Deployment Surfaces
| Surface | Source of truth | Delivery target |
|---|---|---|
Web apps (apps/web, apps/nova, apps/rewise, apps/calendar, apps/finance, apps/meet, apps/tasks, apps/track, apps/shortener) | .github/workflows/vercel-*.yaml | Vercel preview and production deployments |
Database schema (apps/database) | .github/workflows/supabase-staging.yaml, .github/workflows/supabase-production.yaml | Supabase staging and production projects |
Self-hosted web runtime (apps/web) | apps/web/Dockerfile, docker-compose.web.yml, docker-compose.web.prod.yml, scripts/docker-web.js | Docker dev stacks and production blue/green deployments |
Discord utilities (apps/discord) | .github/workflows/discord-modal-deploy.yml | Modal |
Mobile artifacts (apps/mobile) | .github/workflows/mobile-build-*.yaml | Build artifacts for Android, iOS, macOS, Windows |
Shared packages (packages/*) | .github/workflows/release-*.yaml | npm, GitHub Packages, JSR |
Read This In Order
Core Principles
- GitHub Actions is the canonical automation layer for hosted deployments and database migrations.
tuturuuu.tscan disable individual workflows;ci-check.ymlenforces that toggle before a job does real work.- Vercel handles hosted web deployments. Supabase migrations run as separate workflows with explicit staging and production gates.
- Self-hosted web deployment is Docker-based, and blue/green rollout is the supported rebuild-before-restart path.
- Secrets live in GitHub Actions secrets/variables or local env files such as
apps/web/.env.local. They do not belong in the repo.
Operational Flow
What Changed Recently
apps/webnow supports both in-place Docker production deploys and blue/green deploys.docker-setup-check.yamlvalidates Docker parity, renders both compose files, and builds both the dev and production web images.- Production Redis in Docker now requires a token, but
scripts/docker-web.jssatisfies that automatically by generating and injecting the value unless you explicitly opt out with--without-redis.
apps/docs/docs.json.