CI/CD

GitHub Actions Workflows

API — Production (main branch)

File: .github/workflows/ci-cd.yml

Triggers: push to main
Steps:
  1. Checkout
  2. Setup pnpm
  3. pnpm install
  4. prisma generate
  5. tsc --noEmit (TypeScript check)
  6. pnpm build
  7. Upload dist/ as artifact
  8. SSH deploy:
     - git pull origin main
     - pnpm install
     - pnpm build
     - pm2 restart api.walkthroughnepal.com

API — Staging (dev branch)

File: .github/workflows/staging.yml

Same steps as production but deploys to a different directory and restarts the staging PM2 process (staging.api.walkthroughnepal.com) on port 9000.

Frontend — Production (main branch)

File: .github/workflows/deploy.yml

Triggers: push to main
Steps:
  1. Checkout
  2. Setup pnpm + Node
  3. pnpm install --frozen-lockfile
  4. pnpm build
  5. SSH deploy:
     - cd /path/to/app
     - git pull && git reset --hard
     - pnpm install --frozen-lockfile
     - pnpm build
     - pm2 restart myeasyguide.com

Note the git reset --hard — this ensures the production code exactly matches the repository, discarding any local changes.

Frontend — Staging (dev branch)

File: .github/workflows/staging.yml

Same as frontend production but deploys to the staging directory and restarts staging.myeasyguide.com on port 9001.

GitHub Actions Setup

Required Secrets

The workflows connect to the VPS via SSH. The following secrets must be configured in the GitHub repository:

Secret	Description
SSH_HOST	VPS IP address or hostname
SSH_USERNAME	SSH user
SSH_KEY	SSH private key (deploy key)
SSH_PORT	SSH port (usually 22)

SSH Action

Deployments use appleboy/ssh-action:

- name: Deploy
  uses: appleboy/ssh-action@v1
  with:
    host: ${{ secrets.SSH_HOST }}
    username: ${{ secrets.SSH_USERNAME }}
    key: ${{ secrets.SSH_KEY }}
    port: ${{ secrets.SSH_PORT }}
    script: |
      cd /path/to/app
      source ~/.nvm/nvm.sh
      git pull origin main
      pnpm install --frozen-lockfile
      pnpm build
      pm2 restart app-name

Environment Files

The .env files are not committed to the repository. They must be manually created on the server during initial setup.

For CI/CD, environment variables are either:

• Written to the server's .env file during initial setup (not in the deploy script)
• Injected via GitHub Actions secrets if needed during build time

The frontend's NEXT_PUBLIC_* variables are baked into the JavaScript bundle at build time, so they must be present during pnpm build.

Version Control

• main branch → Production
• dev branch → Staging
• Feature branches → Created for development work, merged via PR

Branch Naming Convention

feat/feature-name    — New features
fix/bug-name         — Bug fixes
chore/task-name      — Maintenance tasks

Git Hooks

Both the API and CMS use Husky for pre-commit hooks that run ESLint.