorm-guide.md +116 -0
- package/bundled/skills-windows/app-planner/SKILL.md +10 -349
- package/bundled/skills-windows/app-planner/references/infrastructure-convention-discovery.md +108 -0
- package/bundled/skills-windows/app-planner/references/project-conventions-discovery.md +59 -0
- package/bundled/skills-windows/app-planner/references/project-state-detection.md +90 -0
- package/bundled/skills-windows/app-planner/references/rules-configuration.md +46 -0
- package/bundled/skills-windows/bug-fix-workflow/SKILL.md +1 -30
- package/bundled/skills-windows/bug-fix-workflow/references/bug-diagnosis.md +66 -0
- package/bundled/skills-windows/bugfix-pipeline-launcher/SKILL.md +2 -29
- package/bundled/skills-windows/bugfix-pipeline-launcher/references/configuration.md +49 -0
- package/bundled/skills-windows/feature-pipeline-launcher/SKILL.md +2 -35
- package/bundled/skills-windows/feature-pipeline-launcher/references/configuration.md +55 -0
- package/bundled/skills-windows/feature-workflow/SKILL.md +5 -121
- package/bundled/skills-windows/feature-workflow/references/brainstorm-guide.md +137 -0
- package/bundled/skills-windows/prizm-kit/SKILL.md +92 -0
- package/bundled/skills-windows/prizmkit-code-review/SKILL.md +156 -0
- package/bundled/skills-windows/prizmkit-code-review/references/dev-agent-prompt.md +30 -0
- package/bundled/skills-windows/prizmkit-code-review/references/review-report-template.md +31 -0
- package/bundled/skills-windows/prizmkit-code-review/references/reviewer-agent-prompt.md +62 -0
- package/bundled/skills-windows/prizmkit-code-review/scripts/check_loop.py +186 -0
- package/bundled/skills-windows/prizmkit-committer/SKILL.md +87 -0
- package/bundled/skills-windows/prizmkit-deploy/SKILL.md +444 -0
- package/bundled/skills-windows/prizmkit-deploy/references/ci-cd-workflows.md +115 -0
- package/bundled/skills-windows/prizmkit-deploy/references/cloud-platform-deploy.md +93 -0
- package/bundled/skills-windows/prizmkit-deploy/references/data-safety-examples.md +120 -0
- package/bundled/skills-windows/prizmkit-deploy/references/database-setup.md +46 -0
- package/bundled/skills-windows/prizmkit-deploy/references/deploy-config-schema.md +148 -0
- package/bundled/skills-windows/prizmkit-deploy/references/deploy-history-schema.md +62 -0
- package/bundled/skills-windows/prizmkit-deploy/references/deployment-modes.md +50 -0
- package/bundled/skills-windows/prizmkit-deploy/references/direct-upload.md +26 -0
- package/bundled/skills-windows/prizmkit-deploy/references/dns-setup.md +42 -0
- package/bundled/skills-windows/prizmkit-deploy/references/docker-deploy.md +31 -0
- package/bundled/skills-windows/prizmkit-deploy/references/firewall-setup.md +37 -0
- package/bundled/skills-windows/prizmkit-deploy/references/live-validation-notes.md +21 -0
- package/bundled/skills-windows/prizmkit-deploy/references/nginx-blue-green.md +59 -0
- package/bundled/skills-windows/prizmkit-deploy/references/ssh-bootstrap-flow.md +49 -0
- package/bundled/skills-windows/prizmkit-deploy/references/ssh-execution-flow.md +41 -0
- package/bundled/skills-windows/prizmkit-deploy/references/ssh-takeover.md +20 -0
- package/bundled/skills-windows/prizmkit-deploy/references/ssl-setup.md +56 -0
- package/bundled/skills-windows/prizmkit-implement/SKILL.md +71 -0
- package/bundled/skills-windows/prizmkit-plan/SKILL.md +102 -0
- package/bundled/skills-windows/prizmkit-plan/assets/plan-template.md +115 -0
- package/bundled/skills-windows/prizmkit-plan/assets/spec-template.md +73 -0
- package/bundled/skills-windows/prizmkit-plan/references/clarify-guide.md +67 -0
- package/bundled/skills-windows/prizmkit-plan/references/examples.md +85 -0
- package/bundled/skills-windows/prizmkit-plan/references/verification-checklist.md +60 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/SKILL.md +128 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/assets/prizm-docs-format.md +613 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/references/op-init.md +45 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/references/op-rebuild.md +15 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/references/op-status.md +14 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/references/op-update.md +19 -0
- package/bundled/skills-windows/prizmkit-prizm-docs/references/op-validate.md +17 -0
- package/bundled/skills-windows/prizmkit-retrospective/SKILL.md +87 -0
- package/bundled/skills-windows/prizmkit-retrospective/references/knowledge-injection-steps.md +50 -0
- package/bundled/skills-windows/prizmkit-retrospective/references/structural-sync-steps.md +43 -0
- package/bundled/skills-windows/prizmkit-test/SKILL.md +133 -0
- package/bundled/skills-windows/prizmkit-test/references/examples.md +70 -0
- package/bundled/skills-windows/prizmkit-test/references/test-generation-steps.md +49 -0
- package/bundled/skills-windows/prizmkit-test/references/test-report-template.md +42 -0
- package/bundled/skills-windows/recovery-workflow/SKILL.md +1 -52
- package/bundled/skills-windows/recovery-workflow/references/detection.md +58 -0
- package/bundled/skills-windows/refactor-pipeline-launcher/SKILL.md +2 -32
- package/bundled/skills-windows/refactor-pipeline-launcher/references/configuration.md +54 -0
- package/bundled/skills-windows/refactor-planner/SKILL.md +9 -149
- package/bundled/skills-windows/refactor-planner/references/fast-path.md +59 -0
- package/bundled/skills-windows/refactor-planner/references/planning-phases.md +135 -0
- package/bundled/skills-windows/refactor-workflow/SKILL.md +4 -103
- package/bundled/skills-windows/refactor-workflow/references/brainstorm-guide.md +116 -0
- package/package.json +1 -1
|
@@ -0,0 +1,444 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: "prizmkit-deploy"
|
|
3
|
+
description: "Universal deployment gateway for any PrizmKit project. Discovers project type and target (SSH server, Vercel, Docker, etc.), then routes: full automation for SSH Linux with PM2 + Nginx + blue/green switching, guided setup for cloud platforms, or safe documentation fallback for unsupported targets. Also operates existing deployments: status, logs, restart, rollback, health checks, history, validate. Use this skill whenever the user asks about deployment, hosting, going live, or server operations. Triggers on: 'deploy', 'ship it', 'take this live', 'deploy to Vercel', 'deploy to my server', 'check deploy status', 'view logs', 'restart app', 'rollback', 'how do I deploy this', any deployment or hosting question."
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# PrizmKit Deploy — Universal Deployment Gateway
|
|
7
|
+
|
|
8
|
+
`/prizmkit-deploy` is the single entry point for all deployment work. When a user asks to deploy anything — any project type, any target — this skill handles it.
|
|
9
|
+
|
|
10
|
+
Three possible outcomes depending on what's supported:
|
|
11
|
+
1. **Full automation** (SSH Linux server): configure, bootstrap, deploy, verify, operate — complete AI takeover.
|
|
12
|
+
2. **Guided setup** (cloud platforms like Vercel, Netlify, Docker): generate config, walk through CLI steps, verify.
|
|
13
|
+
3. **Documented fallback** (unsupported targets): detect what's possible, produce deploy.md, record the adapter gap.
|
|
14
|
+
|
|
15
|
+
When invited, behave as a deployment engineer. Ask until you understand what is being deployed, where it runs, how it is built, how it starts, what secrets it needs, how traffic reaches it, and how health is checked.
|
|
16
|
+
|
|
17
|
+
### When to Use
|
|
18
|
+
- User says "deploy", "ship it", "take this live", "deploy to Vercel", "deploy to my server"
|
|
19
|
+
- User wants to check deploy status, view logs, restart app, rollback
|
|
20
|
+
- First-time deployment configuration or repair
|
|
21
|
+
- Any deployment, hosting, or server operation question
|
|
22
|
+
|
|
23
|
+
### When NOT to Use
|
|
24
|
+
- Project has no code to deploy (empty/scaffold project)
|
|
25
|
+
- Local dev environment startup — use the project's dev scripts instead
|
|
26
|
+
- Purely CI/CD pipeline debugging unrelated to deployment
|
|
27
|
+
- User wants to edit application code — use /prizmkit-plan and /prizmkit-implement
|
|
28
|
+
|
|
29
|
+
## Data Safety Gate
|
|
30
|
+
|
|
31
|
+
Before executing any command that could **irreversibly destroy, overwrite, or modify data**, pause and get explicit user confirmation. This is a hard gate — the cost of a false negative (losing real data) is catastrophic, while asking one extra question costs nothing.
|
|
32
|
+
|
|
33
|
+
### Detection
|
|
34
|
+
|
|
35
|
+
Before running any shell command, scan it for these patterns:
|
|
36
|
+
|
|
37
|
+
| Category | Dangerous patterns | What's at risk |
|
|
38
|
+
|----------|-------------------|----------------|
|
|
39
|
+
| Database schema | `prisma db push --force-reset`, `prisma db push --accept-data-loss`, `prisma migrate reset`, `prisma migrate dev --create-only` | All existing data dropped, schema reset |
|
|
40
|
+
| Database data | `DROP TABLE`, `DROP DATABASE`, `TRUNCATE`, `DELETE FROM` without `WHERE`, `UPDATE` without `WHERE` | Data deletion or corruption |
|
|
41
|
+
| File system | `rm -rf`, `> /etc/`, overwriting existing configs without backup | Config loss, system breakage |
|
|
42
|
+
| Cloud resources | `terraform destroy`, `kubectl delete`, cloud resource deletion, S3 bucket removal | Infrastructure/service loss |
|
|
43
|
+
|
|
44
|
+
### Confirmation Flow
|
|
45
|
+
|
|
46
|
+
When a dangerous pattern is detected:
|
|
47
|
+
|
|
48
|
+
1. **Stop.** Do not execute. Do not ask "should I proceed?" while already running the command.
|
|
49
|
+
2. **Explain** what the command will do and what data will be lost, in plain language.
|
|
50
|
+
3. **Ask** an explicit yes/no question. Accept only a clear "yes" or equivalent — ambiguous responses ("sure, I guess", "ok go ahead") count as "no" when the consequence is data loss.
|
|
51
|
+
4. **Only proceed** on unambiguous consent. If the user says anything other than a clear affirmative, abort.
|
|
52
|
+
5. **Record** the confirmation decision and the command that was run in deploy history.
|
|
53
|
+
|
|
54
|
+
### Headless Mode
|
|
55
|
+
|
|
56
|
+
If a destructive data operation is detected in headless mode, **refuse and exit** with `DATA_SAFETY_DENIED`. Data destruction must never happen without human oversight — an unattended pipeline that runs `--force-reset` could wipe a production database with no one watching.
|
|
57
|
+
|
|
58
|
+
### Examples
|
|
59
|
+
|
|
60
|
+
Read `${SKILL_DIR}/references/data-safety-examples.md` for concrete few-shot examples of dangerous commands caught by this gate, including the correct and incorrect ways to handle them.
|
|
61
|
+
|
|
62
|
+
## Deployment Discovery
|
|
63
|
+
|
|
64
|
+
Before doing anything else, discover what you're deploying and where. This phase routes the request to the right adapter or fallback. It runs regardless of mode (interactive or headless), but interactive mode may ask questions; headless mode reads from existing config and exits with `NEEDS_INPUT` if critical details are missing.
|
|
65
|
+
|
|
66
|
+
### Step 1: Project Detection
|
|
67
|
+
|
|
68
|
+
Scan the project root for build/package files and classify:
|
|
69
|
+
|
|
70
|
+
| File found | Language/Framework | Build command | Start command |
|
|
71
|
+
|------------|-------------------|---------------|---------------|
|
|
72
|
+
| `package.json` with `next` dep | Next.js | `next build` | `next start -p <port>` |
|
|
73
|
+
| `package.json` with `vite` dep | Vite (React/Vue) | `vite build` | `vite preview` |
|
|
74
|
+
| `package.json` (generic) | Node.js | `npm run build` | `npm run start` |
|
|
75
|
+
| `go.mod` | Go | `go build` | `./<binary>` |
|
|
76
|
+
| `Cargo.toml` | Rust | `cargo build --release` | `./target/release/<binary>` |
|
|
77
|
+
| `requirements.txt` / `pyproject.toml` | Python | — | `python -m uvicorn` or similar |
|
|
78
|
+
| `Dockerfile` | Containerized | `docker build` | `docker run` |
|
|
79
|
+
| `docker-compose.yml` | Docker Compose | `docker compose build` | `docker compose up` |
|
|
80
|
+
| `Makefile` only | C/C++/generic | `make` | `make run` or binary |
|
|
81
|
+
|
|
82
|
+
Also scan for:
|
|
83
|
+
- **Environment variables**: grep for `process.env.`, `os.environ`, `os.Getenv`, `env::var` — catalog every reference
|
|
84
|
+
- **Port usage**: grep for port numbers, `listen()`, `PORT` env var
|
|
85
|
+
- **Database dependencies**: check package.json/requirements.txt/go.mod for database drivers
|
|
86
|
+
|
|
87
|
+
### Step 2: Deployment Target Detection
|
|
88
|
+
|
|
89
|
+
Determine WHERE the user wants to deploy. Check in order:
|
|
90
|
+
|
|
91
|
+
**A. User-specified target** (highest priority):
|
|
92
|
+
- "deploy to Vercel" / "deploy to my server" / "deploy with Docker" → use what the user says.
|
|
93
|
+
|
|
94
|
+
**B. Detect from project files** (if user hasn't specified):
|
|
95
|
+
- `vercel.json` → Vercel
|
|
96
|
+
- `netlify.toml` → Netlify
|
|
97
|
+
- `fly.toml` → Fly.io
|
|
98
|
+
- `Dockerfile` or `docker-compose.yml` → Docker
|
|
99
|
+
- `.github/workflows/deploy.yml` → check what it targets
|
|
100
|
+
- `app.yaml` → GCP App Engine
|
|
101
|
+
- `serverless.yml` → Serverless Framework
|
|
102
|
+
|
|
103
|
+
**C. Ask the user** (interactive only):
|
|
104
|
+
- "Where should this project be deployed?"
|
|
105
|
+
- Options to suggest based on detected files + common choices:
|
|
106
|
+
- "My own Linux server (SSH access) — full AI automation"
|
|
107
|
+
- "Vercel / Netlify — guided CLI setup"
|
|
108
|
+
- "Docker — guided container deployment"
|
|
109
|
+
- "Other — generate deployment documentation"
|
|
110
|
+
|
|
111
|
+
If headless mode and no target can be determined, exit with `NEEDS_INPUT` listing the missing target information.
|
|
112
|
+
|
|
113
|
+
**D. Check for existing deployment**:
|
|
114
|
+
- Does `.prizmkit/deploy/deploy.config.json` already exist? If yes, read the configured target.
|
|
115
|
+
- Does the user mention a server IP or hostname? Check if it's already reachable.
|
|
116
|
+
|
|
117
|
+
### Step 3: Route to Adapter
|
|
118
|
+
|
|
119
|
+
Based on detected target, route the rest of the session:
|
|
120
|
+
|
|
121
|
+
1. **SSH Linux server** → §SSH Deployment Path — full automation: bootstrap, configure, deploy, operate. First-version adapter: PM2 + Nginx + blue/green.
|
|
122
|
+
2. **Vercel / Netlify** → §Cloud Platform Deployment Path — guided: detect CLI tools, walk through deploy commands, generate deploy.md. Details in `references/cloud-platform-deploy.md`.
|
|
123
|
+
3. **Docker** → §Docker Deployment Path — guided: detect Dockerfile/Compose, build image, container lifecycle. Details in `references/docker-deploy.md`.
|
|
124
|
+
4. **Unsupported** → §Unsupported Deployment Fallback — generate deploy.md, record adapter gap, provide manual checklist.
|
|
125
|
+
|
|
126
|
+
Cloud and Docker paths follow the same discovery and documentation patterns but use platform CLIs instead of SSH + PM2.
|
|
127
|
+
|
|
128
|
+
**Compatibility check before routing to SSH**: The SSH adapter (PM2 + Nginx + blue/green) requires a Node.js project — verify `package.json` exists. Non-Node.js projects (Go, Rust, Python) targeting a Linux server route to Unsupported Fallback with a note: "Adapter gap: PM2 adapter requires Node.js."
|
|
129
|
+
|
|
130
|
+
### Step 4: Unsupported Deployment Fallback
|
|
131
|
+
|
|
132
|
+
When the deployment target or project type isn't covered by any adapter, don't fail silently. Instead:
|
|
133
|
+
|
|
134
|
+
1. **Detect what you can**: project language, framework, build/start commands, env vars, port usage, database dependencies.
|
|
135
|
+
2. **Generate `.prizmkit/deploy/deploy.md`**: human-readable deployment guide with prerequisites, environment variables table, build/start instructions, health check suggestions.
|
|
136
|
+
3. **Record the adapter gap**: write a note in deploy.md and deploy-history identifying what's missing (e.g., "Adapter needed: Python/FastAPI on systemd").
|
|
137
|
+
4. **Provide a manual checklist**: concrete steps the user can follow to deploy manually.
|
|
138
|
+
5. **Offer to generate CI/CD config**: if `.github/workflows/` exists or the user wants one, generate a basic deploy workflow.
|
|
139
|
+
|
|
140
|
+
## Mode Detection
|
|
141
|
+
|
|
142
|
+
Detect invocation mode from the user's initial message. The mode determines what you're allowed to do:
|
|
143
|
+
|
|
144
|
+
**Interactive mode** (user typed `/prizmkit-deploy` or asked directly):
|
|
145
|
+
- May ask as many questions as needed to fill in missing deployment details.
|
|
146
|
+
- May request approvals for privileged, destructive, or traffic-impacting actions.
|
|
147
|
+
- May deploy to any environment (dev/test/production).
|
|
148
|
+
- Production requires explicit user confirmation before execution.
|
|
149
|
+
|
|
150
|
+
**Headless mode** (invoked via `--headless` flag, pipeline, or script):
|
|
151
|
+
- Never wait for user input — unattended shells that time out on a prompt block pipelines silently without visible errors, so exit with clear status codes instead.
|
|
152
|
+
- May ONLY target `dev` or `test` environments.
|
|
153
|
+
- If `--env production` in headless mode: exit immediately with `ENVIRONMENT_DENIED — production deployment requires interactive mode`, because production deploys must never happen without human oversight.
|
|
154
|
+
- If required info is missing, exit with `NEEDS_INPUT` and write pending questions to `.prizmkit/deploy/pending-input.json`.
|
|
155
|
+
- May only perform actions already authorized by `deploy.config.json`.
|
|
156
|
+
|
|
157
|
+
## Command Routing
|
|
158
|
+
|
|
159
|
+
When the user invokes `/prizmkit-deploy`, determine intent from the first word after the command:
|
|
160
|
+
|
|
161
|
+
```
|
|
162
|
+
/prizmkit-deploy → deploy (if config exists) or configure (if not)
|
|
163
|
+
/prizmkit-deploy configure → first-run or repair configuration wizard
|
|
164
|
+
/prizmkit-deploy deploy → full deployment pipeline
|
|
165
|
+
/prizmkit-deploy status → show PM2 process status for all apps
|
|
166
|
+
/prizmkit-deploy logs --app <id> → tail PM2 logs for the given app
|
|
167
|
+
/prizmkit-deploy restart --app <id> → PM2 restart for the given app
|
|
168
|
+
/prizmkit-deploy rollback --app <id> [--to <releaseId>] → rollback to previous or specified release
|
|
169
|
+
/prizmkit-deploy health --app <id> → run configured health checks
|
|
170
|
+
/prizmkit-deploy history → list recent deployment events from deploy-history/
|
|
171
|
+
/prizmkit-deploy validate → run validation checks without deploying
|
|
172
|
+
```
|
|
173
|
+
|
|
174
|
+
### No-arg behavior
|
|
175
|
+
|
|
176
|
+
- If `.prizmkit/deploy/deploy.config.json` does not exist → start first-run configuration wizard.
|
|
177
|
+
- If config exists and validates → show deployment summary (active release, app status, last deploy time) and ask which environment, then proceed to deploy.
|
|
178
|
+
- If config exists but required fields are missing or validation is stale → enter repair flow.
|
|
179
|
+
|
|
180
|
+
## File Structure
|
|
181
|
+
|
|
182
|
+
All artifacts live under `.prizmkit/deploy/`:
|
|
183
|
+
|
|
184
|
+
```
|
|
185
|
+
.prizmkit/deploy/
|
|
186
|
+
deploy.md # human-readable documentation
|
|
187
|
+
deploy.config.json # machine-readable config & validation state
|
|
188
|
+
pending-input.json # pending questions for headless mode resume
|
|
189
|
+
deploy-history/
|
|
190
|
+
<deployment-id>.json # one per deploy/rollback/event
|
|
191
|
+
deploy-scripts/ # future — PrizmKit-managed deploy scripts
|
|
192
|
+
secrets.enc.json # optional, encrypted local secrets
|
|
193
|
+
secrets.local.json # optional, plaintext secrets (must be gitignored)
|
|
194
|
+
```
|
|
195
|
+
|
|
196
|
+
Read `references/deploy-config-schema.md` when writing or validating `deploy.config.json`. Read `references/deploy-history-schema.md` when writing history records.
|
|
197
|
+
|
|
198
|
+
## SSH Deployment Path
|
|
199
|
+
|
|
200
|
+
The following sections define the SSH deployment adapter — the only fully-automated path. Route here when Discovery determines the target is a Linux server with SSH access.
|
|
201
|
+
|
|
202
|
+
### SSH: Deployment Mode Selection
|
|
203
|
+
|
|
204
|
+
After Discovery routes to SSH, **before** entering the configuration wizard, ask the user how they want to deploy.
|
|
205
|
+
|
|
206
|
+
**First question:**
|
|
207
|
+
> "你想怎么部署到服务器?"
|
|
208
|
+
> - **A. 直接上传(快速上手)** — 本地构建,传到服务器启动。适合第一次部署。
|
|
209
|
+
> - **B. CI/CD 自动部署(推荐)** — 配置 GitHub Actions,以后 `git push` 自动部署。
|
|
210
|
+
|
|
211
|
+
**If user chooses CI/CD, second question:**
|
|
212
|
+
> "CI/CD 有两种模式:"
|
|
213
|
+
> - **Push 模式** — GitHub Actions runner 编译,SCP 传到服务器。服务器压力小。
|
|
214
|
+
> - **Pull 模式** — 服务器自己拉代码编译。配置更简单但需 Deploy Key。
|
|
215
|
+
|
|
216
|
+
For detailed mode descriptions and the full Push/Pull comparison table, read `references/deployment-modes.md`.
|
|
217
|
+
|
|
218
|
+
**Config field:** `deployStrategy` in `deploy.config.json` — `"direct-upload"`, `"ci-cd-push"`, or `"ci-cd-pull"`. Existing configs without this field default to `"ci-cd-pull"` for backward compatibility.
|
|
219
|
+
|
|
220
|
+
### SSH: Server Model
|
|
221
|
+
|
|
222
|
+
Servers are generic SSH targets. A server is valid if it:
|
|
223
|
+
- Can be reached over SSH.
|
|
224
|
+
- Provides a Linux shell.
|
|
225
|
+
- Can install or has Node.js, npm, PM2, Nginx, Git.
|
|
226
|
+
- Can access the configured Git repository (Pull mode only).
|
|
227
|
+
|
|
228
|
+
Server-side directory layout:
|
|
229
|
+
```
|
|
230
|
+
/var/www/<project>/
|
|
231
|
+
releases/
|
|
232
|
+
<release-id>/
|
|
233
|
+
shared/
|
|
234
|
+
.env.production # mode 600, owner: runtime user
|
|
235
|
+
deploy-metadata.json # active color, last release, timestamp
|
|
236
|
+
current -> releases/<release-id>
|
|
237
|
+
deploy-logs/
|
|
238
|
+
```
|
|
239
|
+
|
|
240
|
+
SSH roles: `bootstrapUser` (usually root, for initial setup) and `runtimeUser` (default `deploy`, for app processes). App processes never run as root.
|
|
241
|
+
|
|
242
|
+
### SSH: First-Run Configuration Wizard
|
|
243
|
+
|
|
244
|
+
When `.prizmkit/deploy/deploy.config.json` does not exist, enter configuration wizard. Flow: **deployment mode → collect → validate → confirm → persist**.
|
|
245
|
+
|
|
246
|
+
**Before any questions:** ask deployment mode (see §SSH: Deployment Mode Selection). This determines required steps:
|
|
247
|
+
|
|
248
|
+
| Step | Direct Upload | CI/CD Push | CI/CD Pull |
|
|
249
|
+
|------|:---:|:---:|:---:|
|
|
250
|
+
| SSH Server Discovery | Required | Required | Required |
|
|
251
|
+
| Repository Access | Skipped | Skipped | Required |
|
|
252
|
+
| Application Configuration | Required | Required | Required |
|
|
253
|
+
| Environment Variables | Required | Required | Required |
|
|
254
|
+
| Persist Configuration | Required | Required | Required |
|
|
255
|
+
|
|
256
|
+
#### Step 1: SSH Server Discovery
|
|
257
|
+
|
|
258
|
+
Ask for and validate:
|
|
259
|
+
- **Server host and port** (e.g., `43.161.221.171:22`)
|
|
260
|
+
- **Bootstrap user** (usually `root`) — for initial package install and user creation
|
|
261
|
+
- **Runtime user** (recommend `deploy`) — app runs as this user, never root
|
|
262
|
+
- **Auth method** — SSH key path or agent
|
|
263
|
+
|
|
264
|
+
Validate immediately: `ssh <bootstrapUser>@<host> 'echo OK'`. If that fails, nothing else matters — stop and fix connectivity first.
|
|
265
|
+
|
|
266
|
+
#### Step 2: Repository Access (CI/CD Pull mode only)
|
|
267
|
+
|
|
268
|
+
Only needed when `deployStrategy` is `"ci-cd-pull"` — the server needs to `git pull` code. Skip for `"direct-upload"` (no Git on server) and `"ci-cd-push"` (GitHub Actions handles checkout).
|
|
269
|
+
|
|
270
|
+
Ask for: Git URL, branch, auth strategy (prefer read-only Deploy Key).
|
|
271
|
+
|
|
272
|
+
If using Deploy Key:
|
|
273
|
+
1. Generate ed25519 key on server: `sudo -u <runtimeUser> ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -N ""`
|
|
274
|
+
2. Show public key to user: "Add this to GitHub Deploy Keys (read-only)"
|
|
275
|
+
3. Wait for confirmation, then verify: attempt a git clone as runtime user
|
|
276
|
+
|
|
277
|
+
#### Step 3: Application Configuration
|
|
278
|
+
|
|
279
|
+
For each app, collect: id, path, packageManager, installCommand, buildCommand, startCommand, blue/green port pair (default 3101/3102), healthChecks.
|
|
280
|
+
|
|
281
|
+
#### Step 4: Environment Variables
|
|
282
|
+
|
|
283
|
+
Scan source code for `process.env.<VAR>` references. Ask user for each required value. Identify secrets vs non-secrets. Ask about secret storage strategy (see §Secrets Management).
|
|
284
|
+
|
|
285
|
+
#### Step 5: Persist Configuration
|
|
286
|
+
|
|
287
|
+
Write `deploy.config.json` with all collected values and `validated: {}` stubs for each section. Write `deploy.md` as human-readable documentation.
|
|
288
|
+
|
|
289
|
+
### SSH: Bootstrap Flow
|
|
290
|
+
|
|
291
|
+
Before first deployment, bootstrap the server. Present a plan showing every privileged action before executing anything.
|
|
292
|
+
|
|
293
|
+
Read `${SKILL_DIR}/references/ssh-bootstrap-flow.md` for the full bootstrap procedure (preflight, check-and-install, user/dir setup, PM2 startup, deploy key). When the bootstrap reaches firewall or database steps, it routes to `references/firewall-setup.md` and `references/database-setup.md`. Key rules: bootstrap operations must be idempotent, existing config files must be backed up before modification, and each step's result must be recorded.
|
|
294
|
+
|
|
295
|
+
### SSH: Direct Upload Deployment
|
|
296
|
+
|
|
297
|
+
When `deployStrategy` is `"direct-upload"`, the AI builds locally and transfers artifacts to the server. No Git operations on the server. Full procedure in `references/direct-upload.md`.
|
|
298
|
+
|
|
299
|
+
### SSH: CI/CD Pipeline Configuration
|
|
300
|
+
|
|
301
|
+
When `deployStrategy` is `"ci-cd-push"` or `"ci-cd-pull"`, generate `.github/workflows/deploy.yml` with the appropriate workflow template. Both modes share the same trigger and secrets. Full YAML templates in `references/ci-cd-workflows.md`.
|
|
302
|
+
|
|
303
|
+
After generating the workflow, verify: the first `git push` to the configured branch will trigger the first deployment. Monitor the GitHub Actions run and report results.
|
|
304
|
+
|
|
305
|
+
### SSH: DNS Guidance
|
|
306
|
+
|
|
307
|
+
Before SSL, check if the user has a domain pointing to the server.
|
|
308
|
+
|
|
309
|
+
1. Ask: "你有没有域名要绑定到这个项目?" If no domain → skip DNS + SSL, note in deploy.md.
|
|
310
|
+
2. Check DNS: `dig +short <domain> A`. If resolved → proceed to SSL.
|
|
311
|
+
3. If not resolved: show the user DNS setup instructions. Full procedure in `references/dns-setup.md`.
|
|
312
|
+
|
|
313
|
+
### SSH: SSL/HTTPS Configuration
|
|
314
|
+
|
|
315
|
+
Once DNS is confirmed pointing to the server, configure HTTPS via Let's Encrypt.
|
|
316
|
+
|
|
317
|
+
1. Detect cloud vendor via metadata endpoints.
|
|
318
|
+
2. If cloud vendor detected, ask: Let's Encrypt (recommended) or cloud vendor certificate.
|
|
319
|
+
3. Install certbot and request certificate.
|
|
320
|
+
4. Verify auto-renewal with `certbot renew --dry-run`.
|
|
321
|
+
|
|
322
|
+
Full procedure in `references/ssl-setup.md`.
|
|
323
|
+
|
|
324
|
+
### SSH: Deployment Execution Flow
|
|
325
|
+
|
|
326
|
+
Read `${SKILL_DIR}/references/ssh-execution-flow.md` for the full 5-group pipeline: pre-flight, fetch & build, stage & health check, switch & verify, cleanup & record. Key invariant: if any step before traffic switch fails, STOP — do not touch the live version.
|
|
327
|
+
|
|
328
|
+
### SSH: Blue/Green PM2 + Nginx Strategy
|
|
329
|
+
|
|
330
|
+
- Blue: port 3101 (default), Green: port 3102 (default).
|
|
331
|
+
- Active color persisted in `/var/www/<project>/shared/deploy-metadata.json`.
|
|
332
|
+
- PM2 process naming: `<project>-<app>-<color>` (deterministic, never reuse old release IDs).
|
|
333
|
+
- Nginx config must include: `# PrizmKit Managed: <project> — DO NOT EDIT MANUALLY`.
|
|
334
|
+
- Before modifying any Nginx config lacking this marker, ask for user confirmation.
|
|
335
|
+
- Always `nginx -t` before `systemctl reload nginx`.
|
|
336
|
+
|
|
337
|
+
See `references/nginx-blue-green.md` for the full Nginx config template and traffic switch procedure.
|
|
338
|
+
|
|
339
|
+
### SSH: Rollback
|
|
340
|
+
|
|
341
|
+
Two triggers: **automatic** (health check failure after traffic switch) and **manual** (`/prizmkit-deploy rollback --app <id> [--to <releaseId>]`).
|
|
342
|
+
|
|
343
|
+
Steps: identify target release → verify build exists → start PM2 on its port → update Nginx upstream → `nginx -t` → reload → health checks → write rollback event. Do NOT delete the failed release or its logs — preserve for debugging.
|
|
344
|
+
|
|
345
|
+
If no previous release exists, rollback is not possible — state this clearly.
|
|
346
|
+
|
|
347
|
+
### SSH: Operations Commands
|
|
348
|
+
|
|
349
|
+
**status:** `pm2 list` as runtime user + active release, active color/port, last deploy timestamp.
|
|
350
|
+
|
|
351
|
+
**logs --app \<id\>:** `pm2 logs <process-name> --lines 100` as runtime user.
|
|
352
|
+
|
|
353
|
+
**restart --app \<id\>:** identify active PM2 process → `pm2 restart` → wait → health checks.
|
|
354
|
+
|
|
355
|
+
**health --app \<id\>:** run all configured health checks, report pass/fail for each.
|
|
356
|
+
|
|
357
|
+
**history:** list `.prizmkit/deploy/deploy-history/` events chronologically.
|
|
358
|
+
|
|
359
|
+
### SSH: Post-Deploy CI/CD Upgrade
|
|
360
|
+
|
|
361
|
+
After a successful direct-upload deployment, proactively offer CI/CD setup:
|
|
362
|
+
|
|
363
|
+
> "部署成功。要不要顺手帮你配置 CI/CD 自动部署?以后 `git push` 就自动上线。"
|
|
364
|
+
|
|
365
|
+
If user agrees, ask push vs pull, then configure accordingly. If Pull mode: set up deploy key. If Push mode: add GitHub Actions secrets. Generate `deploy.yml` from `references/ci-cd-workflows.md`, update `deployStrategy` in config, write upgrade event to history.
|
|
366
|
+
|
|
367
|
+
## Environment Policy
|
|
368
|
+
|
|
369
|
+
| Mode | dev | test | production |
|
|
370
|
+
|------|-----|------|------------|
|
|
371
|
+
| Interactive | Allowed | Allowed | Allowed (requires confirmation) |
|
|
372
|
+
| Headless | Allowed | Allowed | **REJECTED** — exits with ENVIRONMENT_DENIED |
|
|
373
|
+
|
|
374
|
+
Headless must reject production because production deploys require human oversight — an unattended pipeline timing out mid-deploy can leave the site in a broken state with no one monitoring.
|
|
375
|
+
|
|
376
|
+
## Secrets Management
|
|
377
|
+
|
|
378
|
+
Four storage modes, configured during first-run wizard:
|
|
379
|
+
|
|
380
|
+
- **ask-every-time**: Prompt for secrets on each deploy. Safest, most manual.
|
|
381
|
+
- **encrypted-local**: Store in `.prizmkit/deploy/secrets.enc.json`. Encrypt with user passphrase using Argon2id/scrypt KDF. Decryption material never stored alongside ciphertext.
|
|
382
|
+
- **plaintext-local**: Store in `.prizmkit/deploy/secrets.local.json`. Must be gitignored. Before each deploy, verify the file is not tracked by git. If tracked, stop and ask to resolve.
|
|
383
|
+
- **user-managed-on-server-only**: User handles secrets manually. Skill verifies server-side `.env.production` has all required vars before deploying.
|
|
384
|
+
|
|
385
|
+
Server runtime secrets live in `/var/www/<project>/shared/.env.production` with mode `600`, owned by runtime user.
|
|
386
|
+
|
|
387
|
+
Deploy history records secret presence metadata only (e.g., `{"SUPABASE_SERVICE_ROLE_KEY": {"present": true}}`). Never record raw secret values or unsalted hashes.
|
|
388
|
+
|
|
389
|
+
### SSH: Existing Deployment Takeover
|
|
390
|
+
|
|
391
|
+
When deploying to a server that already has deployment assets, read `${SKILL_DIR}/references/ssh-takeover.md` for the detection procedure and takeover decision flow. Record takeover decision and validation results in config and history.
|
|
392
|
+
|
|
393
|
+
### SSH: Nginx Management
|
|
394
|
+
|
|
395
|
+
- First Nginx config creation or update of a non-PrizmKit block requires user confirmation.
|
|
396
|
+
- Subsequent updates to PrizmKit-managed blocks (`# PrizmKit Managed:` marker) may proceed automatically.
|
|
397
|
+
- Always `nginx -t` before reload.
|
|
398
|
+
|
|
399
|
+
See `references/nginx-blue-green.md` for the full Nginx config template.
|
|
400
|
+
|
|
401
|
+
### SSH: Bootstrap Safety Rules
|
|
402
|
+
|
|
403
|
+
Before executing privileged bootstrap work, generate an action plan listing: packages, users/groups, SSH keys, Nginx config, directories/permissions, services that may be restarted.
|
|
404
|
+
|
|
405
|
+
Rules:
|
|
406
|
+
- User gives one explicit approval for the entire bootstrap plan.
|
|
407
|
+
- If the plan changes during execution, pause and ask again.
|
|
408
|
+
- Bootstrap operations must be idempotent.
|
|
409
|
+
- Existing config files must be backed up before modification.
|
|
410
|
+
- All privileged actions and results recorded in deploy history.
|
|
411
|
+
- Failed bootstrap stops before deployment, provides recovery instructions.
|
|
412
|
+
|
|
413
|
+
### SSH: Multi-App Coordination
|
|
414
|
+
|
|
415
|
+
An all-app deploy creates one release group. Rules:
|
|
416
|
+
- Pre-traffic phases must complete for ALL selected apps before ANY app switches traffic.
|
|
417
|
+
- If any app fails before traffic switch, NO app switches traffic. Staged processes stopped, live system unchanged.
|
|
418
|
+
- If any app fails after traffic switch, default: group rollback.
|
|
419
|
+
- Single-app deploys (`--app <id>`) do not affect unrelated apps.
|
|
420
|
+
|
|
421
|
+
## Validation
|
|
422
|
+
|
|
423
|
+
Validation is mandatory before production deploy. Check: SSH connectivity, required tools (node, npm, git, pm2, nginx), repository reachability, port availability, required env vars, Nginx config syntax, health check routes accessible.
|
|
424
|
+
|
|
425
|
+
Persist validation in `deploy.config.json` under each section's `validated` field.
|
|
426
|
+
|
|
427
|
+
## Adapter Paths
|
|
428
|
+
|
|
429
|
+
After Discovery routes to a deployment target, read the corresponding reference:
|
|
430
|
+
|
|
431
|
+
| Target | Reference | Mode |
|
|
432
|
+
|--------|-----------|------|
|
|
433
|
+
| SSH Linux server | SSH sections in this file | Full automation |
|
|
434
|
+
| Vercel, Netlify, Fly.io | `references/cloud-platform-deploy.md` | Guided CLI |
|
|
435
|
+
| Docker / Docker Compose | `references/docker-deploy.md` | Guided build + run |
|
|
436
|
+
| Unrecognized target | §Deployment Discovery Step 4 | Documented fallback |
|
|
437
|
+
|
|
438
|
+
## Deploy History Record Schema
|
|
439
|
+
|
|
440
|
+
Each deployment, rollback, or significant event writes a record to `.prizmkit/deploy/deploy-history/<id>.json`. Full schema in `references/deploy-history-schema.md`. Never record raw secret values in history — presence metadata only.
|
|
441
|
+
|
|
442
|
+
## Implementation Notes
|
|
443
|
+
|
|
444
|
+
Live validation findings from the first PrizmKit deployment are in `references/live-validation-notes.md`. Read when troubleshooting bootstrap or deploy issues — these cover port conflict detection, npm verification, locale fixes, deploy key interactivity, PM2 PATH handling, and build-time env var timing.
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
# CI/CD Workflow Templates
|
|
2
|
+
|
|
3
|
+
Read this file when `deployStrategy` is `ci-cd-push` or `ci-cd-pull`.
|
|
4
|
+
|
|
5
|
+
## Shared Configuration
|
|
6
|
+
|
|
7
|
+
**Secrets** (add to GitHub repository Settings → Secrets and variables → Actions):
|
|
8
|
+
- `SSH_HOST` — server IP/hostname
|
|
9
|
+
- `SSH_USER` — runtime user (e.g., `deploy`)
|
|
10
|
+
- `SSH_KEY` — SSH private key
|
|
11
|
+
- `SSH_PORT` — SSH port (default 22)
|
|
12
|
+
|
|
13
|
+
**Shared trigger:**
|
|
14
|
+
```yaml
|
|
15
|
+
on:
|
|
16
|
+
push:
|
|
17
|
+
branches: [<branch>]
|
|
18
|
+
paths-ignore:
|
|
19
|
+
- '.prizmkit/**'
|
|
20
|
+
- 'docs/**'
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
---
|
|
24
|
+
|
|
25
|
+
## Push Mode Workflow (`ci-cd-push`)
|
|
26
|
+
|
|
27
|
+
Build happens on GitHub Actions runner. Only built artifacts are transferred to the server.
|
|
28
|
+
|
|
29
|
+
```yaml
|
|
30
|
+
name: Deploy to Production (Push)
|
|
31
|
+
|
|
32
|
+
on:
|
|
33
|
+
push:
|
|
34
|
+
branches: [<branch>]
|
|
35
|
+
|
|
36
|
+
jobs:
|
|
37
|
+
deploy:
|
|
38
|
+
runs-on: ubuntu-latest
|
|
39
|
+
steps:
|
|
40
|
+
- uses: actions/checkout@v4
|
|
41
|
+
|
|
42
|
+
- uses: actions/setup-node@v4
|
|
43
|
+
with:
|
|
44
|
+
node-version: 20
|
|
45
|
+
|
|
46
|
+
- name: Install & Build
|
|
47
|
+
run: |
|
|
48
|
+
npm ci
|
|
49
|
+
npm run build
|
|
50
|
+
|
|
51
|
+
- name: Package & Transfer
|
|
52
|
+
run: |
|
|
53
|
+
RELEASE_ID=$(date +%Y%m%d)-$(git rev-parse --short HEAD)
|
|
54
|
+
tar czf deploy-$RELEASE_ID.tar.gz \
|
|
55
|
+
<build-output-dir>/ node_modules/ package.json package-lock.json
|
|
56
|
+
scp -P ${{ secrets.SSH_PORT }} deploy-$RELEASE_ID.tar.gz \
|
|
57
|
+
${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/var/www/<project>/releases/
|
|
58
|
+
|
|
59
|
+
- name: Deploy on Server
|
|
60
|
+
uses: appleboy/ssh-action@v1
|
|
61
|
+
with:
|
|
62
|
+
host: ${{ secrets.SSH_HOST }}
|
|
63
|
+
username: ${{ secrets.SSH_USER }}
|
|
64
|
+
key: ${{ secrets.SSH_KEY }}
|
|
65
|
+
port: ${{ secrets.SSH_PORT }}
|
|
66
|
+
script: |
|
|
67
|
+
cd /var/www/<project>
|
|
68
|
+
RELEASE_ID=$(date +%Y%m%d)-$(git rev-parse --short HEAD)
|
|
69
|
+
mkdir -p releases/$RELEASE_ID
|
|
70
|
+
tar xzf releases/deploy-$RELEASE_ID.tar.gz -C releases/$RELEASE_ID
|
|
71
|
+
rm releases/deploy-$RELEASE_ID.tar.gz
|
|
72
|
+
# PM2 start, health check, Nginx switch (same as manual flow)
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
**Key difference from Pull:** the runner checks out code, installs, builds, and only transmits the result. The server doesn't need Git or build tools — just Node.js runtime and PM2.
|
|
76
|
+
|
|
77
|
+
---
|
|
78
|
+
|
|
79
|
+
## Pull Mode Workflow (`ci-cd-pull`)
|
|
80
|
+
|
|
81
|
+
GitHub Actions runner only triggers the server. The server does all the work.
|
|
82
|
+
|
|
83
|
+
```yaml
|
|
84
|
+
name: Deploy to Production (Pull)
|
|
85
|
+
|
|
86
|
+
on:
|
|
87
|
+
push:
|
|
88
|
+
branches: [<branch>]
|
|
89
|
+
|
|
90
|
+
jobs:
|
|
91
|
+
deploy:
|
|
92
|
+
runs-on: ubuntu-latest
|
|
93
|
+
steps:
|
|
94
|
+
- name: Trigger Server Deploy
|
|
95
|
+
uses: appleboy/ssh-action@v1
|
|
96
|
+
with:
|
|
97
|
+
host: ${{ secrets.SSH_HOST }}
|
|
98
|
+
username: ${{ secrets.SSH_USER }}
|
|
99
|
+
key: ${{ secrets.SSH_KEY }}
|
|
100
|
+
port: ${{ secrets.SSH_PORT }}
|
|
101
|
+
script: |
|
|
102
|
+
cd /var/www/<project>
|
|
103
|
+
RELEASE_ID=$(date +%Y%m%d)-$(git rev-parse --short HEAD)
|
|
104
|
+
mkdir -p releases/$RELEASE_ID
|
|
105
|
+
git clone <repoUrl> --branch <branch> releases/$RELEASE_ID
|
|
106
|
+
cd releases/$RELEASE_ID
|
|
107
|
+
npm ci
|
|
108
|
+
cp ../shared/.env.production .
|
|
109
|
+
npm run build
|
|
110
|
+
# PM2 start, health check, Nginx switch
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
**Key difference from Push:** the workflow is simpler (one step: SSH + run script), but the server needs Git, full build toolchain, and must be able to reach the repo.
|
|
114
|
+
|
|
115
|
+
After generating the workflow, verify: the first `git push` to the configured branch will trigger the first deployment. Monitor the GitHub Actions run and report results.
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
# Cloud Platform Deployment Path
|
|
2
|
+
|
|
3
|
+
Guided deployment for Vercel, Netlify, Fly.io, and similar cloud platforms. Full automation isn't available — these platforms require browser-based authentication — but the skill provides structured CLI assistance.
|
|
4
|
+
|
|
5
|
+
## Detect and Validate
|
|
6
|
+
|
|
7
|
+
1. Check if the platform CLI is installed: `vercel --version`, `netlify --version`, `fly version`.
|
|
8
|
+
2. If missing, guide the user to install: `npm install -g vercel` or link to docs.
|
|
9
|
+
3. Check authentication: `vercel whoami`, `netlify status`. If not logged in, guide the user through `vercel login`.
|
|
10
|
+
4. Read the platform config file (`vercel.json`, `netlify.toml`, `fly.toml`) to understand existing settings.
|
|
11
|
+
|
|
12
|
+
## Generate Configuration
|
|
13
|
+
|
|
14
|
+
1. If no platform config file exists, generate one based on project detection:
|
|
15
|
+
- **Next.js on Vercel**: minimal config — Vercel auto-detects Next.js. Generate `vercel.json` only if custom rewrites/redirects are needed.
|
|
16
|
+
- **Static site on Netlify**: generate `netlify.toml` with build command and publish directory.
|
|
17
|
+
- **Any on Fly.io**: generate `fly.toml` with app name, builder, and HTTP service config.
|
|
18
|
+
2. Set environment variables via the platform CLI: `vercel env add`, `netlify env:set`.
|
|
19
|
+
3. Document all env vars needed (from Discovery Step 1 scan).
|
|
20
|
+
|
|
21
|
+
## Deploy and Verify
|
|
22
|
+
|
|
23
|
+
1. Run the platform deploy command: `vercel deploy --prod`, `netlify deploy --prod`, `fly deploy`.
|
|
24
|
+
2. If the command requires interactive input, run it and show output to the user.
|
|
25
|
+
3. After deploy, run health checks against the production URL.
|
|
26
|
+
4. Write a deploy-history event recording: platform, project name, deploy URL, commit SHA, timestamp.
|
|
27
|
+
|
|
28
|
+
## Operations
|
|
29
|
+
|
|
30
|
+
| Command | Vercel | Netlify | Fly.io |
|
|
31
|
+
|---------|--------|---------|--------|
|
|
32
|
+
| status | `vercel list` | `netlify status` | `fly status` |
|
|
33
|
+
| logs | `vercel logs` | `netlify logs` | `fly logs` |
|
|
34
|
+
| rollback | `vercel rollback` | `netlify rollback` | `fly rollback` |
|
|
35
|
+
| env | `vercel env ls` | `netlify env:list` | `fly secrets list` |
|
|
36
|
+
|
|
37
|
+
Platform rollback is instant — no release-based rollback needed.
|
|
38
|
+
|
|
39
|
+
## Platform-Specific Patterns
|
|
40
|
+
|
|
41
|
+
### Vercel
|
|
42
|
+
|
|
43
|
+
Vercel auto-detects Next.js projects — no config file required for basic deployments. Generate `vercel.json` only for custom rewrites, redirects, or headers.
|
|
44
|
+
|
|
45
|
+
Key behaviors:
|
|
46
|
+
- Next.js: framework auto-detected, build command and output directory inferred automatically
|
|
47
|
+
- Static sites: set build command and output directory via `vercel.json` or CLI
|
|
48
|
+
- Env vars: `vercel env add <KEY>` (supports `production`, `preview`, `development` environments)
|
|
49
|
+
- Deploy preview: every branch gets a preview URL automatically (if connected via GitHub)
|
|
50
|
+
|
|
51
|
+
### Netlify
|
|
52
|
+
|
|
53
|
+
Netlify requires explicit build and publish configuration. Use `netlify.toml`:
|
|
54
|
+
|
|
55
|
+
```toml
|
|
56
|
+
[build]
|
|
57
|
+
command = "npm run build"
|
|
58
|
+
publish = "dist"
|
|
59
|
+
|
|
60
|
+
[[redirects]]
|
|
61
|
+
from = "/*"
|
|
62
|
+
to = "/index.html"
|
|
63
|
+
status = 200
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
Key behaviors:
|
|
67
|
+
- SPA redirects: the catch-all redirect above is essential for client-side routing
|
|
68
|
+
- Env vars: `netlify env:set <KEY> <VALUE>` (per-context: `production`, `deploy-preview`, `branch-deploy`)
|
|
69
|
+
- Branch deploys: every branch gets a deploy-preview URL automatically (if connected via GitHub)
|
|
70
|
+
|
|
71
|
+
### Fly.io
|
|
72
|
+
|
|
73
|
+
Fly.io requires a `fly.toml` with app name, builder, and HTTP service config:
|
|
74
|
+
|
|
75
|
+
```toml
|
|
76
|
+
app = "<app-name>"
|
|
77
|
+
primary_region = "lhr"
|
|
78
|
+
|
|
79
|
+
[build]
|
|
80
|
+
builder = "dockerfile"
|
|
81
|
+
|
|
82
|
+
[http_service]
|
|
83
|
+
internal_port = 3000
|
|
84
|
+
force_https = true
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
Key behaviors:
|
|
88
|
+
- Builder: `dockerfile` (default, uses Dockerfile) or `static` (static site hosting)
|
|
89
|
+
- Secrets: `fly secrets set <KEY>=<VALUE>` for runtime environment variables
|
|
90
|
+
- Scale: `fly scale count <N>` to adjust VM instances
|
|
91
|
+
- Volumes: for persistent data, configure `[mounts]` in fly.toml
|
|
92
|
+
|
|
93
|
+
**Note**: These are minimum-viable platform references; browser-based authentication remains a user-action step. Enriched platform coverage is planned for future iterations.
|