Deployment

.claude/rules/deployment.md

← Zurück zu Knowledge

Deployment

.claude/rules/deployment.md · 2.5K

---
paths:
  - "apps/web/**"
  - "apps/mobile/**"
  - "apps/admin/**"
  - "**/wrangler*"
  - "**/astro.config.*"
---

# Deployment

All 3 apps are Cloudflare Pages projects with auto-deploy on push to `main`.
Full walkthrough: `docs/CLOUDFLARE_SETUP.md`.

| Project | URL | Stack | Auto-deploy |
|---------|-----|-------|-------------|
| Landing | [carrot-landing.pages.dev](https://carrot-landing.pages.dev) | Astro 5 static | ✅ |
| Mobile Web | `carrot-app.pages.dev` | Expo Web export | ✅ |
| Admin Portal | `carrot-admin.pages.dev` | Astro 5 static (React island for charts) | ✅ once Build-Ausgabe = `dist` + CF Access added |

## What's in `wrangler.toml` (Code = source of truth)

- `name`, `compatibility_date`, `compatibility_flags`
- `pages_build_output_dir`
- `[placement]`, `[observability]`, `[vars]`, `[env.preview.vars]`
- `keep_vars = true`
- Bindings (commented today; ready for `[[d1_databases]]`, `[[kv_namespaces]]`, `[[r2_buckets]]`, `[browser]`, `[ai]`)
- Custom domain `[[routes]]` (commented until carrot.at exists)

## What's in `_headers` (also code = source of truth)

`apps/web/public/_headers` and `apps/admin/public/_headers` — security + caching headers.

## What's in `.nvmrc`

Per app + repo root. Cloudflare Pages reads `.nvmrc` automatically — **NODE_VERSION env var in dashboard is not needed.**

## What stays in the dashboard

- Build-Befehl + Stammverzeichnis (Pages reads dashboard first)
- Build-Systemversion (=3)
- Build-time secrets (`SUPABASE_SECRET_KEY`)
- Custom domains (uncomment `[[routes]]` in wrangler AFTER adding in dashboard)
- Cloudflare Access policies (Zero Trust → Applications)
- Notifications, branch deploy controls

## Pages dashboard build settings (per project)

### `carrot-landing` — already correct

| Field | Value |
|-------|-------|
| Build-Befehl | `npm run build` |
| Build-Ausgabe | `dist` |
| Stammverzeichnis | `apps/web` |

### `carrot-app`

| Field | Value |
|-------|-------|
| Build-Befehl | `cd ../.. && npm install && cd apps/mobile && npm run build:web` |
| Build-Ausgabe | `dist` |
| Stammverzeichnis | `apps/mobile` |

### `carrot-admin` (Astro 5)

| Field | Value |
|-------|-------|
| Build-Befehl | `cd ../.. && npm install && cd apps/admin && npm run build` |
| Build-Ausgabe | `dist` ← Astro default (NOT `out`) |
| Stammverzeichnis | `apps/admin` |

Plus Cloudflare Access policy whitelisting 3 admin emails.

## Secrets

Never in `wrangler.toml` or git. Set in Pages dashboard → Settings → Variablen → mark as encrypted.