Web Hosting Platform
Deployment automation platform enabling GitHub repository deployments through a simple API — GitHub App authentication, workflow injection, and versioned zero-downtime rollbacks.
Problem
Deploying GitHub repositories to hosting environments requires manual CI/CD configuration per repository, separate hosting infrastructure management, and custom domain setup. Developers wanted a way to programmatically trigger deployments via an API without configuring each repo individually — and needed zero-downtime 保证 during deployments.
Solution
A deployment automation platform that connects to GitHub repositories via a GitHub App and provides a simple API to trigger builds, inject CI/CD workflows, and serve deployed sites — all without manual per-repo configuration.
The platform handles artifact uploads, GitHub Pages publishing, versioned releases with atomic symlink swaps for zero-downtime rollbacks, and path traversal protection to isolate deployments within a controlled directory structure.
Architecture
User → Express.js API → GitHub API + Workflow Inject → Artifact Store → Versioned Deploys
Technical Decisions
GitHub App authentication
Instead of personal access tokens that expire and grant full user permissions, the platform uses GitHub App JWT auth with installation tokens. Scoped permissions per repository — not full account access. Installation tokens expire and are regenerated as needed.
Workflow injection for CI/CD
Managed workflow files are injected into connected repositories via the GitHub API with a marker comment (# Managed by Web Hosting Platform). The system refuses to overwrite unmanaged workflow files, preventing accidental clobbering of existing CI/CD configuration.
Path traversal protection
All user-provided project names are validated against an explicit allowlist regex: /^[A-Za-z0-9._-]+$/. Paths are normalized and checked for '..' before use. Traversal attempts return 404 — deployments are isolated to a controlled deployments/ directory.
Versioned deployments with zero-downtime
Each deployment creates a timestamped release directory. A symlink points to the current active release. Atomic symlink swap on deployment completion ensures requests always serve from the previous version until the new one is ready — instant rollback via symlink update.
Webhook signature verification
GitHub webhook payloads are verified using HMAC SHA256 with timing-safe comparison. Invalid signatures are rejected with 401 before any processing occurs.