Build & Deploy Pipeline

Pipeline at a glance

flowchart LR
    Dev["Developer"] -->|"npm run lint"| Lint
    Dev --> Build["./deploy/build.sh"]
    Lint --> Build
    Build --> Docker["Docker buildx\nmulti-stage"]
    Docker --> Image["registry.halla-aho.net/thalla/lomavuokraus-web"]
    Image --> Push["./deploy/push.sh"]
    Push --> DeployStg["./deploy/deploy-staging.sh"]
    Push --> DeployProd["./deploy/deploy-prod.sh"]
    DeployStg --> RolloutStg["kubectl apply + rollout\n(staging)"]
    DeployProd --> RolloutProd["kubectl apply + rollout\n(prod)"]
          

Build Inputs

• Source: Next.js app with TypeScript and Prisma.
• Env: .env (local), K8s Secret lomavuokraus-web-secrets in cluster.
• Prisma schema: prisma/schema.prisma, migrations in prisma/migrations/.

NPM Scripts

• npm run lint → next lint
• npm run build → next build (used inside Docker and locally)

Docker Image

• Multi-stage Dockerfile:
  • deps: npm ci
  • builder: copy source, npx prisma generate, npm run build
  • runner: Node 20 bookworm-slim, copy standalone + static
• Tags: numeric (git SHA-derived) + :latest.
• Scan: Trivy runs post-build if available.

Deploy Scripts

• deploy/build.sh → build image, write deploy/.last-image.
• deploy/push.sh → push image.
• deploy/deploy.sh → envsubst k8s/app.yaml, kubectl apply, rollout.
• Environment wrappers:
  • deploy/deploy-staging.sh
  • deploy/deploy-prod.sh
  • deploy/deploy-test.sh
• DNS helpers: deploy/update-test-dns.sh updates test.lomavuokraus.fi + apitest.lomavuokraus.fi via Joker DYNDNS.

Config & Env Vars

• From ConfigMap (public): NEXT_PUBLIC_SITE_URL, NEXT_PUBLIC_API_BASE, APP_ENV.
• From Secret: DB URL, AUTH_SECRET, SMTP, DKIM, etc.
• App env resolution: process.env.* in Next server code.