Build & Deploy

Pipeline at a glance

flowchart LR
  Dev[Developer] -->|npm run lint| Lint
  Dev --> BuildScript[./deploy/build.sh]
  Lint --> BuildScript
  BuildScript --> Docker[Docker buildx multi-stage]
  Docker --> Image[registry.halla-aho.net/thalla/lomavuokraus-web]
  Image --> Push[./deploy/push.sh]
  Push --> DeployStg[./deploy/deploy-staging.sh]
  Push --> DeployProd[./deploy/deploy-prod.sh]
  DeployStg --> K8sStg[kubectl apply + rollout (staging)]
  DeployProd --> K8sProd[kubectl apply + rollout (prod)]

Edit the Mermaid block to reflect pipeline changes; no external tooling required.

Build Inputs

Source: Next.js app with TypeScript and Prisma.
Env: .env (local), K8s Secret lomavuokraus-web-secrets in cluster.
Prisma schema: prisma/schema.prisma, migrations in prisma/migrations/.

NPM Scripts

npm run lint → next lint
npm run build → next build (used inside Docker and locally)

Docker Image

Multi-stage Dockerfile:
- deps: npm ci
- builder: copy source, npx prisma generate, npm run build
- runner: Node 20 bookworm-slim, copy standalone + static
Tags: numeric (git SHA-derived) + :latest.
Scan: Trivy runs post-build if available.

Deploy Scripts

deploy/build.sh → build image, write deploy/.last-image.
deploy/push.sh → push image.
deploy/deploy.sh → envsubst k8s/app.yaml, kubectl apply, rollout.
Environment wrappers:
- deploy/deploy-staging.sh
- deploy/deploy-prod.sh

Config & Env Vars

From ConfigMap (public): NEXT_PUBLIC_SITE_URL, NEXT_PUBLIC_API_BASE, APP_ENV.
From Secret: DB URL, AUTH_SECRET, SMTP, DKIM, etc.
App env resolution: process.env.* in Next server code.